I forgot to say that you have to import your server sice certificate into your clients truststore.
Thomas TERMIN wrote: > Which servicemix version do you use? > > You should enable the java property for ssl so that you can see which > truststore and keystore is used. > > jlbarrera wrote: >> Well i put the keystore and the truststore in the conf directory, and in the >> xbean.xml: >> >> <http:ssl> >> <http:sslParameters keyStore="file:conf/jlbarrera" >> keyStorePassword="leidas" >> trustStore="file:conf/arrobafirma" >> trustStorePassword="leidas"/> >> </http:ssl> >> >> But i received the next error: What happened? >> >> INFO - ServiceUnitLifeCycle - Starting service unit: SU >> WARN - HttpComponent - Could not load description from >> resource >> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at >> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target: >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> at >> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) >> at >> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) >> at >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) >> >> at >> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) >> at java.net.URLConnection.getContent(URLConnection.java:682) >> at >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) >> at java.net.URL.getContent(URL.java:1021) >> at com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown >> Source) >> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >> at >> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >> at >> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >> at >> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >> at >> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >> at >> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >> at >> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >> at >> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >> at java.util.TimerThread.mainLoop(Timer.java:512) >> at java.util.TimerThread.run(Timer.java:462) >> Caused by: sun.security.validator.ValidatorException: PKIX path building >> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable >> to find valid certification path to requested target >> at >> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) >> at >> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) >> at sun.security.validator.Validator.validate(Validator.java:203) >> at >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) >> at >> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840) >> ... 28 more >> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target >> at >> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) >> at >> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) >> at >> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) >> ... 33 more >> >> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >> at >> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >> at >> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >> at >> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >> at >> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >> at >> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >> at >> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >> at >> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >> at >> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >> at java.util.TimerThread.mainLoop(Timer.java:512) >> at java.util.TimerThread.run(Timer.java:462) >> INFO - jetty - jetty-6.0.1 >> INFO - jetty - Started SelectChannelConnector @ >> 0.0.0.0:8989 >> INFO - AutoDeploymentService - Directory: deploy: Finished >> installation of archive: SA.zip >> >> >> >> >> >> tterm wrote: >>> jlbarrera wrote: >>>> I try to create a BC with the role "provider" that connect with a Web >>>> Services by SSL and auth basic. But in the documentation said that the >>>> basic >>>> auth only has enabled for role "consumer" .. it's right? >>> I never tested basic auth. I used just ssl for authentication with >>> certificates. >>> >>>> But the keystore and truststore not found, i think that the path can be >>>> mistaken. >>> The truststore and keystore will be found. You might try to put both >>> into the conf directory of servicemix and specify in the config file >>> file:con/your.truststore.jks or something. That works. >>> >>> This is also a big help sometimes: >>> -Djavax.net.debug=ssl >>> >>> Cheers, >>> Thomas >>> >>>> regards >>>> >>>> >>>> >>>> tterm wrote: >>>>> set it with "file:" (keystore , truststore) >>>>> >>>>> You should provide more information on what you are want to do. >>>>> >>>>> jlbarrera wrote: >>>>>> Hello >>>>>> >>>>>> I'm using servicemix-http with SSL. >>>>>> >>>>>> I have generated the keyStore: >>>>>> keytool -genkey -keypass password -keystore keystoredemo -storepass >>>>>> password >>>>>> And i generated the trustStore: >>>>>> keytool -import -trustcacerts -keystore keystoretrust -file >>>>>> somename.cer >>>>>> -v >>>>>> >>>>>> In the xbean.xml configuration file: >>>>>> >>>>>> <http:ssl> >>>>>> <http:sslParameters >>>>>> keyStore="/home/jlbarrera/keystoredemo" >>>>>> keyStorePassword="password" >>>>>> >>>>>> trustStore="/home/jlbarrera/keystoretrust" >>>>>> trustStorePassword="password"/> >>>>>> </http:ssl> >>>>>> >>>>>> But i get the next error: >>>>>> >>>>>> "No trusted certificate found" >>>>>> >>>>>> Somebody know the problem? The route of files it's mistaken? I try with >>>>>> file:///route... too. I'm using Linux filesystem.. >>>>>> >>>>>> Thanks! >>>>> >>> -- >>> Thomas Termin >>> _______________________________ >>> blue elephant systems GmbH >>> Wollgrasweg 49 >>> D-70599 Stuttgart >>> >>> Tel : (+49) 0711 - 45 10 17 676 >>> Fax : (+49) 0711 - 45 10 17 573 >>> WWW : http://www.blue-elephant-systems.com >>> Email : [EMAIL PROTECTED] >>> >>> blue elephant systems GmbH >>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>> >>> Thanks! >>> > > -- Thomas Termin _______________________________ blue elephant systems GmbH Wollgrasweg 49 D-70599 Stuttgart Tel : (+49) 0711 - 45 10 17 676 Fax : (+49) 0711 - 45 10 17 573 WWW : http://www.blue-elephant-systems.com Email : [EMAIL PROTECTED] blue elephant systems GmbH Firmensitz : Wollgrasweg 49, D-70599 Stuttgart Registergericht : Amtsgericht Stuttgart, HRB 24106 Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
