You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-dev@xml.apache.org by Nathan Wray <nw...@mich.com> on 2000/11/03 10:33:01 UTC
Re: SSL Client Auth. Example
The file is a java keystore file, you can create one from a certificate with the command
keytool -import -alias <alias> -keystore <newkeystorefile.ks> -file <certificate.crt>
keytool is part of the Sun jdk distribution.
In general the null for the password field should be replaced with a character array representing
the server keystore password (see the client keystore field example).
Darrel Drake wrote:
> Hello Mr. Wray, I'm just a starter with SSL here so excuse my ignorance.
>
> I looked at your code, particularly this line:
>
> <<ks.load(new FileInputStream(serverCertificateFile), null);>>
>
> and I wonder how you formatted the serverCertificateFile. Is it a
> java-keytool-generated file? If so, how could you import a server
> certificate that wasn't made in java (e.g. made using the apache web-server
> tool)? I guess if you did export the server cert from your web server to a
> file you couldn't just refer to that file in this command, could you? Or
> could you? Is there any particular reason you left the password null?
>
> Darrell Drake ãã¬ã¤ã¯ã»ãã¬ã«
> IBM Japan, TRL æ¥æ¬ ã¢ã¤ï½¥ãã¼ã»ã¨ã
> +81-46-215-4175 æ±äº¬åºç¤ç 究æ
> EB92401@jp.ibm.com
>
> From: nathanwray <nw...@mich.com> on 2000/10/24 17:59
>
> Please respond to soap-dev@xml.apache.org
>
> To: soap-dev@xml.apache.org
> cc:
> Subject: Re: SSL client Certs
>
> Jeff, attached is some client code that supports client certs. It assumes
> JSSE. This stuff is a little non-trivial to get configured properly so be
> prepared to spend some time on it. All the real work happens in the JSSE
> libs.
>
> You'll need to set up the server to require specific client certs, this is
> an Apache config issue but I think it's pretty well documented if you look
> around. YMMV.
>
> This is based on some demo code I got from Chris Barrett at Thyron Ltd.,
> and I think he based it off someone else's work. Kudos to those involved.
>
> -Nathan
>
> "Simpson, Jeff" wrote:
>
> Does Secure SOAP support certs on both the Server and the Client. We want
> to issue our clients certs and require them when they connect
>
> Jeffrey V. Simpson
> Senior Software Engineer
> iFINANCE
> Phone: 202.833.4949
> Fax: 202.833.3819
> URL: http://www.ifinance.com
>
> --
> Nathan Wray
> nwray@mich.com
> --
> If you lend someone $20, and never see that
> person again, it was probably worth it.
>
> (See attached file: ClientWithCertExample.java)
>
> ------------------------------------------------------------------------
> Name: ClientWithCertExample.java
> ClientWithCertExample.java Type: JAVA File (application/x-unknown-content-type-javaFile)
> Encoding: base64
--
Nathan Wray
nwray@mich.com
--
|
| "Currently, developers struggle to
| make their distributed applications
| work across the Internet when
| firewalls get in the way.
| [...]
| Since SOAP [Simple Object Access Protocol]
| relies on HTTP as the transport
| mechanism, and most firewalls allow
| HTTP to pass through, you'll have no
| problem invoking SOAP endpoints
| from either side of a firewall."
|
| -- Microsoft, on how SOAP uses HTTP
| tunneling to circumvent network security
|
| http://msdn.microsoft.com/library/periodic/period00/soap.htm
|