users@jax-rpc.java.net

Re: HTTP-Basic authentication over SSL

From: Andy Wolf <andy.wolf_at_schwaben.de>
Date: Sat, 19 Jun 2004 12:21:57 +0200

Hello,

Sharib Anis wrote:
> I did everything as required (at least that's what I think), from here
> (http://java.sun.com/webservices/docs/1.0/tutorial/doc/JAXRPC7.html) and
> your mail, but during runtime, I get this nagging exception:
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Couldn't find trusted
> certificate
>
> I have set up a client keystore and have also imported the server
> certificate (as trusted) into it. I'm using this keystore as a
> truststore. My client and server are running on different machines. I'm
> not sure if the problem is on the client or server side. Also, I'm not
> sure if it's a truststore issue. I tried to use JRE (cacerts)
> truststore, but that didn't help either.

well, first of all, let's talk about client and server side separately.
On the server side you ought to get SSL working which you should be able
to verify with a web browser by connecting to https://servername:port/.

Caution: Mozilla does NOT work with JWSDP 1.3 and SSL ! There is an
error in the old Tomcat version that is part of the developer pack...

When SSL works you can go on and configure authentication for a certain
context. You should get an authentication popup when connecting with a
web browser. Try to log on and see if authentication works as expected.

If you would like to use a client-side certificate for authentication
purposes please try username and password first...

Now on the client-side of your web service communication you should
first try SSL without authentication and if that works you can go on
with username and password and then try the client-certificate.

For connecting to your SSL-based Web Service you ought to export the
public key of the server from the keystore on the server into a file and
import that file into the truststore on your client. Please also
generate a client certificate in a keystore file on the client, so that
you end up with a truststore and a keystore. Configure your client code
to use them.

So far for now. Let me know if this works or if there are any problems...


Andy


PS: The server certificate should have the alias jwsdp

PPS: keytool -genkey -keystore C:\temp\.keystore -keypass somepass
-storepass somepass -keyalg RSA -validity 365 -alias jwsdp -dname
"CN=localhost, OU=myou, O=myorg, L=myloc, S=mystate, C=myc"


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net