users@jax-rpc.java.net

RE: HTTP-Basic authentication over SSL

From: Sharib Anis <sharib.anis_at_wilabs.com>
Date: Tue, 22 Jun 2004 16:09:58 +0800

I found the solution for this too. As I suspected, you have enable SSL
on the client tomcat as well.

Thanks for your help.

Thanks and Regards,
Sharib Anis
Senior Research Engineer
Wireless Intellect Labs Pte Ltd
A MobileOne Company
http://www.wilabs.com
sharib.anis_at_wilabs.com
DID: +65-6843 8672; Fax: +65-6560-4950 (TZ: +0800 GMT)

There are 10 kinds of people in the world, those who understand binary
and those who don't.

DISCLAIMER: This email (including any attachments) is intended for the
recipient(s) named above and may contain information that is
confidential
to Wireless Intellect Labs Pte Ltd. Any use of the information
(including,
but not limited to, total or partial reproduction, distribution or
dissemination in any form) by persons other than the intended
recepient(s)
is prohibited. If you are not an intended recipient of this email,
please
notify the sender immediately and delete it. Any views expressed in this

message are those of the individual sender, except where the sender
states
them, with requisite authority, to be those of Wireless Intellect Labs
Pte Ltd.


-----Original Message-----
From: Sharib Anis [mailto:sharib.anis_at_wilabs.com]
Sent: 22 June 2004 10:45
To: users_at_jax-rpc.dev.java.net
Subject: RE: HTTP-Basic authentication over SSL


Hello Andy,

I did get past all the steps you mentioned. But still had the problem.
It seems the key to solving it lies in configuring the client properly.
There are a couple of more steps involved than usually mentioned. This
place puts it all together properly:

http://forum.java.sun.com/thread.jsp?forum=331&thread=305036&message=122
1830

However I have another issue now. The access is fine from a standard
java client. But if I change my client to a servlet running in a tomcat,
I see the same issue again. Any ideas? Do I need to enable SSL on this
client tomcat too?

Thanks and Regards,
Sharib Anis
Senior Research Engineer
Wireless Intellect Labs Pte Ltd
A MobileOne Company
http://www.wilabs.com
sharib.anis_at_wilabs.com
DID: +65-6843 8672; Fax: +65-6560-4950 (TZ: +0800 GMT)

There are 10 kinds of people in the world, those who understand binary
and those who don't.

DISCLAIMER: This email (including any attachments) is intended for the
recipient(s) named above and may contain information that is
confidential
to Wireless Intellect Labs Pte Ltd. Any use of the information
(including,
but not limited to, total or partial reproduction, distribution or
dissemination in any form) by persons other than the intended
recepient(s)
is prohibited. If you are not an intended recipient of this email,
please
notify the sender immediately and delete it. Any views expressed in this

message are those of the individual sender, except where the sender
states
them, with requisite authority, to be those of Wireless Intellect Labs
Pte Ltd.


-----Original Message-----
From: Andy Wolf [mailto:andy.wolf_at_schwaben.de]
Sent: 19 June 2004 18:22
To: users_at_jax-rpc.dev.java.net
Subject: Re: HTTP-Basic authentication over SSL


Hello,

Sharib Anis wrote:
> I did everything as required (at least that's what I think), from here
> (http://java.sun.com/webservices/docs/1.0/tutorial/doc/JAXRPC7.html)
> and your mail, but during runtime, I get this nagging exception:
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Couldn't find trusted
> certificate
>
> I have set up a client keystore and have also imported the server
> certificate (as trusted) into it. I'm using this keystore as a
> truststore. My client and server are running on different machines.
> I'm not sure if the problem is on the client or server side. Also, I'm

> not sure if it's a truststore issue. I tried to use JRE (cacerts)
> truststore, but that didn't help either.

well, first of all, let's talk about client and server side separately.
On the server side you ought to get SSL working which you should be able

to verify with a web browser by connecting to https://servername:port/.

Caution: Mozilla does NOT work with JWSDP 1.3 and SSL ! There is an
error in the old Tomcat version that is part of the developer pack...

When SSL works you can go on and configure authentication for a certain
context. You should get an authentication popup when connecting with a
web browser. Try to log on and see if authentication works as expected.

If you would like to use a client-side certificate for authentication
purposes please try username and password first...

Now on the client-side of your web service communication you should
first try SSL without authentication and if that works you can go on
with username and password and then try the client-certificate.

For connecting to your SSL-based Web Service you ought to export the
public key of the server from the keystore on the server into a file and

import that file into the truststore on your client. Please also
generate a client certificate in a keystore file on the client, so that
you end up with a truststore and a keystore. Configure your client code
to use them.

So far for now. Let me know if this works or if there are any
problems...


Andy


PS: The server certificate should have the alias jwsdp

PPS: keytool -genkey -keystore C:\temp\.keystore -keypass somepass
-storepass somepass -keyalg RSA -validity 365 -alias jwsdp -dname
"CN=localhost, OU=myou, O=myorg, L=myloc, S=mystate, C=myc"


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net