I try to expose a external webservices (SSL+auth basic) in ServiceMix. External WebServices <----->ServiceMix <--------> Client
for this, i'm using servicemix-http (xbean). Documentation http://incubator.apache.org/servicemix/servicemix-http.html here I already get expose a Webservices in ServiceMix, but now i'm trying do it with SSL, and then with Auth Basic. External WS (SSL)<----> provider(SM)<--->NMR<---->consumer(SM)<---->Client And i get the same error with all configurations: unable to find valid certification path to requested target... I have exported the certificate (vmw200.cer) and the next steps for create the keystore and truststore are confused for my. I try to do this: keytool -import -keypass leidas -file vmw2000.cer -storepass pass -trustcacerts But i get the same error Thanks! tterm wrote: > > I'M still don't know what exactly you are doing. Is the webservice on a > remote host and servicemix local or whatever. I don't know. > > You should generate your key as you already did, export the certificate > and import it in the truststore. This is the way for a self signed > certificate. In your client application you also have to import your > certificate so that the client trusts your server (web service whatever > else). If your client is a commandline java application you have to set > the keystore and truststore otherwise the truststore from the jdk will > be used. Is the webservice deployed in servicemix? > > > jlbarrera wrote: >> I'm using ServiceMix 3.1, >> What could be the problem? The keystore and truststore generated? >> I have make this: >> >> keytool -genkey -keypass password -keystore keystoredemo -storepass >> password >> keytool -import -trustcacerts -keystore keystoretrust -file somename.cer >> -v >> >> And i following the next guide for solved this problem: >> http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the >> same error. >> >> Thanks! >> >> >> tterm wrote: >>> Which servicemix version do you use? >>> >>> You should enable the java property for ssl so that you can see which >>> truststore and keystore is used. >>> >>> jlbarrera wrote: >>>> Well i put the keystore and the truststore in the conf directory, and >>>> in >>>> the >>>> xbean.xml: >>>> >>>> <http:ssl> >>>> <http:sslParameters keyStore="file:conf/jlbarrera" >>>> keyStorePassword="leidas" >>>> >>>> trustStore="file:conf/arrobafirma" >>>> trustStorePassword="leidas"/> >>>> </http:ssl> >>>> >>>> But i received the next error: What happened? >>>> >>>> INFO - ServiceUnitLifeCycle - Starting service unit: SU >>>> WARN - HttpComponent - Could not load description >>>> from >>>> resource >>>> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported >>>> document >>>> at >>>> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>> find >>>> valid certification path to requested target: >>>> javax.net.ssl.SSLHandshakeException: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>> find >>>> valid certification path to requested target >>>> at >>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >>>> at >>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >>>> at >>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >>>> at >>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >>>> at >>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >>>> at >>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >>>> at >>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >>>> at >>>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >>>> at >>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) >>>> at >>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) >>>> at >>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) >>>> at >>>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) >>>> at >>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) >>>> >>>> at >>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) >>>> at java.net.URLConnection.getContent(URLConnection.java:682) >>>> at >>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) >>>> at java.net.URL.getContent(URL.java:1021) >>>> at >>>> com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown >>>> Source) >>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>> at >>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >>>> at >>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >>>> at >>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >>>> at >>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >>>> at >>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >>>> at >>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >>>> at >>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >>>> at >>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >>>> at >>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >>>> at >>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >>>> at >>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >>>> at java.util.TimerThread.mainLoop(Timer.java:512) >>>> at java.util.TimerThread.run(Timer.java:462) >>>> Caused by: sun.security.validator.ValidatorException: PKIX path >>>> building >>>> failed: sun.security.provider.certpath.SunCertPathBuilderException: >>>> unable >>>> to find valid certification path to requested target >>>> at >>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) >>>> at >>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) >>>> at >>>> sun.security.validator.Validator.validate(Validator.java:203) >>>> at >>>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) >>>> at >>>> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) >>>> at >>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840) >>>> ... 28 more >>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >>>> unable to find valid certification path to requested target >>>> at >>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) >>>> at >>>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) >>>> at >>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) >>>> ... 33 more >>>> >>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>> at >>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >>>> at >>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >>>> at >>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >>>> at >>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >>>> at >>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >>>> at >>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >>>> at >>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >>>> at >>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >>>> at >>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >>>> at >>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >>>> at >>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >>>> at java.util.TimerThread.mainLoop(Timer.java:512) >>>> at java.util.TimerThread.run(Timer.java:462) >>>> INFO - jetty - jetty-6.0.1 >>>> INFO - jetty - Started SelectChannelConnector >>>> @ >>>> 0.0.0.0:8989 >>>> INFO - AutoDeploymentService - Directory: deploy: Finished >>>> installation of archive: SA.zip >>>> >>>> >>>> >>>> >>>> >>>> tterm wrote: >>>>> jlbarrera wrote: >>>>>> I try to create a BC with the role "provider" that connect with a Web >>>>>> Services by SSL and auth basic. But in the documentation said that >>>>>> the >>>>>> basic >>>>>> auth only has enabled for role "consumer" .. it's right? >>>>> I never tested basic auth. I used just ssl for authentication with >>>>> certificates. >>>>> >>>>>> But the keystore and truststore not found, i think that the path can >>>>>> be >>>>>> mistaken. >>>>> The truststore and keystore will be found. You might try to put both >>>>> into the conf directory of servicemix and specify in the config file >>>>> file:con/your.truststore.jks or something. That works. >>>>> >>>>> This is also a big help sometimes: >>>>> -Djavax.net.debug=ssl >>>>> >>>>> Cheers, >>>>> Thomas >>>>> >>>>>> regards >>>>>> >>>>>> >>>>>> >>>>>> tterm wrote: >>>>>>> set it with "file:" (keystore , truststore) >>>>>>> >>>>>>> You should provide more information on what you are want to do. >>>>>>> >>>>>>> jlbarrera wrote: >>>>>>>> Hello >>>>>>>> >>>>>>>> I'm using servicemix-http with SSL. >>>>>>>> >>>>>>>> I have generated the keyStore: >>>>>>>> keytool -genkey -keypass password -keystore keystoredemo >>>>>>>> -storepass >>>>>>>> password >>>>>>>> And i generated the trustStore: >>>>>>>> keytool -import -trustcacerts -keystore keystoretrust -file >>>>>>>> somename.cer >>>>>>>> -v >>>>>>>> >>>>>>>> In the xbean.xml configuration file: >>>>>>>> >>>>>>>> <http:ssl> >>>>>>>> <http:sslParameters >>>>>>>> keyStore="/home/jlbarrera/keystoredemo" >>>>>>>> keyStorePassword="password" >>>>>>>> >>>>>>>> trustStore="/home/jlbarrera/keystoretrust" >>>>>>>> >>>>>>>> trustStorePassword="password"/> >>>>>>>> </http:ssl> >>>>>>>> >>>>>>>> But i get the next error: >>>>>>>> >>>>>>>> "No trusted certificate found" >>>>>>>> >>>>>>>> Somebody know the problem? The route of files it's mistaken? I try >>>>>>>> with >>>>>>>> file:///route... too. I'm using Linux filesystem.. >>>>>>>> >>>>>>>> Thanks! >>>>>>> >>>>> -- >>>>> Thomas Termin >>>>> _______________________________ >>>>> blue elephant systems GmbH >>>>> Wollgrasweg 49 >>>>> D-70599 Stuttgart >>>>> >>>>> Tel : (+49) 0711 - 45 10 17 676 >>>>> Fax : (+49) 0711 - 45 10 17 573 >>>>> WWW : http://www.blue-elephant-systems.com >>>>> Email : [EMAIL PROTECTED] >>>>> >>>>> blue elephant systems GmbH >>>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>>>> >>>>> Thanks! >>>>> >>> >>> -- >>> Thomas Termin >>> _______________________________ >>> blue elephant systems GmbH >>> Wollgrasweg 49 >>> D-70599 Stuttgart >>> >>> Tel : (+49) 0711 - 45 10 17 676 >>> Fax : (+49) 0711 - 45 10 17 573 >>> WWW : http://www.blue-elephant-systems.com >>> Email : [EMAIL PROTECTED] >>> >>> blue elephant systems GmbH >>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>> >>> >>> >> > > > -- > Thomas Termin > _______________________________ > blue elephant systems GmbH > Wollgrasweg 49 > D-70599 Stuttgart > > Tel : (+49) 0711 - 45 10 17 676 > Fax : (+49) 0711 - 45 10 17 573 > WWW : http://www.blue-elephant-systems.com > Email : [EMAIL PROTECTED] > > blue elephant systems GmbH > Firmensitz : Wollgrasweg 49, D-70599 Stuttgart > Registergericht : Amtsgericht Stuttgart, HRB 24106 > Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle > > > -- View this message in context: http://www.nabble.com/WebServices-and-SSL-tf3333637s12049.html#a9374118 Sent from the ServiceMix - User mailing list archive at Nabble.com.
