Loading ...
Sorry, an error occurred while loading the content.

1912Re: [soaplite] SOAP and SSL Client Certificates

Expand Messages
  • simon.fairey@ft.com
    Oct 10, 2002
      Thanks for all the help, greatly appreciated. From looking at things I think I'm going to go with a "https://user:pass@blah" type of access as that should be sufficient security and especially as the client will ultimately be written by someone else using Python. I wanted to try and get the Perl client working to test it and think I still may try and get the certs to work for my own peace of mind anyway :-)

      Thanks again


      Ajit Deshpande <ajit@...>
      Sent by: Ajit Deshpande <ajit@...>

      09/10/2002 15:54

              To:        Byrne Reese <breese@...>
              cc:        Simon.Fairey@..., John Hartnup <john@...>, SOAP Lite Mailing List <soaplite@yahoogroups.com>
              Subject:        Re: [soaplite] SOAP and SSL Client Certificates

      On Wed, Oct 09, 2002 at 08:22:51AM -0700, Byrne Reese wrote:
      > [..]
      > the service via HTTPS. As for client certificate based authentication...
      > let me get back to you. We solved this at GCC, but I have to dig through
      > some code. Let me ping an engineer who got this working and see if he
      > can help.

      Concidentally, I was just researching this yesterday! i.e. how to do SSL
      Client Certificate authentication from a perl client using SOAP::Lite.
      And my research led to the same conclusion as yours above:
      i.e. simply use an https://blah as your proxy for the SSL connection.

      Now, as regards the Client certificate, the trick seems to lie in
      the declaring an environment variable. The following is from the
      Crypt::SSLeay documentation:

      use LWP::UserAgent;
      my $ua = new LWP::UserAgent;
      my $req = new HTTP::Request('GET', 'https://www.nodeworks.com');
      my $res = $ua->request($req);
      print $res->code."\n";

      $ENV{HTTPS_PROXY} = 'http://proxy_hostname_or_ip:port';

      $ENV{HTTPS_PROXY_USERNAME} = 'username';
      $ENV{HTTPS_PROXY_PASSWORD} = 'password';

      $ENV{HTTPS_VERSION} = '3';

      $ENV{HTTPS_CERT_FILE} = 'certs/notacacert.pem';
      $ENV{HTTPS_KEY_FILE}  = 'certs/notacakeynopass.pem';

      $ENV{HTTPS_CA_FILE}   = 'certs/ca.crt';
      $ENV{HTTPS_CA_DIR}    = 'certs/';


      I haven't yet implemented the system -- but just thought I'd share this
      with the list, since it was quite frustratting to track down the above
      information for me :)

      Maybe, we could put in a blurb in SOAP::Lite documentation. Also, there
      needs to be a blurb in the LWP::UserAgent documentation -- because that
      is where people first start looking.


      This email may contain confidential material. If you were not an
      intended recipient, please notify the sender and delete all copies.
      We may monitor email to and from our network.
    • Show all 9 messages in this topic