Robert wrote: > problem I'm facing is that it seems that set up truststore is ignored by > CXF(SSL?) javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found
I ran into this and a host of other errors -- can't remember what specifically fixed it. In general, writing a cxf ssl client for a WAS 6.1 cxf service was a very painful experience for me -- but I eventually got it to work. http://www.nabble.com/Small-as-possible-self-signed-cert-SSL-example-to19476659.html#a19476659 http://www.ibm.com/developerworks/forums/thread.jspa?threadID=226174&tstart=0 The second link has the source that worked, along with other configuration details. --Erik -----Original Message----- From: Daniel Kulp [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2008 4:10 PM To: [email protected] Cc: Gal Rob Subject: Re: ssl truststore ignore You mention CXF 2.1. Can you try 2.1.3? With 2.1.1, we updated the https stuff to use the in JDK https stuff if you don't specifically configure it via our spring config. Thus, the default properties might work. Dan On Sunday 30 November 2008 2:30:06 pm Gal Rob wrote: > Hello, > > I'm quite new to WS especially WS over SSL. I'm stuck with setting up SSL > for CXF client. I run over recomended tutorials and couple of posts. > > I'm using CXF 2.1 deployed on WebSphere 6.1 as spring service and setup > http conduit as in CXF example and mentioned blog. JAVA version 1.5.0_16 > > imported WebSphere certificate into vanila trustore > > problem I'm facing is that it seems that set up truststore is ingored by > CXF(SSL?) javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > > when I do import WebSphere certificate into cacerts of JRE everythink works > fine as expected. To be honest i'm not sure what to insert into keystore as > certificate is contained in truststore. > > To explore thinks further I' have created my own key pair using keytool > selfsigned the certificate, setup websphere with fresh certificate. and > imported certificate also into truststore. At the end I had keystore with > my key pair and also truststore with certificate. At this point I'm quite > unsure if I really need to maintain also keystore and trustore is not > enaugh because client do not need any kind of authentication. > > Situation was the same. CXF ignored truststore, keystore configuration but > using cacert was fine again. > > Any pointer where I miss the point? > I' know this issue was solved a couple of times, but I'm quite stuck also > by provided working examples so sorry for opening issue up again :-/ > > thanks for any help > Robert > _________________________________________________________________ > Jednoduchá kontrola zabezpečenia počítača. > http://onecare.live.com/site/sk-sk/ -- Daniel Kulp [EMAIL PROTECTED] http://dankulp.com/blog _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _____________
