You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by becam <ro...@gmail.com> on 2012/11/13 13:28:01 UTC
Mutual authentication fails using cxf
Hello htere,
i'm developping a java cxf stand alone client that have to authenticate with
the server (2 ways authentication). following CXF documentation I created
the the cxf.xml and referenced the key/trust stores in this way:
/<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<http:conduit name="*.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="client-keystore.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="client-truststire.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
</beans>
/
*But i Get the fallowing error:*
/WARNING: Interceptor for
{http://mycom.com/SOA/myservice/service-b}myservice-v1#{http://mycom.com/SOA/myservice}createDataService
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
at $Proxy32.createDataService(Unknown Source)
at
it.mycom.soa.myservice.ClientMHttps.do_CreateDataService(ClientMHttps.java:121)
at pippo.ticket.createDataServiceDB.<init>(createDataServiceDB.java:538)
at pippo.ProcessaNuovoTT.ApriTicket(ProcessaNuovoTT.java:114)
at pippo.ProcessaNuovoTT.ProcessaNuovoTTdo(ProcessaNuovoTT.java:55)
at pippo.starter.main(starter.java:50)
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
invoking https://WEB.mycom.com:80/Business/TTV/Services/myservice-v1:
sun.security.validator.ValidatorException: Certificate chaining error
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1337)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1321)
at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:189)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
... 13 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: Certificate chaining error
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
Source)
at
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:170)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1281)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1232)
at
org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:182)
at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at
org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1294)
... 18 more
Caused by: sun.security.validator.ValidatorException: Certificate chaining
error
at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 37 more
javax.xml.ws.WebServiceException: Could not send Message./
NOW if a remove cxf libraries from my eclipse project AND configure TRUST
and KEY STORE manually:
System.setProperty("javax.net.ssl.keyStore", keystore);
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStore", truststore);
System.setProperty("javax.net.ssl.trustStorePassword", "password");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.trustStoreType","JKS");
Can please someone give me an advice in where to look? Error says
"certificate chain error", but if I dont use CXF but standard java 6 jaxws
built in. it semms that my cerfication chain has no errors.... :(
--
View this message in context: http://cxf.547215.n5.nabble.com/Mutual-authentication-fails-using-cxf-tp5718353.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Mutual authentication fails using cxf
Posted by Glen Mazza <gm...@talend.com>.
Oh, I think you fell into the Spring trap. If you don't have Spring
defined in your project[1], the cxf.xml gets ignored.
Glen
[1]
https://github.com/gmazza/blog-samples/blob/master/cxf_usernametoken_profile/client/pom.xml#L24
On 11/14/2012 12:25 PM, becam wrote:
> :D I would... but not! It was correct (the file name was that)! Any other
> idea?
>
>
>
> Glen Mazza (Talend) wrote
>> Incidentally, could it be because you have it configured as "
>> "C:/certs/client-truststire.jks" (with an "i") instead of
>> client-trustst-->o<--re? Hopefully it's as simple as that...
>>
>> Glen
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Mutual-authentication-fails-using-cxf-tp5718353p5718455.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
Re: Mutual authentication fails using cxf
Posted by becam <ro...@gmail.com>.
:D I would... but not! It was correct (the file name was that)! Any other
idea?
Glen Mazza (Talend) wrote
> Incidentally, could it be because you have it configured as "
> "C:/certs/client-truststire.jks" (with an "i") instead of
> client-trustst-->o<--re? Hopefully it's as simple as that...
>
> Glen
--
View this message in context: http://cxf.547215.n5.nabble.com/Mutual-authentication-fails-using-cxf-tp5718353p5718455.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Mutual authentication fails using cxf
Posted by Glen Mazza <gm...@talend.com>.
Incidentally, could it be because you have it configured as "
"C:/certs/client-truststire.jks" (with an "i") instead of
client-trustst-->o<--re? Hopefully it's as simple as that...
Glen
On 11/14/2012 12:07 PM, becam wrote:
> No way to let it work.
> I got a strange issue here...
> My cxf.xml is correctly configured, but from ssl logs it seems that cxf is
> not managing correctly certificates:
>
> after the serverhello no trust certificates are found
> ***
> main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
> main, WRITE: TLSv1 Alert, length = 2
> main, called closeSocket()
>
> even if at the beginning the trusted certificates are found
>
> ***
> adding as trusted cert:
> Subject: CN=I.T. Telecom Global CA, OU=Servizi di certificazione, O=I.T.
> Telecom, C=IT
> Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
> Algorithm: RSA; Serial number: xxxxxx
> Valid from Wed Dec 15 21:32:00 CET 2004 until Tue Dec 16 00:59:00 CET 2014
>
> adding as trusted cert:
> Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
> Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
> Algorithm: RSA; Serial number: xxxxxx
> Valid from Thu Aug 13 02:29:00 CEST 1998 until Tue Aug 14 01:59:00 CEST
> 2018
>
>
>
> again if i don't include cxf libs in my project and set key/trust store
> programatically everything works... maybe tehre is some other aspect of
> configuration that I' missing!?!?
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Mutual-authentication-fails-using-cxf-tp5718353p5718452.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
Re: Mutual authentication fails using cxf
Posted by becam <ro...@gmail.com>.
No way to let it work.
I got a strange issue here...
My cxf.xml is correctly configured, but from ssl logs it seems that cxf is
not managing correctly certificates:
after the serverhello no trust certificates are found
***
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
even if at the beginning the trusted certificates are found
***
adding as trusted cert:
Subject: CN=I.T. Telecom Global CA, OU=Servizi di certificazione, O=I.T.
Telecom, C=IT
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: xxxxxx
Valid from Wed Dec 15 21:32:00 CET 2004 until Tue Dec 16 00:59:00 CET 2014
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: xxxxxx
Valid from Thu Aug 13 02:29:00 CEST 1998 until Tue Aug 14 01:59:00 CEST
2018
again if i don't include cxf libs in my project and set key/trust store
programatically everything works... maybe tehre is some other aspect of
configuration that I' missing!?!?
--
View this message in context: http://cxf.547215.n5.nabble.com/Mutual-authentication-fails-using-cxf-tp5718353p5718452.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Mutual authentication fails using cxf
Posted by becam <ro...@gmail.com>.
Now I know why I got this error. The application is not taking in account of
the trust/keystores configured in the cxf.xml.
from ssl trace i see
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jre6\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
while in my cxf.xml I have
<http:conduit name="*.http-conduit">
<http:tlsClientParameters>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="C:/certs/client-truststire.jks" />
</sec:trustManagers>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="C:/certs/client-keystore.jks" />
</sec:keyManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
--
View this message in context: http://cxf.547215.n5.nabble.com/Mutual-authentication-fails-using-cxf-tp5718353p5718381.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Mutual authentication fails using cxf
Posted by Glen Mazza <gm...@talend.com>.
Oh. Have you tried our wsdl_first_https sample available in the CXF
distribution?
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/
It has a two-way option. I'd try to get that to work first, and, from
there, try to extrapolate why you code isn't working.
HTH,
Glen
On 11/13/2012 10:43 AM, becam wrote:
> Glen Mazza (Talend) wrote
>> Perhaps my tutorial would help:
>> http://www.jroller.com/gmazza/entry/cxf_x509_profile
>>
>> Glen
>
> Thanks Glen,
> but I'm not using ws-security. Just 2 ways auth. based on ssl
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Mutual-authentication-fails-using-cxf-tp5718353p5718375.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
Re: Mutual authentication fails using cxf
Posted by becam <ro...@gmail.com>.
Glen Mazza (Talend) wrote
> Perhaps my tutorial would help:
> http://www.jroller.com/gmazza/entry/cxf_x509_profile
>
> Glen
Thanks Glen,
but I'm not using ws-security. Just 2 ways auth. based on ssl
--
View this message in context: http://cxf.547215.n5.nabble.com/Mutual-authentication-fails-using-cxf-tp5718353p5718375.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Mutual authentication fails using cxf
Posted by Glen Mazza <gm...@talend.com>.
Perhaps my tutorial would help:
http://www.jroller.com/gmazza/entry/cxf_x509_profile
Glen
On 11/13/2012 07:28 AM, becam wrote:
> Hello htere,
>
> i'm developping a java cxf stand alone client that have to authenticate with
> the server (2 ways authentication). following CXF documentation I created
> the the cxf.xml and referenced the key/trust stores in this way:
>
>
> /<beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
> xsi:schemaLocation="
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
>
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>
>
> <http:conduit name="*.http-conduit">
>
> <http:tlsClientParameters>
> <sec:keyManagers keyPassword="password">
> <sec:keyStore type="JKS" password="password"
> file="client-keystore.jks"/>
> </sec:keyManagers>
>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="password"
> file="client-truststire.jks"/>
> </sec:trustManagers>
>
> <sec:cipherSuitesFilter>
> <sec:include>.*_WITH_3DES_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
>
> </http:tlsClientParameters>
>
>
>
> </http:conduit>
> </beans>
> /
>
>
>
>
> *But i Get the fallowing error:*
>
>
> /WARNING: Interceptor for
> {http://mycom.com/SOA/myservice/service-b}myservice-v1#{http://mycom.com/SOA/myservice}createDataService
> has thrown exception, unwinding now
> org.apache.cxf.interceptor.Fault: Could not send Message.
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
> at $Proxy32.createDataService(Unknown Source)
> at
> it.mycom.soa.myservice.ClientMHttps.do_CreateDataService(ClientMHttps.java:121)
> at pippo.ticket.createDataServiceDB.<init>(createDataServiceDB.java:538)
> at pippo.ProcessaNuovoTT.ApriTicket(ProcessaNuovoTT.java:114)
> at pippo.ProcessaNuovoTT.ProcessaNuovoTTdo(ProcessaNuovoTT.java:55)
> at pippo.starter.main(starter.java:50)
> Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
> invoking https://WEB.mycom.com:80/Business/TTV/Services/myservice-v1:
> sun.security.validator.ValidatorException: Certificate chaining error
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
> Source)
> at java.lang.reflect.Constructor.newInstance(Unknown Source)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1337)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1321)
> at
> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50)
> at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:189)
> at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> ... 13 more
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: Certificate chaining error
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> Source)
> at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
> Source)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
> Source)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:170)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1281)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1232)
> at
> org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:182)
> at
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
> at
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1294)
> ... 18 more
> Caused by: sun.security.validator.ValidatorException: Certificate chaining
> error
> at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> Source)
> ... 37 more
>
> javax.xml.ws.WebServiceException: Could not send Message./
>
>
> NOW if a remove cxf libraries from my eclipse project AND configure TRUST
> and KEY STORE manually:
>
> System.setProperty("javax.net.ssl.keyStore", keystore);
> System.setProperty("javax.net.ssl.keyStorePassword", "password");
> System.setProperty("javax.net.ssl.trustStore", truststore);
> System.setProperty("javax.net.ssl.trustStorePassword", "password");
> System.setProperty("javax.net.ssl.keyStoreType","JKS");
> System.setProperty("javax.net.ssl.trustStoreType","JKS");
>
>
>
> Can please someone give me an advice in where to look? Error says
> "certificate chain error", but if I dont use CXF but standard java 6 jaxws
> built in. it semms that my cerfication chain has no errors.... :(
>
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Mutual-authentication-fails-using-cxf-tp5718353.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza