first to all, thank you for your help, it's beging very useful for me.
Ok this is my provider configuration at this moment, because i changed it
many times:
<!-- PROVIDER -->
<http:endpoint service="firma:VerificarFirmasService"
targetService="firma:VerificarFirmasService"
endpoint="endpointProviderFirma2"
interfaceName="firma:InterfazVerificarFirma"
soapVersion="1.1"
soap="true"
role="provider"
locationURI="https://172.19.1.75/axis/services/VerificarFirmas";
defaultMep="http://www.w3.org/2004/08/wsdl/in-out";
wsdlResource="https://172.19.1.75/axis/services/VerificarFirmas?wsdl";>
<http:ssl>
<http:sslParameters trustStore="classpath:keystore_jl"
trustStorePassword="pass"
/>
</http:ssl>
<http:basicAuthentication>
<http:basicAuthCredentials username="user"
password="pass" />
</http:basicAuthentication>
</http:endpoint>
keystore_jl is generated by:
keytool -import -alias jlbarreracert -keypass pass -file vmw2000.cer
-storepass pass -trustcacerts
The certificate (vmw200.cer) is self signed, i export it by internet
explorer to a file.
Thnaks!
tterm wrote:
>
> jlbarrera wrote:
>> ok, i think that the error can be because the keystore isn't found!,
>> because
>> i write a badly route and i received the same error.
>>
>> I have seen in the documentation:
>> keyStore="classpath:org/apache/servicemix/http/server.keystore"
>> But...Where i should place my keystore file?
> as i said before put it under $SERVICMIX_HOME/conf/ as an example
>
>
>
>>
>> thanks!
>>
>>
>>
>> jlbarrera wrote:
>>> I try to expose a external webservices (SSL+auth basic) in ServiceMix.
>>>
>>> External WebServices <----->ServiceMix <--------> Client
>>>
>>> for this, i'm using servicemix-http (xbean). Documentation
>>> http://incubator.apache.org/servicemix/servicemix-http.html here
>>> I already get expose a Webservices in ServiceMix, but now i'm trying do
>>> it
>>> with SSL, and then with Auth Basic.
>>>
>>> External WS (SSL)<---->
>>> provider(SM)<--->NMR<---->consumer(SM)<---->Client
>>>
>>> And i get the same error with all configurations:
>>>
>>> unable to find valid certification path to requested target...
>>>
>>> I have exported the certificate (vmw200.cer) and the next steps for
>>> create
>>> the keystore and truststore are confused for my.
>>>
>>> I try to do this: keytool -import -keypass leidas -file vmw2000.cer
>>> -storepass pass -trustcacerts
>>>
>>> But i get the same error
>>>
>>> Thanks!
>>>
>>>
>>> tterm wrote:
>>>> I'M still don't know what exactly you are doing. Is the webservice on a
>>>> remote host and servicemix local or whatever. I don't know.
>>>>
>>>> You should generate your key as you already did, export the certificate
>>>> and import it in the truststore. This is the way for a self signed
>>>> certificate. In your client application you also have to import your
>>>> certificate so that the client trusts your server (web service whatever
>>>> else). If your client is a commandline java application you have to set
>>>> the keystore and truststore otherwise the truststore from the jdk will
>>>> be used. Is the webservice deployed in servicemix?
>>>>
>>>>
>>>> jlbarrera wrote:
>>>>> I'm using ServiceMix 3.1,
>>>>> What could be the problem? The keystore and truststore generated?
>>>>> I have make this:
>>>>>
>>>>> keytool -genkey -keypass password -keystore keystoredemo -storepass
>>>>> password
>>>>> keytool -import -trustcacerts -keystore keystoretrust -file
>>>>> somename.cer
>>>>> -v
>>>>>
>>>>> And i following the next guide for solved this problem:
>>>>> http://blogs.sun.com/andreas/entry/no_more_unable_to_find, but i get
>>>>> the
>>>>> same error.
>>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>> tterm wrote:
>>>>>> Which servicemix version do you use?
>>>>>>
>>>>>> You should enable the java property for ssl so that you can see which
>>>>>> truststore and keystore is used.
>>>>>>
>>>>>> jlbarrera wrote:
>>>>>>> Well i put the keystore and the truststore in the conf directory,
>>>>>>> and
>>>>>>> in
>>>>>>> the
>>>>>>> xbean.xml:
>>>>>>>
>>>>>>> <http:ssl>
>>>>>>> <http:sslParameters
>>>>>>> keyStore="file:conf/jlbarrera"
>>>>>>> keyStorePassword="leidas"
>>>>>>>
>>>>>>> trustStore="file:conf/arrobafirma"
>>>>>>>
>>>>>>> trustStorePassword="leidas"/>
>>>>>>> </http:ssl>
>>>>>>>
>>>>>>> But i received the next error: What happened?
>>>>>>>
>>>>>>> INFO - ServiceUnitLifeCycle - Starting service unit: SU
>>>>>>> WARN - HttpComponent - Could not load description
>>>>>>> from
>>>>>>> resource
>>>>>>> WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported
>>>>>>> document
>>>>>>> at
>>>>>>> 'https://172.19.1.75/axis/services/VerificarFirmas?wsdl'.:
>>>>>>> sun.security.validator.ValidatorException: PKIX path building
>>>>>>> failed:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable
>>>>>>> to
>>>>>>> find
>>>>>>> valid certification path to requested target:
>>>>>>> javax.net.ssl.SSLHandshakeException:
>>>>>>> sun.security.validator.ValidatorException: PKIX path building
>>>>>>> failed:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable
>>>>>>> to
>>>>>>> find
>>>>>>> valid certification path to requested target
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
>>>>>>> at
>>>>>>> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
>>>>>>> at
>>>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
>>>>>>>
>>>>>>> at
>>>>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
>>>>>>> at java.net.URLConnection.getContent(URLConnection.java:682)
>>>>>>> at
>>>>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getContent(HttpsURLConnectionImpl.java:406)
>>>>>>> at java.net.URL.getContent(URL.java:1021)
>>>>>>> at
>>>>>>> com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown
>>>>>>> Source)
>>>>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>>>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>>>>>> at
>>>>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229)
>>>>>>> at
>>>>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339)
>>>>>>> at
>>>>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55)
>>>>>>> at
>>>>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555)
>>>>>>> at java.util.TimerThread.mainLoop(Timer.java:512)
>>>>>>> at java.util.TimerThread.run(Timer.java:462)
>>>>>>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>>>>>> building
>>>>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException:
>>>>>>> unable
>>>>>>> to find valid certification path to requested target
>>>>>>> at
>>>>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
>>>>>>> at
>>>>>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
>>>>>>> at
>>>>>>> sun.security.validator.Validator.validate(Validator.java:203)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
>>>>>>> at
>>>>>>> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
>>>>>>> ... 28 more
>>>>>>> Caused by:
>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException:
>>>>>>> unable to find valid certification path to requested target
>>>>>>> at
>>>>>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
>>>>>>> at
>>>>>>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
>>>>>>> at
>>>>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
>>>>>>> ... 33 more
>>>>>>>
>>>>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>>>>>> at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
>>>>>>> at
>>>>>>> org.apache.servicemix.soap.SoapEndpoint.loadWsdl(SoapEndpoint.java:229)
>>>>>>> at
>>>>>>> org.apache.servicemix.soap.SoapEndpoint.activate(SoapEndpoint.java:339)
>>>>>>> at
>>>>>>> org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55)
>>>>>>> at
>>>>>>> org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:296)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:588)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:60)
>>>>>>> at
>>>>>>> org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:555)
>>>>>>> at java.util.TimerThread.mainLoop(Timer.java:512)
>>>>>>> at java.util.TimerThread.run(Timer.java:462)
>>>>>>> INFO - jetty - jetty-6.0.1
>>>>>>> INFO - jetty - Started
>>>>>>> SelectChannelConnector @
>>>>>>> 0.0.0.0:8989
>>>>>>> INFO - AutoDeploymentService - Directory: deploy: Finished
>>>>>>> installation of archive: SA.zip
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> tterm wrote:
>>>>>>>> jlbarrera wrote:
>>>>>>>>> I try to create a BC with the role "provider" that connect with a
>>>>>>>>> Web
>>>>>>>>> Services by SSL and auth basic. But in the documentation said that
>>>>>>>>> the
>>>>>>>>> basic
>>>>>>>>> auth only has enabled for role "consumer" .. it's right?
>>>>>>>> I never tested basic auth. I used just ssl for authentication with
>>>>>>>> certificates.
>>>>>>>>
>>>>>>>>> But the keystore and truststore not found, i think that the path
>>>>>>>>> can
>>>>>>>>> be
>>>>>>>>> mistaken.
>>>>>>>> The truststore and keystore will be found. You might try to put
>>>>>>>> both
>>>>>>>> into the conf directory of servicemix and specify in the config
>>>>>>>> file
>>>>>>>> file:con/your.truststore.jks or something. That works.
>>>>>>>>
>>>>>>>> This is also a big help sometimes:
>>>>>>>> -Djavax.net.debug=ssl
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Thomas
>>>>>>>>
>>>>>>>>> regards
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> tterm wrote:
>>>>>>>>>> set it with "file:" (keystore , truststore)
>>>>>>>>>>
>>>>>>>>>> You should provide more information on what you are want to do.
>>>>>>>>>>
>>>>>>>>>> jlbarrera wrote:
>>>>>>>>>>> Hello
>>>>>>>>>>>
>>>>>>>>>>> I'm using servicemix-http with SSL.
>>>>>>>>>>>
>>>>>>>>>>> I have generated the keyStore:
>>>>>>>>>>> keytool -genkey -keypass password -keystore keystoredemo
>>>>>>>>>>> -storepass
>>>>>>>>>>> password
>>>>>>>>>>> And i generated the trustStore:
>>>>>>>>>>> keytool -import -trustcacerts -keystore keystoretrust -file
>>>>>>>>>>> somename.cer
>>>>>>>>>>> -v
>>>>>>>>>>>
>>>>>>>>>>> In the xbean.xml configuration file:
>>>>>>>>>>>
>>>>>>>>>>> <http:ssl>
>>>>>>>>>>> <http:sslParameters
>>>>>>>>>>> keyStore="/home/jlbarrera/keystoredemo"
>>>>>>>>>>>
>>>>>>>>>>> keyStorePassword="password"
>>>>>>>>>>>
>>>>>>>>>>> trustStore="/home/jlbarrera/keystoretrust"
>>>>>>>>>>>
>>>>>>>>>>> trustStorePassword="password"/>
>>>>>>>>>>> </http:ssl>
>>>>>>>>>>>
>>>>>>>>>>> But i get the next error:
>>>>>>>>>>>
>>>>>>>>>>> "No trusted certificate found"
>>>>>>>>>>>
>>>>>>>>>>> Somebody know the problem? The route of files it's mistaken? I
>>>>>>>>>>> try
>>>>>>>>>>> with
>>>>>>>>>>> file:///route... too. I'm using Linux filesystem..
>>>>>>>>>>>
>>>>>>>>>>> Thanks!
>>>>>>>> --
>>>>>>>> Thomas Termin
>>>>>>>> _______________________________
>>>>>>>> blue elephant systems GmbH
>>>>>>>> Wollgrasweg 49
>>>>>>>> D-70599 Stuttgart
>>>>>>>>
>>>>>>>> Tel : (+49) 0711 - 45 10 17 676
>>>>>>>> Fax : (+49) 0711 - 45 10 17 573
>>>>>>>> WWW : http://www.blue-elephant-systems.com
>>>>>>>> Email : [EMAIL PROTECTED]
>>>>>>>>
>>>>>>>> blue elephant systems GmbH
>>>>>>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart
>>>>>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106
>>>>>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>>
>>>>>> --
>>>>>> Thomas Termin
>>>>>> _______________________________
>>>>>> blue elephant systems GmbH
>>>>>> Wollgrasweg 49
>>>>>> D-70599 Stuttgart
>>>>>>
>>>>>> Tel : (+49) 0711 - 45 10 17 676
>>>>>> Fax : (+49) 0711 - 45 10 17 573
>>>>>> WWW : http://www.blue-elephant-systems.com
>>>>>> Email : [EMAIL PROTECTED]
>>>>>>
>>>>>> blue elephant systems GmbH
>>>>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart
>>>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106
>>>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>> --
>>>> Thomas Termin
>>>> _______________________________
>>>> blue elephant systems GmbH
>>>> Wollgrasweg 49
>>>> D-70599 Stuttgart
>>>>
>>>> Tel : (+49) 0711 - 45 10 17 676
>>>> Fax : (+49) 0711 - 45 10 17 573
>>>> WWW : http://www.blue-elephant-systems.com
>>>> Email : [EMAIL PROTECTED]
>>>>
>>>> blue elephant systems GmbH
>>>> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart
>>>> Registergericht : Amtsgericht Stuttgart, HRB 24106
>>>> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
>>>>
>>>>
>>>>
>>>
>>
>
>
> --
> Thomas Termin
> _______________________________
> blue elephant systems GmbH
> Wollgrasweg 49
> D-70599 Stuttgart
>
> Tel : (+49) 0711 - 45 10 17 676
> Fax : (+49) 0711 - 45 10 17 573
> WWW : http://www.blue-elephant-systems.com
> Email : [EMAIL PROTECTED]
>
> blue elephant systems GmbH
> Firmensitz : Wollgrasweg 49, D-70599 Stuttgart
> Registergericht : Amtsgericht Stuttgart, HRB 24106
> Geschäftsführer : Holger Dietrich, Thomas Gentsch, Joachim Hoernle
>
>
>
--
View this message in context:
http://www.nabble.com/WebServices-and-SSL-tf3333637s12049.html#a9392447
Sent from the ServiceMix - User mailing list archive at Nabble.com.
