25/01/2010

Updates on consuming Web Services over HTTPS

Following the post I made some time ago, Alessandro sent me an update about his own tests: Alessandro, thanks for sharing it with us .

*****
Hi, after a lot of testing, a lot of reading IBM documentation and a lot of sleepless nights on the matter described in my post above, I come to do some tests  on the Portlet Factory (it retrieved the WSDL without problems after putting the certificate in the /lib/securitycacert file) and I got a hunch: "Does the domino client have a cacert file in his JVM?"

This morning I looked into the JVM directory and I found it in \CLIENTDIR\jvm\lib\security, so, using the ikeyman.exe program in \CLIENTDIR\jvm\bin I added the certificate (in binary format) to the repository and I tried to import the WSDL in my database: I was required to accept the cross certification and after that it was imported: a piece of cake!

Please not that I'was trying to import a WSDL to obtain Lotus Script Code (NOT JAVA)!

Well, I think that this is a little bug in the client architecture because this it happens only with certificate that are issued by a NOT TRUSTED authority (with a trusted authority it works as documented (with the cross-certification only)). I think that when the certificate is not trusted something goes wrong in the code and it looks for it in the cacerts too and, obviously, it cannot find the certificate... so it raises an error!

I hope that this can be useful!

Alessandro Bignami
Domino developer at ZEL S.r.L.

No comments: