Hi Richard Just FYI, Here are some changes of the configuration of https in the trunk that we did today. I just updated the sample of hello_world_https, it should be work with latest trunk now. You can take the configurations (*.cxf in hello_world_https) as the examples :).
Cheers, Willem. -----Original Message----- From: Polar Humenn [mailto:[EMAIL PROTECTED] Sent: Thu 6/7/2007 22:12 To: cxf-user@incubator.apache.org Subject: Re: Wsdl returned from secure service There are several things you now need to do in order for this to work with the current configuration, if you are using the the snapshot that got committed this morning. You'll need to take your "etx/mosaic.truststore" which I presume is a plain PEM encoded certificate (which is the way it used to work when your keystore was PKCS12), and put it into a JavaKeyStore. (JKS). keytool -storetype etc/mosaic.truststore.jks -import -file etc/mosaic.truststore Next you need to change your configuration to the following: xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xsi:schemaLocation=" http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd"; <httpj:engine-factory bus="cxf"> <httpj:engine port="9095"> <httpj:tlsServerParameters> <sec:keyManagers keyPassword="XXXXX"> <sec:keyStore type="PKCS12" file="etc/TrafficWales.p12" password="password"/> </sec:keyManagers> <sec:trustManagers> <sec:keyStore type="jks" file="etc/mosaic.truststore.jks"/> </sec:trustManagers> <sec:clientAuthentication want="true" required="true/> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory bus="cxf"> Cheers, -Polar Shaw, Richard A wrote: > I've secured my service using the following bean - > > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:sec="http://cxf.apache.org/configuration/security"; > xmlns:http="http://cxf.apache.org/transports/http/configuration"; > xsi:schemaLocation=" > http://cxf.apache.org/transports/http/configuration > http://cxf.apache.org/schema/transports/http.xsd > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans.xsd";> > > <http:destination > id="{http://www.atkinsglobal.com/mosaic/traffic/twdatabaseaccess/}TWDatabaseAccessPort.http-destination";> > <http:sslServer> > <sec:Keystore>etc/TrafficWales.p12</sec:Keystore> > <sec:KeystoreType>PKCS12</sec:KeystoreType> > <sec:KeystorePassword>password</sec:KeystorePassword> > <sec:KeyPassword>m0sa1c</sec:KeyPassword> > <sec:WantClientAuthentication>true</sec:WantClientAuthentication> > <sec:RequireClientAuthentication>true</sec:RequireClientAuthentication> > <sec:TrustStore>etc/mosaic.truststore</sec:TrustStore> > <sec:CiphersuiteFilters> > <!-- these filters ensure that a ciphersuite with > export-suitable or null encryption is used, > but exclude anonymous Diffie-Hellman key change as > this is vulnerable to man-in-the-middle attacks --> > <sec:include>.*_EXPORT_.*</sec:include> > <sec:include>.*_EXPORT1024_.*</sec:include> > <sec:include>.*_WITH_DES_.*</sec:include> > <sec:include>.*_WITH_NULL_.*</sec:include> > <sec:exclude>.*_DH_anon_.*</sec:exclude> > </sec:CiphersuiteFilters> > </http:sslServer> > </http:destination> > > </beans> > > And when I call the https://localhost:9095/TWDatabaseAccessService?wsdl the > returned wsdl has the address set as > http://localhost:9095/TWDatabaseAccessService > > I then get the following error - > > Caused by: java.io.IOException: Illegal Protocol http for HTTPS URLConnection > Factory. > at > org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:112) > at > org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:447) > at > org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:45) > ... 31 more > > Richard Shaw > > ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø¤º°`°º¤ø,¸¸,ø¤ > > Richard Shaw > Technical Design Authority - Information Solutions Consultancy > Intelligent Transport Systems > > Atkins Highways and Transportation > Woodcote Grove, Ashley Road, Epsom, Surrey, KT18 5BW > > Tel: +44 (0) 1372 756407 > Fax: +44 (0) 1372 740055 > Mob: 07740 817586 > E-mail: [EMAIL PROTECTED] > > www.atkinsglobal.com/its > > > > This email and any attached files are confidential and copyright protected. > If you are not the addressee, any dissemination of this communication is > strictly prohibited. Unless otherwise expressly agreed in writing, nothing > stated in this communication shall be legally binding. > > The ultimate parent company of the Atkins Group is WS Atkins plc. Registered > in England No. 1885586. Registered Office Woodcote Grove, Ashley Road, > Epsom, Surrey KT18 5BW. > > Consider the environment. Please don't print this e-mail unless you really > need to. > >
