jlbarrera wrote: > ok, i think that the error can be because the keystore isn't found!, because > i write a badly route and i received the same error. > > I have seen in the documentation: > keyStore="classpath:org/apache/servicemix/http/server.keystore" > But...Where i should place my keystore file? as i said before put it under $SERVICMIX_HOME/conf/ as an example
> > thanks! > > > > jlbarrera wrote: >> I try to expose a external webservices (SSL+auth basic) in ServiceMix. >> >> External WebServices <----->ServiceMix <--------> Client >> >> for this, i'm using servicemix-http (xbean). Documentation >> http://incubator.apache.org/servicemix/servicemix-http.html here >> I already get expose a Webservices in ServiceMix, but now i'm trying do it >> with SSL, and then with Auth Basic. >> >> External WS (SSL)<----> provider(SM)<--->NMR<---->consumer(SM)<---->Client >> >> And i get the same error with all configurations: >> >> unable to find valid certification path to requested target... >> >> I have exported the certificate (vmw200.cer) and the next steps for create >> the keystore and truststore are confused for my. >> >> I try to do this: keytool -import -keypass leidas -file vmw2000.cer >> -storepass pass -trustcacerts >> >> But i get the same error >> >> Thanks! >> >> >> tterm wrote: >>> I'M still don't know what exactly you are doing. Is the webservice on a >>> remote host and servicemix local or whatever. I don't know. >>> >>> You should generate your key as you already did, export the certificate >>> and import it in the truststore. This is the way for a self signed >>> certificate. In your client application you also have to import your >>> certificate so that the client trusts your server (web service whatever >>> else). If your client is a commandline java application you have to set >>> the keystore and truststore otherwise the truststore from the jdk will >>> be used. Is the webservice deployed in servicemix? >>> >>> >>> jlbarrera wrote: >>>> I'm using ServiceMix 3.1, >>>> What could be the problem? The keystore and truststore generated? >>>> I have make this: >>>> >>>> keytool -genkey -keypass password -keystore keystoredemo -storepass >>>> password >>>> keytool -import -trustcacerts -keystore keystoretrust -file somename.cer >>>> -v >>>> >>>> And i following the next guide for solved this problem: >>>> http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get the >>>> same error. >>>> >>>> Thanks! >>>> >>>> >>>> tterm wrote: >>>>> Which servicemix version do you use? >>>>> >>>>> You should enable the java property for ssl so that you can see which >>>>> truststore and keystore is used. >>>>> >>>>> jlbarrera wrote: >>>>>> Well i put the keystore and the truststore in the conf directory, and >>>>>> in >>>>>> the >>>>>> xbean.xml: >>>>>> >>>>>> <http:ssl> >>>>>> <http:sslParameters keyStore="file:conf/jlbarrera" >>>>>> keyStorePassword="leidas" >>>>>> >>>>>> trustStore="file:conf/arrobafirma" >>>>>> trustStorePassword="leidas"/> >>>>>> </http:ssl> >>>>>> >>>>>> But i received the next error: What happened? >>>>>> >>>>>> INFO - ServiceUnitLifeCycle - Starting service unit: SU >>>>>> WARN - HttpComponent - Could not load description >>>>>> from >>>>>> resource >>>>>> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported >>>>>> document >>>>>> at >>>>>> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.: >>>>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>>> find >>>>>> valid certification path to requested target: >>>>>> javax.net.ssl.SSLHandshakeException: >>>>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>>> find >>>>>> valid certification path to requested target >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038) >>>>>> at >>>>>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) >>>>>> at >>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) >>>>>> >>>>>> at >>>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) >>>>>> at java.net.URLConnection.getContent(URLConnection.java:682) >>>>>> at >>>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406) >>>>>> at java.net.URL.getContent(URL.java:1021) >>>>>> at >>>>>> com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown >>>>>> Source) >>>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>>> at >>>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >>>>>> at >>>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >>>>>> at >>>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >>>>>> at >>>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >>>>>> at java.util.TimerThread.mainLoop(Timer.java:512) >>>>>> at java.util.TimerThread.run(Timer.java:462) >>>>>> Caused by: sun.security.validator.ValidatorException: PKIX path >>>>>> building >>>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException: >>>>>> unable >>>>>> to find valid certification path to requested target >>>>>> at >>>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) >>>>>> at >>>>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) >>>>>> at >>>>>> sun.security.validator.Validator.validate(Validator.java:203) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) >>>>>> at >>>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840) >>>>>> ... 28 more >>>>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >>>>>> unable to find valid certification path to requested target >>>>>> at >>>>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) >>>>>> at >>>>>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) >>>>>> at >>>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) >>>>>> ... 33 more >>>>>> >>>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source) >>>>>> at >>>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229) >>>>>> at >>>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339) >>>>>> at >>>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55) >>>>>> at >>>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60) >>>>>> at >>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555) >>>>>> at java.util.TimerThread.mainLoop(Timer.java:512) >>>>>> at java.util.TimerThread.run(Timer.java:462) >>>>>> INFO - jetty - jetty-6.0.1 >>>>>> INFO - jetty - Started >>>>>> SelectChannelConnector @ >>>>>> 0.0.0.0:8989 >>>>>> INFO - AutoDeploymentService - Directory: deploy: Finished >>>>>> installation of archive: SA.zip >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> tterm wrote: >>>>>>> jlbarrera wrote: >>>>>>>> I try to create a BC with the role "provider" that connect with a >>>>>>>> Web >>>>>>>> Services by SSL and auth basic. But in the documentation said that >>>>>>>> the >>>>>>>> basic >>>>>>>> auth only has enabled for role "consumer" .. it's right? >>>>>>> I never tested basic auth. I used just ssl for authentication with >>>>>>> certificates. >>>>>>> >>>>>>>> But the keystore and truststore not found, i think that the path can >>>>>>>> be >>>>>>>> mistaken. >>>>>>> The truststore and keystore will be found. You might try to put both >>>>>>> into the conf directory of servicemix and specify in the config file >>>>>>> file:con/your.truststore.jks or something. That works. >>>>>>> >>>>>>> This is also a big help sometimes: >>>>>>> -Djavax.net.debug=ssl >>>>>>> >>>>>>> Cheers, >>>>>>> Thomas >>>>>>> >>>>>>>> regards >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> tterm wrote: >>>>>>>>> set it with "file:" (keystore , truststore) >>>>>>>>> >>>>>>>>> You should provide more information on what you are want to do. >>>>>>>>> >>>>>>>>> jlbarrera wrote: >>>>>>>>>> Hello >>>>>>>>>> >>>>>>>>>> I'm using servicemix-http with SSL. >>>>>>>>>> >>>>>>>>>> I have generated the keyStore: >>>>>>>>>> keytool -genkey -keypass password -keystore keystoredemo >>>>>>>>>> -storepass >>>>>>>>>> password >>>>>>>>>> And i generated the trustStore: >>>>>>>>>> keytool -import -trustcacerts -keystore keystoretrust -file >>>>>>>>>> somename.cer >>>>>>>>>> -v >>>>>>>>>> >>>>>>>>>> In the xbean.xml configuration file: >>>>>>>>>> >>>>>>>>>> <http:ssl> >>>>>>>>>> <http:sslParameters >>>>>>>>>> keyStore="/home/jlbarrera/keystoredemo" >>>>>>>>>> >>>>>>>>>> keyStorePassword="password" >>>>>>>>>> >>>>>>>>>> trustStore="/home/jlbarrera/keystoretrust" >>>>>>>>>> >>>>>>>>>> trustStorePassword="password"/> >>>>>>>>>> </http:ssl> >>>>>>>>>> >>>>>>>>>> But i get the next error: >>>>>>>>>> >>>>>>>>>> "No trusted certificate found" >>>>>>>>>> >>>>>>>>>> Somebody know the problem? The route of files it's mistaken? I try >>>>>>>>>> with >>>>>>>>>> file:///route... too. I'm using Linux filesystem.. >>>>>>>>>> >>>>>>>>>> Thanks! >>>>>>> -- >>>>>>> Thomas Termin >>>>>>> _______________________________ >>>>>>> blue elephant systems GmbH >>>>>>> Wollgrasweg 49 >>>>>>> D-70599 Stuttgart >>>>>>> >>>>>>> Tel : (+49) 0711 - 45 10 17 676 >>>>>>> Fax : (+49) 0711 - 45 10 17 573 >>>>>>> WWW : http://www.blue-elephant-systems.com >>>>>>> Email : [EMAIL PROTECTED] >>>>>>> >>>>>>> blue elephant systems GmbH >>>>>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>>>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>>>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>> -- >>>>> Thomas Termin >>>>> _______________________________ >>>>> blue elephant systems GmbH >>>>> Wollgrasweg 49 >>>>> D-70599 Stuttgart >>>>> >>>>> Tel : (+49) 0711 - 45 10 17 676 >>>>> Fax : (+49) 0711 - 45 10 17 573 >>>>> WWW : http://www.blue-elephant-systems.com >>>>> Email : [EMAIL PROTECTED] >>>>> >>>>> blue elephant systems GmbH >>>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>>>> >>>>> >>>>> >>> >>> -- >>> Thomas Termin >>> _______________________________ >>> blue elephant systems GmbH >>> Wollgrasweg 49 >>> D-70599 Stuttgart >>> >>> Tel : (+49) 0711 - 45 10 17 676 >>> Fax : (+49) 0711 - 45 10 17 573 >>> WWW : http://www.blue-elephant-systems.com >>> Email : [EMAIL PROTECTED] >>> >>> blue elephant systems GmbH >>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart >>> Registergericht : Amtsgericht Stuttgart, HRB 24106 >>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle >>> >>> >>> >> > -- Thomas Termin _______________________________ blue elephant systems GmbH Wollgrasweg 49 D-70599 Stuttgart Tel : (+49) 0711 - 45 10 17 676 Fax : (+49) 0711 - 45 10 17 573 WWW : http://www.blue-elephant-systems.com Email : [EMAIL PROTECTED] blue elephant systems GmbH Firmensitz : Wollgrasweg 49, D-70599 Stuttgart Registergericht : Amtsgericht Stuttgart, HRB 24106 Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle