On the apache webserver I get
[Wed Jun 05 13:18:52 2013] [info] [client 10.134.67.37] SSL library error 1 in handshake (server avs.responseservice.com:443) [Wed Jun 05 13:18:52 2013] [info] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned The strange thing is that it works for my keystore that I created ________________________________ From: Eric Chua <[email protected]> To: "[email protected]" <[email protected]> Sent: Wednesday, June 5, 2013 8:10 AM Subject: CXF with Mutual Authentication in the Conduit I am configuring the conduit for mutual authentication. I have an apache httpd server that requires client certificate. I get this to work using my own generated CA.pem signing my certificate. When I use a GeoTrust certificate in a keystore for the client identification, it doesn't work. Has anyone had this issue before? The only think I can see as being different is that my self signed client certificate is 1024 while the Geotrust certificate is 2048. When I used the geotrust keystore in a browser, I am able to get the wsdl. When I try to send a request through cxf with the same keystore, it doesn't work. Any ideas? For the server , I use Apache httpd that requires a client certificate. I downloaded the CA.PEM from Geotrust and was able to get the wsdl from the server. I am using mod proxy to connect to the backend web service connection. Here is my error. [write] MD5 and SHA1 hashes: len = 16 0000: 14 00 00 0C 85 AF 82 A7 87 6B 84 30 7D B9 C8 AA .........k.0.... Padded plaintext before ENCRYPTION: len = 32 0000: 14 00 00 0C 85 AF 82 A7 87 6B 84 30 7D B9 C8 AA .........k.0.... 0010: 17 BC F0 30 26 D7 52 D8 13 E2 F1 F1 45 03 A3 92 ...0&.R.....E... main, WRITE: TLSv1 Handshake, length = 32 main, waiting for close_notify or alert: state 1 main, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed main, handling exception: java.net.SocketException: Software caused connection abort: recv failed main, called close() main, called closeInternal(true) main, called closeSocket() Client clientProxy = ClientProxy.getClient(modPort); HTTPConduit conduit = (HTTPConduit) clientProxy.getConduit(); TLSClientParameters tlscp = new TLSClientParameters(); //TLSClientParameters tlscp = conduit.getTlsClientParameters(); // Trust Store - One Way KeyStore tStore = KeyStore.getInstance("JKS"); // certStoreType File truststore = new File("./scripts/keys/ws-test.truststore.jks"); //certStore String trustpass = "password"; // certStorePass tStore.load( new FileInputStream(truststore),trustpass.toCharArray()); TrustManagerFactory trustFactory =TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustFactory.init(tStore); TrustManager[] tm = trustFactory.getTrustManagers(); tlscp.setTrustManagers(tm); // 2-Way SSL tlscp.setDisableCNCheck(false); // tlsDisalbeCNCheck String keyStorePassword = "password"; // tlsKeyStore KeyStore keyStore = KeyStore.getInstance("PKCS12"); // tlsKeyStoreType String keyStoreLoc = "./scripts/keys/ws-test-private-key.p12"; keyStore.load(new FileInputStream(keyStoreLoc), keyStorePassword.toCharArray()); String keyPEMPassPhrase = "password"; KeyManagerFactory keyFactory =KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyFactory.init(keyStore, keyPEMPassPhrase.toCharArray()); KeyManager[] km = keyFactory.getKeyManagers(); tlscp.setKeyManagers(km); Any ideas?
