Sorry, my previous reply needs a bit of clarification...
"using option A on a JKS store gives me the "DerInputStream too long error" 
too, that is I see the error too when I use the certStore configuration style 
to try and load my .jks file"

Regards
Eamonn

> From: [email protected]
> To: [email protected]
> Subject: RE: CXF SSL and Configuration
> Date: Mon, 21 Dec 2009 14:14:10 +0000
> 
> 
> Hi 
> using option A on a JKS store gives me the DerInputStream too long error too.
> You should be able to use configuration B, for example we use the following 
> in out wsdl first https demo
>       <sec:trustManagers>
>           <sec:keyStore type="JKS" password="password"
>                
> file="C:/fuse-services-framework-2.2.2.0/samples/wsdl_first_https/certs/truststore.jks"/>
>       </sec:trustManagers>
> 
> When you do a keytool list do you get an output something like 
> 
> C:\fuse-services-framework-2.2.2.0\samples\wsdl_first_https>keytool -list 
> -keystore 
> C:\fuse-services-framework-2.2.2.0\samples\wsdl_first_https\certs\truststore.jks
> Enter keystore password:  password
> 
> Keystore type: jks
> Keystore provider: SUN
> 
> Your keystore contains 1 entry
> 
> theca, 22-Jun-2009, trustedCertEntry,
> Certificate fingerprint (MD5): 6A:81:50:51:1E:0D:3F:62:C6:36:FD:A2:81:95:14:39
> 
> Regards
> Eamonn
> 
> 
> > Date: Fri, 18 Dec 2009 10:23:10 -0800
> > From: [email protected]
> > To: [email protected]
> > Subject: CXF SSL and Configuration
> > 
> > 
> > So, in short I have a small configuration issue. With one line of code in an
> > axis client I can use a url against a web service that is https.  All i have
> > to do is set System.setProperty("javax.net.ssl.truststore",storeLocation)
> > and my client works.  
> > 
> > With CXF it seems there is much more to it. I have tried many many things
> > from lots of searches.
> > 
> > I have tried a conduit that looks like this
> > Configuration A:
> > <http-conf:conduit name="*.http-conduit"> 
> >     
> >                 <http-conf:client ProxyServer="aProxy" ProxyServerPort="80"
> > AllowChunking="false" />
> > 
> >                 <http-conf:tlsClientParameters disableCNCheck="true"
> > secureSocketProtocol="SSL"> 
> >                 <conf-sec:trustManagers>                        
> >                         <conf-sec:certStore
> > file="E://PLAYGROUND//blitz//cert//store"/> 
> >                 </conf-sec:trustManagers> 
> >         </http-conf:tlsClientParameters> 
> >              
> >         <http-conf:authorization> 
> >             <conf-sec:UserName>User</conf-sec:UserName> 
> >             <conf-sec:Password>pass</conf-sec:Password> 
> >         </http-conf:authorization>
> > 
> >     </http-conf:conduit>
> > 
> > And one that looks like this:
> > Configuration B:
> > <http-conf:conduit name="*.http-conduit"> 
> >     
> >                 <http-conf:client ProxyServer="aProxy" ProxyServerPort="80"
> > AllowChunking="false" />
> > 
> >                 <http-conf:tlsClientParameters disableCNCheck="true"
> > secureSocketProtocol="SSL"> 
> >                 <conf-sec:trustManagers> 
> >                         <conf-sec:keyStore type="JKS" password="password"
> > file="E:/PLAYGROUND/blitz/cert/store"/>
> >                 </conf-sec:trustManagers> 
> >         </http-conf:tlsClientParameters> 
> >              
> >         <http-conf:authorization> 
> >             <conf-sec:UserName>User</conf-sec:UserName> 
> >             <conf-sec:Password>pass</conf-sec:Password> 
> >         </http-conf:authorization>
> > 
> >     </http-conf:conduit>
> > 
> > I am not a  cert, keystore expert by any means and I am confused on which
> > configuration I should be using.  My use case is using cxf to call a third
> > party https service. I pulled the cert from their site and performed a
> > keytool import on it to get the store.  All the proxy and basic auth stuff
> > works like a charm. When I try to use ssl however I cannot get a single
> > configuration to work. I am sure that this works but online everyone that
> > has solved this issue has a different way of doing so. 
> > 
> > With Configuration A I get an error about my DerInputStream being too large.
> > With Configuration B I get an error that there is no trusted certification
> > found. Also with this configuration I debugged the HttpConduit object and in
> > the tlsClientParameters I can see the store in all its glory with all the
> > correct configurations that are in the configuration xml file.
> > 
> >  I want cxf to make this project a success.  Any ideas on what I am doing
> > wrong?
> > Thanks
> > -- 
> > View this message in context: 
> > http://old.nabble.com/CXF-SSL-and-Configuration-tp26847600p26847600.html
> > Sent from the cxf-user mailing list archive at Nabble.com.
> > 
>                                         
> _________________________________________________________________
> New Windows 7: Find the right PC for you. Learn more.
> http://windows.microsoft.com/shop
                                          
_________________________________________________________________
New Windows 7: Simplify what you do everyday. Find the right PC for you.
http://windows.microsoft.com/shop

Reply via email to