You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by DRMc <De...@kronos.com> on 2007/11/28 14:31:18 UTC

https client error: No trusted certificate found

I am trying to develop a CXF client for a service that is implemented in .NET
WCF.  The service uses transport security.  CXF successfully generates
client code from the WSDL, but throws this exception when calling the
service:

org.apache.cxf.interceptor.Fault: sun.security.validator.ValidatorException:
No trusted certificate found

I am using the code from this posting for the client https configuration:
http://techpolesen.blogspot.com/2007/08/using-ssl-with-xfirecxf-battling.html

I tried copying the cxf configuration file and key stores from the
wsdl_first_https sample, and then adding the IIS SSL certificate to the
trust store.  This did not solve the problem.

Can anyone tell me what needs to be done here?

Thanks,
Dennis
-- 
View this message in context: http://www.nabble.com/https-client-error%3A-No-trusted-certificate-found-tf4888590.html#a13992441
Sent from the cxf-user mailing list archive at Nabble.com.

Re: https client error: No trusted certificate found

Posted by sudip shrestha <su...@gmail.com>.

Is there an api I can use to provide the cert programmatically?

On Wed, Nov 28, 2007 at 3:36 PM, Fred Dushin <fr...@dushin.net> wrote:

> You might try adding the issuer of the IIS certificate to your trust
> store, not the IIS certificate, itself.
>
> You have a few options, but your client-side should look like:
>
> {{{
>    <http:conduit name="{http://apache.org/foo}bar.http-conduit<http://apache.org/foo%7Dbar.http-conduit>
> ">
>        <http:tlsClientParameters>
>            <csec:trustManagers>
>                <csec:certStore resource="keys/truststore.pem"/>
>            </csec:trustManagers>
>            ...
>        </http:tlsClientParameters>
>    </http:conduit>
> }}}
>
> where trustore.pem includes the X.509 certificate of the CA that issued
> the certificate to IIS.
>
> You can also get more diagnostic information by setting the
> javax.net.debug system property to ALL, and watch the handshake fly by!
>
> -Fred
>
>
> On Nov 28, 2007, at 8:31 AM, DRMc wrote:
>
>
> > I am trying to develop a CXF client for a service that is implemented in
> > .NET
> > WCF.  The service uses transport security.  CXF successfully generates
> > client code from the WSDL, but throws this exception when calling the
> > service:
> >
> > org.apache.cxf.interceptor.Fault:
> > sun.security.validator.ValidatorException:
> > No trusted certificate found
> >
> > I am using the code from this posting for the client https
> > configuration:
> > http://techpolesen.blogspot.com/2007/08/using-ssl-with-xfirecxf-
> > battling.html
> >
> > I tried copying the cxf configuration file and key stores from the
> > wsdl_first_https sample, and then adding the IIS SSL certificate to the
> > trust store.  This did not solve the problem.
> >
> > Can anyone tell me what needs to be done here?
> >
> > Thanks,
> > Dennis
> > --
> > View this message in context: http://www.nabble.com/https-client-
> > error%3A-No-trusted-certificate-found-tf4888590.html#a13992441
> > Sent from the cxf-user mailing list archive at Nabble.com.
> >
> >
> >
>

Re: https client error: No trusted certificate found

Posted by Fred Dushin <fr...@dushin.net>.

You might try adding the issuer of the IIS certificate to your trust  
store, not the IIS certificate, itself.

You have a few options, but your client-side should look like:

{{{
     <http:conduit name="{http://apache.org/foo}bar.http-conduit">
         <http:tlsClientParameters>
             <csec:trustManagers>
                 <csec:certStore resource="keys/truststore.pem"/>
             </csec:trustManagers>
             ...
         </http:tlsClientParameters>
     </http:conduit>
}}}

where trustore.pem includes the X.509 certificate of the CA that  
issued the certificate to IIS.

You can also get more diagnostic information by setting the  
javax.net.debug system property to ALL, and watch the handshake fly by!

-Fred

On Nov 28, 2007, at 8:31 AM, DRMc wrote:

>
> I am trying to develop a CXF client for a service that is  
> implemented in .NET
> WCF.  The service uses transport security.  CXF successfully generates
> client code from the WSDL, but throws this exception when calling the
> service:
>
> org.apache.cxf.interceptor.Fault:  
> sun.security.validator.ValidatorException:
> No trusted certificate found
>
> I am using the code from this posting for the client https  
> configuration:
> http://techpolesen.blogspot.com/2007/08/using-ssl-with-xfirecxf- 
> battling.html
>
> I tried copying the cxf configuration file and key stores from the
> wsdl_first_https sample, and then adding the IIS SSL certificate to  
> the
> trust store.  This did not solve the problem.
>
> Can anyone tell me what needs to be done here?
>
> Thanks,
> Dennis
> -- 
> View this message in context: http://www.nabble.com/https-client- 
> error%3A-No-trusted-certificate-found-tf4888590.html#a13992441
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>