servicemix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas TERMIN <...@blue-elephant-systems.com>
Subject Re: WebServices and SSL
Date Wed, 07 Mar 2007 12:21:14 GMT
I forgot to say that you have to import your server sice certificate
into your clients truststore.

Thomas TERMIN wrote:
> Which servicemix version do you use?
> 
> You should enable the java property for ssl so that you can see which
> truststore and keystore is used.
> 
> jlbarrera wrote:
>> Well i put the keystore and the truststore in the conf directory, and in the
>> xbean.xml:
>>
>> <http:ssl>
>>                     <http:sslParameters keyStore="file:conf/jlbarrera"
>>                                         keyStorePassword="leidas"
>>                                         trustStore="file:conf/arrobafirma"
>>                                         trustStorePassword="leidas"/>
>>                     </http:ssl>
>>
>> But i received the next error: What happened? 
>>
>> INFO  - ServiceUnitLifeCycle           - Starting service unit: SU
>> WARN  - HttpComponent                  - Could not load description from
>> resource
>> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at
>> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target:
>> javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target
>>         at
>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>>         at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
>>         at
>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
>>         at
>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
>>         at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
>>         at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
>>         at
>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>>         at
>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
>>         at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
>>         at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
>>         at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
>>         at
>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
>>         at
>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
      
>> at
>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
>>         at java.net.URLConnection.getContent(URLConnection.java:682)
>>         at
>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406)
>>         at java.net.URL.getContent(URL.java:1021)
>>         at com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown
>> Source)
>>         at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>         at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>         at
>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229)
>>         at
>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339)
>>         at
>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55)
>>         at
>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151)
>>         at
>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103)
>>         at
>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130)
>>         at
>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374)
>>         at
>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296)
>>         at
>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588)
>>         at
>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60)
>>         at
>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555)
>>         at java.util.TimerThread.mainLoop(Timer.java:512)
>>         at java.util.TimerThread.run(Timer.java:462)
>> Caused by: sun.security.validator.ValidatorException: PKIX path building
>> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
>> to find valid certification path to requested target
>>         at
>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
>>         at
>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
>>         at sun.security.validator.Validator.validate(Validator.java:203)
>>         at
>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
>>         at
>> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
>>         at
>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
>>         ... 28 more
>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>> unable to find valid certification path to requested target
>>         at
>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
>>         at
>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
>>         at
>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
>>         ... 33 more
>>
>>         at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>         at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>         at
>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229)
>>         at
>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339)
>>         at
>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55)
>>         at
>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151)
>>         at
>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103)
>>         at
>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130)
>>         at
>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374)
>>         at
>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296)
>>         at
>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588)
>>         at
>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60)
>>         at
>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555)
>>         at java.util.TimerThread.mainLoop(Timer.java:512)
>>         at java.util.TimerThread.run(Timer.java:462)
>> INFO  - jetty                          - jetty-6.0.1
>> INFO  - jetty                          - Started SelectChannelConnector @
>> 0.0.0.0:8989
>> INFO  - AutoDeploymentService          - Directory: deploy: Finished
>> installation of archive:  SA.zip
>>
>>
>>
>>
>>
>> tterm wrote:
>>> jlbarrera wrote:
>>>> I try to create a BC with the role "provider" that connect with a Web
>>>> Services by SSL and auth basic. But in the documentation said that the
>>>> basic
>>>> auth only has enabled for role "consumer" .. it's right?
>>> I never tested basic auth. I used just ssl for authentication with
>>> certificates.
>>>
>>>> But the keystore and truststore not found, i think that the path can be
>>>> mistaken.
>>> The truststore and keystore will be found. You might try to put both
>>> into the conf directory of servicemix and specify in the config file
>>> file:con/your.truststore.jks or something. That works.
>>>
>>> This is also a big help sometimes:
>>> -Djavax.net.debug=ssl
>>>
>>> Cheers,
>>> Thomas
>>>
>>>> regards
>>>>
>>>>
>>>>
>>>> tterm wrote:
>>>>> set it with "file:" (keystore , truststore)
>>>>>
>>>>> You should provide more information on what you are want to do.
>>>>>
>>>>> jlbarrera wrote:
>>>>>> Hello
>>>>>>
>>>>>> I'm using servicemix-http with SSL. 
>>>>>>
>>>>>> I have generated the keyStore:
>>>>>>     keytool -genkey -keypass password -keystore keystoredemo -storepass
>>>>>> password
>>>>>> And i generated the trustStore:
>>>>>>     keytool -import -trustcacerts -keystore keystoretrust -file
>>>>>> somename.cer
>>>>>> -v
>>>>>>
>>>>>> In the xbean.xml configuration file:
>>>>>>
>>>>>> <http:ssl>
>>>>>>                     <http:sslParameters
>>>>>> keyStore="/home/jlbarrera/keystoredemo"
>>>>>>                                         keyStorePassword="password"
>>>>>>                                        
>>>>>> trustStore="/home/jlbarrera/keystoretrust"
>>>>>>                                         trustStorePassword="password"/>
>>>>>>                     </http:ssl>
>>>>>>  
>>>>>> But i get the next error:
>>>>>>
>>>>>>    "No trusted certificate found"
>>>>>>
>>>>>> Somebody know the problem? The route of files it's mistaken? I try
with
>>>>>> file:///route... too. I'm using Linux filesystem..
>>>>>>
>>>>>> Thanks!
>>>>>
>>> -- 
>>> Thomas Termin
>>> _______________________________
>>> blue elephant systems GmbH
>>> Wollgrasweg 49
>>> D-70599 Stuttgart
>>>
>>> Tel    :  (+49) 0711 - 45 10 17 676
>>> Fax    :  (+49) 0711 - 45 10 17 573
>>> WWW    :  http://www.blue-elephant-systems.com
>>> Email  :  Thomas.Termin@blue-elephant-systems.com
>>>
>>> blue elephant systems GmbH
>>> Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
>>> Registergericht : Amtsgericht Stuttgart, HRB 24106
>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
>>>
>>> Thanks! 
>>>
> 
> 


-- 
Thomas Termin
_______________________________
blue elephant systems GmbH
Wollgrasweg 49
D-70599 Stuttgart

Tel    :  (+49) 0711 - 45 10 17 676
Fax    :  (+49) 0711 - 45 10 17 573
WWW    :  http://www.blue-elephant-systems.com
Email  :  Thomas.Termin@blue-elephant-systems.com

blue elephant systems GmbH
Firmensitz      : Wollgrasweg 49, D-70599 Stuttgart
Registergericht : Amtsgericht Stuttgart, HRB 24106
Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle


Mime
View raw message