[ 
https://issues.apache.org/jira/browse/CXF-8013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michel SAUMON updated CXF-8013:
-------------------------------
    Description: 
In my cxf.xml, I declared a custom certstore because my server's certificate is 
not considered valid by the JDK:
{code:java}
<beans xmlns="http://www.springframework.org/schema/beans"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xmlns:sec="http://cxf.apache.org/configuration/security";
   xmlns:http="http://cxf.apache.org/transports/http/configuration"; 
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws";
   xsi:schemaLocation="
      http://cxf.apache.org/configuration/security
      http://cxf.apache.org/schemas/configuration/security.xsd
      http://cxf.apache.org/transports/http/configuration
      http://cxf.apache.org/schemas/configuration/http-conf.xsd
      http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
   
   <http:conduit name="{http://myservice.xx/comweb/}ComWebSoap.http-conduit";>
      <http:tlsClientParameters disableCNCheck="true">
         <sec:keyManagers>
            <sec:keyStore resource="myservice.jks" type="JKS" />
         </sec:keyManagers>
         <sec:trustManagers>
            <sec:certStore resource="myservice.jks" type="JKS" />
            <sec:keyStore resource="myservice.jks" type="JKS" />
         </sec:trustManagers>
      </http:tlsClientParameters>
   </http:conduit>

</beans>{code}
But CXF does not take this config.

I have still the error telling the cert is not valid :
{code:java}
javax.xml.ws.WebServiceException: 
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create 
service.
    at org.apache.cxf.jaxws.ServiceImpl.initialize(ServiceImpl.java:163)
    at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:129)
    at 
org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:82)
    at javax.xml.ws.Service.<init>(Service.java:77)
    at xx.mysoapclient.ComWeb.<init>(ComWeb.java:40)
    at xx.mysoapclient.ComWebTest.getComWebSoap(ComWebTest.java:101)
    at xx.mysoapclient.ComWebTest.testGetReporting(ComWebTest.java:136)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at junit.framework.TestCase.runTest(TestCase.java:176)
    at junit.framework.TestCase.runBare(TestCase.java:141)
    at junit.framework.TestResult$1.protect(TestResult.java:122)
    at junit.framework.TestResult.runProtected(TestResult.java:142)
    at junit.framework.TestResult.run(TestResult.java:125)
    at junit.framework.TestCase.run(TestCase.java:129)
    at junit.framework.TestSuite.runTest(TestSuite.java:252)
    at junit.framework.TestSuite.run(TestSuite.java:247)
    at 
org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:86)
    at 
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:89)
    at 
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:41)
    at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:541)
    at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:763)
    at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:463)
    at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:209)
Caused by: org.apache.cxf.service.factory.ServiceConstructionException: Failed 
to create service.
    at 
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:87)
    at org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:218)
    at org.apache.cxf.jaxws.ServiceImpl.initialize(ServiceImpl.java:161)
    ... 25 more
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: 
Problem parsing 'https://ctrl-talend-s95/COM_WEB/ComWeb.asmx?wsdl'.: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
    at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
    at 
org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:238)
    at 
org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:163)
    at 
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:85)
    ... 27 more
Caused by: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
    at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
    at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
    at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at 
com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:647)
    at 
com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:148)
    at 
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:805)
    at 
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:770)
    at 
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
    at 
com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:243)
    at 
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339)
    at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188)
    ... 32 more
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at 
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
    ... 52 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target
    at 
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 58 more{code}
I suspect error is thrown at the very beggining of the process (when WSDL is 
parsed), and cxf.xml is not loaded yet.

Note :
 - It works FINE if I set trustore via system property like
{code:java}
 System.setProperty("javax.net.ssl.trustStoreType", "JKS");
 System.setProperty("javax.net.ssl.trustStore", "/path/to/myservice.jks");
{code}

 - {{<http:conduit name="https://localhost:.*";>}} does not work too.

My Jdk is 1.8.121
 CXF version is 3.1.6

  was:
In my cxf.xml, I declared a custom certstore because my server's certificate is 
not considered valid by the JDK:
{code:java}
<beans xmlns="http://www.springframework.org/schema/beans"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xmlns:sec="http://cxf.apache.org/configuration/security";
   xmlns:http="http://cxf.apache.org/transports/http/configuration"; 
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws";
   xsi:schemaLocation="
      http://cxf.apache.org/configuration/security
      http://cxf.apache.org/schemas/configuration/security.xsd
      http://cxf.apache.org/transports/http/configuration
      http://cxf.apache.org/schemas/configuration/http-conf.xsd
      http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
   
   <http:conduit name="{http://myservice.xx/comweb/}ComWebSoap.http-conduit";>
      <http:tlsClientParameters disableCNCheck="true">
         <sec:keyManagers>
            <sec:keyStore resource="myservice.jks" type="JKS" />
         </sec:keyManagers>
         <sec:trustManagers>
            <sec:certStore resource="myservice.jks" type="JKS" />
            <sec:keyStore resource="myservice.jks" type="JKS" />
         </sec:trustManagers>
      </http:tlsClientParameters>
   </http:conduit>

</beans>{code}
But CXF does not take this config.

I have still the error telling the cert is not valid :
{code:java}
javax.xml.ws.WebServiceException: 
org.apache.cxf.service.factory.ServiceConstructionException: Failed to create 
service.
    at org.apache.cxf.jaxws.ServiceImpl.initialize(ServiceImpl.java:163)
    at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:129)
    at 
org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:82)
    at javax.xml.ws.Service.<init>(Service.java:77)
    at com.sylob.cochise.myreport.ComWeb.<init>(ComWeb.java:40)
    at com.sylob.cochise.myreport.ComWebTest.getComWebSoap(ComWebTest.java:101)
    at 
com.sylob.cochise.myreport.ComWebTest.testGetReporting(ComWebTest.java:136)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at junit.framework.TestCase.runTest(TestCase.java:176)
    at junit.framework.TestCase.runBare(TestCase.java:141)
    at junit.framework.TestResult$1.protect(TestResult.java:122)
    at junit.framework.TestResult.runProtected(TestResult.java:142)
    at junit.framework.TestResult.run(TestResult.java:125)
    at junit.framework.TestCase.run(TestCase.java:129)
    at junit.framework.TestSuite.runTest(TestSuite.java:252)
    at junit.framework.TestSuite.run(TestSuite.java:247)
    at 
org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:86)
    at 
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:89)
    at 
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:41)
    at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:541)
    at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:763)
    at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:463)
    at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:209)
Caused by: org.apache.cxf.service.factory.ServiceConstructionException: Failed 
to create service.
    at 
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:87)
    at org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:218)
    at org.apache.cxf.jaxws.ServiceImpl.initialize(ServiceImpl.java:161)
    ... 25 more
Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: 
Problem parsing 'https://ctrl-talend-s95/COM_WEB/ComWeb.asmx?wsdl'.: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
    at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
    at 
org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:238)
    at 
org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:163)
    at 
org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:85)
    ... 27 more
Caused by: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
    at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
    at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
    at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at 
com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:647)
    at 
com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:148)
    at 
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:805)
    at 
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:770)
    at 
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
    at 
com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:243)
    at 
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339)
    at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188)
    ... 32 more
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at 
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
    ... 52 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target
    at 
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 58 more{code}
I suspect error is thrown at the very beggining of the process (when WSDL is 
parsed), and cxf.xml is not loaded yet.

Note :

- It works FINE if I set trustore via system property like
{code:java}
 System.setProperty("javax.net.ssl.trustStoreType", "JKS");
 System.setProperty("javax.net.ssl.trustStore", "/path/to/myservice.jks");
{code}
- {{<http:conduit name="https://localhost:.*";>}} does not work too.

My Jdk is 1.8.121
 CXF version is 3.1.6


> Can't tell CXF to use a custom certstore for SSL certificate check
> ------------------------------------------------------------------
>
>                 Key: CXF-8013
>                 URL: https://issues.apache.org/jira/browse/CXF-8013
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.1.6
>            Reporter: Michel SAUMON
>            Priority: Major
>
> In my cxf.xml, I declared a custom certstore because my server's certificate 
> is not considered valid by the JDK:
> {code:java}
> <beans xmlns="http://www.springframework.org/schema/beans"; 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
> xmlns:sec="http://cxf.apache.org/configuration/security";
>    xmlns:http="http://cxf.apache.org/transports/http/configuration"; 
> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws";
>    xsi:schemaLocation="
>       http://cxf.apache.org/configuration/security
>       http://cxf.apache.org/schemas/configuration/security.xsd
>       http://cxf.apache.org/transports/http/configuration
>       http://cxf.apache.org/schemas/configuration/http-conf.xsd
>       http://www.springframework.org/schema/beans
>       http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
>    
>    <http:conduit name="{http://myservice.xx/comweb/}ComWebSoap.http-conduit";>
>       <http:tlsClientParameters disableCNCheck="true">
>          <sec:keyManagers>
>             <sec:keyStore resource="myservice.jks" type="JKS" />
>          </sec:keyManagers>
>          <sec:trustManagers>
>             <sec:certStore resource="myservice.jks" type="JKS" />
>             <sec:keyStore resource="myservice.jks" type="JKS" />
>          </sec:trustManagers>
>       </http:tlsClientParameters>
>    </http:conduit>
> </beans>{code}
> But CXF does not take this config.
> I have still the error telling the cert is not valid :
> {code:java}
> javax.xml.ws.WebServiceException: 
> org.apache.cxf.service.factory.ServiceConstructionException: Failed to create 
> service.
>     at org.apache.cxf.jaxws.ServiceImpl.initialize(ServiceImpl.java:163)
>     at org.apache.cxf.jaxws.ServiceImpl.<init>(ServiceImpl.java:129)
>     at 
> org.apache.cxf.jaxws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:82)
>     at javax.xml.ws.Service.<init>(Service.java:77)
>     at xx.mysoapclient.ComWeb.<init>(ComWeb.java:40)
>     at xx.mysoapclient.ComWebTest.getComWebSoap(ComWebTest.java:101)
>     at xx.mysoapclient.ComWebTest.testGetReporting(ComWebTest.java:136)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at junit.framework.TestCase.runTest(TestCase.java:176)
>     at junit.framework.TestCase.runBare(TestCase.java:141)
>     at junit.framework.TestResult$1.protect(TestResult.java:122)
>     at junit.framework.TestResult.runProtected(TestResult.java:142)
>     at junit.framework.TestResult.run(TestResult.java:125)
>     at junit.framework.TestCase.run(TestCase.java:129)
>     at junit.framework.TestSuite.runTest(TestSuite.java:252)
>     at junit.framework.TestSuite.run(TestSuite.java:247)
>     at 
> org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:86)
>     at 
> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:89)
>     at 
> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:41)
>     at 
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:541)
>     at 
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:763)
>     at 
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:463)
>     at 
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:209)
> Caused by: org.apache.cxf.service.factory.ServiceConstructionException: 
> Failed to create service.
>     at 
> org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:87)
>     at org.apache.cxf.jaxws.ServiceImpl.initializePorts(ServiceImpl.java:218)
>     at org.apache.cxf.jaxws.ServiceImpl.initialize(ServiceImpl.java:161)
>     ... 25 more
> Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: 
> Problem parsing 'https://ctrl-talend-s95/COM_WEB/ComWeb.asmx?wsdl'.: 
> javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target
>     at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
>     at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
>     at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
>     at 
> org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:238)
>     at 
> org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:163)
>     at 
> org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:85)
>     ... 27 more
> Caused by: javax.net.ssl.SSLHandshakeException: 
> sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target
>     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
>     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
>     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
>     at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
>     at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
>     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
>     at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
>     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
>     at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
>     at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
>     at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
>     at 
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
>     at 
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>     at 
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
>     at 
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
>     at 
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
>     at 
> com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:647)
>     at 
> com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:148)
>     at 
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:805)
>     at 
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:770)
>     at 
> com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
>     at 
> com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:243)
>     at 
> com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339)
>     at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188)
>     ... 32 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building 
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
> find valid certification path to requested target
>     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
>     at 
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
>     at sun.security.validator.Validator.validate(Validator.java:260)
>     at 
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
>     at 
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
>     at 
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
>     at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
>     ... 52 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
> to find valid certification path to requested target
>     at 
> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
>     at 
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
>     at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
>     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
>     ... 58 more{code}
> I suspect error is thrown at the very beggining of the process (when WSDL is 
> parsed), and cxf.xml is not loaded yet.
> Note :
>  - It works FINE if I set trustore via system property like
> {code:java}
>  System.setProperty("javax.net.ssl.trustStoreType", "JKS");
>  System.setProperty("javax.net.ssl.trustStore", "/path/to/myservice.jks");
> {code}
>  - {{<http:conduit name="https://localhost:.*";>}} does not work too.
> My Jdk is 1.8.121
>  CXF version is 3.1.6



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to