cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "KARR, DAVID" <dk0...@att.com>
Subject 2-way auth with SSL, ClientBuilder, gets "unable to find valid certification path to requested target", but curl call works
Date Fri, 07 Apr 2017 21:44:39 GMT
I'm trying to use CXF ClientBuilder to make a call to a REST service on an SSL connection using
2-way auth.

I was having some trouble populating the keystore of the ClientBuilder because my key file
was in the PKCS#1 format.  After I converted the file to PKCS#8 format, I was able to build
the client, but now I'm getting a "unable to find valid certification path to requested target"
error when I try to make a connection.  I didn't have any particular problem populating the
truststore of the ClientBuilder, but that error message may indicate there's something wrong
with it.

I'm able to make a "curl" call to the same URL using the given key and cert files, and that
gets through the SSL handshake fine.

The details for my issue are at http://stackoverflow.com/questions/43268952/cxf-rest-client-call-with-2-way-auth-failing-with-unable-to-find-valid-certific
.

Note that the last "Update" in the posting talks about how I turned on "-Djavax.net.debug=all",
and it shows some suspicious debug output associated with that.  It seems like it thinks the
truststore "is" the cacerts file in my JDK, even though I created the truststore in memory
from a single certificate, like this:
-------------------
			KeyStore	trustStore	= KeyStore.getInstance("jks");
			trustStore.load(null, "changeit".toCharArray());
			Certificate	cert	= buildCertFromFile("<path to cert file>");
			trustStore.setCertificateEntry("cert", cert);

                ...

			ClientBuilder	builder	= ClientBuilder.newBuilder();
			builder.trustStore(trustStore);
                ...
                client	= builder.build();
-------------------

Any idea what might be going wrong here?

Mime
View raw message