RE: Mutual SSL authentication with JAX-RPC

From: Ryan LeCompte <>
Date: Thu, 18 Nov 2004 14:25:40 -0500

I should also mention that I'm using the following code in my standalone
client app to set up SSL:
System.setProperty("", trustStorePath);
System.setProperty("", trustStorePassword);

The path here is the exact same path that I specified in the server.xml
configuration file for Tomcat5. Also, these were the steps that I used
generate the certificates and import them:

1. Generation of client keystore and import of server certificate
keytool -genkey -alias tomcat -keyalg RSA -validity 365
Keytool -export -alias tomcat -file tomcat-server.cer
Keytool -genkey -alias tomcat-client -keyalg RSA -keypass changeit
-storepass changeit -keystore sslWSCerts.keystore

(Note that sslWSCerts.keystore is in C:\ssl where server.xml is also

2. Generation of client certificate that I want the server to accept.
Keytool -genkey -keyalg RSA -alias jwsdp-client -keystore
Keytool -keystore sslWSCerts.keystore -export -alias jwsdp-client -file
Keytool -import -alias root -keystore <JAVA_HOME>/jre/lib/security/cacerts
-file client.cer
Keytool -import -alias root -keystore sslWSCerts.keystore -file client.cer

-- Ryan


From: Ryan LeCompte []
Sent: Thursday, November 18, 2004 12:33 PM
To: ''
Subject: Mutual SSL authentication with JAX-RPC

I'm trying to have my static stub JAX-RPC client communicate via SSL with a
remote web service. I'm setting the two system properties for specifying the
SSL trust store path and trust store password. The client is able to
successfully communicate via SSL when the remote web service's web server is
configured to not require client-side authentication (for example in tomcat
the configuration attribute 'clientAuth="false"' would be used). However,
when I turn on this attribute and require client-side authentication, the
JAX-RPC client fails to communicate successfully with the web service. Is
there anything else that must occur on the JAX-RPC client side when the
remote web server requires a client-side certification authentication? I'm
still new to SSL, so perhaps I have the basic concept confused. Do I have to
import another certification in the client-side keystore for this to work? I
looked in the java web services tutorial and they say that you need to
specify the following in web.xml:
However, this is a standalone JAX-RPC client that isn't running within a web
container (thus there is no web.xml).
Am I missing something here? Thank you for any suggestions...
-- Ryan

To unsubscribe, e-mail:
For additional commands, e-mail: