cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Software caused connection abort: recv failed (https and cxf)
Date Fri, 28 Mar 2008 17:30:47 GMT

With 2.0.4, the java_home/lib/security/cacerts file isn't actually used 
at all.  2.0.4 doesn't trust anything you don't specifically specify in 
configuration.   This has been greatly relaxed in 2.0.5 so that if you 
don't specify anything in config, it will pick up the certs in cacarts.  
In general https support is a lot easier to use in 2.0.5.

My suggestion would be to give 2.0.5 a try and see if that helps.  We're 
currently voting on it.   With any luck, it will be released on Monday.  
The candidates that we are voting on are at:
http://people.apache.org/~dkulp/stage_cxf/2.0.5-incubator/

Dan



On Friday 28 March 2008, whitewolff@tiscali.it wrote:
> Hi guys,
> I have set up a server which listens for https connections.
> When my only client sends any message, I get this exception (client-
> side):
> java.net.SocketException: Software caused connection abort: recv
> failed
>
> Please does anyone know about this error?
> Here is how I generated my certs:
> [SERVER]
> keytool -genkey -dname "CN=localhost, OU=NOT FOR PRODUCTION, O=Apache,
> ST=NY, C=US" -keystore server.jks -storetype jks -storepass server -
> keypass server -alias hosting_servant -keyalg RSA
>
> keytool -selfcert -alias hosting_servant -keystore server.jks -keypass
> server -storepass server
>
> keytool -export -alias hosting_servant -file server.cer -keystore
> server.jks -storepass server
>
> keytool -import -v -trustcacerts -alias hosting_servant -file server.
> cer -keystore cacerts.jks -keypass cacert -storepass cacert
> [CLIENT]
> keytool -genkey -alias dashboard_servant -keyalg RSA -keypass client -
> storepass client -keystore client.jks -dname "CN=dashboard_servant,
> OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US"
>
> keytool -selfcert -alias dashboard_servant -keystore client.jks -
> keypass client -storepass client
>
> keytool -export -alias dashboard_servant -storepass client -file
> client.cer -keystore client.jks
>
> keytool -import -v -trustcacerts -alias dashboard_servant -file
> client. cer -keystore cacerts.jks -keypass cacert -storepass cacert
>
> Then i add my two certs into java_home/lib/security/cacerts
>
> Any suggestions?
> Thanks
>
>
>
> ______________________________________________
>
> Voce Senza Limiti: chiama in tutta Italia a 0 cent. SOLO 9,90 EURO AL
> MESE fino al 27/03/08!
> http://abbonati.tiscali.it/promo/vocesenzalimiti_2603/



-- 
J. Daniel Kulp
Principal Engineer, IONA
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message