K. I went through the wsld_first_example. I came to know that CXF doesn't
work well with PCKS12. It is recommended to export .p12 certificate to DER
format. So i have managed to export 3HB.p12 file using the internet explorer
options to export certificate as 3HB.cer file.
After that, i tried this command below which stores the trust certificate in
the cacerts which will be used by Java. I am still getting same error as
listed below. I am scratching my head hard here wondering how to create
truststore properly for CXF? Any ideas of how to create truststore for CXF?
commad:-
keytool -import -v -trustcacerts -alias client-alias -file 3HB.cer -keystore
C:\Progra~1\Java\jdk1.6.0_21\jre\lib\security\cacerts -keypass changeit
-storepass changeit
Then I have added the trustmanager segment in my xml confing.
....
<http:tlsClientParameters secureSocketProtocol="SSL" >
<sec:keyManagers
keyPassword="3hbpass">
<sec:keyStore type="PCKS12"
password="3hbpass" file="C:\vid\wsdl\bclear\certs\3HB.p12"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore
type="JKS" password="changeit"
file="C:\Progra~1\Java\jdk1.6.0_21\jre\lib\security\cacerts"/>
</sec:trustManagers>
....
error log:-
"Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
invoking https://156.48.255.126/axis/services/BclearApi14:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target"
--
View this message in context:
http://cxf.547215.n5.nabble.com/JAX-WS-client-connection-time-out-tp4357863p4360354.html
Sent from the cxf-user mailing list archive at Nabble.com.
