[jbossws-users] [JBossWS] - Ignore certificate validation in client side (using JBoss4.
J2EEUser
do-not-reply at jboss.com
Fri Apr 27 11:54:59 EDT 2007
I want to use https for encryption using only Server side authentication. I created a self-signed certificated and installed it in the server.
In my client side I want to ignore the certificate validation.
I am using Jboss4.0.3sp1 application server and clientside is developed with jboss-axis client (axis-ws4ee.jar).
I tried the following options.
1. Created trustmanager to accept anycertificates and initialized sslcontext with my own trust manager
sample code
======
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {return null; }
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {}
}
} ;
SSLContext context;
context = SSLContext.getInstance("SSL");
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
============
2. Tried to set the AxisProeprties to sunfaketrustFactory
AxisProperties.setProperty("axis.socketSecureFactory" ,"org.apache.axis.components.net.SunFakeTrustSocketFactory");
None of the above are working.
Looks like SunFakeTrustSocketFactory class was removed in JBoss4.0.3sp1- axis-ws4ee.jar and it was availble in JBoss4.0.2- axis-ws4ee.jar
I need to fix this issue ASAP as our product needs to be released next week.
Any tip will be appreciate.
Thanks in advance,
RR
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041456#4041456
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041456
More information about the jbossws-users
mailing list