• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JaxWs https and certificates

 
Ranch Hand
Posts: 241
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I followed the https example of jax-ws ri. I generated the client.keystore. Where do I put it?

Thanks,
John.
 
Bartender
Posts: 2968
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
According to this document (Accessing Web Service via SSL) you have to first import the certificate into a client truststore


and then set some client properties

[ December 02, 2008: Message edited by: Peer Reynders ]
 
John Landon
Ranch Hand
Posts: 241
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Thanks for rapid answer. This document is great but I am not using axis2 but jax-ws ri.
These are the steps I followed:

* Create self-signed certificate keystore/truststore for client and server.
cd $JAXWS_HOME/samples/fromwsdl_secure/etc/certs

--Generate a self-signed cert for tomcat server

keytool.exe -genkey -alias self -keyalg RSA -storepass server -keypass server -dname "cn=localhost" -keystore tomcat.keystore

Note: The use of localhost indicates that client and server are running on the same machine. If the server is on a remote machine
the server fully qualified domain name will be used.

--Now for the client export self-signed key from the server tomcat.keystore to give to the client
as a certificate to import.

keytool.exe -export -rfc -alias self -file tomcat.certificate -keystore tomcat.keystore -storepass server -keypass server

--On the client, import the tomcat.certificate into a client created keystore.

keytool.exe -import -noprompt -trustcacerts -alias self -file tomcat.certificate -keystore client.keystore -storepass client

Note: -keystore option creates the client.keystore file.



So now I have 3 files client.keystore, tomcat.certificate, tomcat.keystore.
The last is being picked up by the service itself. But my problem is that the client (by the way I am using C# for the client) gives me:
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
What do I do?

Thanks.
 
Peer Reynders
Bartender
Posts: 2968
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by John Landon:
But my problem is that the client (by the way I am using C# for the client)


I was wondering about that ...

The truststore is a Java artifact.

I expect that you have it install the certificate on the client .NET configuration to indicate

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication for .NET 1.1, 2.0

To install the client-side certificate

  • To view the certificate, start Windows Explorer, navigate to the .cer file saved in the previous procedure, and then double-click it.
  • Click Install Certificate, and then click Next on the first page of the Certificate Import Wizard.
  • Select Automatically select the certificate store based on the type of certificate, and then click Next.
  • Click Finish to complete the wizard. Dismiss the confirmation message box, and then click OK to close the certificate.


  •  
    John Landon
    Ranch Hand
    Posts: 241
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    So I'll be able to work with Java server and c# client?
     
    Peer Reynders
    Bartender
    Posts: 2968
    6
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    If this is just about SSL/TLS then there is some hope.

    This may be slightly more helpful than the previous reference (which only installs the certificate for IE :roll: ).
    Support Certificates In Your Applications With The .NET Framework 2.0
    [ December 03, 2008: Message edited by: Peer Reynders ]
    reply
      Bookmark Topic Watch Topic
    • New Topic