Tuesday, April 15, 2008

Secure Web Services Interoperability using X.509 Certificate Token Profile (AXIS 1.4, WSS4J 1.5.3, dotnet 2.0, WSE 3.0 )

Dear reader,

I would like to share with you that I was able to sucessfully implement the interoperability (Java - Microsoft world) using the X.509 Certificate Token Profile.

The goal was to develop a secured web service in java with the corresponding secured java and Microsoft clients.


  • write java secured web service (server side) using apache axis 1.4 and wss4j 1.5.3 based on x509 v3 certificates and the java key store format (jks).

  • the java keystore is implemented using the java keytool

  • the java secured client and the related dotnet client (using .net 2.0 and wse 3.0) are working fine with the java secured web service based on the X.509 Certificate Token Profile.

  • I succesfully set up a CA (certification authority), set up properly the jks and finally from the jks I sucessfully prepared the necessary pfx (PKCS #12, using OpenSSL) certificate for the secured dotnet client to interoperate with the java secured web service.

  • The set up is working fine!

This task couldn't be done without the work from people of Axis 1.4 and wss4j that I would like to thank.Also of the blog written by Erlend and his answers.
Anne Thomas Manes for answering some of my questions in the newsgroups of Axis about the interoperability in the wsdl files and Werner Dittman for the provided answers in the wss4j newsgroup!

Big Thanks and HAPPY AXIS :-)!

Conclusion: It is possible to set up a java secured web service using the keystore (jks). It is possible to develop a microsoft client using the framework dotnet 2.0 and the web service enhancements 3.0 (WSE 3.0). It is possible to extract the clients certificates from the java keystore using OpenSSL into the format pfx (PKCS #12) in order that the microsoft client communicate with the secured java service using the x509 certificate version 3. Hope this helps.

PS: This book about Apache Axis 1.4 help me also to understand web services.
Please note that I have any interest/relationship/benefit with the author of the book.


my key files

windows keystore

client pfx certificate

client pfx certificate (please note the private key)

Secured Java Client

Secured dotnet client

TCP monitor (request from java secured client to java secure server)

Soap monitor (dotnet secured request to the java secured web service)