File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes JaxWs https and certificates Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "JaxWs https and certificates" Watch "JaxWs https and certificates" New topic
Author

JaxWs https and certificates

John Landon
Ranch Hand

Joined: Sep 25, 2008
Posts: 227
Hi,
I followed the https example of jax-ws ri. I generated the client.keystore. Where do I put it?

Thanks,
John.
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2906
According to this document (Accessing Web Service via SSL) you have to first import the certificate into a client truststore


and then set some client properties

[ December 02, 2008: Message edited by: Peer Reynders ]

"Don't succumb to the false authority of a tool or model. There is no substitute for thinking."
Andy Hunt, Pragmatic Thinking & Learning: Refactor Your Wetware p.41
John Landon
Ranch Hand

Joined: Sep 25, 2008
Posts: 227
Hi,
Thanks for rapid answer. This document is great but I am not using axis2 but jax-ws ri.
These are the steps I followed:
* Create self-signed certificate keystore/truststore for client and server.
cd $JAXWS_HOME/samples/fromwsdl_secure/etc/certs

--Generate a self-signed cert for tomcat server

keytool.exe -genkey -alias self -keyalg RSA -storepass server -keypass server -dname "cn=localhost" -keystore tomcat.keystore

Note: The use of localhost indicates that client and server are running on the same machine. If the server is on a remote machine
the server fully qualified domain name will be used.

--Now for the client export self-signed key from the server tomcat.keystore to give to the client
as a certificate to import.

keytool.exe -export -rfc -alias self -file tomcat.certificate -keystore tomcat.keystore -storepass server -keypass server

--On the client, import the tomcat.certificate into a client created keystore.

keytool.exe -import -noprompt -trustcacerts -alias self -file tomcat.certificate -keystore client.keystore -storepass client

Note: -keystore option creates the client.keystore file.


So now I have 3 files client.keystore, tomcat.certificate, tomcat.keystore.
The last is being picked up by the service itself. But my problem is that the client (by the way I am using C# for the client) gives me:
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
What do I do?

Thanks.
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2906
Originally posted by John Landon:
But my problem is that the client (by the way I am using C# for the client)

I was wondering about that ...

The truststore is a Java artifact.

I expect that you have it install the certificate on the client .NET configuration to indicate

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication for .NET 1.1, 2.0

To install the client-side certificate
  • To view the certificate, start Windows Explorer, navigate to the .cer file saved in the previous procedure, and then double-click it.
  • Click Install Certificate, and then click Next on the first page of the Certificate Import Wizard.
  • Select Automatically select the certificate store based on the type of certificate, and then click Next.
  • Click Finish to complete the wizard. Dismiss the confirmation message box, and then click OK to close the certificate.


  • John Landon
    Ranch Hand

    Joined: Sep 25, 2008
    Posts: 227
    So I'll be able to work with Java server and c# client?
    Peer Reynders
    Bartender

    Joined: Aug 19, 2005
    Posts: 2906
    If this is just about SSL/TLS then there is some hope.

    This may be slightly more helpful than the previous reference (which only installs the certificate for IE :roll: ).
    Support Certificates In Your Applications With The .NET Framework 2.0
    [ December 03, 2008: Message edited by: Peer Reynders ]
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: JaxWs https and certificates
     
    Similar Threads
    Using SSL in JSP
    secure web based mail
    XML-RPC
    Servlet and data security and authantication
    What is HTTPS