Return-Path: Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: (qmail 95039 invoked from network); 25 Aug 2009 16:56:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 25 Aug 2009 16:56:05 -0000 Received: (qmail 38813 invoked by uid 500); 25 Aug 2009 16:56:30 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 38796 invoked by uid 500); 25 Aug 2009 16:56:30 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 38786 invoked by uid 99); 25 Aug 2009 16:56:30 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Aug 2009 16:56:30 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Aug 2009 16:56:20 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 5FFD1234C1EF for ; Tue, 25 Aug 2009 09:55:59 -0700 (PDT) Message-ID: <1977825153.1251219359392.JavaMail.jira@brutus> Date: Tue, 25 Aug 2009 09:55:59 -0700 (PDT) From: "Eamonn Dwyer (JIRA)" To: issues@cxf.apache.org Subject: [jira] Commented: (CXF-2403) Use of client certificates via http conduit configuration broken In-Reply-To: <1655071651.1251207599327.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/CXF-2403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12747483#action_12747483 ] Eamonn Dwyer commented on CXF-2403: ----------------------------------- also could you just check that you have the keystore file in the same directory as your application? Maybe also try setting the full path name for the keystore like.. file="C:\Projects\mycersts\keystore" > Use of client certificates via http conduit configuration broken > ---------------------------------------------------------------- > > Key: CXF-2403 > URL: https://issues.apache.org/jira/browse/CXF-2403 > Project: CXF > Issue Type: Bug > Components: Configuration > Reporter: Wolfgang Nagele > > To use standard SSL client certificates for authentication the following configuration should work: > > > > > > > > > > > In this configuration we would have the public certificate of the server we want to connect to in the truststore and the private key and certificate in the keystore. > With the current CXF implementation this results in the following exception: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) [na:1.6.0_13] > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) [na:1.6.0_13] > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) [na:1.6.0_13] > ... 39 common frames omitted > Once we additionally define the following properties it works: > * javax.net.ssl.keyStore=keystore > * javax.net.ssl.keyStorePassword=password > * javax.net.ssl.trustStore=truststore > * javax.net.ssl.trustStorePassword=password > This however results in very ugly setups where we have to define the same data twice. Also we miss out on CXF's option of defining specific keystores and truststores per webservice. > For further information also see: http://www.quendor.org/archiv/428 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.