Hi
using option A on a JKS store gives me the DerInputStream too long error too.
You should be able to use configuration B, for example we use the following in
out wsdl first https demo
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="C:/fuse-services-framework-2.2.2.0/samples/wsdl_first_https/certs/truststore.jks"/>
</sec:trustManagers>
When you do a keytool list do you get an output something like
C:\fuse-services-framework-2.2.2.0\samples\wsdl_first_https>keytool -list
-keystore
C:\fuse-services-framework-2.2.2.0\samples\wsdl_first_https\certs\truststore.jks
Enter keystore password: password
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
theca, 22-Jun-2009, trustedCertEntry,
Certificate fingerprint (MD5): 6A:81:50:51:1E:0D:3F:62:C6:36:FD:A2:81:95:14:39
Regards
Eamonn
> Date: Fri, 18 Dec 2009 10:23:10 -0800
> From: [email protected]
> To: [email protected]
> Subject: CXF SSL and Configuration
>
>
> So, in short I have a small configuration issue. With one line of code in an
> axis client I can use a url against a web service that is https. All i have
> to do is set System.setProperty("javax.net.ssl.truststore",storeLocation)
> and my client works.
>
> With CXF it seems there is much more to it. I have tried many many things
> from lots of searches.
>
> I have tried a conduit that looks like this
> Configuration A:
> <http-conf:conduit name="*.http-conduit">
>
> <http-conf:client ProxyServer="aProxy" ProxyServerPort="80"
> AllowChunking="false" />
>
> <http-conf:tlsClientParameters disableCNCheck="true"
> secureSocketProtocol="SSL">
> <conf-sec:trustManagers>
> <conf-sec:certStore
> file="E://PLAYGROUND//blitz//cert//store"/>
> </conf-sec:trustManagers>
> </http-conf:tlsClientParameters>
>
> <http-conf:authorization>
> <conf-sec:UserName>User</conf-sec:UserName>
> <conf-sec:Password>pass</conf-sec:Password>
> </http-conf:authorization>
>
> </http-conf:conduit>
>
> And one that looks like this:
> Configuration B:
> <http-conf:conduit name="*.http-conduit">
>
> <http-conf:client ProxyServer="aProxy" ProxyServerPort="80"
> AllowChunking="false" />
>
> <http-conf:tlsClientParameters disableCNCheck="true"
> secureSocketProtocol="SSL">
> <conf-sec:trustManagers>
> <conf-sec:keyStore type="JKS" password="password"
> file="E:/PLAYGROUND/blitz/cert/store"/>
> </conf-sec:trustManagers>
> </http-conf:tlsClientParameters>
>
> <http-conf:authorization>
> <conf-sec:UserName>User</conf-sec:UserName>
> <conf-sec:Password>pass</conf-sec:Password>
> </http-conf:authorization>
>
> </http-conf:conduit>
>
> I am not a cert, keystore expert by any means and I am confused on which
> configuration I should be using. My use case is using cxf to call a third
> party https service. I pulled the cert from their site and performed a
> keytool import on it to get the store. All the proxy and basic auth stuff
> works like a charm. When I try to use ssl however I cannot get a single
> configuration to work. I am sure that this works but online everyone that
> has solved this issue has a different way of doing so.
>
> With Configuration A I get an error about my DerInputStream being too large.
> With Configuration B I get an error that there is no trusted certification
> found. Also with this configuration I debugged the HttpConduit object and in
> the tlsClientParameters I can see the store in all its glory with all the
> correct configurations that are in the configuration xml file.
>
> I want cxf to make this project a success. Any ideas on what I am doing
> wrong?
> Thanks
> --
> View this message in context:
> http://old.nabble.com/CXF-SSL-and-Configuration-tp26847600p26847600.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
_________________________________________________________________
New Windows 7: Find the right PC for you. Learn more.
http://windows.microsoft.com/shop