Hi,
We are using ServiceMix CXF Binding component, which has CXF 2.2.6
version.
In it we want to have the below functionality implemented.
1. Basic TLS configuration (2 way handshake)
2. In case if handshake fails due to invalid certificate, we want to findout
from where the request is coming and log the details of the client.
3. CRL support. I guess CXF 2.2.6 doesn't have CRL support.
For 1> I have used below configuration
---------------------------------------------------------------------
<httpj:engine-factory bus="cxf">
<httpj:engine port="30510">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="servicemix">
<sec:keyStore type="JKS" resource="CertName.jks"
password="servicemix" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="PKCS12" resource="clientpkcs.p12"
password="servicemix" />
</sec:trustManagers>
<sec:clientAuthentication want="true" required="true"/>
</httpj:tlsServerParameters>
---------------------------------------------------------------------
And then I tried to send the request using SOAPUi.
SOAPUI am getting the error --> Tue Dec 13 15:36:36 IST
2011:ERROR:java.net.SocketException: Connection closed by remote host
And the exception I am getting on the server side is -->
3937543 [1621935001@qtp-1894313925-4] WARN org.mortbay.log - EXCEPTION
javax.net.ssl.SSLHandshakeException: null cert chain
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:231)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1369)
at
com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:160)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
at
org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:675)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
--------------------------------------------------------
Any pointers on these 3 points would be really of great help.
Thanks and regards,
Ramu
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-TLS-configuration-tp5071021p5071021.html
Sent from the cxf-user mailing list archive at Nabble.com.
