[
https://issues.apache.org/jira/browse/CXF-5652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14067580#comment-14067580
]
Andrei Shakirin commented on CXF-5652:
--------------------------------------
Yes, you are right. I am able to connect to SSL server using URLConnection and
pure JVM properties: trustStore, keyStore, keyStorePassword with client
authentication. I assume that JDK uses keystore password as private key
password by default.
Comparing handshake logs for URLConnection and CXF JAX-RS client with JVM
properties shows, that both are doing approximately the same until getting
Certificate chain in order to verify client certificate. SSL Server receives
empty certificate chain from CXF client (because of any reason) and failed with
error: "fatal error: 42: null cert chain". This happens only in case if CXF
client uses JVM properties instead setting keystore and truststore in builder.
Will investigate this further.
Regarding your instability problem: any chance to activate SSL log on the
server side and see the reason of problem?
> WebClient with SSL: javax.net.ssl.SSLHandshakeException handshake_failure
> -------------------------------------------------------------------------
>
> Key: CXF-5652
> URL: https://issues.apache.org/jira/browse/CXF-5652
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS
> Affects Versions: 3.0.0-milestone2
> Reporter: Vjacheslav Borisov
> Assignee: Andrei Shakirin
> Priority: Minor
>
> I got error when using WebClient with SSL using client certificate:
> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
> I found a way to fix this error
> KeyStore keyStore = KeyStore.getInstance("JKS");
> String trustpass = "chageit";
> File truststore = new
> File("/home/slavb/.java/deployment/security/trusted.clientcerts");
> keyStore.load(new FileInputStream(truststore),
> trustpass.toCharArray());
> KeyStore ts = KeyStore.getInstance("JKS");
> truststore = new File("/etc/ssl/certs/trusted.cacerts");
> ts.load(new FileInputStream(truststore), "".toCharArray());
> Client client = ClientBuilder.newBuilder().keyStore(keyStore,
> trustpass).
> trustStore(ts).build();
> And I have question, why WebClient is not working like embedded in java
> URLConnection or
> apache http client when I specify system properties
> -Djavax.net.ssl.trustStore=/etc/ssl/certs/trusted.cacerts
> -Djavax.net.ssl.keyStore=/home/slavb/.java/deployment/security/trusted.clientcerts
>
> -Djavax.net.ssl.keyStorePassword=changeit
> (i got error javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure when using SSL web client)
> Why it is need to configure ssl in code?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
