0 Replies Latest reply on Apr 27, 2007 11:54 AM by JBoss User

    Ignore certificate validation in client side (using  JBoss4.

    JBoss User Newbie

      I want to use https for encryption using only Server side authentication. I created a self-signed certificated and installed it in the server.
      In my client side I want to ignore the certificate validation.
      I am using Jboss4.0.3sp1 application server and clientside is developed with jboss-axis client (axis-ws4ee.jar).
      I tried the following options.
      1. Created trustmanager to accept anycertificates and initialized sslcontext with my own trust manager
      sample code
      TrustManager[] trustAllCerts = new TrustManager[] {
      new X509TrustManager() {
      public java.security.cert.X509Certificate[] getAcceptedIssuers() {return null; }
      public void checkClientTrusted(
      java.security.cert.X509Certificate[] certs, String authType) {}
      public void checkServerTrusted(
      java.security.cert.X509Certificate[] certs, String authType) {}
      } ;
      SSLContext context;
      context = SSLContext.getInstance("SSL");
      2. Tried to set the AxisProeprties to sunfaketrustFactory
      AxisProperties.setProperty("axis.socketSecureFactory" ,"org.apache.axis.components.net.SunFakeTrustSocketFactory");

      None of the above are working.
      Looks like SunFakeTrustSocketFactory class was removed in JBoss4.0.3sp1- axis-ws4ee.jar and it was availble in JBoss4.0.2- axis-ws4ee.jar
      I need to fix this issue ASAP as our product needs to be released next week.
      Any tip will be appreciate.
      Thanks in advance,