You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by sudip shrestha <su...@gmail.com> on 2008/04/23 22:36:07 UTC

Re: https client error: No trusted certificate found

Is there an api I can use to provide the cert programmatically?

On Wed, Nov 28, 2007 at 3:36 PM, Fred Dushin <fr...@dushin.net> wrote:

> You might try adding the issuer of the IIS certificate to your trust
> store, not the IIS certificate, itself.
>
> You have a few options, but your client-side should look like:
>
> {{{
>    <http:conduit name="{http://apache.org/foo}bar.http-conduit<http://apache.org/foo%7Dbar.http-conduit>
> ">
>        <http:tlsClientParameters>
>            <csec:trustManagers>
>                <csec:certStore resource="keys/truststore.pem"/>
>            </csec:trustManagers>
>            ...
>        </http:tlsClientParameters>
>    </http:conduit>
> }}}
>
> where trustore.pem includes the X.509 certificate of the CA that issued
> the certificate to IIS.
>
> You can also get more diagnostic information by setting the
> javax.net.debug system property to ALL, and watch the handshake fly by!
>
> -Fred
>
>
> On Nov 28, 2007, at 8:31 AM, DRMc wrote:
>
>
> > I am trying to develop a CXF client for a service that is implemented in
> > .NET
> > WCF.  The service uses transport security.  CXF successfully generates
> > client code from the WSDL, but throws this exception when calling the
> > service:
> >
> > org.apache.cxf.interceptor.Fault:
> > sun.security.validator.ValidatorException:
> > No trusted certificate found
> >
> > I am using the code from this posting for the client https
> > configuration:
> > http://techpolesen.blogspot.com/2007/08/using-ssl-with-xfirecxf-
> > battling.html
> >
> > I tried copying the cxf configuration file and key stores from the
> > wsdl_first_https sample, and then adding the IIS SSL certificate to the
> > trust store.  This did not solve the problem.
> >
> > Can anyone tell me what needs to be done here?
> >
> > Thanks,
> > Dennis
> > --
> > View this message in context: http://www.nabble.com/https-client-
> > error%3A-No-trusted-certificate-found-tf4888590.html#a13992441
> > Sent from the cxf-user mailing list archive at Nabble.com.
> >
> >
> >
>