Subject:Certificate error Author:Frans Rijkers Date:22 Dec 2007 10:57 AM
Hit There,
I'm trying to connect to a webservice that requires a certificate om my server. I have the certificate installed correctly. But Stylus Studio doesn't seem to recognize it. The error message I get is:
"Encountered an I/O error in URL [https://...]. A certificate is required to complete client authentication.". I can workaround it by importing the WSDL locally, but then again, I cannot connect to the service. All I can find is the scenario settings for username password. But where is the certificate store?? (Like in SOAPUI, where you can set a path to your certificate and enter the password)
I cannot believe that Stylus Studio cannot handle certificates.
(At least, I hope not, because in that cese I wasted some momey...;-( )
I hope you can help me out, so I can get on with my project.
Regards,
Frans Rijkers
Tappan Communicatie
Subject:Certificate error Author:(Deleted User) Date:24 Dec 2007 12:19 PM
Hi Frans,
Stylus Studio doesn't require the user to specify the location of the certificates, but it reuses the ones already loaded in the JVM. Have a look at this thread for more informations about how loading your certificates: http://www.stylusstudio.com/SSDN/default.asp?action=9&fid=23&read=6125
Subject:Certificate error Author:Frans Rijkers Date:27 Dec 2007 04:49 PM
Hi Alberto,
I managed to import my certificate with Keytool, but it doesn't help.
I don't think this is the solution, because I can only import the public part of my certificatel; and I need my private key (p12) for the connection.
I placed the wsdl on a http-connection, that works as a workaround for the first part. Bur when I do a webservicecall, nothing happens when I use Axis. When I use .net, I get the error message "the underlying connection was closed". That is a typical error for certificate-problems.
There has to be some kind of configuration for your webservicecalls to let SS know which private key it has to use for the connection? I cannot see how it could work without it.
Regards,
Frans Rijkers
Tappan Communicatie
frans@rijkers.nl
+31 70 3314850
Subject:Certificate error Author:(Deleted User) Date:28 Dec 2007 06:17 AM
Hi Frans,
you should never provide the private part of the certificate as part of a connection, because (as the name suggests) it is must be always kept private. What you should place in the JVM keystore is the public part of the same certificate that the server is publishing (the server will use the private part of the certificate to verify you are providing the correct certificate).
Can you display the Output window inside Stylus and tell us which error is printed by Axis?
Subject:Certificate error Author:Frans Rijkers Date:28 Dec 2007 02:18 PM
Hi Alberto,
Yes, I know what I can do with a private key :-)
But we're using a Private Key Infrastructure, I have my own certificate that I must use to authenticate. So it's not the public part of the server's certificate that I'm referring to, but my own certificate. My question is: how can I tell Stylus Studio which certificate it must use (I have several installed on my computer)
When you try to open the wsdl in IE, you get a popup to select your certificate. See below.
You can try it yourself: https://82.161.198.126/tmvws/services/Terugmeldvoorziening
I tried it again in SOAPUI, and there it works great, by adding the p12-file and the password in the keystore. (Even Infopath works great)
When I do a webservicecall with Axis, I get no output at all! With .net I get a full page that starts with 'underlying connection was closed'.
I hope this makes things a bit more clear.
Regards,
Frans Rijkers
Tappan Communicatie
frans@rijkers.nl
+31 70 3314850
Subject:Certificate error Author:(Deleted User) Date:03 Jan 2008 06:37 AM
Hi Frans,
we can see why the "select certificate dialog" doesn't appear, and we are fixing this problem. In order to reproduce the other issue, would it be possible for you to create a certificate for us to access the server and send it to stylus-field-report@progress.com?
Subject:Certificate error Author:Frans Rijkers Date:06 Jan 2008 01:42 PM
Hi Alberto,
The fix works great for importing the wsdl; thanks!
I ordered a test certificate for you. (I am not allowed to send you mine, and it's a PKI certificate so it has to be signed by a TTP) It will take a few days before I get it back from the CA. As soon as I have it back, I'll have it authorised and send it to you.
Regards,
Frans Rijkers
Tappan Communicatie
frans@rijkers.nl
+31 70 3314850