Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JaxWs https and certificates

 
John Landon
Ranch Hand
Posts: 228
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I followed the https example of jax-ws ri. I generated the client.keystore. Where do I put it?

Thanks,
John.
 
Peer Reynders
Bartender
Posts: 2968
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to this document (Accessing Web Service via SSL) you have to first import the certificate into a client truststore


and then set some client properties

[ December 02, 2008: Message edited by: Peer Reynders ]
 
John Landon
Ranch Hand
Posts: 228
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Thanks for rapid answer. This document is great but I am not using axis2 but jax-ws ri.
These are the steps I followed:
* Create self-signed certificate keystore/truststore for client and server.
cd $JAXWS_HOME/samples/fromwsdl_secure/etc/certs

--Generate a self-signed cert for tomcat server

keytool.exe -genkey -alias self -keyalg RSA -storepass server -keypass server -dname "cn=localhost" -keystore tomcat.keystore

Note: The use of localhost indicates that client and server are running on the same machine. If the server is on a remote machine
the server fully qualified domain name will be used.

--Now for the client export self-signed key from the server tomcat.keystore to give to the client
as a certificate to import.

keytool.exe -export -rfc -alias self -file tomcat.certificate -keystore tomcat.keystore -storepass server -keypass server

--On the client, import the tomcat.certificate into a client created keystore.

keytool.exe -import -noprompt -trustcacerts -alias self -file tomcat.certificate -keystore client.keystore -storepass client

Note: -keystore option creates the client.keystore file.


So now I have 3 files client.keystore, tomcat.certificate, tomcat.keystore.
The last is being picked up by the service itself. But my problem is that the client (by the way I am using C# for the client) gives me:
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
What do I do?

Thanks.
 
Peer Reynders
Bartender
Posts: 2968
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by John Landon:
But my problem is that the client (by the way I am using C# for the client)

I was wondering about that ...

The truststore is a Java artifact.

I expect that you have it install the certificate on the client .NET configuration to indicate

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication for .NET 1.1, 2.0

To install the client-side certificate
  • To view the certificate, start Windows Explorer, navigate to the .cer file saved in the previous procedure, and then double-click it.
  • Click Install Certificate, and then click Next on the first page of the Certificate Import Wizard.
  • Select Automatically select the certificate store based on the type of certificate, and then click Next.
  • Click Finish to complete the wizard. Dismiss the confirmation message box, and then click OK to close the certificate.


  •  
    John Landon
    Ranch Hand
    Posts: 228
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    So I'll be able to work with Java server and c# client?
     
    Peer Reynders
    Bartender
    Posts: 2968
    6
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    If this is just about SSL/TLS then there is some hope.

    This may be slightly more helpful than the previous reference (which only installs the certificate for IE :roll: ).
    Support Certificates In Your Applications With The .NET Framework 2.0
    [ December 03, 2008: Message edited by: Peer Reynders ]
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic