On Mon December 21 2009 1:13:28 pm blitzer wrote:
> I removed everything but <http-conf:tlsClientParameters
> secureSocketProtocol="SSL"/>
> And it now works. What causes this to work?

Basically, at one point a few versions ago, for any https stuff, we REQUIRED 
the tlsClientParameters to be configured.   If you used an https URL without 
it, we'd throw an exception.   As you discovered, configuring the TLS stuff 
can be a bit complex so we added the ability for https URL's to work if the 
tlsClientParameters setting isn't configured by fully delegating to the JRE 
for security/https stuff.    However, if tlsClientParameters is configured, we 
can no longer delegate to the JRE and use the configured information.   Thus, 
once you deleted the configuration, the JRE is used and it should  work for 
you.

Dan


> 
> blitzer wrote:
> > So, in short I have a small configuration issue. With one line of code in
> > an axis client I can use a url against a web service that is https.  All
> > i have to do is set
> > System.setProperty("javax.net.ssl.truststore",storeLocation) and my
> > client works.
> >
> > With CXF it seems there is much more to it. I have tried many many things
> > from lots of searches.
> >
> > I have tried a conduit that looks like this
> > Configuration A:
> > <http-conf:conduit name="*.http-conduit">
> >
> >                 <http-conf:client ProxyServer="aProxy"
> > ProxyServerPort="80" AllowChunking="false" />
> >
> >                 <http-conf:tlsClientParameters disableCNCheck="true"
> > secureSocketProtocol="SSL">
> >                 <conf-sec:trustManagers>
> >                         <conf-sec:certStore
> > file="E://PLAYGROUND//blitz//cert//store"/>
> >                 </conf-sec:trustManagers>
> >         </http-conf:tlsClientParameters>
> >
> >         <http-conf:authorization>
> >             <conf-sec:UserName>User</conf-sec:UserName>
> >             <conf-sec:Password>pass</conf-sec:Password>
> >         </http-conf:authorization>
> >
> >     </http-conf:conduit>
> >
> > And one that looks like this:
> > Configuration B:
> > <http-conf:conduit name="*.http-conduit">
> >
> >                 <http-conf:client ProxyServer="aProxy"
> > ProxyServerPort="80" AllowChunking="false" />
> >
> >                 <http-conf:tlsClientParameters disableCNCheck="true"
> > secureSocketProtocol="SSL">
> >                 <conf-sec:trustManagers>
> >                         <conf-sec:keyStore type="JKS" password="password"
> > file="E:/PLAYGROUND/blitz/cert/store"/>
> >                 </conf-sec:trustManagers>
> >         </http-conf:tlsClientParameters>
> >
> >         <http-conf:authorization>
> >             <conf-sec:UserName>User</conf-sec:UserName>
> >             <conf-sec:Password>pass</conf-sec:Password>
> >         </http-conf:authorization>
> >
> >     </http-conf:conduit>
> >
> > I am not a  cert, keystore expert by any means and I am confused on which
> > configuration I should be using.  My use case is using cxf to call a
> > third party https service. I pulled the cert from their site and
> > performed a keytool import on it to get the store.  All the proxy and
> > basic auth stuff works like a charm. When I try to use ssl however I
> > cannot get a single configuration to work. I am sure that this works but
> > online everyone that has solved this issue has a different way of doing
> > so.
> >
> > With Configuration A I get an error about my DerInputStream being too
> > large.
> > With Configuration B I get an error that there is no trusted
> > certification found. Also with this configuration I debugged the
> > HttpConduit object and in the tlsClientParameters I can see the store in
> > all its glory with all the correct configurations that are in the
> > configuration xml file.
> >
> >  I want cxf to make this project a success.  Any ideas on what I am doing
> > wrong?
> > Thanks
> 

-- 
Daniel Kulp
[email protected]
http://www.dankulp.com/blog

Reply via email to