cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: ssl truststore ignore
Date Wed, 03 Dec 2008 22:09:38 GMT

You mention CXF 2.1.   Can you try 2.1.3?   With 2.1.1, we updated the https 
stuff to use the in JDK https stuff if you don't specifically configure it 
via our spring config.   Thus, the default properties might work.

Dan


On Sunday 30 November 2008 2:30:06 pm Gal Rob wrote:
> Hello,
>
> I'm quite new to WS especially WS over SSL. I'm stuck with setting up SSL 
> for CXF client. I run over recomended tutorials and couple of posts.
>
> I'm using CXF 2.1 deployed on WebSphere 6.1 as spring service and setup
> http conduit as in CXF example and mentioned blog. JAVA version 1.5.0_16
>
> imported WebSphere certificate into vanila trustore
>
> problem I'm facing is that it seems that set up truststore is ingored by
> CXF(SSL?) javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: No trusted certificate found
>
> when I do import WebSphere certificate into cacerts of JRE everythink works
> fine as expected. To be honest i'm not sure what to insert into keystore as
> certificate is contained in truststore.
>
> To explore thinks further I' have created my own key pair using keytool
> selfsigned the certificate, setup websphere with fresh certificate. and
> imported certificate also into truststore. At the end I had keystore with
> my key pair and also truststore with certificate. At this point I'm quite
> unsure if I really need to maintain also keystore and trustore is not
> enaugh because client do not need any kind of authentication.
>
> Situation was the same. CXF ignored truststore, keystore configuration but
> using cacert was fine again.
>
> Any pointer where I miss the point?
> I' know this issue was solved a couple of times, but I'm quite stuck also
> by provided working examples so sorry for opening issue up again :-/
>
> thanks for any help
> Robert
> _________________________________________________________________
> Jednoduchá kontrola zabezpečenia počítača.
> http://onecare.live.com/site/sk-sk/



-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog

Mime
View raw message