Re: WebServices and SSL
first to all, thank you for your help, it's beging very useful for me. Ok this is my provider configuration at this moment, because i changed it many times: https://172.19.1.75/axis/services/VerificarFirmas"; defaultMep="http://www.w3.org/2004/08/wsdl/in-out"; wsdlResource="https://172.19.1.75/axis/services/VerificarFirmas?wsdl";> keystore_jl is generated by: keytool -import -alias jlbarreracert -keypass pass -file vmw2000.cer -storepass pass -trustcacerts The certificate (vmw200.cer) is self signed, i export it by internet explorer to a file. Thnaks! tterm wrote: > > jlbarrera wrote: >> ok, i think that the error can be because the keystore isn't found!, >> because >> i write a badly route and i received the same error. >> >> I have seen in the documentation: >> keyStore="classpath:org/apache/servicemix/http/server.keystore" >> But...Where i should place my keystore file? > as i said before put it under $SERVICMIX_HOME/conf/ as an example > > > >> >> thanks! >> >> >> >> jlbarrera wrote: >>> I try to expose a external webservices (SSL+auth basic) in ServiceMix. >>> >>> External WebServices <->ServiceMix <> Client >>> >>> for this, i'm using servicemix-http (xbean). Documentation >>> http://incubator.apache.org/servicemix/servicemix-http.html here >>> I already get expose a Webservices in ServiceMix, but now i'm trying do >>> it >>> with SSL, and then with Auth Basic. >>> >>> External WS (SSL)<> >>> provider(SM)<--->NMR<>consumer(SM)<>Client >>> >>> And i get the same error with all configurations: >>> >>> unable to find valid certification path to requested target... >>> >>> I have exported the certificate (vmw200.cer) and the next steps for >>> create >>> the keystore and truststore are confused for my. >>> >>> I try to do this: keytool -import -keypass leidas -file vmw2000.cer >>> -storepass pass -trustcacerts >>> >>> But i get the same error >>> >>> Thanks! >>> >>> >>> tterm wrote: I'M still don't know what exactly you are doing. Is the webservice on a remote host and servicemix local or whatever. I don't know. You should generate your key as you already did, export the certificate and import it in the truststore. This is the way for a self signed certificate. In your client application you also have to import your certificate so that the client trusts your server (web service whatever else). If your client is a commandline java application you have to set the keystore and truststore otherwise the truststore from the jdk will be used. Is the webservice deployed in servicemix? jlbarrera wrote: > I'm using ServiceMix 3.1, > What could be the problem? The keystore and truststore generated? > I have make this: > > keytool -genkey -keypass password -keystore keystoredemo -storepass > password > keytool -import -trustcacerts -keystore keystoretrust -file > somename.cer > -v > > And i following the next guide for solved this problem: > http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get > the > same error. > > Thanks! > > > tterm wrote: >> Which servicemix version do you use? >> >> You should enable the java property for ssl so that you can see which >> truststore and keystore is used. >> >> jlbarrera wrote: >>> Well i put the keystore and the truststore in the conf directory, >>> and >>> in >>> the >>> xbean.xml: >>> >>> >>> >> keyStore="file:conf/jlbarrera" >>> keyStorePassword="leidas" >>> >>> trustStore="file:conf/arrobafirma" >>> >>> trustStorePassword="leidas"/> >>> >>> >>> But i received the next error: What happened? >>> >>> INFO - ServiceUnitLifeCycle - Starting service unit: SU >>> WARN - HttpComponent - Could not load description >>> from >>> resource >>> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported >>> document >>> at >>> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >>> sun.security.validator.ValidatorException: PKIX path building >>> failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable >>> to >>> find >>> valid certification path to requested target: >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building >>> failed: >>> sun.security.provider.certpath.SunCertPathBuilderExcep
Re: WebServices and SSL
jlbarrera wrote: > ok, i think that the error can be because the keystore isn't found!, because > i write a badly route and i received the same error. > > I have seen in the documentation: keyStore="classpath:keystore" > But...Where i should place my keystore file? > > i try to put keystore in conf folder, and i publish the keystore throw http > in a web server but always i get the same error. > keyStore="http://server/keystore"; <-- fail Didn't seen this before. Post the complete configuration of your provider endpoint. > > > thanks! > > > > jlbarrera wrote: >> I try to expose a external webservices (SSL+auth basic) in ServiceMix. >> >> External WebServices <->ServiceMix <> Client >> >> for this, i'm using servicemix-http (xbean). Documentation >> http://incubator.apache.org/servicemix/servicemix-http.html here >> I already get expose a Webservices in ServiceMix, but now i'm trying do it >> with SSL, and then with Auth Basic. >> >> External WS (SSL)<> provider(SM)<--->NMR<>consumer(SM)<>Client >> >> And i get the same error with all configurations: >> >> unable to find valid certification path to requested target... >> >> I have exported the certificate (vmw200.cer) and the next steps for create >> the keystore and truststore are confused for my. >> >> I try to do this: keytool -import -keypass leidas -file vmw2000.cer >> -storepass pass -trustcacerts >> >> But i get the same error >> >> Thanks! >> >> >> tterm wrote: >>> I'M still don't know what exactly you are doing. Is the webservice on a >>> remote host and servicemix local or whatever. I don't know. >>> >>> You should generate your key as you already did, export the certificate >>> and import it in the truststore. This is the way for a self signed >>> certificate. In your client application you also have to import your >>> certificate so that the client trusts your server (web service whatever >>> else). If your client is a commandline java application you have to set >>> the keystore and truststore otherwise the truststore from the jdk will >>> be used. Is the webservice deployed in servicemix? >>> >>> >>> jlbarrera wrote: I'm using ServiceMix 3.1, What could be the problem? The keystore and truststore generated? I have make this: keytool -genkey -keypass password -keystore keystoredemo -storepass password keytool -import -trustcacerts -keystore keystoretrust -file somename.cer -v And i following the next guide for solved this problem: http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the same error. Thanks! tterm wrote: > Which servicemix version do you use? > > You should enable the java property for ssl so that you can see which > truststore and keystore is used. > > jlbarrera wrote: >> Well i put the keystore and the truststore in the conf directory, and >> in >> the >> xbean.xml: >> >> >> > keyStorePassword="leidas" >> >> trustStore="file:conf/arrobafirma" >> trustStorePassword="leidas"/> >> >> >> But i received the next error: What happened? >> >> INFO - ServiceUnitLifeCycle - Starting service unit: SU >> WARN - HttpComponent - Could not load description >> from >> resource >> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported >> document >> at >> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find >> valid certification path to requested target: >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find >> valid certification path to requested target >> at >> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >> at
Re: WebServices and SSL
jlbarrera wrote: > ok, i think that the error can be because the keystore isn't found!, because > i write a badly route and i received the same error. > > I have seen in the documentation: > keyStore="classpath:org/apache/servicemix/http/server.keystore" > But...Where i should place my keystore file? as i said before put it under $SERVICMIX_HOME/conf/ as an example > > thanks! > > > > jlbarrera wrote: >> I try to expose a external webservices (SSL+auth basic) in ServiceMix. >> >> External WebServices <->ServiceMix <> Client >> >> for this, i'm using servicemix-http (xbean). Documentation >> http://incubator.apache.org/servicemix/servicemix-http.html here >> I already get expose a Webservices in ServiceMix, but now i'm trying do it >> with SSL, and then with Auth Basic. >> >> External WS (SSL)<> provider(SM)<--->NMR<>consumer(SM)<>Client >> >> And i get the same error with all configurations: >> >> unable to find valid certification path to requested target... >> >> I have exported the certificate (vmw200.cer) and the next steps for create >> the keystore and truststore are confused for my. >> >> I try to do this: keytool -import -keypass leidas -file vmw2000.cer >> -storepass pass -trustcacerts >> >> But i get the same error >> >> Thanks! >> >> >> tterm wrote: >>> I'M still don't know what exactly you are doing. Is the webservice on a >>> remote host and servicemix local or whatever. I don't know. >>> >>> You should generate your key as you already did, export the certificate >>> and import it in the truststore. This is the way for a self signed >>> certificate. In your client application you also have to import your >>> certificate so that the client trusts your server (web service whatever >>> else). If your client is a commandline java application you have to set >>> the keystore and truststore otherwise the truststore from the jdk will >>> be used. Is the webservice deployed in servicemix? >>> >>> >>> jlbarrera wrote: I'm using ServiceMix 3.1, What could be the problem? The keystore and truststore generated? I have make this: keytool -genkey -keypass password -keystore keystoredemo -storepass password keytool -import -trustcacerts -keystore keystoretrust -file somename.cer -v And i following the next guide for solved this problem: http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the same error. Thanks! tterm wrote: > Which servicemix version do you use? > > You should enable the java property for ssl so that you can see which > truststore and keystore is used. > > jlbarrera wrote: >> Well i put the keystore and the truststore in the conf directory, and >> in >> the >> xbean.xml: >> >> >> > keyStorePassword="leidas" >> >> trustStore="file:conf/arrobafirma" >> trustStorePassword="leidas"/> >> >> >> But i received the next error: What happened? >> >> INFO - ServiceUnitLifeCycle - Starting service unit: SU >> WARN - HttpComponent - Could not load description >> from >> resource >> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported >> document >> at >> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find >> valid certification path to requested target: >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find >> valid certification path to requested target >> at >> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performIn
Re: WebServices and SSL
Maven newbie could really use failproof instructions for getting to know servicemix without the friction of broken repos, stale maven/ant scripts, out of date tutorials and so forth. I did find Maven configuration instructions: ServiceMix release is not available on public maven repositories, so you need to either: * build ServiceMix from sources * modify your maven configuration to include an additional repository. So I changed ~/.m2/settings.xml accordingly, then (in the servicemix-3.1/src directory): mvn compile [INFO] Scanning for projects... [INFO] Reactor build order: [INFO] ServiceMix [INFO] Servicemix :: Build [INFO] ServiceMix :: Core [INFO] ServiceMix :: JBI [INFO] ServiceMix :: Services [INFO] ServiceMix :: Core [INFO] ServiceMix :: Audit [INFO] ServiceMix :: Common [INFO] ServiceMix :: Common [INFO] ServiceMix :: Components [INFO] ServiceMix :: SOAP [INFO] ServiceMix :: BeanFlow [INFO] ServiceMix :: Tooling [INFO] ServiceMix :: Maven2 JBI Plugin [INFO] ServiceMix :: Maven2 XFire Plugin [INFO] ServiceMix :: Archetypes :: BindingComponent [INFO] ServiceMix :: Archetypes :: ServiceEngine [INFO] ServiceMix :: Archetypes :: ServiceUnit [INFO] ServiceMix :: Archetypes :: ServiceAssembly [INFO] ServiceMix :: Archetypes :: SharedLibrary [INFO] ServiceMix :: Archetypes :: HttpConsumerServiceUnit [INFO] ServiceMix :: Archetypes :: HttpProviderServiceUnit [INFO] ServiceMix :: Archetypes :: JmsConsumerServiceUnit [INFO] ServiceMix :: Archetypes :: JmsProviderServiceUnit [INFO] ServiceMix :: Archetypes :: Jsr181WsdlFirstServiceUnit [INFO] ServiceMix :: Archetypes :: LWContainerServiceUnit [INFO] ServiceMix :: Archetypes :: EIPServiceUnit [INFO] ServiceMix :: Archetypes :: EmbeddedSimple [INFO] ServiceMix :: Archetypes :: ServiceMixODEServiceUnit [INFO] ServiceMix :: Archetypes :: Jsr181AnnotatedServiceUnit [INFO] ServiceMix :: Archetypes :: SaxonXQueryServiceUnit [INFO] ServiceMix :: Archetypes :: SaxonXsltServiceUnit [INFO] ServiceMix :: Archetypes [INFO] ServiceMix :: Archetypes :: ITests [INFO] ServiceMix :: Deployables [INFO] ServiceMix :: Shared Libraries [INFO] ServiceMix :: Shared [INFO] ServiceMix :: Binding Components [INFO] ServiceMix :: File [INFO] ServiceMix :: FTP [INFO] ServiceMix :: HTTP [INFO] ServiceMix :: JMS [INFO] ServiceMix :: XMPP [INFO] ServiceMix :: Service Engines [INFO] ServiceMix :: Bean [INFO] ServiceMix :: BPE [INFO] ServiceMix :: Drools Service Engine [INFO] ServiceMix :: EIP [INFO] ServiceMix :: JSR-181 Service Engine [INFO] ServiceMix :: Lightweight container Service Engine [INFO] ServiceMix :: Quartz [INFO] ServiceMix :: Saxon Service Engine [INFO] ServiceMix :: SCA Service Engine [INFO] ServiceMix :: Scripting Service Engine [INFO] ServiceMix :: WS-Notification Service Engine [INFO] ServiceMix :: ITests [INFO] ServiceMix :: Samples [INFO] ServiceMix :: Samples :: WSDL first [INFO] ServiceMix :: Samples :: WSDL first :: JSR181 [INFO] ServiceMix :: Samples :: WSDL first :: HTTP [INFO] ServiceMix :: Samples :: WSDL first :: SA [INFO] ServiceMix :: Samples :: Loan Broker [INFO] ServiceMix :: Samples :: Loan Broker :: LwContainer [INFO] ServiceMix :: Samples :: Loan Broker :: BPE [INFO] ServiceMix :: Samples :: Loan Broker :: JMS [INFO] ServiceMix :: Samples :: Loan Broker :: SA [INFO] ServiceMix :: Samples :: Bridge [INFO] ServiceMix :: Samples :: Bridge :: HTTP [INFO] ServiceMix :: Samples :: Bridge :: EIP [INFO] ServiceMix :: Samples :: Bridge :: XSLT [INFO] ServiceMix :: Samples :: Bridge :: JMS [INFO] ServiceMix :: Samples :: Bridge :: SA [INFO] ServiceMix :: Samples :: Web [INFO] ServiceMix :: Samples :: Basic [INFO] ServiceMix :: Console [INFO] ServiceMix :: Web Console [INFO] ServiceMix :: Web Apps [INFO] ServiceMix :: Platforms [INFO] Servicemix :: Geronimo [INFO] ServiceMix :: Geronimo :: ServiceMix service [INFO] ServiceMix :: Geronimo :: Deployer service [INFO] ServiceMix :: Geronimo :: Dependencies [INFO] ServiceMix :: Geronimo :: ServiceMix plugin [INFO] ServiceMix :: Geronimo :: Deployer plugin [INFO] ServiceMix :: Assemblies [INFO] Servicemix :: Distribution [INFO] ServiceMix :: WebApp distribution [INFO] [INFO] Building ServiceMix [INFO]task-segment: [compile] [INFO] [INFO] No goals needed for project - skipping [INFO] [INFO] Building Servicemix :: Build [INFO]task-segment: [compile] [INFO] [INFO] [plugin:descriptor] [INFO] Using 2 extractors. [INFO] Applying extractor for language: java [INFO] Extractor for language: java found 1 mojo descriptors. [INFO]
Re: WebServices and SSL
ok, i think that the error can be because the keystore isn't found!, because i write a badly route and i received the same error. I have seen in the documentation: keyStore="classpath:org/apache/servicemix/http/server.keystore" But...Where i should place my keystore file? thanks! jlbarrera wrote: > > I try to expose a external webservices (SSL+auth basic) in ServiceMix. > > External WebServices <->ServiceMix <> Client > > for this, i'm using servicemix-http (xbean). Documentation > http://incubator.apache.org/servicemix/servicemix-http.html here > I already get expose a Webservices in ServiceMix, but now i'm trying do it > with SSL, and then with Auth Basic. > > External WS (SSL)<> provider(SM)<--->NMR<>consumer(SM)<>Client > > And i get the same error with all configurations: > > unable to find valid certification path to requested target... > > I have exported the certificate (vmw200.cer) and the next steps for create > the keystore and truststore are confused for my. > > I try to do this: keytool -import -keypass leidas -file vmw2000.cer > -storepass pass -trustcacerts > > But i get the same error > > Thanks! > > > tterm wrote: >> >> I'M still don't know what exactly you are doing. Is the webservice on a >> remote host and servicemix local or whatever. I don't know. >> >> You should generate your key as you already did, export the certificate >> and import it in the truststore. This is the way for a self signed >> certificate. In your client application you also have to import your >> certificate so that the client trusts your server (web service whatever >> else). If your client is a commandline java application you have to set >> the keystore and truststore otherwise the truststore from the jdk will >> be used. Is the webservice deployed in servicemix? >> >> >> jlbarrera wrote: >>> I'm using ServiceMix 3.1, >>> What could be the problem? The keystore and truststore generated? >>> I have make this: >>> >>> keytool -genkey -keypass password -keystore keystoredemo -storepass >>> password >>> keytool -import -trustcacerts -keystore keystoretrust -file somename.cer >>> -v >>> >>> And i following the next guide for solved this problem: >>> http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the >>> same error. >>> >>> Thanks! >>> >>> >>> tterm wrote: Which servicemix version do you use? You should enable the java property for ssl so that you can see which truststore and keystore is used. jlbarrera wrote: > Well i put the keystore and the truststore in the conf directory, and > in > the > xbean.xml: > > > keyStorePassword="leidas" > > trustStore="file:conf/arrobafirma" > trustStorePassword="leidas"/> > > > But i received the next error: What happened? > > INFO - ServiceUnitLifeCycle - Starting service unit: SU > WARN - HttpComponent - Could not load description > from > resource > WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported > document > at > 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > valid certification path to requested target: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > valid certification path to requested target > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) > at > sun.net.www.protocol.https.Ht
Re: WebServices and SSL
Seems to be fine. Did you import the certificate from the webservice in the truststore of your servicemix provider endpoint. I can't see it exactly from your mails. WS-> create key / export cert / import in ws truststore (if selfsigned) http provider -> import ws cert in the truststore. That would be the scenario if you didn't enable client certificate authentication on the web service. So your client trusts the ws and the connection is secure. That should work without fail. What you also should do is to start the jvm with this property: -Djavax.net.debug=ssl That gives you a more information on what happend. You can post it if it still fails. jlbarrera wrote: > I try to expose a external webservices (SSL+auth basic) in ServiceMix. > > External WebServices <->ServiceMix <> Client > > for this, i'm using servicemix-http (xbean). Documentation > http://incubator.apache.org/servicemix/servicemix-http.html here > I already get expose a Webservices in ServiceMix, but now i'm trying do it > with SSL, and then with Auth Basic. > > External WS (SSL)<> provider(SM)<--->NMR<>consumer(SM)<>Client > > And i get the same error with all configurations: > > unable to find valid certification path to requested target... > > I have exported the certificate (vmw200.cer) and the next steps for create > the keystore and truststore are confused for my. > > I try to do this: keytool -import -keypass leidas -file vmw2000.cer > -storepass pass -trustcacerts > > But i get the same error > > Thanks! > > > tterm wrote: >> I'M still don't know what exactly you are doing. Is the webservice on a >> remote host and servicemix local or whatever. I don't know. >> >> You should generate your key as you already did, export the certificate >> and import it in the truststore. This is the way for a self signed >> certificate. In your client application you also have to import your >> certificate so that the client trusts your server (web service whatever >> else). If your client is a commandline java application you have to set >> the keystore and truststore otherwise the truststore from the jdk will >> be used. Is the webservice deployed in servicemix? >> >> >> jlbarrera wrote: >>> I'm using ServiceMix 3.1, >>> What could be the problem? The keystore and truststore generated? >>> I have make this: >>> >>> keytool -genkey -keypass password -keystore keystoredemo -storepass >>> password >>> keytool -import -trustcacerts -keystore keystoretrust -file somename.cer >>> -v >>> >>> And i following the next guide for solved this problem: >>> http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the >>> same error. >>> >>> Thanks! >>> >>> >>> tterm wrote: Which servicemix version do you use? You should enable the java property for ssl so that you can see which truststore and keystore is used. jlbarrera wrote: > Well i put the keystore and the truststore in the conf directory, and > in > the > xbean.xml: > > > keyStorePassword="leidas" > > trustStore="file:conf/arrobafirma" > trustStorePassword="leidas"/> > > > But i received the next error: What happened? > > INFO - ServiceUnitLifeCycle - Starting service unit: SU > WARN - HttpComponent - Could not load description > from > resource > WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported > document > at > 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > valid certification path to requested target: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > valid certification path to requested target > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >
Re: WebServices and SSL
I try to expose a external webservices (SSL+auth basic) in ServiceMix. External WebServices <->ServiceMix <> Client for this, i'm using servicemix-http (xbean). Documentation http://incubator.apache.org/servicemix/servicemix-http.html here I already get expose a Webservices in ServiceMix, but now i'm trying do it with SSL, and then with Auth Basic. External WS (SSL)<> provider(SM)<--->NMR<>consumer(SM)<>Client And i get the same error with all configurations: unable to find valid certification path to requested target... I have exported the certificate (vmw200.cer) and the next steps for create the keystore and truststore are confused for my. I try to do this: keytool -import -keypass leidas -file vmw2000.cer -storepass pass -trustcacerts But i get the same error Thanks! tterm wrote: > > I'M still don't know what exactly you are doing. Is the webservice on a > remote host and servicemix local or whatever. I don't know. > > You should generate your key as you already did, export the certificate > and import it in the truststore. This is the way for a self signed > certificate. In your client application you also have to import your > certificate so that the client trusts your server (web service whatever > else). If your client is a commandline java application you have to set > the keystore and truststore otherwise the truststore from the jdk will > be used. Is the webservice deployed in servicemix? > > > jlbarrera wrote: >> I'm using ServiceMix 3.1, >> What could be the problem? The keystore and truststore generated? >> I have make this: >> >> keytool -genkey -keypass password -keystore keystoredemo -storepass >> password >> keytool -import -trustcacerts -keystore keystoretrust -file somename.cer >> -v >> >> And i following the next guide for solved this problem: >> http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the >> same error. >> >> Thanks! >> >> >> tterm wrote: >>> Which servicemix version do you use? >>> >>> You should enable the java property for ssl so that you can see which >>> truststore and keystore is used. >>> >>> jlbarrera wrote: Well i put the keystore and the truststore in the conf directory, and in the xbean.xml: >>> keyStorePassword="leidas" trustStore="file:conf/arrobafirma" trustStorePassword="leidas"/> But i received the next error: What happened? INFO - ServiceUnitLifeCycle - Starting service unit: SU WARN - HttpComponent - Could not load description from resource WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) at java.net.URLConnection.getContent(URLConnection.java:682) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(Htt
Re: WebServices and SSL
I'M still don't know what exactly you are doing. Is the webservice on a remote host and servicemix local or whatever. I don't know. You should generate your key as you already did, export the certificate and import it in the truststore. This is the way for a self signed certificate. In your client application you also have to import your certificate so that the client trusts your server (web service whatever else). If your client is a commandline java application you have to set the keystore and truststore otherwise the truststore from the jdk will be used. Is the webservice deployed in servicemix? jlbarrera wrote: > I'm using ServiceMix 3.1, > What could be the problem? The keystore and truststore generated? > I have make this: > > keytool -genkey -keypass password -keystore keystoredemo -storepass password > keytool -import -trustcacerts -keystore keystoretrust -file somename.cer -v > > And i following the next guide for solved this problem: > http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the > same error. > > Thanks! > > > tterm wrote: >> Which servicemix version do you use? >> >> You should enable the java property for ssl so that you can see which >> truststore and keystore is used. >> >> jlbarrera wrote: >>> Well i put the keystore and the truststore in the conf directory, and in >>> the >>> xbean.xml: >>> >>> >>> >> keyStorePassword="leidas" >>> >>> trustStore="file:conf/arrobafirma" >>> trustStorePassword="leidas"/> >>> >>> >>> But i received the next error: What happened? >>> >>> INFO - ServiceUnitLifeCycle - Starting service unit: SU >>> WARN - HttpComponent - Could not load description from >>> resource >>> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document >>> at >>> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>> find >>> valid certification path to requested target: >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>> find >>> valid certification path to requested target >>> at >>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >>> at >>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >>> at >>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >>> at >>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >>> at >>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >>> at >>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >>> at >>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) >>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) >>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) >>> at >>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) >>> at >>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) >>> >>> at >>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) >>> at java.net.URLConnection.getContent(URLConnection.java:682) >>> at >>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) >>> at java.net.URL.getContent(URL.java:1021) >>> at com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown >>> Source) >>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>> at >>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >>> at >>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >>> at >>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >>> at >>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >>> at >>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >>> at >>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >>> at >>> org.apache.servi
Re: WebServices and SSL
I'm using ServiceMix 3.1, What could be the problem? The keystore and truststore generated? I have make this: keytool -genkey -keypass password -keystore keystoredemo -storepass password keytool -import -trustcacerts -keystore keystoretrust -file somename.cer -v And i following the next guide for solved this problem: http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the same error. Thanks! tterm wrote: > > Which servicemix version do you use? > > You should enable the java property for ssl so that you can see which > truststore and keystore is used. > > jlbarrera wrote: >> Well i put the keystore and the truststore in the conf directory, and in >> the >> xbean.xml: >> >> >> > keyStorePassword="leidas" >> >> trustStore="file:conf/arrobafirma" >> trustStorePassword="leidas"/> >> >> >> But i received the next error: What happened? >> >> INFO - ServiceUnitLifeCycle - Starting service unit: SU >> WARN - HttpComponent - Could not load description from >> resource >> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document >> at >> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find >> valid certification path to requested target: >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find >> valid certification path to requested target >> at >> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) >> at >> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) >> at >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) >> >> at >> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) >> at java.net.URLConnection.getContent(URLConnection.java:682) >> at >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) >> at java.net.URL.getContent(URL.java:1021) >> at com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown >> Source) >> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >> at >> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >> at >> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >> at >> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >> at >> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >> at >> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >> at >> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >> at >> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >> at java.util.TimerThread.mainLoop(Timer.java:512) >> at java.util.TimerThread.run(Timer.java:462) >> Caused by: sun.security.validator.ValidatorException: PKIX path bu
Re: WebServices and SSL
I forgot to say that you have to import your server sice certificate into your clients truststore. Thomas TERMIN wrote: > Which servicemix version do you use? > > You should enable the java property for ssl so that you can see which > truststore and keystore is used. > > jlbarrera wrote: >> Well i put the keystore and the truststore in the conf directory, and in the >> xbean.xml: >> >> >> > keyStorePassword="leidas" >> trustStore="file:conf/arrobafirma" >> trustStorePassword="leidas"/> >> >> >> But i received the next error: What happened? >> >> INFO - ServiceUnitLifeCycle - Starting service unit: SU >> WARN - HttpComponent - Could not load description from >> resource >> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at >> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target: >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> at >> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) >> at >> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) >> at >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) >> >> at >> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) >> at java.net.URLConnection.getContent(URLConnection.java:682) >> at >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) >> at java.net.URL.getContent(URL.java:1021) >> at com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown >> Source) >> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >> at >> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >> at >> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >> at >> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >> at >> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >> at >> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >> at >> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >> at >> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >> at java.util.TimerThread.mainLoop(Timer.java:512) >> at java.util.TimerThread.run(Timer.java:462) >> Caused by: sun.security.validator.ValidatorException: PKIX path building >> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable >> to find valid certification path to requested target >> at >> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) >> at >> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) >> at
Re: WebServices and SSL
Which servicemix version do you use? You should enable the java property for ssl so that you can see which truststore and keystore is used. jlbarrera wrote: > Well i put the keystore and the truststore in the conf directory, and in the > xbean.xml: > > > keyStorePassword="leidas" > trustStore="file:conf/arrobafirma" > trustStorePassword="leidas"/> > > > But i received the next error: What happened? > > INFO - ServiceUnitLifeCycle - Starting service unit: SU > WARN - HttpComponent - Could not load description from > resource > WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at > 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) > at java.net.URLConnection.getContent(URLConnection.java:682) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) > at java.net.URL.getContent(URL.java:1021) > at com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown > Source) > at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) > at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) > at > org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) > at > org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) > at > org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) > at > org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) > at > org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) > at > org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) > at > org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) > at > org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) > at > org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) > at > org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) > at > org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) > at java.util.TimerThread.mainLoop(Timer.java:512) > at java.util.TimerThread.run(Timer.java:462) > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) > at sun.security.validator.Validator.validate(Validator.java:203) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) > at > com.sun.net.ssl.internal.ssl.Js
Re: WebServices and SSL
Well i put the keystore and the truststore in the conf directory, and in the xbean.xml: But i received the next error: What happened? INFO - ServiceUnitLifeCycle - Starting service unit: SU WARN - HttpComponent - Could not load description from resource WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) at java.net.URLConnection.getContent(URLConnection.java:682) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) at java.net.URL.getContent(URL.java:1021) at com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) at org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) at org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) at org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) at org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) at org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) at org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) at org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) at org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) at org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) at org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) at org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840) ... 28 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValid
Re: WebServices and SSL
jlbarrera wrote: > I try to create a BC with the role "provider" that connect with a Web > Services by SSL and auth basic. But in the documentation said that the basic > auth only has enabled for role "consumer" .. it's right? I never tested basic auth. I used just ssl for authentication with certificates. > > But the keystore and truststore not found, i think that the path can be > mistaken. The truststore and keystore will be found. You might try to put both into the conf directory of servicemix and specify in the config file file:con/your.truststore.jks or something. That works. This is also a big help sometimes: -Djavax.net.debug=ssl Cheers, Thomas > > regards > > > > tterm wrote: >> set it with "file:" (keystore , truststore) >> >> You should provide more information on what you are want to do. >> >> jlbarrera wrote: >>> Hello >>> >>> I'm using servicemix-http with SSL. >>> >>> I have generated the keyStore: >>> keytool -genkey -keypass password -keystore keystoredemo -storepass >>> password >>> And i generated the trustStore: >>> keytool -import -trustcacerts -keystore keystoretrust -file >>> somename.cer >>> -v >>> >>> In the xbean.xml configuration file: >>> >>> >>> >> keyStore="/home/jlbarrera/keystoredemo" >>> keyStorePassword="password" >>> >>> trustStore="/home/jlbarrera/keystoretrust" >>> trustStorePassword="password"/> >>> >>> >>> But i get the next error: >>> >>>"No trusted certificate found" >>> >>> Somebody know the problem? The route of files it's mistaken? I try with >>> file:///route... too. I'm using Linux filesystem.. >>> >>> Thanks! >> >> >> > -- Thomas Termin ___ blue elephant systems GmbH Wollgrasweg 49 D-70599 Stuttgart Tel: (+49) 0711 - 45 10 17 676 Fax: (+49) 0711 - 45 10 17 573 WWW: http://www.blue-elephant-systems.com Email : [EMAIL PROTECTED] blue elephant systems GmbH Firmensitz : Wollgrasweg 49, D-70599 Stuttgart Registergericht : Amtsgericht Stuttgart, HRB 24106 Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
Re: WebServices and SSL
I try to create a BC with the role "provider" that connect with a Web Services by SSL and auth basic. But in the documentation said that the basic auth only has enabled for role "consumer" .. it's right? But the keystore and truststore not found, i think that the path can be mistaken. regards tterm wrote: > > set it with "file:" (keystore , truststore) > > You should provide more information on what you are want to do. > > jlbarrera wrote: >> Hello >> >> I'm using servicemix-http with SSL. >> >> I have generated the keyStore: >> keytool -genkey -keypass password -keystore keystoredemo -storepass >> password >> And i generated the trustStore: >> keytool -import -trustcacerts -keystore keystoretrust -file >> somename.cer >> -v >> >> In the xbean.xml configuration file: >> >> >> > keyStore="/home/jlbarrera/keystoredemo" >> keyStorePassword="password" >> >> trustStore="/home/jlbarrera/keystoretrust" >> trustStorePassword="password"/> >> >> >> But i get the next error: >> >>"No trusted certificate found" >> >> Somebody know the problem? The route of files it's mistaken? I try with >> file:///route... too. I'm using Linux filesystem.. >> >> Thanks! > > > > -- View this message in context: http://www.nabble.com/WebServices-and-SSL-tf637s12049.html#a9316283 Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: WebServices and SSL
set it with "file:" (keystore , truststore) You should provide more information on what you are want to do. jlbarrera wrote: > Hello > > I'm using servicemix-http with SSL. > > I have generated the keyStore: > keytool -genkey -keypass password -keystore keystoredemo -storepass > password > And i generated the trustStore: > keytool -import -trustcacerts -keystore keystoretrust -file somename.cer > -v > > In the xbean.xml configuration file: > > > keyStore="/home/jlbarrera/keystoredemo" > keyStorePassword="password" > > trustStore="/home/jlbarrera/keystoretrust" > trustStorePassword="password"/> > > > But i get the next error: > >"No trusted certificate found" > > Somebody know the problem? The route of files it's mistaken? I try with > file:///route... too. I'm using Linux filesystem.. > > Thanks!
