You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by "whitewolff@tiscali.it" <wh...@tiscali.it> on 2008/03/28 14:26:41 UTC

Software caused connection abort: recv failed (https and cxf)

Hi guys,
I have set up a server which listens for https connections. 
When my only client sends any message, I get this exception (client-
side):
java.net.SocketException: Software caused connection abort: recv 
failed

Please does anyone know about this error?
Here is how I generated my certs:
[SERVER]
keytool -genkey -dname "CN=localhost, OU=NOT FOR PRODUCTION, O=Apache, 
ST=NY, C=US" -keystore server.jks -storetype jks -storepass server -
keypass server -alias hosting_servant -keyalg RSA

keytool -selfcert -alias hosting_servant -keystore server.jks -keypass 
server -storepass server

keytool -export -alias hosting_servant -file server.cer -keystore 
server.jks -storepass server  

keytool -import -v -trustcacerts -alias hosting_servant -file server.
cer -keystore cacerts.jks -keypass cacert -storepass cacert
[CLIENT]
keytool -genkey -alias dashboard_servant -keyalg RSA -keypass client -
storepass client -keystore client.jks -dname "CN=dashboard_servant, 
OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US"

keytool -selfcert -alias dashboard_servant -keystore client.jks -
keypass client -storepass client

keytool -export -alias dashboard_servant -storepass client -file 
client.cer -keystore client.jks

keytool -import -v -trustcacerts -alias dashboard_servant -file client.
cer -keystore cacerts.jks -keypass cacert -storepass cacert

Then i add my two certs into java_home/lib/security/cacerts

Any suggestions?
Thanks



______________________________________________

Voce Senza Limiti: chiama in tutta Italia a 0 cent. SOLO 9,90 EURO AL MESE fino al 27/03/08!
http://abbonati.tiscali.it/promo/vocesenzalimiti_2603/

Re: Software caused connection abort: recv failed (https and cxf)

Posted by Daniel Kulp <dk...@apache.org>.

With 2.0.4, the java_home/lib/security/cacerts file isn't actually used 
at all.  2.0.4 doesn't trust anything you don't specifically specify in 
configuration.   This has been greatly relaxed in 2.0.5 so that if you 
don't specify anything in config, it will pick up the certs in cacarts.  
In general https support is a lot easier to use in 2.0.5.

My suggestion would be to give 2.0.5 a try and see if that helps.  We're 
currently voting on it.   With any luck, it will be released on Monday.  
The candidates that we are voting on are at:
http://people.apache.org/~dkulp/stage_cxf/2.0.5-incubator/

Dan



On Friday 28 March 2008, whitewolff@tiscali.it wrote:
> Hi guys,
> I have set up a server which listens for https connections.
> When my only client sends any message, I get this exception (client-
> side):
> java.net.SocketException: Software caused connection abort: recv
> failed
>
> Please does anyone know about this error?
> Here is how I generated my certs:
> [SERVER]
> keytool -genkey -dname "CN=localhost, OU=NOT FOR PRODUCTION, O=Apache,
> ST=NY, C=US" -keystore server.jks -storetype jks -storepass server -
> keypass server -alias hosting_servant -keyalg RSA
>
> keytool -selfcert -alias hosting_servant -keystore server.jks -keypass
> server -storepass server
>
> keytool -export -alias hosting_servant -file server.cer -keystore
> server.jks -storepass server
>
> keytool -import -v -trustcacerts -alias hosting_servant -file server.
> cer -keystore cacerts.jks -keypass cacert -storepass cacert
> [CLIENT]
> keytool -genkey -alias dashboard_servant -keyalg RSA -keypass client -
> storepass client -keystore client.jks -dname "CN=dashboard_servant,
> OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US"
>
> keytool -selfcert -alias dashboard_servant -keystore client.jks -
> keypass client -storepass client
>
> keytool -export -alias dashboard_servant -storepass client -file
> client.cer -keystore client.jks
>
> keytool -import -v -trustcacerts -alias dashboard_servant -file
> client. cer -keystore cacerts.jks -keypass cacert -storepass cacert
>
> Then i add my two certs into java_home/lib/security/cacerts
>
> Any suggestions?
> Thanks
>
>
>
> ______________________________________________
>
> Voce Senza Limiti: chiama in tutta Italia a 0 cent. SOLO 9,90 EURO AL
> MESE fino al 27/03/08!
> http://abbonati.tiscali.it/promo/vocesenzalimiti_2603/



-- 
J. Daniel Kulp
Principal Engineer, IONA
dkulp@apache.org
http://www.dankulp.com/blog