Security and web services

I’m implementing an external Web service and received a truststore and certificate from the external party. Along with this they supplied the following property settings to be defined within Java:
“javax.net.ssl.trustStore”, “cacerts.dat”
“javax.net.ssl.keyStore”, “12345.00004.cert”
“javax.net.ssl.keyStoreType”, “pkcs12”
“javax.net.ssl.keyStorePassword”, “password”

My questions are the following:
1 - Where can I define the truststore?
2 - Does mediator support pkcs12

I assume that for the rest I can use the documentation “Specifying a Default Keystore for the Component Factory” to get it to work.

Any help and advice is appreciated.

Hello mn_42,

First of all, you need to install the stores sent to you on the machine hosting the Mediator runtime. Depending on the Java version you are running their may be an additional Java package you need to install. For Java 1.3, you should download JSSE 1.0.2. If you are running Java 1.4 there are no additional requirements.
Since you have already received all the necessary trust- and keystores you can then proceed to install them using the pkcs12import tool provided in your Java installation.
The necessary java properties can be defined in the Java options section of your component factory configuration. The format for defining JVM properties is -D[property name]=[value].

Regards,

- Matthew G.

Hi Matthew,

Well, I’ve tried my best with the JSSE description (I’m using Java 1.4) and tried to use the keytool to import the keys. Since I’m constantly running into errors the supplier of the trust- and keystores advised me to use the properties which in a normal Java application would work without a problem. They have supplied the provided cacert.dat and keystore to other customers too. So, I’m sitting in the middle now where they say there information is correct but I’m getting errors with the keytool.

What I tried is to define the properties with the -D option, but that didn’t help. I’m still getting the same Java error from Mediator (Exception: “javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found” in sequence)

I’ve also pointed the hosts.policy file (Mediator) to the supplied cacerts.dat file, but then Mediator won’t start anymore.

I’m stuck and don’t know what to do next. Maybe you can help me a little further. If necessary I can provide you with the cacerts.dat, keyfile (+ password) and WSDL.

Best regards,

Marcel

Hello Marcel,

I think you may be experiencing a limitation in the Axis version we utilize in Mediator to perform SOAP communications. The version you are using employs AXISv1.1B. HTTPS communications is listed however on the Axis requirement list, to be completed in AXISv1.2B.
We are in the process of putting together a patch for XBDv731 which includes AXISv1.2B so if you could please send the WSDL and security files I could test it in this newer version for you.
Thanks,

- Matthew G.

Hello Marcel,

Thank you for sending the wsdl and all the truststore/keystore information. I believe the ssl is working correctly although I am receiving the same error you had initially.
The problem appears to be the truststore which you sent along. I don’t think java is able to access the certificates without the correct password. The password you sent is only applicable for the keystore. Normally I would export such certificates from the delivered truststore and import them into my own.
Could you please check to see if they perhaps forgot to send the password.
Regards,

- Matthew G.