Seems to be fine. Did you import the certificate from the webservice in the truststore of your servicemix provider endpoint. I can't see it exactly from your mails.
WS-> create key / export cert / import in ws truststore (if selfsigned) http provider -> import ws cert in the truststore. That would be the scenario if you didn't enable client certificate authentication on the web service. So your client trusts the ws and the connection is secure. That should work without fail. What you also should do is to start the jvm with this property: -Djavax.net.debug=ssl That gives you a more information on what happend. You can post it if it still fails. jlbarrera wrote: > I try to expose a external webservices (SSL+auth basic) in ServiceMix. > > External WebServices <----->ServiceMix <--------> Client > > for this, i'm using servicemix-http (xbean). Documentation > http://incubator.apache.org/servicemix/servicemix-http.html here > I already get expose a Webservices in ServiceMix, but now i'm trying do it > with SSL, and then with Auth Basic. > > External WS (SSL)<----> provider(SM)<--->NMR<---->consumer(SM)<---->Client > > And i get the same error with all configurations: > > unable to find valid certification path to requested target... > > I have exported the certificate (vmw200.cer) and the next steps for create > the keystore and truststore are confused for my. > > I try to do this: keytool -import -keypass leidas -file vmw2000.cer > -storepass pass -trustcacerts > > But i get the same error > > Thanks! > > > tterm wrote: >> I'M still don't know what exactly you are doing. Is the webservice on a >> remote host and servicemix local or whatever. I don't know. >> >> You should generate your key as you already did, export the certificate >> and import it in the truststore. This is the way for a self signed >> certificate. In your client application you also have to import your >> certificate so that the client trusts your server (web service whatever >> else). If your client is a commandline java application you have to set >> the keystore and truststore otherwise the truststore from the jdk will >> be used. Is the webservice deployed in servicemix? >> >> >> jlbarrera wrote: >>> I'm using ServiceMix 3.1, >>> What could be the problem? The keystore and truststore generated? >>> I have make this: >>> >>> keytool -genkey -keypass password -keystore keystoredemo -storepass >>> password >>> keytool -import -trustcacerts -keystore keystoretrust -file somename.cer >>> -v >>> >>> And i following the next guide for solved this problem: >>> http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the >>> same error. >>> >>> Thanks! >>> >>> >>> tterm wrote: >>>> Which servicemix version do you use? >>>> >>>> You should enable the java property for ssl so that you can see which >>>> truststore and keystore is used. >>>> >>>> jlbarrera wrote: >>>>> Well i put the keystore and the truststore in the conf directory, and >>>>> in >>>>> the >>>>> xbean.xml: >>>>> >>>>> <http:ssl> >>>>> <http:sslParameters keyStore="file:conf/jlbarrera" >>>>> keyStorePassword="leidas" >>>>> >>>>> trustStore="file:conf/arrobafirma" >>>>> trustStorePassword="leidas"/> >>>>> </http:ssl> >>>>> >>>>> But i received the next error: What happened? >>>>> >>>>> INFO - ServiceUnitLifeCycle - Starting service unit: SU >>>>> WARN - HttpComponent - Could not load description >>>>> from >>>>> resource >>>>> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported >>>>> document >>>>> at >>>>> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >>>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>> find >>>>> valid certification path to requested target: >>>>> javax.net.ssl.SSLHandshakeException: >>>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>> find >>>>> valid certification path to requested target >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) >>>>> at >>>>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) >>>>> at >>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) >>>>> >>>>> at >>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) >>>>> at java.net.URLConnection.getContent(URLConnection.java:682) >>>>> at >>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) >>>>> at java.net.URL.getContent(URL.java:1021) >>>>> at >>>>> com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown >>>>> Source) >>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>> at >>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >>>>> at >>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >>>>> at >>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >>>>> at >>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >>>>> at >>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >>>>> at >>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >>>>> at >>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >>>>> at java.util.TimerThread.mainLoop(Timer.java:512) >>>>> at java.util.TimerThread.run(Timer.java:462) >>>>> Caused by: sun.security.validator.ValidatorException: PKIX path >>>>> building >>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException: >>>>> unable >>>>> to find valid certification path to requested target >>>>> at >>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) >>>>> at >>>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) >>>>> at >>>>> sun.security.validator.Validator.validate(Validator.java:203) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840) >>>>> ... 28 more >>>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >>>>> unable to find valid certification path to requested target >>>>> at >>>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) >>>>> at >>>>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) >>>>> at >>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) >>>>> ... 33 more >>>>> >>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>> at >>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >>>>> at >>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >>>>> at >>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >>>>> at >>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >>>>> at >>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >>>>> at >>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >>>>> at >>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >>>>> at java.util.TimerThread.mainLoop(Timer.java:512) >>>>> at java.util.TimerThread.run(Timer.java:462) >>>>> INFO - jetty - jetty-6.0.1 >>>>> INFO - jetty - Started SelectChannelConnector >>>>> @ >>>>> 0.0.0.0:8989 >>>>> INFO - AutoDeploymentService - Directory: deploy: Finished >>>>> installation of archive: SA.zip >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> tterm wrote: >>>>>> jlbarrera wrote: >>>>>>> I try to create a BC with the role "provider" that connect with a Web >>>>>>> Services by SSL and auth basic. But in the documentation said that >>>>>>> the >>>>>>> basic >>>>>>> auth only has enabled for role "consumer" .. it's right? >>>>>> I never tested basic auth. I used just ssl for authentication with >>>>>> certificates. >>>>>> >>>>>>> But the keystore and truststore not found, i think that the path can >>>>>>> be >>>>>>> mistaken. >>>>>> The truststore and keystore will be found. You might try to put both >>>>>> into the conf directory of servicemix and specify in the config file >>>>>> file:con/your.truststore.jks or something. That works. >>>>>> >>>>>> This is also a big help sometimes: >>>>>> -Djavax.net.debug=ssl >>>>>> >>>>>> Cheers, >>>>>> Thomas >>>>>> >>>>>>> regards >>>>>>> >>>>>>> >>>>>>> >>>>>>> tterm wrote: >>>>>>>> set it with "file:" (keystore , truststore) >>>>>>>> >>>>>>>> You should provide more information on what you are want to do. >>>>>>>> >>>>>>>> jlbarrera wrote: >>>>>>>>> Hello >>>>>>>>> >>>>>>>>> I'm using servicemix-http with SSL. >>>>>>>>> >>>>>>>>> I have generated the keyStore: >>>>>>>>> keytool -genkey -keypass password -keystore keystoredemo >>>>>>>>> -storepass >>>>>>>>> password >>>>>>>>> And i generated the trustStore: >>>>>>>>> keytool -import -trustcacerts -keystore keystoretrust -file >>>>>>>>> somename.cer >>>>>>>>> -v >>>>>>>>> >>>>>>>>> In the xbean.xml configuration file: >>>>>>>>> >>>>>>>>> <http:ssl> >>>>>>>>> <http:sslParameters >>>>>>>>> keyStore="/home/jlbarrera/keystoredemo" >>>>>>>>> keyStorePassword="password" >>>>>>>>> >>>>>>>>> trustStore="/home/jlbarrera/keystoretrust" >>>>>>>>> >>>>>>>>> trustStorePassword="password"/> >>>>>>>>> </http:ssl> >>>>>>>>> >>>>>>>>> But i get the next error: >>>>>>>>> >>>>>>>>> "No trusted certificate found" >>>>>>>>> >>>>>>>>> Somebody know the problem? The route of files it's mistaken? I try >>>>>>>>> with >>>>>>>>> file:///route... too. I'm using Linux filesystem.. >>>>>>>>> >>>>>>>>> Thanks! >>>>>> -- >>>>>> Thomas Termin >>>>>> _______________________________ >>>>>> blue elephant systems GmbH >>>>>> Wollgrasweg 49 >>>>>> D-70599 Stuttgart >>>>>> >>>>>> Tel : (+49) 0711 - 45 10 17 676 >>>>>> Fax : (+49) 0711 - 45 10 17 573 >>>>>> WWW : http://www.blue-elephant-systems.com >>>>>> Email : [EMAIL PROTECTED] >>>>>> >>>>>> blue elephant systems GmbH >>>>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>>>>> >>>>>> Thanks! >>>>>> >>>> -- >>>> Thomas Termin >>>> _______________________________ >>>> blue elephant systems GmbH >>>> Wollgrasweg 49 >>>> D-70599 Stuttgart >>>> >>>> Tel : (+49) 0711 - 45 10 17 676 >>>> Fax : (+49) 0711 - 45 10 17 573 >>>> WWW : http://www.blue-elephant-systems.com >>>> Email : [EMAIL PROTECTED] >>>> >>>> blue elephant systems GmbH >>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>>> >>>> >>>> >> >> -- >> Thomas Termin >> _______________________________ >> blue elephant systems GmbH >> Wollgrasweg 49 >> D-70599 Stuttgart >> >> Tel : (+49) 0711 - 45 10 17 676 >> Fax : (+49) 0711 - 45 10 17 573 >> WWW : http://www.blue-elephant-systems.com >> Email : [EMAIL PROTECTED] >> >> blue elephant systems GmbH >> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >> Registergericht : Amtsgericht Stuttgart, HRB 24106 >> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >> >> >> > -- Thomas Termin _______________________________ blue elephant systems GmbH Wollgrasweg 49 D-70599 Stuttgart Tel : (+49) 0711 - 45 10 17 676 Fax : (+49) 0711 - 45 10 17 573 WWW : http://www.blue-elephant-systems.com Email : [EMAIL PROTECTED] blue elephant systems GmbH Firmensitz : Wollgrasweg 49, D-70599 Stuttgart Registergericht : Amtsgericht Stuttgart, HRB 24106 Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
