Hello Colm, In the sample wsdl_first_https, I removed line <sec:clientAuthentication want="true" required="true"/> from the server configuration. The Client in the example works well. But the Firefox fails, and still gives error "javax.net.ssl.SSLHandshakeException: no cipher suites in common" on the server.
Please let me know, If you want me to try something specific. Sorry just looking for an appropriate solution :( Thanks, Himanshu. On Mon, Jun 25, 2012 at 3:57 PM, Colm O hEigeartaigh <[email protected]>wrote: > > Colm : I did add the certificates to for e.g. in the Firefox explicitly. > > Yes, you added the certificates so that the browser trusted the service > endpoint. However, as I explained in my previous mail, the service endpoint > requires that the client presents its own certificate + private key for > client authentication, hence the failure. > > Colm. > > On Mon, Jun 25, 2012 at 2:51 PM, Himanshu Gupta <[email protected] > >wrote: > > > Hello Guys, > > > > Colm : I did add the certificates to for e.g. in the Firefox explicitly. > > > > Following > http://aruld.info/programming-ssl-for-jetty-based-cxf-services/ for > > my Dynamic Client, I try to do somthing like below : > > > > 1. JaxWsDynamicClientFactory dcf = > JaxWsDynamicClientFactory.newInstance(); > > 2. Client client = dcf.createClient(" > > > https://localhost:9001/ApexCollateral/ing/services/wss/agreementDemo/2.0?wsdl > > "); > > 3. configureSSLOnTheClient(client); > > 4. Object[] res = client.invoke("getAgreementDemoIdentifier", new > > Integer(1)); > > > > Theoretically it should have worked, but it fails with an exception like > > "org.apache.cxf.service.factory.ServiceConstructionException: Could not > > resolve URL "https://localhost:9001/someService/2.0?wsdl".";, while > > excetuing *line number 2 (*logs attached*) *that is even before line 3 > > where I could setup the truststore, manually. > > > > I really want to use the Dynamic Client approach in the test cases to > test > > my web services. I assume, along with the testing services, with this > > approach I also validate auto code generation for clients, which would be > > used eventually by the consumers (by exposed wsdls). > > > > Please help, > > > > Thanks, > > Himanshu. > > > > > > On Mon, Jun 25, 2012 at 2:51 PM, Glen Mazza <[email protected]> wrote: > > > >> Personally, for SSL, I would recommend using a standalone servlet > >> container like Tomcat to host your web service ( > http://www.jroller.com/** > >> gmazza/entry/ssl_for_web_**services< > http://www.jroller.com/gmazza/entry/ssl_for_web_services>), > >> I wouldn't rely on Endpoint.publish() for production, especially if > you're > >> using SSL. > >> > >> For your dynamic client, as the link above mentions, the certs will need > >> to be in the "cacerts" file used by the JRE that is running the dynamic > >> client--or another truststore file that you configure--the browser is > >> irrelevant as it's not being used there. > >> > >> HTH, > >> Glen > >> > >> > >> On 06/25/2012 07:46 AM, Himanshu Gupta wrote: > >> > >>> Hello Experts, > >>> > >>> Quite new to CXF, having a usecase where I need to expose our existing > >>> services as webservices. App is a standalone server, so am using > embedded > >>> jetty with https. Everything works fine, except that when I hit the > >>> server > >>> with the wsdl url through a browser (any browser), I get > >>> "javax.net.ssl.**SSLHandshakeException: no cipher suites in common". > >>> > >>> This could be reproduced if you just run the wsdl_first_https server > and > >>> hit the url https://localhost:9001/**SoapContext/SoapPort?wsdl< > https://localhost:9001/SoapContext/SoapPort?wsdl>. > >>> Please help > >>> escape this problem. > >>> > >>> Also the client in the wsdl_first_https works. But if I try to use the > >>> Dynamic Client (thats a requirement), it fails as well, as it could not > >>> find the wsdl. The Dynamic client looks somthing like below : > >>> > >>> > >>> JaxWsDynamicClientFactory dcf = JaxWsDynamicClientFactory.** > >>> newInstance(); > >>> Client client = dcf.createClient(" > >>> https://localhost:443/**someservice/2.0?wsdl< > https://localhost:443/someservice/2.0?wsdl> > >>> <https://**localhost/someservice/2.0?wsdl< > https://localhost/someservice/2.0?wsdl> > >>> **> > >>> > >>> "); > >>> Object[] res = client.invoke(jnew > >>> QName("http://someNameSpace/<h**ttp://somenamespace/< > http://somenamespace/> > >>> >", > >>> > >>> "getSomeIdentifier"), new Integer(1)); > >>> > >>> PS : I have already tried adding the certs to the browser. > >>> > >>> Thanks in Advance, > >>> > >>> > >> > >> -- > >> Glen Mazza > >> Talend Community Coders > >> coders.talend.com > >> blog: www.jroller.com/gmazza > >> > >> > > > > > > -- > > Himanshu Gupta. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Himanshu Gupta.
