Hi All, Seems we should not rely on system properties and expect the SSL communication to happen. As it seems when the default SSLContext is being initialized it reads the 'javax.net.ssl.keyStore' property and initializes the key manager. If no property found it will initialize an empty keystore. Once the default context is being initialized it seems to be using the same key manager, irrespective of the property changes. So as I understand, we need to initialize an SSLContext or change default key and trust managers. That should set the certificate and let the client communicate.
Thanks, Malithi. On Thu, Mar 31, 2016 at 5:39 PM, Malithi Edirisinghe <[email protected]> wrote: > Hi All, > > Mutual SSL worked when I start up the server by setting the key store and > key store password as system properties explicitly. > > sh wso2server.sh -Djavax.net.debug=ssl:handshake:verbose -debug 5005 > -Djavax.net.ssl.keyStore=/Users/malithi/RNDSetups/opensaml-upgraded/wso2is-5.2.0-SNAPSHOT/repository/resources/security/wso2carbon.jks > -Djavax.net.ssl.keyStorePassword=wso2carbon > > > Seems it's getting override. Any idea ? > > Thanks, > > Malithi > > On Thu, Mar 31, 2016 at 10:41 AM, Chandana Napagoda <[email protected]> > wrote: > >> Hi Chamila, >> >> I can only see guava and commons version changes in between >> carbon-registry 4.4.8 to 4.4.9. >> >> Regards, >> Chandana >> >> On Thu, Mar 31, 2016 at 9:11 AM, Chamila Wijayarathna <[email protected]> >> wrote: >> >>> Hi Malithi, >>> >>> I have observed the same issue by only updating carbon-registry from >>> 4.4.8 to 4.4.9. So I believe this happens due to dependency changes >>> occurring when doing that. >>> >>> Thank You! >>> >>> On Wed, Mar 30, 2016 at 11:36 PM, Malithi Edirisinghe <[email protected] >>> > wrote: >>> >>>> Hi All, >>>> >>>> We have upgraded opensaml version from 2.4.1 to 2.6.4 in >>>> carbon-identity 5.0.8. In order to build the product with this opensaml >>>> upgrade we had to update carbon deployment version from 4.5.3 to 4.6.1 to >>>> avoid wiring to opensaml older version. >>>> >>>> Along with this upgrade we had to upgrade below too. >>>> carbon-kernel 4.4.3 to 4.4.5 >>>> carbon-commons 4.4.8 to 4.5.2 >>>> carbon-registry 4.4.8 to 4.5.2 >>>> carbon-multitenancy 4.5.0 to 4.5.1 >>>> carbon-business-process 4.4.4 to 4.4.7 >>>> carbon-analytics-common 1.0.0 to 5.0.8 >>>> axiom 1.2.11.wso2v6 to 1.2.11.wso2v10 >>>> rampart 1.6.1.wso2v16 to 1.6.1.wso2v19 >>>> jaggerjs 0.12.2 to 0.12.3 >>>> >>>> However, after this upgrade adding workflows fail, since the client >>>> cannot authenticate to the BPELUploader service via mutual ssl. >>>> This occurs as the client module fails to communicate the client >>>> certificate. >>>> But when I tried the same service for mutual ssl via soap ui and via a >>>> third party client I wrote which uses the same stub packed, it worked. >>>> >>>> Highly appreciate any help. >>>> >>>> Thanks, >>>> Malithi >>>> >>>> -- >>>> >>>> *Malithi Edirisinghe* >>>> Senior Software Engineer >>>> WSO2 Inc. >>>> >>>> Mobile : +94 (0) 718176807 >>>> [email protected] >>>> >>> >>> >>> >>> -- >>> *Chamila Dilshan Wijayarathna,* >>> Software Engineer >>> Mobile:(+94)788193620 >>> WSO2 Inc., http://wso2.com/ >>> >> >> >> >> -- >> *Chandana Napagoda* >> Senior Software Engineer >> WSO2 Inc. - http://wso2.org >> >> *Email : [email protected] <[email protected]>**Mobile : +94718169299 >> <%2B94718169299>* >> >> *Blog : http://cnapagoda.blogspot.com <http://cnapagoda.blogspot.com>* >> >> > > > -- > > *Malithi Edirisinghe* > Senior Software Engineer > WSO2 Inc. > > Mobile : +94 (0) 718176807 > [email protected] > -- *Malithi Edirisinghe* Senior Software Engineer WSO2 Inc. Mobile : +94 (0) 718176807 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
