This is all fixed on trunk. The latest 2.1.1 snapshots have fixed
configs and certs.
Dan
On Jun 5, 2008, at 3:50 PM, jsolderitsch wrote:
Still trying to get my bearings with respect to cxf and security.
So I went to the cxf 2.1 distribution and looked at the example code.
Found the wsdl_first_https example.
I set my environment variables and started the server. This seems to
succeed. I see:
[java] Starting Server
[java] Server ready...
My first attempt to run the secure.client target failed because the
certificates had expired.
The README warns of this, and so I ran the gencerts.sh script. This
seemed
to go ok, except at the end during one of the diagnostic openssl
commands, I
get:
unable to load CRL
43403:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: X509 CRL
I don't think this is serious.
Then I re-started the server and ran the secure.client target again.
I see:
secure.client:
[java]
file:/Users/jjs/Projects/netCDS/Deployables/apache-cxf-2.1/samples/
wsdl_first_https/wsdl/hello_world.wsdl
[java] Credentials from WibbleClient.cxf will be used for the
invocation.
[java] Invoking greetMe...
[java] Invocation failed with the following:
org.apache.cxf.interceptor.Fault: The https URL hostname does not
match the
Common Name (CN) on the server certificate. To disable this check
(NOT
recommended for production) set the CXF client TLS configuration
property
"disableCNCheck" to true.
I would have thought the demo would have been arranged to make this
interaction succeed. Is there a bug in the gencerts script?
The README does not suggest that this should happen.
Any advice appreciated.
--
View this message in context:
http://www.nabble.com/cxf-2.1-https-sample-fails-unexpectedly-tp17678160p17678160.html
Sent from the cxf-user mailing list archive at Nabble.com.
---
Daniel Kulp
[EMAIL PROTECTED]
http://www.dankulp.com/blog
