Could it be that your SOAP client is reading your JRE's cacerts file and
not the one you actually configured with the trusted cert?
Here's what I have on the topic:
http://www.jroller.com/gmazza/entry/ssl_for_web_services
HTH,
Glen
On 01/25/2012 05:55 AM, Rafal Janik wrote:
Hi All
I'm trying to write a simple cxf client with trustedCert and I'm
almost sure I'm doing it in wrong and stupid way :D
The result:
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
So I'm not sure if my ssl configuration is set properly...
There is my service exposed via https, the cert is imported into my jks.
application-context.xml :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";>
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
</beans>
ssl.xml :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
<http:conduit name="{http://my.service}ServiceSoap.http-conduit";>
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="****" resource="cert.jks"/>
</sec:trustManagers>
<!--<sec:cipherSuitesFilter>-->
<!--<sec:include>.*_EXPORT_.*</sec:include>-->
<!--<sec:include>.*_EXPORT1024_.*</sec:include>-->
<!--<sec:include>.*_WITH_DES_.*</sec:include>-->
<!--<sec:include>.*_WITH_NULL_.*</sec:include>-->
<!--<sec:exclude>.*_DH_anon_.*</sec:exclude>-->
<!--</sec:cipherSuitesFilter>-->
</http:tlsClientParameters>
</http:conduit>
</beans>
and the code is generated with cxf-codegen-plugin.
Should it be imported somewhere? It is on classpath, but I'm not sure
if it is working... The Client uses generated Service classes in the
same way as without ssl.
regards
rafal
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
