How to extracts additional info from SSL certificate to allow access to WebService client on WAS

For explaining my situation, I will start with an example.

Let's say there are two WS(WebService) clients A & B with trusted certificates. Now in normal excecution when both A & B make a call to WAS(Websphere application server) through SSL where my WebServices reside, WAS trusts both of them because of their trusted certificates and alows access to required WS.

What we like to have is to allow only A not B to access WS on WAS, so after certificates verification is it possible to extracts user info (from WAS admin or Java way)which will be mapped to role defined in WAS for accessing WS

Asked by: Melissa119 | Posted: 23-01-2022

Answer 1

Sounds like rather than programming this into the application you could just use a revocation model instead. SSL was designed so that a certificate authority (presumably you in this case) could revoke certificates, so why not use that instead?

It's difficult to give you any concrete advice without knowing what platform you're on or how you're doing all your SSL connections and such, but setting up a central CA that signs all the certs that go out and maintaining a revocation list sounds like it would work just fine. You wouldn't need to add anything to the application either (other than dropping non-valid SSL connections).

Answered by: John573 | Posted: 24-02-2022

Similar questions

java - Connect to SSL certificate secured WebService from WebSphere

we have WAS (Websphere Application Server) 7 web service, that is somekind of proxy to other party SSL secured WebService. When using our WebService (Client) outside WAS (for example using eclipse) it will connect with no problem, but not inside WAS. I have also created test service that is using function to print other party WebService (Server) wsdl. public void testSSL() { URL u; InputStream ...

java - Consuming https webservice with .pfx certificate in netbeans

I have a .pfx certificate from a client am supposed to consume his service. Each time i try to consume the service in my java application, my netbeans gives me an error 403 telling me to check the wsdl file or if the server is running. Please can anyone give me steps on how to consume this service without getting this error? Am using tomcat 6.0.29 and netbeans 6.9

rest - How to connect to RESTFul webservice using SSL certificate in java

I want to connect to a RESTFul web service which uses SSL certificate authentication. When i use the same url in my browser, it works. But when i write a code in java it does not, not sure what am i missing? looks like i am not passing certificate, are there any inbuilt apis which can do that for me? Below is my code, URL url = new URL("SomeURL"); HttpsURLConnection con = (HttpsURLConnection) url.openConn...

web services - Connect to webservice with certificate from java

I am connecting to a webservice from a java program. The webservice requires a certificate in order to give me back any data. I have not managed to set up the certificate connection with my java code. Instead I have used something called Stunnel which simply creates a connection to the host with the certificate. Now I want to remove the stunnel and do everything from java. Surely this must be possible? This is the ...

java - certificate mechanism between webservice provider and consumer

What are the exact steps done by server and client to place a ssl certificate mechanism in a webservice call? Who(client/server/both) will generate .keystore,.p7b/.cer files? I have googled a lot but couldn't find the answer to it. In my case, i am the client running a java application which consumes a soap webservice call. I have a .p7b file given by WebService provider. I know where to place the files(.keystore, .cer) a...

java - How to connect to SSL Certificate Webservice without installing to keystore?

I'm trying to connect to a SSL webservice that requires a PKCS12 certificate. Question: is it possible to not installing the certificate to the local keystore, but load it dynamically during runtime? I tried as follows: static { KeyStore.getInstance("PKCS12").load(this.getClass().getClassLoader() .getResourceAsStream("myfile.p12"), "password".toCh...

java - How to add the SSL certificate in Eclipse to hit SoapUI webservice?

The SoapUI webservices I'm having are client secured with .p12 and .cer formats. When I hit the request from Eclipse, I'm getting the following console error. PKIX path building failed: unable to find valid certification path to requested target

java - I can able to consume the https webservice with the ssl certificate being added to my JVM Truststore

I'm able to consume HTTPS webservice with the ssl certiifcate being added to by JVM Trust store.I'm not getting any SSL Handshake error and How does connection is secure since i dont added any certificate. My tech stack is Sping boot, Spring MVC.

java - Problem consuming Webservice with certificate

I am having problems consuming a SOAP WebService with security that uses a certificate to encrypt the data. I am using GeneXus 17 (but I did this same test with GeneXus X Evolution 2 and 3) generating Java. I did all the necessary steps to generate the certificate and the keystore, then I added everything in the KB and in the object as specified there but it gives me the following error when executing it: &q...

security - In Java: How to handshake a secured connection using Keystore and Truststore certificate?

If I have 2 terminals A and B. T-A is connect T-B over secured socket connection. I need to write code to implement a connection between the 2 terminals. How do I do handshake such connection using Keystore and Truststore. Another word, where do I place keystore/truststore certificate file? (T-A or T-B) Any good advice or good example is greatly appreciated. Thanks

java - Does a truststore need the sub-ca certificate?

I'm trying to setup a hierarchical PKI. Can I create a truststore containing only the root ca certificate, and will that mean my application trusts certificates signed by a sub-ca certificate which is in turn signed by the root ca? As an aside, it seems that you must provide an entire certificate chain, including the root ca certificate. Surely if the root ca is trusted, the certificate shouldn't need to be sent? W...

Verify certificate against Java certificate store via CLI

How can I verify an X509 (or DER-formatted) certificate against the Java certificate store via the command line? I've looked into using the keytool utility, but it looks like it only handles import/export/display functionality (no verification). EDIT: It looks as though keytool can be used for verification, but only if an import is attempted. I suppose a better way of asking this...

java - jar resources in jnlp are not signed by the same certificate

I've been working with web start for a couple years now and have experience with signing the jars and what not. I am taking my first attempt at deploying a RCP app with web start and though I have in fact signed all of the jars with the same certificate I keep getting this error: 'jar resources in jnlp are not signed by the same certificate' Has anyone else came across this? If so, any ideas on how to fix?

java - Importing SSL Certificate into Eclipse

How do you import an SSL certificate created by java into a project in Eclipse?

java - Importing a certificate into Jetty

The overall goal here is to have jetty be configured with a client certificate to be able to call a secure SOAP web service. Does anyone know how to configure Jetty to accept a client certificate (*.cer) ? Update: I did not find an easy way to implement a solution to my problem/question, but the sole answer here technically is correct!

How to import an existing X.509 certificate and private key in Java keystore to use in SSL?

I have this in an ActiveMQ config: <sslContext> <sslContext keyStore="file:/home/alex/work/amq/broker.ks" keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts" trustStorePassword="password"/> </sslContext> I have a pair of X.509 cert and a key file. How do I import those two in order to use...

java - Mirth: calling an SSL SOAP web service with a client certificate

The scenario is around calling an external SSL SOAP web service from within Mirth. The web service is requires an SSL/TLS connection along with a client certificate. The intention is to use the built-in SOAP Sender Destination to call the remote secure web service, and somehow include that client certificate. I understand that you first need to install that client certificate into the Java runtime. This ma...

java - How can I search for a user based on a Certificate in LDAP?

How do I search for a specific user object in LDAP that has an associated x509 certificate? Do I need to encode it in a certain way? It looks like the attribute is userCertificate based on looking at JXplorer. Note: Accessing Active Directory through LDAP

java - I need to sign a binary stream with a certificate

I basically need to create a self signed certificate and then sign a binary stream with it to create a signature. I tried searching Google but i can't seem to get the right keywords for related results. Any help is appreciated.

Still can't find your answer? Check out these amazing Java communities for help...

Java Reddit Community | Java Help Reddit Community | Java Community | Java Discord | Java Programmers (Facebook) | Java developers (Facebook)