You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "whitewolff@tiscali.it" <wh...@tiscali.it> on 2008/03/28 14:26:41 UTC
Software caused connection abort: recv failed (https and cxf)
Hi guys,
I have set up a server which listens for https connections.
When my only client sends any message, I get this exception (client-
side):
java.net.SocketException: Software caused connection abort: recv
failed
Please does anyone know about this error?
Here is how I generated my certs:
[SERVER]
keytool -genkey -dname "CN=localhost, OU=NOT FOR PRODUCTION, O=Apache,
ST=NY, C=US" -keystore server.jks -storetype jks -storepass server -
keypass server -alias hosting_servant -keyalg RSA
keytool -selfcert -alias hosting_servant -keystore server.jks -keypass
server -storepass server
keytool -export -alias hosting_servant -file server.cer -keystore
server.jks -storepass server
keytool -import -v -trustcacerts -alias hosting_servant -file server.
cer -keystore cacerts.jks -keypass cacert -storepass cacert
[CLIENT]
keytool -genkey -alias dashboard_servant -keyalg RSA -keypass client -
storepass client -keystore client.jks -dname "CN=dashboard_servant,
OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US"
keytool -selfcert -alias dashboard_servant -keystore client.jks -
keypass client -storepass client
keytool -export -alias dashboard_servant -storepass client -file
client.cer -keystore client.jks
keytool -import -v -trustcacerts -alias dashboard_servant -file client.
cer -keystore cacerts.jks -keypass cacert -storepass cacert
Then i add my two certs into java_home/lib/security/cacerts
Any suggestions?
Thanks
______________________________________________
Voce Senza Limiti: chiama in tutta Italia a 0 cent. SOLO 9,90 EURO AL MESE fino al 27/03/08!
http://abbonati.tiscali.it/promo/vocesenzalimiti_2603/
Re: Software caused connection abort: recv failed (https and cxf)
Posted by Daniel Kulp <dk...@apache.org>.
With 2.0.4, the java_home/lib/security/cacerts file isn't actually used
at all. 2.0.4 doesn't trust anything you don't specifically specify in
configuration. This has been greatly relaxed in 2.0.5 so that if you
don't specify anything in config, it will pick up the certs in cacarts.
In general https support is a lot easier to use in 2.0.5.
My suggestion would be to give 2.0.5 a try and see if that helps. We're
currently voting on it. With any luck, it will be released on Monday.
The candidates that we are voting on are at:
http://people.apache.org/~dkulp/stage_cxf/2.0.5-incubator/
Dan
On Friday 28 March 2008, whitewolff@tiscali.it wrote:
> Hi guys,
> I have set up a server which listens for https connections.
> When my only client sends any message, I get this exception (client-
> side):
> java.net.SocketException: Software caused connection abort: recv
> failed
>
> Please does anyone know about this error?
> Here is how I generated my certs:
> [SERVER]
> keytool -genkey -dname "CN=localhost, OU=NOT FOR PRODUCTION, O=Apache,
> ST=NY, C=US" -keystore server.jks -storetype jks -storepass server -
> keypass server -alias hosting_servant -keyalg RSA
>
> keytool -selfcert -alias hosting_servant -keystore server.jks -keypass
> server -storepass server
>
> keytool -export -alias hosting_servant -file server.cer -keystore
> server.jks -storepass server
>
> keytool -import -v -trustcacerts -alias hosting_servant -file server.
> cer -keystore cacerts.jks -keypass cacert -storepass cacert
> [CLIENT]
> keytool -genkey -alias dashboard_servant -keyalg RSA -keypass client -
> storepass client -keystore client.jks -dname "CN=dashboard_servant,
> OU=NOT FOR PRODUCTION, O=Apache, ST=NY, C=US"
>
> keytool -selfcert -alias dashboard_servant -keystore client.jks -
> keypass client -storepass client
>
> keytool -export -alias dashboard_servant -storepass client -file
> client.cer -keystore client.jks
>
> keytool -import -v -trustcacerts -alias dashboard_servant -file
> client. cer -keystore cacerts.jks -keypass cacert -storepass cacert
>
> Then i add my two certs into java_home/lib/security/cacerts
>
> Any suggestions?
> Thanks
>
>
>
> ______________________________________________
>
> Voce Senza Limiti: chiama in tutta Italia a 0 cent. SOLO 9,90 EURO AL
> MESE fino al 27/03/08!
> http://abbonati.tiscali.it/promo/vocesenzalimiti_2603/
--
J. Daniel Kulp
Principal Engineer, IONA
dkulp@apache.org
http://www.dankulp.com/blog