Sorry, my previous reply needs a bit of clarification... "using option A on a JKS store gives me the "DerInputStream too long error" too, that is I see the error too when I use the certStore configuration style to try and load my .jks file"
Regards Eamonn > From: [email protected] > To: [email protected] > Subject: RE: CXF SSL and Configuration > Date: Mon, 21 Dec 2009 14:14:10 +0000 > > > Hi > using option A on a JKS store gives me the DerInputStream too long error too. > You should be able to use configuration B, for example we use the following > in out wsdl first https demo > <sec:trustManagers> > <sec:keyStore type="JKS" password="password" > > file="C:/fuse-services-framework-2.2.2.0/samples/wsdl_first_https/certs/truststore.jks"/> > </sec:trustManagers> > > When you do a keytool list do you get an output something like > > C:\fuse-services-framework-2.2.2.0\samples\wsdl_first_https>keytool -list > -keystore > C:\fuse-services-framework-2.2.2.0\samples\wsdl_first_https\certs\truststore.jks > Enter keystore password: password > > Keystore type: jks > Keystore provider: SUN > > Your keystore contains 1 entry > > theca, 22-Jun-2009, trustedCertEntry, > Certificate fingerprint (MD5): 6A:81:50:51:1E:0D:3F:62:C6:36:FD:A2:81:95:14:39 > > Regards > Eamonn > > > > Date: Fri, 18 Dec 2009 10:23:10 -0800 > > From: [email protected] > > To: [email protected] > > Subject: CXF SSL and Configuration > > > > > > So, in short I have a small configuration issue. With one line of code in an > > axis client I can use a url against a web service that is https. All i have > > to do is set System.setProperty("javax.net.ssl.truststore",storeLocation) > > and my client works. > > > > With CXF it seems there is much more to it. I have tried many many things > > from lots of searches. > > > > I have tried a conduit that looks like this > > Configuration A: > > <http-conf:conduit name="*.http-conduit"> > > > > <http-conf:client ProxyServer="aProxy" ProxyServerPort="80" > > AllowChunking="false" /> > > > > <http-conf:tlsClientParameters disableCNCheck="true" > > secureSocketProtocol="SSL"> > > <conf-sec:trustManagers> > > <conf-sec:certStore > > file="E://PLAYGROUND//blitz//cert//store"/> > > </conf-sec:trustManagers> > > </http-conf:tlsClientParameters> > > > > <http-conf:authorization> > > <conf-sec:UserName>User</conf-sec:UserName> > > <conf-sec:Password>pass</conf-sec:Password> > > </http-conf:authorization> > > > > </http-conf:conduit> > > > > And one that looks like this: > > Configuration B: > > <http-conf:conduit name="*.http-conduit"> > > > > <http-conf:client ProxyServer="aProxy" ProxyServerPort="80" > > AllowChunking="false" /> > > > > <http-conf:tlsClientParameters disableCNCheck="true" > > secureSocketProtocol="SSL"> > > <conf-sec:trustManagers> > > <conf-sec:keyStore type="JKS" password="password" > > file="E:/PLAYGROUND/blitz/cert/store"/> > > </conf-sec:trustManagers> > > </http-conf:tlsClientParameters> > > > > <http-conf:authorization> > > <conf-sec:UserName>User</conf-sec:UserName> > > <conf-sec:Password>pass</conf-sec:Password> > > </http-conf:authorization> > > > > </http-conf:conduit> > > > > I am not a cert, keystore expert by any means and I am confused on which > > configuration I should be using. My use case is using cxf to call a third > > party https service. I pulled the cert from their site and performed a > > keytool import on it to get the store. All the proxy and basic auth stuff > > works like a charm. When I try to use ssl however I cannot get a single > > configuration to work. I am sure that this works but online everyone that > > has solved this issue has a different way of doing so. > > > > With Configuration A I get an error about my DerInputStream being too large. > > With Configuration B I get an error that there is no trusted certification > > found. Also with this configuration I debugged the HttpConduit object and in > > the tlsClientParameters I can see the store in all its glory with all the > > correct configurations that are in the configuration xml file. > > > > I want cxf to make this project a success. Any ideas on what I am doing > > wrong? > > Thanks > > -- > > View this message in context: > > http://old.nabble.com/CXF-SSL-and-Configuration-tp26847600p26847600.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > _________________________________________________________________ > New Windows 7: Find the right PC for you. Learn more. > http://windows.microsoft.com/shop _________________________________________________________________ New Windows 7: Simplify what you do everyday. Find the right PC for you. http://windows.microsoft.com/shop
