ok, i think that the error can be because the keystore isn't found!, because i write a badly route and i received the same error.
I have seen in the documentation: keyStore="classpath:org/apache/servicemix/http/server.keystore" But...Where i should place my keystore file? thanks! jlbarrera wrote: > > I try to expose a external webservices (SSL+auth basic) in ServiceMix. > > External WebServices <----->ServiceMix <--------> Client > > for this, i'm using servicemix-http (xbean). Documentation > http://incubator.apache.org/servicemix/servicemix-http.html here > I already get expose a Webservices in ServiceMix, but now i'm trying do it > with SSL, and then with Auth Basic. > > External WS (SSL)<----> provider(SM)<--->NMR<---->consumer(SM)<---->Client > > And i get the same error with all configurations: > > unable to find valid certification path to requested target... > > I have exported the certificate (vmw200.cer) and the next steps for create > the keystore and truststore are confused for my. > > I try to do this: keytool -import -keypass leidas -file vmw2000.cer > -storepass pass -trustcacerts > > But i get the same error > > Thanks! > > > tterm wrote: >> >> I'M still don't know what exactly you are doing. Is the webservice on a >> remote host and servicemix local or whatever. I don't know. >> >> You should generate your key as you already did, export the certificate >> and import it in the truststore. This is the way for a self signed >> certificate. In your client application you also have to import your >> certificate so that the client trusts your server (web service whatever >> else). If your client is a commandline java application you have to set >> the keystore and truststore otherwise the truststore from the jdk will >> be used. Is the webservice deployed in servicemix? >> >> >> jlbarrera wrote: >>> I'm using ServiceMix 3.1, >>> What could be the problem? The keystore and truststore generated? >>> I have make this: >>> >>> keytool -genkey -keypass password -keystore keystoredemo -storepass >>> password >>> keytool -import -trustcacerts -keystore keystoretrust -file somename.cer >>> -v >>> >>> And i following the next guide for solved this problem: >>> http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the >>> same error. >>> >>> Thanks! >>> >>> >>> tterm wrote: >>>> Which servicemix version do you use? >>>> >>>> You should enable the java property for ssl so that you can see which >>>> truststore and keystore is used. >>>> >>>> jlbarrera wrote: >>>>> Well i put the keystore and the truststore in the conf directory, and >>>>> in >>>>> the >>>>> xbean.xml: >>>>> >>>>> <http:ssl> >>>>> <http:sslParameters keyStore="file:conf/jlbarrera" >>>>> keyStorePassword="leidas" >>>>> >>>>> trustStore="file:conf/arrobafirma" >>>>> trustStorePassword="leidas"/> >>>>> </http:ssl> >>>>> >>>>> But i received the next error: What happened? >>>>> >>>>> INFO - ServiceUnitLifeCycle - Starting service unit: SU >>>>> WARN - HttpComponent - Could not load description >>>>> from >>>>> resource >>>>> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported >>>>> document >>>>> at >>>>> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >>>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>> find >>>>> valid certification path to requested target: >>>>> javax.net.ssl.SSLHandshakeException: >>>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>> find >>>>> valid certification path to requested target >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) >>>>> at >>>>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) >>>>> at >>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) >>>>> >>>>> at >>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) >>>>> at java.net.URLConnection.getContent(URLConnection.java:682) >>>>> at >>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) >>>>> at java.net.URL.getContent(URL.java:1021) >>>>> at >>>>> com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown >>>>> Source) >>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>> at >>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >>>>> at >>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >>>>> at >>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >>>>> at >>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >>>>> at >>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >>>>> at >>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >>>>> at >>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >>>>> at java.util.TimerThread.mainLoop(Timer.java:512) >>>>> at java.util.TimerThread.run(Timer.java:462) >>>>> Caused by: sun.security.validator.ValidatorException: PKIX path >>>>> building >>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException: >>>>> unable >>>>> to find valid certification path to requested target >>>>> at >>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) >>>>> at >>>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) >>>>> at >>>>> sun.security.validator.Validator.validate(Validator.java:203) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) >>>>> at >>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840) >>>>> ... 28 more >>>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >>>>> unable to find valid certification path to requested target >>>>> at >>>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) >>>>> at >>>>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) >>>>> at >>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) >>>>> ... 33 more >>>>> >>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>> at >>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >>>>> at >>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >>>>> at >>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >>>>> at >>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >>>>> at >>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >>>>> at >>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >>>>> at >>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >>>>> at >>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >>>>> at java.util.TimerThread.mainLoop(Timer.java:512) >>>>> at java.util.TimerThread.run(Timer.java:462) >>>>> INFO - jetty - jetty-6.0.1 >>>>> INFO - jetty - Started >>>>> SelectChannelConnector @ >>>>> 0.0.0.0:8989 >>>>> INFO - AutoDeploymentService - Directory: deploy: Finished >>>>> installation of archive: SA.zip >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> tterm wrote: >>>>>> jlbarrera wrote: >>>>>>> I try to create a BC with the role "provider" that connect with a >>>>>>> Web >>>>>>> Services by SSL and auth basic. But in the documentation said that >>>>>>> the >>>>>>> basic >>>>>>> auth only has enabled for role "consumer" .. it's right? >>>>>> I never tested basic auth. I used just ssl for authentication with >>>>>> certificates. >>>>>> >>>>>>> But the keystore and truststore not found, i think that the path can >>>>>>> be >>>>>>> mistaken. >>>>>> The truststore and keystore will be found. You might try to put both >>>>>> into the conf directory of servicemix and specify in the config file >>>>>> file:con/your.truststore.jks or something. That works. >>>>>> >>>>>> This is also a big help sometimes: >>>>>> -Djavax.net.debug=ssl >>>>>> >>>>>> Cheers, >>>>>> Thomas >>>>>> >>>>>>> regards >>>>>>> >>>>>>> >>>>>>> >>>>>>> tterm wrote: >>>>>>>> set it with "file:" (keystore , truststore) >>>>>>>> >>>>>>>> You should provide more information on what you are want to do. >>>>>>>> >>>>>>>> jlbarrera wrote: >>>>>>>>> Hello >>>>>>>>> >>>>>>>>> I'm using servicemix-http with SSL. >>>>>>>>> >>>>>>>>> I have generated the keyStore: >>>>>>>>> keytool -genkey -keypass password -keystore keystoredemo >>>>>>>>> -storepass >>>>>>>>> password >>>>>>>>> And i generated the trustStore: >>>>>>>>> keytool -import -trustcacerts -keystore keystoretrust -file >>>>>>>>> somename.cer >>>>>>>>> -v >>>>>>>>> >>>>>>>>> In the xbean.xml configuration file: >>>>>>>>> >>>>>>>>> <http:ssl> >>>>>>>>> <http:sslParameters >>>>>>>>> keyStore="/home/jlbarrera/keystoredemo" >>>>>>>>> >>>>>>>>> keyStorePassword="password" >>>>>>>>> >>>>>>>>> trustStore="/home/jlbarrera/keystoretrust" >>>>>>>>> >>>>>>>>> trustStorePassword="password"/> >>>>>>>>> </http:ssl> >>>>>>>>> >>>>>>>>> But i get the next error: >>>>>>>>> >>>>>>>>> "No trusted certificate found" >>>>>>>>> >>>>>>>>> Somebody know the problem? The route of files it's mistaken? I try >>>>>>>>> with >>>>>>>>> file:///route... too. I'm using Linux filesystem.. >>>>>>>>> >>>>>>>>> Thanks! >>>>>>>> >>>>>> -- >>>>>> Thomas Termin >>>>>> _______________________________ >>>>>> blue elephant systems GmbH >>>>>> Wollgrasweg 49 >>>>>> D-70599 Stuttgart >>>>>> >>>>>> Tel : (+49) 0711 - 45 10 17 676 >>>>>> Fax : (+49) 0711 - 45 10 17 573 >>>>>> WWW : http://www.blue-elephant-systems.com >>>>>> Email : [EMAIL PROTECTED] >>>>>> >>>>>> blue elephant systems GmbH >>>>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>>>>> >>>>>> Thanks! >>>>>> >>>> >>>> -- >>>> Thomas Termin >>>> _______________________________ >>>> blue elephant systems GmbH >>>> Wollgrasweg 49 >>>> D-70599 Stuttgart >>>> >>>> Tel : (+49) 0711 - 45 10 17 676 >>>> Fax : (+49) 0711 - 45 10 17 573 >>>> WWW : http://www.blue-elephant-systems.com >>>> Email : [EMAIL PROTECTED] >>>> >>>> blue elephant systems GmbH >>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>>> >>>> >>>> >>> >> >> >> -- >> Thomas Termin >> _______________________________ >> blue elephant systems GmbH >> Wollgrasweg 49 >> D-70599 Stuttgart >> >> Tel : (+49) 0711 - 45 10 17 676 >> Fax : (+49) 0711 - 45 10 17 573 >> WWW : http://www.blue-elephant-systems.com >> Email : [EMAIL PROTECTED] >> >> blue elephant systems GmbH >> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >> Registergericht : Amtsgericht Stuttgart, HRB 24106 >> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >> >> >> > > -- View this message in context: http://www.nabble.com/WebServices-and-SSL-tf3333637s12049.html#a9374237 Sent from the ServiceMix - User mailing list archive at Nabble.com.
