You could try using "depends-on" on the jaxws:client to refer to the id/name of the HTTP Conduit.
Colm. On Wed, Mar 21, 2018 at 6:01 AM, Tóth Csaba <[email protected]> wrote: > Hello! > I turn on the ssl log already. and I dont find any other keystore. > > I try to debug the system, and before I call the client, check the proxy > bean. It has a conduitSelector class what is empty. > (the conduits list is empty, the endpoint is empty) > and the endpoint in the proxy class empty too. > (but in the proxy, in the currentRequestContext there is a string for > the endpoint.) > > my settings: > <jaxws:client id="LDAPRequesterBean" > > serviceClass="ihe.iti.hpd._2010.ProviderInformationDirectoryPortType" > address=" ...address... "> > <jaxws:binding> > <soap:soapBinding version="1.2" mtomEnabled="true" /> > </jaxws:binding> > </jaxws:client> > > <bean id="LDAPClientBean" class="myclass.LDAPClient" > > <property name="lDapRequesterBean" ref="LDAPRequesterBean"/> > </bean> > maybe need to connect somehow the conduit to the proxy bean? > > Thanx > Csaba > > > On 2018.03.20. 16:25, Colm O hEigeartaigh wrote: > > I think it will read the global CA configuration anyway first, but then > use > > the conduit keystore configuration. If you enable SSL debug logging can > you > > see the certs stored in your truststore being loaded? Do you still see > the > > same error? > > > > Colm. > > > > On Tue, Mar 20, 2018 at 1:42 PM, Tóth Csaba <[email protected]> wrote: > > > >> Hello! > >> the > >> <http:conduit name="https://localhost:.*";> > >> not worked (same error), so I try to dig deeper, and find out, the > >> keystore definition was wrong. I fix it, and its read the > >> "*.http-conduit" > >> too, but when I try to test, its read the global keystore again and not > >> what I defined in the conduit: > >> ------------ > >> ... > >> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_ > GCM_SHA384 > >> trustStore is: C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts > >> trustStore type is : jks > >> trustStore provider is : > >> init truststore > >> .... > >> ----------------- > >> > >> Csaba > >> > >> On 2018.03.20. 11:26, Colm O hEigeartaigh wrote: > >>> What if you use something like this instead? > >>> > >>> <http:conduit name="https://localhost:.*";> > >>> > >>> If that doesn't work (with the correct domain name) then it looks like > >> the > >>> config is not getting picked up properly. > >>> > >>> Colm. > >>> > >>> On Mon, Mar 19, 2018 at 4:56 PM, Tóth Csaba <[email protected]> wrote: > >>> > >>>> Hello! > >>>> > >>>> I'd like call webservice from a server. I created everything, jut I > need > >>>> help to config the conduit proper: > >>>> <http:conduit > >>>> name="{urn:ihe:iti:hpd:2010}ProviderInformationDirectory_ > >>>> Port_Soap12.http-conduit"> > >>>> <http:tlsClientParameters> > >>>> <sec:keyManagers keyPassword="password"> > >>>> <sec:keyStore type="JKS" password="password" > >>>> file="key/ldapClient.jks"/> > >>>> </sec:keyManagers> > >>>> <sec:trustManagers> > >>>> <sec:keyStore type="JKS" password="password" > >>>> file="key/ldapClient.jks"/> > >>>> </sec:trustManagers> > >>>> <sec:cipherSuitesFilter> > >>>> <!-- these filters ensure that a ciphersuite with > >>>> export-suitable or null encryption is used, > >>>> but exclude anonymous Diffie-Hellman key change as > >>>> this is vulnerable to man-in-the-middle attacks --> > >>>> <sec:include>.*_EXPORT_.*</sec:include> > >>>> <sec:include>.*_EXPORT1024_.*</sec:include> > >>>> <sec:include>.*_WITH_DES_.*</sec:include> > >>>> <sec:include>.*_WITH_AES_.*</sec:include> > >>>> <sec:include>.*_WITH_NULL_.*</sec:include> > >>>> <sec:exclude>.*_DH_anon_.*</sec:exclude> > >>>> </sec:cipherSuitesFilter> > >>>> </http:tlsClientParameters> > >>>> > >>>> </http:conduit> > >>>> the port name in the wsdl: > >>>> <port name="ProviderInformationDirectory_Port_Soap12" > >>>> and the > >>>> targetNamespace="urn:ihe:iti:hpd:2010" > >>>> > >>>> and its look like not working (the ssl log search the cert in the > global > >>>> java keystore and not in the conduit defined one) > >>>> I try with: > >>>> {urn:ihe:iti:hpd:2010}ProviderInformationDirectory_ > >>>> Port_Soap12.http-conduit > >>>> {urn:ihe:iti:hpd:2010}*.http-conduit > >>>> *ProviderInformationDirectory_Port_Soap12.http-conduit > >>>> with the same result. > >>>> if I try with "*.http-conduit" I get an error: > >>>> Error creating bean with name '*.http-conduit': Cannot create inner > bean > >>>> '(inner bean)#7a90b2df' of type > >>>> [org.apache.cxf.configuration.jsse.TLSClientParametersConfig] while > >>>> setting bean property 'tlsClientParameters' > >>>> > >>>> thanx for any help > >>>> > >>>> Csaba > >>>> > >>>> > >> > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
