I have been trying to SetExtensionCertificate / LoginExtensionByCertitficate and I have been able make it work. Any help or insight would be greatly appreciated.
Operating Environment:
Client: JDK 1.6 / Axis / vim25
Client Machine: Linux RHEL5 / x86
My Assumptions:
For SetExtensionCertificate:
1. We establish a SSL session with the endpoint.
2. During the SSL handshake we send a ClientCertificate to the endpoint.
3. After the SSL session has been has been established and we login with the appropriate privileges, we invoke the SetExtensionCertificate method with the extension key. The certificate sent over the handshake is used as the certificate for the extension.
For LoginExtensionCertificate:
1. We establish a SSL session with the endpoint.
2. During the SSL handshake we send a ClientCertificate to the endpoint.
3. We invoke the LoginExtensionByCertificate method to establish an authenticated session with the endpoint. The certificate used in the SSL handshake should be the same as the one used to invoke the SetExtensionMethod.
The Problem:
For the SetExtensionCertificate call to work, we would have to enable clientAuth at the server end. Is my assumption correct ? client auth howerver is not enabled at endpoint. Is there any way in which I could enable client auth at the endpoint ? At this point, I am getting errors that the SSL session does not have a client certificate associated with it:
-- Error --
faultDetail:
{urn:vim25}NoClientCertificateFault:null
Client connected without supplying a certificate.
-- Error --
Am I getting something very obvious wrong ? Pointers or directions welcome.
