Comments on: Free Download: Consolidated Browser http://monduke.com/2006/02/15/free-download-consolidated-browser/ Covering J2EE Security and WebLogic Topics Tue, 13 Apr 2010 01:53:49 -0600 http://wordpress.org/?v=2.9.2 hourly 1 By: Mike Fleming http://monduke.com/2006/02/15/free-download-consolidated-browser/comment-page-1/#comment-625 Mike Fleming Sat, 12 Aug 2006 12:59:10 +0000 http://monduke.com/?p=23#comment-625 Kevin, You can do this, but to my knowledge you need to write your own CRL checking code, particularly in 8.1. In 8.1, you can place your CRL code in a custom identity asserter. In 9.x, you can put the code in a CertPath Validator. As for ALSB, I know what it stands for but I don't know anything about it. Sounds like you want to pass a client's cert as part of the payload? That's a different problem altogether. The last time I checked (probably 8.1.2 timeframe), WebLogic webservices could not access the client's certificate like you can do in a servlet/JSP. You can do it in Axis, however. HTH, Mike Kevin,

You can do this, but to my knowledge you need to write your own CRL checking code, particularly in 8.1.

In 8.1, you can place your CRL code in a custom identity asserter.

In 9.x, you can put the code in a CertPath Validator.

As for ALSB, I know what it stands for but I don’t know anything about it. Sounds like you want to pass a client’s cert as part of the payload? That’s a different problem altogether. The last time I checked (probably 8.1.2 timeframe), WebLogic webservices could not access the client’s certificate like you can do in a servlet/JSP. You can do it in Axis, however.

HTH,

Mike

]]> By: Kevin http://monduke.com/2006/02/15/free-download-consolidated-browser/comment-page-1/#comment-620 Kevin Fri, 11 Aug 2006 17:26:34 +0000 http://monduke.com/?p=23#comment-620 Have you been able to get CRL checking to work? I am using mutually authenticated SSL from web service clients to BEA Weblogic on web service calls, but I would like to grab the certificate of the other server used in SSL negotiation in order to check it against a CRL in a proxy service or in the pipeline of ALSB. Let me know if you have any suggestions. Thanks! Have you been able to get CRL checking to work? I am using mutually authenticated SSL from web service clients to BEA Weblogic on web service calls, but I would like to grab the certificate of the other server used in SSL negotiation in order to check it against a CRL in a proxy service or in the pipeline of ALSB. Let me know if you have any suggestions. Thanks!

]]>