users@glassfish.java.net

Re: secure web service using mutual certificate security

From: Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Mon, 18 Apr 2011 17:30:06 +0530

make sure the JVM options javax.net.ssl.keyStore and javax.net.ssl.trustStore are pointing to your keystore and truststore.

On 18-Apr-2011, at 4:44 PM, forums_at_java.net wrote:

> hello, i need help making secure web sevice using MCS (mutual certificate
> security). I use Glassfish 3.0.1 server. I dont wont to use glassfish
> keystore and truststore, i wont to use mine. So i made server and client
> keystore and truststore using this commands:
> keytool -genkeypair -alias kljuc_server -keyalg RSA -validity 7 -keystore
> keystoreS.jks // making server keys
> keytool -genkeypair -alias kljuc_klijent -keyalg RSA -validity 7 -keystore
> keystoreC.jks // making client keys
> keytool -export -alias kljuc_server -keystore keystoreS.jks -rfc -file
> if_certifikat.cer // making server certificate
> keytool -export -alias kljuc_klijent -keystore keystoreC.jks -rfc -file
> ic_certifikat.cer // making client certificate
> keytool -import -alias kljuc_server -file if_certifikat.cer -keystore
> truststoreC.jks // puting server certificate to client truststore
> keytool -import -alias kljuc_klijent -file ic_certifikat.cer -keystore
> truststoreS.jks // puting client certificate to server truststore
> then i change secure properties in web service and web service client to
> point to mine keystore and truststore:
>
> web service properties:
>
> keystore -> keystoreS.jks (alias -> kljuc_server)
>
> truststore -> truststoreS.jks (alias disabled, i cant set it)
>
> web service client properties:
>
> keystore -> keystoreC.jks (alias -> kljuc_klijent)
>
> truststore -> truststoreC.jks (alias -> kljuc_server)
>
>
>
> when i run jsp on client application i get this error:
> SEVERE: WSS1533: Validation of self signed certificate failed.
> SEVERE: WSITPVD0035: Error in Verifying Security in Inbound Message.
> what else should i do?
>
>
> --
>
> [Message sent by forum member 'bkova987']
>
> View Post: http://forums.java.net/node/792888
>
>