We are till at trying to make XFire run under SSL and still no go. Has anyone seen and succesfully dealt with this exception? I have followed the instructions where I setup the self-signed cert in tomcat (per Tomcat docs )and then extract the public key from the keystore and add it to my trusted keystore on the client and we still get this error.
Here is the error: Oct 26, 2006 3:35:04 PM org.codehaus.xfire.transport.http.HttpChannel sendViaClient SEVERE: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Exception in thread "main" org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Couldn't send message. Tomcat runs under SSL great, so I don't think there are any problems with that per se. Thanks in advance for any help or direction. M. Goodell -----Original Message----- From: Dan Diephouse [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 25, 2006 2:59 PM To: [email protected] Subject: Re: [xfire-user] SSL Problem I haven't taken a big look into your question, but have you read the instructions on how to set up Commons HttpClient so it uses your certificate? http://xfire.codehaus.org/HTTP+Transport - Dan M Goodell wrote: >Looks like I am getting closer here. > >Now I get this error. > >Do I need to add something to the server code to instantiate a SSL context? > >M Goodell > >Warning: pdc4uwebservicestest\serverKey.rsa modified in the future. >Warning: pdc4uwebservicestest\serverKey.rsa modified in the future. >Copying 1 file to >C:\Development\Java\PDC4U\pdc4uwebservicestest\build\classes >compile: >run: >Oct 25, 2006 2:09:40 PM org.apache.commons.httpclient.HttpMethodDirector >executeWithRetry >INFO: I/O exception (java.net.SocketException) caught when processing >request: Default SSL context init failed: null >Oct 25, 2006 2:09:40 PM org.apache.commons.httpclient.HttpMethodDirector >executeWithRetry >INFO: Retrying request > >-----Original Message----- >From: Tomek Sztelak [mailto:[EMAIL PROTECTED] >Sent: Wednesday, October 25, 2006 12:46 PM >To: [email protected] >Subject: Re: [xfire-user] SSL Problem > > >First you must export public key from server keystore : >keytool -export -alias <SERVER_ALIAS> -file serverKey.rsa -keystore >.keystore -storepass password >serverKey.rsa will be created in current folder, so then you can >import it in client keystore: > >keytool -import -alias <ALIAS> -file serverKey.rsa -keystore >clientStore.jks -storepass password >Then you can run client with params : > -Djavax.net.ssl.keyStore=clientStore.ks > -Djavax.net.ssl.keyStorePassword=password > >On 10/25/06, M Goodell <[EMAIL PROTECTED]> wrote: > > >>Please bear with me here: >> >>1. I created a private key and and imported it into a custom keystore: >> >>2. Made changes to the server.xml file like: >> >>keystoreFile="/usr/local/tomcat5.5/keystore/.keystore" >>keystorePass="password" /> >> >>3. Tested Tomcat and the SSL connectivity works fine. >> >>4. Question on item 4: How do I import the server key into the client? >>Server is FreeBSD - Client system in Windows >> >>-----Original Message----- >>From: Tomek Sztelak [mailto:[EMAIL PROTECTED] >>Sent: Wednesday, October 25, 2006 12:22 PM >>To: [email protected] >>Subject: Re: [xfire-user] SSL Problem >> >> >>Hi >>Yes, my services works using https. You probably have some cert >>configuration problems. >>What i did for debug environment : >>1. generate private key for server and import it into keystore >>2. configure sever to use this private key ( small modification in >>tomcat config ) >>3. import server public key into client keystore >>4. configure client to use public key with e.gl >>-Djavax.net.ssl.keyStore=keystore.ks >>-Djavax.net.ssl.keyStorePassword=Password >> >> >>On 10/25/06, M Goodell <[EMAIL PROTECTED]> wrote: >> >> >>>We are tying to run our XFire service under SSL and are experiencing >>>trouble. We have done some research on the exception being throw and it >>>indicated we need to add our cert into the trusted store which we have >>> >>> >>done >> >> >>>to no avail. >>> >>>Here is the error message: >>> >>>Oct 25, 2006 12:06:44 PM org.codehaus.xfire.transport.http.HttpChannel >>>sendViaClient >>>SEVERE: javax.net.ssl.SSLHandshakeException: >>>sun.security.validator.ValidatorException: PKIX path building failed: >>>sun.security.provider.certpath.SunCertPathBuilderException: unable to >>> >>> >find > > >>>valid certification path to requested target >>>Exception in thread "main" org.codehaus.xfire.XFireRuntimeException: >>> >>> >Could > > >>>not invoke service.. Nested exception is >>>org.codehaus.xfire.fault.XFireFault: Couldn't send message. >>>org.codehaus.xfire.fault.XFireFault: Couldn't send message. >>> >>>Does anyone have any experience running a service under SSL successfully >>>they are willing to share? >>> >>>M Goodell >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe from this list please visit: >>> >>> http://xircles.codehaus.org/manage_email >>> >>> >>> >>> >>-- >>----- >>When one of our products stops working, we'll blame another vendor >>within 24 hours. >> >>--------------------------------------------------------------------- >>To unsubscribe from this list please visit: >> >> http://xircles.codehaus.org/manage_email >> >> >> >>-- >>No virus found in this incoming message. >>Checked by AVG Free Edition. >>Version: 7.1.408 / Virus Database: 268.13.11/496 - Release Date: >> >> >10/24/2006 > > >> >>--------------------------------------------------------------------- >>To unsubscribe from this list please visit: >> >> http://xircles.codehaus.org/manage_email >> >> >> >> > > >-- >----- >When one of our products stops working, we'll blame another vendor >within 24 hours. > >--------------------------------------------------------------------- >To unsubscribe from this list please visit: > > http://xircles.codehaus.org/manage_email > > > >-- >No virus found in this incoming message. >Checked by AVG Free Edition. >Version: 7.1.408 / Virus Database: 268.13.11/496 - Release Date: 10/24/2006 > > > >--------------------------------------------------------------------- >To unsubscribe from this list please visit: > > http://xircles.codehaus.org/manage_email > > > -- Dan Diephouse (616) 971-2053 Envoi Solutions LLC http://netzooid.com --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.11/496 - Release Date: 10/24/2006 --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
