Can we connect to windows-azure mobile service from a java client as mentioned in the below url ?
http://msdn.microsoft.com/en-us/library/windowsazure/jj710106.aspx
because when i connected it is giving me 403 error. I was able to connect with application key but not with the auth header.
Please help
OF course you can.
403 ERROR is Authentication Error.
Do you add the client Certificate to the header?
You need upload a Certificate to Windows Azure.
Then use add this certificate to your https request.
For how to upload certificate please refer to :
http://msdn.microsoft.com/en-us/library/windowsazure/gg551722.aspx
How to add client cer to http reqeust header:
Java client certificates over HTTPS/SSL
Related
I am writing a java rest-client to fetch data from the web App. I am trying to use client authentication(login using client certificate) mechanism using spring's RestTemplate to get authenticated on server.
Here are the steps that I did.
Server side:
Configure the web server to allow certificate based login. Set "clientAuth"= "want" in server.xml
Create a clients x509 certificate and add it into servers truststore.
Client Side
Initialize RestTemplate with clients trustStore and keyStore. For this I used org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.
AuthSSLProtocolSocketFactory is initialized with client keystore in PKCS12 format, and client truststore (jks format).
Code looks like this:
CommonsClientHttpRequestFactory factory = (CommonsClientHttpRequestFactory) restTemplate.getRequestFactory();
HttpClient client = factory.getHttpClient();
client.getState().setAuthenticationPreemptive(false);
Protocol myHttps = new Protocol(HTTPS, secureProtocolSocketFactory, DEFAULT_HTTPS_PORT);
Protocol.registerProtocol(HTTPS, myHttps);
client.getHostConfiguration().setHost("localhost", DEFAULT_HTTPS_PORT, myHttps);
When I am making rest calls into server I am expecting the request to get authenticated by certificate. But I am getting http 403-forbidden error. It seems that restTemplate is trying to authenticate the request by basicCredentials, where my intent is to authenticate using certificate.
Following is the output logged by http client:
MultiThreadedHttpConnectionManager:390 - HttpConnectionManager.getConnection: config = HostConfiguration[host=https://<server-ip>], timeout = 0
MultiThreadedHttpConnectionManager$ConnectionPool:739 - Allocating new connection, hostConfig=HostConfiguration[host=<server-ip>]
HttpMethodDirector:160 - Preemptively sending default basic credentials
HttpMethodDirector:277 - Authenticating with BASIC <any realm>#<server-ip>:443
HttpMethodParams:355 - Credential charset not configured, using HTTP element charset
HttpConnection:691 - Open connection to 10.112.253.152:443
HttpMethodBase:1235 - Adding Host request header
RestTemplate:559 - GET request for "https://<server-ip>:443/url/" resulted in 403 (Forbidden)
Is there anything else that needs to be configured on RestTemplate to get authenticated using client certificate?
Background
I have a .NET console application client that consumes a Java RESTful Service with TLS Client Authentication enabled (aka Mutual Authentication).
It should be the reverse of this SSL Socket between .Net and Java with client authentication
Problem
I am always getting this error: Could not establish trust relationship for the SSL/TLS secure channel
I have no idea how to configure this correctly both on the client and server.
Steps Performed
The .NET console application is already including the CA, intermediate, and server certificates but the same error is being thrown.
I provided the server a Certificate Signing Request (CSR).
The server signed and provided a signed certificate back to me. The signed certificate is being included in the communications between the client and the server. However, the same error is being thrown.
Can anyone enlighten me on how to get a successful handshake?
This has been resolved.
Here are the steps:
Create a Certificate Signing Request (CSR).
Have the CSR signed by the server.
Get the signed certificate.
Include the signed certificate in the HTTP request.
Make sure to put the Self-Signed CA Certificate in the Local Computer's Trusted Root CA store.
Troubleshooting steps in order (do not skip if a certain step is not successful):
Test with HTTP
Test with HTTPS (one-way authentication)
Test with HTTPS (mutual authentication)
I am working with docusign demo account and successfully getting callbacks on http (port 80) from connect listener. I have now purchased and installed the SSL certificates on server and able to access the callback link from inside and outside the network. When I changes the http:// link on connect service configuration to https://, it gives me the following error:
https://esign/api/event/envelop-event-occured ::
Error - The request was aborted: Could not create SSL/TLS secure
channel.
Anybody who can help me with this will be highly appreciated!
Callbacks from DocuSign must be using https with TLS 1.1 or above.
Please read here for more information about that - https://developers.docusign.com/esign-rest-api/guides/mutual-tls-intro
I am able to connect to https url using java. But my concern is to log in to a SSL website by providing username and password. I have done it using the PostMethod of HTTP Client, but not sure how the same can be achieved for HTTPS URL's?
I have a certificate. pfx to access a webservice.
I followed the steps listed on this page
When looking at the xml sent is encrypted.
But the server returns me the message:
The page requires a client certificate
.........
HTTP/1.1 403 Forbidden
.......
Server Microsoft-IIS/6.0
I can see the definition of this server from the browser if I have this certificate installed (the certificate is correct).
Also I have to use username and password to see the definition of service.
In the Trustor I have the server certificate.
I'm programming in java and use axis, any ideas why I am getting this error?
You need to configure your Axis client to inclue a client certificate with your outgoing request. This is different from server certificates which are more common. This post gives good info on setting up client certs in Java:
This is the solution:
System.setProperty(“javax.net.ssl.keyStore”, “path/keystore.jks”);
System.setProperty(“javax.net.ssl.keyStorePassword”, “pass”);
System.setProperty(“javax.net.ssl.keyStoreType”, “PKCS12″);
System.setProperty(“javax.net.ssl.trustStore”, “path/trusstore.jks”);
System.setProperty(“javax.net.ssl.trustStorePassword”, “pass”);
System.setProperty(“com.sun.net.ssl.dhKeyExchangeFix”, “true”);