[jira] [Commented] (CXF-8060) Automatic ssl configuration using javax.net.ssl.. broken

Thu, 20 Jun 2019 04:11:48 -0700 


    [ 
https://issues.apache.org/jira/browse/CXF-8060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868452#comment-16868452
 ] 

Colm O hEigeartaigh commented on CXF-8060:
------------------------------------------

You need to add: -Djavax.net.ssl.keyStoreType=JKS

I'm going to fix this for the next 3.3.x release so that it uses JKS as the 
default keystore type. This should work with both JKS + PKCS12 by default, ref: 
https://bugs.openjdk.java.net/browse/JDK-8062552

> Automatic ssl configuration using javax.net.ssl.. broken
> --------------------------------------------------------
>
>                 Key: CXF-8060
>                 URL: https://issues.apache.org/jira/browse/CXF-8060
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.2.5
>            Reporter: Vjacheslav Borisov
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>
> Automatic ssl configuration using javax.net.ssl.. broken (since cxf 3.2.5)
> This is workaround to configure http-conf from system  properies
>     <http-conf:conduit name="*.http-conduit">
>         <http-conf:tlsClientParameters>
>             <sec:keyManagers keyPassword="${javax.net.ssl.keyStorePassword}">
>                 <sec:keyStore
>                     type="${javax.net.ssl.keyStoreType:JKS}"
>                     password="${javax.net.ssl.keyStorePassword}"
>                     file="${javax.net.ssl.keyStore}"/>
>             </sec:keyManagers>
>             <sec:trustManagers>
>                 <sec:keyStore type="${javax.net.ssl.trustStoreType:JKS}" 
> file="${javax.net.ssl.trustStore}" /> <!-- 
> password="${javax.net.ssl.trustStorePassword:#\{null}}" -->
>             </sec:trustManagers>
>         </http-conf:tlsClientParameters>
>     </http-conf:conduit>
>  
> Run JVM with
> -Djavax.net.ssl.trustStore=/path/to/trusted.cacerts 
> -Djavax.net.ssl.keyStore=/path/to/trusted.clientcerts 
> -Djavax.net.ssl.keyStorePassword=clientcertpass
>  
> and try jax-rs client proxy to ssl secured endpoint



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to