I followed the https example of jax-ws ri. I generated the client.keystore. Where do I put it?
and then set some client properties
[ December 02, 2008: Message edited by: Peer Reynders ]
Thanks for rapid answer. This document is great but I am not using axis2 but jax-ws ri.
These are the steps I followed:
* Create self-signed certificate keystore/truststore for client and server.
--Generate a self-signed cert for tomcat server
keytool.exe -genkey -alias self -keyalg RSA -storepass server -keypass server -dname "cn=localhost" -keystore tomcat.keystore
Note: The use of localhost indicates that client and server are running on the same machine. If the server is on a remote machine
the server fully qualified domain name will be used.
--Now for the client export self-signed key from the server tomcat.keystore to give to the client
as a certificate to import.
keytool.exe -export -rfc -alias self -file tomcat.certificate -keystore tomcat.keystore -storepass server -keypass server
--On the client, import the tomcat.certificate into a client created keystore.
keytool.exe -import -noprompt -trustcacerts -alias self -file tomcat.certificate -keystore client.keystore -storepass client
Note: -keystore option creates the client.keystore file.
So now I have 3 files client.keystore, tomcat.certificate, tomcat.keystore.
The last is being picked up by the service itself. But my problem is that the client (by the way I am using C# for the client) gives me:
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
What do I do?
Originally posted by John Landon:
But my problem is that the client (by the way I am using C# for the client)
I was wondering about that ...
The truststore is a Java artifact.
I expect that you have it install the certificate on the client .NET configuration to indicate
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication for .NET 1.1, 2.0
To install the client-side certificate
To view the certificate, start Windows Explorer, navigate to the .cer file saved in the previous procedure, and then double-click it. Click Install Certificate, and then click Next on the first page of the Certificate Import Wizard. Select Automatically select the certificate store based on the type of certificate, and then click Next. Click Finish to complete the wizard. Dismiss the confirmation message box, and then click OK to close the certificate.
This may be slightly more helpful than the previous reference (which only installs the certificate for IE :roll: ).
Support Certificates In Your Applications With The .NET Framework 2.0
[ December 03, 2008: Message edited by: Peer Reynders ]