Re: CSWS Connector : ServiceConstructionException: Failed to create service
Yes I am doing that but I will need to rebuild.
I don’t recommend TLSv1 - this is already outphased and will lock out TLSv1.2.
I try TLS only as it includes all TLS protocols (depends on JDK).
SSL will not be supported by this (however as I said there are other parts of
the code where there is a getInstance(TLS). And some caveats: On JDK6+7 TLS
only means TLSv1 (and newer TLS Protocols are deactivated) on JDK8 it means
also that newer TLS protocols are enabled.
To be honest in my opinion - a SSL only one is a significant security hole and
given how old TLS support is JDK i would be surprised if there is someone using
such a server (most Organisations should switch to TLSv1.2 in any case as all
protocols below have been broken).
While it works for all JDKs - probably JDK8 should be recommended as it seems
to have all TLS protocols activated when using „TLS“. Older JDKs seem to
deactivate TLSv1.1 and TLSv1.2 when using TLS. I will write more about this in
the JIRA, once I verified that this solves the problem.
Then TLSv1.3 is JDK11 only - I will investigate what that implies.
Does ManifoldCf supports JDK11?
> Am 15.01.2020 um 00:08 schrieb Karl Wright :
>
>
> I think you can just change the code to read as follows when it creates the
> SSLContext:
>
> SSLContext ctx = SSLContext.getInstance("TLSv1");
>
> I don't know if TLS will downgrade to SSL if that's all that's available.
>
> Karl
>
>
>> On Tue, Jan 14, 2020 at 6:02 PM Jörn Franke wrote:
>> Yes it you do not change this setting as what I suspect happens here. See my
>> previous mail for details.
>>
Am 14.01.2020 um 23:51 schrieb Karl Wright :
>>>
>>> It looks looks TLS is actually enabled in the SSLSocketFactory framework
>>> based on how you create the SSLSocketContext. See:
>>>
>>> https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html
>>>
>>> Karl
>>>
>>>
On Tue, Jan 14, 2020 at 5:48 PM Karl Wright wrote:
The design of ManifoldCF deliberately manages keystores on a connection by
connection basis, not globally. If you think the only way to implement
TLS is via global keystore I very much doubt it.
I am on the road until late tomorrow but somewhere along the line I can do
some research into why TLS won't work as we are currently doing it.
Karl
> On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke wrote:
> These are TLS only. So maybe you have other servers where tls and ssl are
> possible and it downgrades to ssl.however, this is speculation and I need
> to verify it. I have to rebuilt manifold for that. Probably I have to
> reinstall everything as the keystorefactory is a dependency in the
> connector.
>
>>> Am 14.01.2020 um 18:34 schrieb Karl Wright :
>>>
>>
>> If you can recommend changes to support TLS, that would be great. The
>> basic infrastructure should still work; it is just a custom keystone and
>> associated SSLSocketFactory, which I think also is used for TLS
>> connections, unless I am missing something.
>>
>>> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke wrote:
>>> Yes this works fine. I believe the error comes from the fact that TLS
>>> connections are not supported.
>>>
> Am 14.01.2020 um 15:31 schrieb Michael Cizmar
> :
>
If you want to test the url and the ssl, I would recommend attempting
using SSLPoke to confirm that they keystore is setup properly:
https://github.com/MichalHecko/SSLPoke
Michael
From: Karl Wright
Reply-To: "user@manifoldcf.apache.org"
Date: Tuesday, January 14, 2020 at 7:21 AM
To: "user@manifoldcf.apache.org"
Subject: Re: CSWS Connector : ServiceConstructionException: Failed to
create service
Hmm, others have succeeded setting up SSL connections with the current
code. Hoping they chime in here.
Karl
On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote:
It seems that it has indeed a certificate issue as it cannot find a
valid certification path to the target. The thing is: I added those
certificates in the UI should it should not happen.
Am 10.01.2020 um 20:51 schrieb Jörn Franke :
2.15 ...
I will try on the weekend to see if I can get some logs out of it.
Am 10.01.2020 um 19:02 schrieb Karl Wright :
Can I ask what version of MCF you are using? There were issues with
SSL in the first release of the csws connector if I
Re: CSWS Connector : ServiceConstructionException: Failed to create service
I think you can just change the code to read as follows when it creates the
SSLContext:
SSLContext ctx = SSLContext.getInstance("TLSv1");
I don't know if TLS will downgrade to SSL if that's all that's available.
Karl
On Tue, Jan 14, 2020 at 6:02 PM Jörn Franke wrote:
> Yes it you do not change this setting as what I suspect happens here. See
> my previous mail for details.
>
> Am 14.01.2020 um 23:51 schrieb Karl Wright :
>
>
> It looks looks TLS is actually enabled in the SSLSocketFactory framework
> based on how you create the SSLSocketContext. See:
>
> https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html
>
> Karl
>
>
> On Tue, Jan 14, 2020 at 5:48 PM Karl Wright wrote:
>
>> The design of ManifoldCF deliberately manages keystores on a connection
>> by connection basis, not globally. If you think the only way to implement
>> TLS is via global keystore I very much doubt it.
>>
>> I am on the road until late tomorrow but somewhere along the line I can
>> do some research into why TLS won't work as we are currently doing it.
>>
>> Karl
>>
>>
>> On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke
>> wrote:
>>
>>> These are TLS only. So maybe you have other servers where tls and ssl
>>> are possible and it downgrades to ssl.however, this is speculation and I
>>> need to verify it. I have to rebuilt manifold for that. Probably I have to
>>> reinstall everything as the keystorefactory is a dependency in the
>>> connector.
>>>
>>> Am 14.01.2020 um 18:34 schrieb Karl Wright :
>>>
>>>
>>> If you can recommend changes to support TLS, that would be great. The
>>> basic infrastructure should still work; it is just a custom keystone and
>>> associated SSLSocketFactory, which I think also is used for TLS
>>> connections, unless I am missing something.
>>>
>>> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke wrote:
>>>
Yes this works fine. I believe the error comes from the fact that TLS
connections are not supported.
Am 14.01.2020 um 15:31 schrieb Michael Cizmar <
michael.ciz...@mcplusa.com>:
If you want to test the url and the ssl, I would recommend attempting
using SSLPoke to confirm that they keystore is setup properly:
https://github.com/MichalHecko/SSLPoke
Michael
*From: *Karl Wright
*Reply-To: *"user@manifoldcf.apache.org"
*Date: *Tuesday, January 14, 2020 at 7:21 AM
*To: *"user@manifoldcf.apache.org"
*Subject: *Re: CSWS Connector : ServiceConstructionException: Failed
to create service
Hmm, others have succeeded setting up SSL connections with the current
code. Hoping they chime in here.
Karl
On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote:
It seems that it has indeed a certificate issue as it cannot find a
valid certification path to the target. The thing is: I added those
certificates in the UI should it should not happen.
Am 10.01.2020 um 20:51 schrieb Jörn Franke :
2.15 ...
I will try on the weekend to see if I can get some logs out of it.
Am 10.01.2020 um 19:02 schrieb Karl Wright :
Can I ask what version of MCF you are using? There were issues with
SSL in the first release of the csws connector if I recall correctly, that
were fixed for the second release.
Karl
On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke
wrote:
I added root, intermediate and server certificate (in base64 cer, it
seems to be recognized by manifoldcf), but I still get the same message. I
will try to get somehow the full stacktrace
Am 10.01.2020 um 17:21 schrieb Karl Wright :
If you are using SSL you need to have the proper certificate saved in
the connection's keystore.
Karl
On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke
wrote:
It is actually a server using configuration of the command - driven
multi-process model (but the agents executed as a service and the war on a
tomcat executed as a service) under Linux.
I thought as well that it cannot reach the webservices, the question is
why. On the same server I can reach the webservices and fetch the WSDL
without issues.
Maybe sth related to ssl ?
Am 10.01.2020 um 14:59 schrieb Karl Wright :
How are you running manifoldcf? Single process example, or a custom
setup of some kind?
This exception is a "catch all" exception generated far below anything
in ManifoldCF, but usually means it cannot download the WSDLs from the
service. Getting the full exception dumped in the log requires a "hack" to
the check() method of the connector, but I'm pretty sure that's what's
happening anyway.
Re: CSWS Connector : ServiceConstructionException: Failed to create service
Yes it you do not change this setting as what I suspect happens here. See my previous mail for details. > Am 14.01.2020 um 23:51 schrieb Karl Wright : > > > It looks looks TLS is actually enabled in the SSLSocketFactory framework > based on how you create the SSLSocketContext. See: > > https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html > > Karl > > >> On Tue, Jan 14, 2020 at 5:48 PM Karl Wright wrote: >> The design of ManifoldCF deliberately manages keystores on a connection by >> connection basis, not globally. If you think the only way to implement TLS >> is via global keystore I very much doubt it. >> >> I am on the road until late tomorrow but somewhere along the line I can do >> some research into why TLS won't work as we are currently doing it. >> >> Karl >> >> >>> On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke wrote: >>> These are TLS only. So maybe you have other servers where tls and ssl are >>> possible and it downgrades to ssl.however, this is speculation and I need >>> to verify it. I have to rebuilt manifold for that. Probably I have to >>> reinstall everything as the keystorefactory is a dependency in the >>> connector. >>> > Am 14.01.2020 um 18:34 schrieb Karl Wright : > If you can recommend changes to support TLS, that would be great. The basic infrastructure should still work; it is just a custom keystone and associated SSLSocketFactory, which I think also is used for TLS connections, unless I am missing something. > On Tue, Jan 14, 2020, 9:38 AM Jörn Franke wrote: > Yes this works fine. I believe the error comes from the fact that TLS > connections are not supported. > >>> Am 14.01.2020 um 15:31 schrieb Michael Cizmar >>> : >>> >> >> If you want to test the url and the ssl, I would recommend attempting >> using SSLPoke to confirm that they keystore is setup properly: >> >> >> >> https://github.com/MichalHecko/SSLPoke >> >> >> >> Michael >> >> >> >> From: Karl Wright >> Reply-To: "user@manifoldcf.apache.org" >> Date: Tuesday, January 14, 2020 at 7:21 AM >> To: "user@manifoldcf.apache.org" >> Subject: Re: CSWS Connector : ServiceConstructionException: Failed to >> create service >> >> >> >> Hmm, others have succeeded setting up SSL connections with the current >> code. Hoping they chime in here. >> >> >> >> Karl >> >> >> >> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote: >> >> It seems that it has indeed a certificate issue as it cannot find a >> valid certification path to the target. The thing is: I added those >> certificates in the UI should it should not happen. >> >> >> >> >> >> >> >> >> Am 10.01.2020 um 20:51 schrieb Jörn Franke : >> >> 2.15 ... >> >> I will try on the weekend to see if I can get some logs out of it. >> >> >> >> >> Am 10.01.2020 um 19:02 schrieb Karl Wright : >> >> Can I ask what version of MCF you are using? There were issues with SSL >> in the first release of the csws connector if I recall correctly, that >> were fixed for the second release. >> >> >> >> Karl >> >> >> >> >> >> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke >> wrote: >> >> I added root, intermediate and server certificate (in base64 cer, it >> seems to be recognized by manifoldcf), but I still get the same message. >> I will try to get somehow the full stacktrace >> >> >> >> >> Am 10.01.2020 um 17:21 schrieb Karl Wright : >> >> If you are using SSL you need to have the proper certificate saved in >> the connection's keystore. >> >> Karl >> >> >> >> >> >> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke >> wrote: >> >> It is actually a server using configuration of the command - driven >> multi-process model (but the agents executed as a service and the war on >> a tomcat executed as a service) under Linux. >> >> >> >> I thought as well that it cannot reach the webservices, the question is >> why. On the same server I can reach the webservices and fetch the WSDL >> without issues. >> >> Maybe sth related to ssl ? >> >> >> >> >> Am 10.01.2020 um 14:59 schrieb Karl Wright : >> >> How are you running manifoldcf? Single process example, or a custom >> setup of some kind? >> >> This exception is a "catch all" exception generated far below anything >> in ManifoldCF, but usually means it cannot download the WSDLs from the >> service. Getting the full exception dumped in the log requires a "hack" >> to the check() method of
Re: CSWS Connector : ServiceConstructionException: Failed to create service
I hope to test my assumption this week. The reason is that if you look at line 404 https://github.com/apache/manifoldcf/blob/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/KeystoreManager.java It creates an sslcontext witj ssl only Support but no TLS. That is why I assume that it you add custom cas it downgrades always to SSL and if you have a custom CA and TLS only it will not work. The same issue is for the Solr connector - however if you do not specify there cas then the certificate is not validated and the default protocol set of the JDk is used (which includes TLS). It is just an assumption that needs to be tested. While I cannot be sure that this is exactly the problem i face - this line looks strange and should be checked. Maybe it is harmless. A similar line was in the gts connector. Maybe if one searches we find others. Eg i also found a line where there is TLS mentioned instead of SSL. > Am 14.01.2020 um 23:48 schrieb Karl Wright : > > > The design of ManifoldCF deliberately manages keystores on a connection by > connection basis, not globally. If you think the only way to implement TLS > is via global keystore I very much doubt it. > > I am on the road until late tomorrow but somewhere along the line I can do > some research into why TLS won't work as we are currently doing it. > > Karl > > >> On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke wrote: >> These are TLS only. So maybe you have other servers where tls and ssl are >> possible and it downgrades to ssl.however, this is speculation and I need to >> verify it. I have to rebuilt manifold for that. Probably I have to reinstall >> everything as the keystorefactory is a dependency in the connector. >> Am 14.01.2020 um 18:34 schrieb Karl Wright : >>> >>> If you can recommend changes to support TLS, that would be great. The >>> basic infrastructure should still work; it is just a custom keystone and >>> associated SSLSocketFactory, which I think also is used for TLS >>> connections, unless I am missing something. >>> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke wrote: Yes this works fine. I believe the error comes from the fact that TLS connections are not supported. >> Am 14.01.2020 um 15:31 schrieb Michael Cizmar >> : >> > > If you want to test the url and the ssl, I would recommend attempting > using SSLPoke to confirm that they keystore is setup properly: > > > > https://github.com/MichalHecko/SSLPoke > > > > Michael > > > > From: Karl Wright > Reply-To: "user@manifoldcf.apache.org" > Date: Tuesday, January 14, 2020 at 7:21 AM > To: "user@manifoldcf.apache.org" > Subject: Re: CSWS Connector : ServiceConstructionException: Failed to > create service > > > > Hmm, others have succeeded setting up SSL connections with the current > code. Hoping they chime in here. > > > > Karl > > > > On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote: > > It seems that it has indeed a certificate issue as it cannot find a valid > certification path to the target. The thing is: I added those > certificates in the UI should it should not happen. > > > > > > > > > Am 10.01.2020 um 20:51 schrieb Jörn Franke : > > 2.15 ... > > I will try on the weekend to see if I can get some logs out of it. > > > > > Am 10.01.2020 um 19:02 schrieb Karl Wright : > > Can I ask what version of MCF you are using? There were issues with SSL > in the first release of the csws connector if I recall correctly, that > were fixed for the second release. > > > > Karl > > > > > > On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke wrote: > > I added root, intermediate and server certificate (in base64 cer, it > seems to be recognized by manifoldcf), but I still get the same message. > I will try to get somehow the full stacktrace > > > > > Am 10.01.2020 um 17:21 schrieb Karl Wright : > > If you are using SSL you need to have the proper certificate saved in the > connection's keystore. > > Karl > > > > > > On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke wrote: > > It is actually a server using configuration of the command - driven > multi-process model (but the agents executed as a service and the war on > a tomcat executed as a service) under Linux. > > > > I thought as well that it cannot reach the webservices, the question is > why. On the same server I can reach the webservices and fetch the WSDL > without issues. > > Maybe sth related to ssl ? > > > > > Am
Re: CSWS Connector : ServiceConstructionException: Failed to create service
The design of ManifoldCF deliberately manages keystores on a connection by connection basis, not globally. If you think the only way to implement TLS is via global keystore I very much doubt it. I am on the road until late tomorrow but somewhere along the line I can do some research into why TLS won't work as we are currently doing it. Karl On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke wrote: > These are TLS only. So maybe you have other servers where tls and ssl are > possible and it downgrades to ssl.however, this is speculation and I need > to verify it. I have to rebuilt manifold for that. Probably I have to > reinstall everything as the keystorefactory is a dependency in the > connector. > > Am 14.01.2020 um 18:34 schrieb Karl Wright : > > > If you can recommend changes to support TLS, that would be great. The > basic infrastructure should still work; it is just a custom keystone and > associated SSLSocketFactory, which I think also is used for TLS > connections, unless I am missing something. > > On Tue, Jan 14, 2020, 9:38 AM Jörn Franke wrote: > >> Yes this works fine. I believe the error comes from the fact that TLS >> connections are not supported. >> >> Am 14.01.2020 um 15:31 schrieb Michael Cizmar > >: >> >> >> >> If you want to test the url and the ssl, I would recommend attempting >> using SSLPoke to confirm that they keystore is setup properly: >> >> >> >> https://github.com/MichalHecko/SSLPoke >> >> >> >> Michael >> >> >> >> *From: *Karl Wright >> *Reply-To: *"user@manifoldcf.apache.org" >> *Date: *Tuesday, January 14, 2020 at 7:21 AM >> *To: *"user@manifoldcf.apache.org" >> *Subject: *Re: CSWS Connector : ServiceConstructionException: Failed to >> create service >> >> >> >> Hmm, others have succeeded setting up SSL connections with the current >> code. Hoping they chime in here. >> >> >> >> Karl >> >> >> >> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote: >> >> It seems that it has indeed a certificate issue as it cannot find a valid >> certification path to the target. The thing is: I added those certificates >> in the UI should it should not happen. >> >> >> >> >> >> >> >> Am 10.01.2020 um 20:51 schrieb Jörn Franke : >> >> 2.15 ... >> >> I will try on the weekend to see if I can get some logs out of it. >> >> >> >> Am 10.01.2020 um 19:02 schrieb Karl Wright : >> >> Can I ask what version of MCF you are using? There were issues with SSL >> in the first release of the csws connector if I recall correctly, that were >> fixed for the second release. >> >> >> >> Karl >> >> >> >> >> >> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke >> wrote: >> >> I added root, intermediate and server certificate (in base64 cer, it >> seems to be recognized by manifoldcf), but I still get the same message. I >> will try to get somehow the full stacktrace >> >> >> >> Am 10.01.2020 um 17:21 schrieb Karl Wright : >> >> If you are using SSL you need to have the proper certificate saved in the >> connection's keystore. >> >> Karl >> >> >> >> >> >> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke >> wrote: >> >> It is actually a server using configuration of the command - driven >> multi-process model (but the agents executed as a service and the war on a >> tomcat executed as a service) under Linux. >> >> >> >> I thought as well that it cannot reach the webservices, the question is >> why. On the same server I can reach the webservices and fetch the WSDL >> without issues. >> >> Maybe sth related to ssl ? >> >> >> >> Am 10.01.2020 um 14:59 schrieb Karl Wright : >> >> How are you running manifoldcf? Single process example, or a custom >> setup of some kind? >> >> This exception is a "catch all" exception generated far below anything in >> ManifoldCF, but usually means it cannot download the WSDLs from the >> service. Getting the full exception dumped in the log requires a "hack" to >> the check() method of the connector, but I'm pretty sure that's what's >> happening anyway. >> >> Karl >> >> >> >> >> >> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke wrote: >> >> Hi, >> >> I tried to use the CSWS connector, but already for the Authority >> connection I receive a >> org.apache.cxf.service.factory.ServiceConstructionException: Failed to >> create service. >> >> Unfortunately I don’t see more details , also not in the log (debug is >> activated). I try to get a little bit more output by modifying the >> connector, but maybe someone has already an idea why this can happen? >> >> Are there some special instructions to use it? The pointers to the >> webservices are correct, I tested via Curl and SOAPUI. >> >> >> Thank you. >> Best regards >> >>
Re: CSWS Connector : ServiceConstructionException: Failed to create service
It looks looks TLS is actually enabled in the SSLSocketFactory framework based on how you create the SSLSocketContext. See: https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html Karl On Tue, Jan 14, 2020 at 5:48 PM Karl Wright wrote: > The design of ManifoldCF deliberately manages keystores on a connection by > connection basis, not globally. If you think the only way to implement TLS > is via global keystore I very much doubt it. > > I am on the road until late tomorrow but somewhere along the line I can do > some research into why TLS won't work as we are currently doing it. > > Karl > > > On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke wrote: > >> These are TLS only. So maybe you have other servers where tls and ssl are >> possible and it downgrades to ssl.however, this is speculation and I need >> to verify it. I have to rebuilt manifold for that. Probably I have to >> reinstall everything as the keystorefactory is a dependency in the >> connector. >> >> Am 14.01.2020 um 18:34 schrieb Karl Wright : >> >> >> If you can recommend changes to support TLS, that would be great. The >> basic infrastructure should still work; it is just a custom keystone and >> associated SSLSocketFactory, which I think also is used for TLS >> connections, unless I am missing something. >> >> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke wrote: >> >>> Yes this works fine. I believe the error comes from the fact that TLS >>> connections are not supported. >>> >>> Am 14.01.2020 um 15:31 schrieb Michael Cizmar < >>> michael.ciz...@mcplusa.com>: >>> >>> >>> >>> If you want to test the url and the ssl, I would recommend attempting >>> using SSLPoke to confirm that they keystore is setup properly: >>> >>> >>> >>> https://github.com/MichalHecko/SSLPoke >>> >>> >>> >>> Michael >>> >>> >>> >>> *From: *Karl Wright >>> *Reply-To: *"user@manifoldcf.apache.org" >>> *Date: *Tuesday, January 14, 2020 at 7:21 AM >>> *To: *"user@manifoldcf.apache.org" >>> *Subject: *Re: CSWS Connector : ServiceConstructionException: Failed to >>> create service >>> >>> >>> >>> Hmm, others have succeeded setting up SSL connections with the current >>> code. Hoping they chime in here. >>> >>> >>> >>> Karl >>> >>> >>> >>> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote: >>> >>> It seems that it has indeed a certificate issue as it cannot find a >>> valid certification path to the target. The thing is: I added those >>> certificates in the UI should it should not happen. >>> >>> >>> >>> >>> >>> >>> >>> Am 10.01.2020 um 20:51 schrieb Jörn Franke : >>> >>> 2.15 ... >>> >>> I will try on the weekend to see if I can get some logs out of it. >>> >>> >>> >>> Am 10.01.2020 um 19:02 schrieb Karl Wright : >>> >>> Can I ask what version of MCF you are using? There were issues with SSL >>> in the first release of the csws connector if I recall correctly, that were >>> fixed for the second release. >>> >>> >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke >>> wrote: >>> >>> I added root, intermediate and server certificate (in base64 cer, it >>> seems to be recognized by manifoldcf), but I still get the same message. I >>> will try to get somehow the full stacktrace >>> >>> >>> >>> Am 10.01.2020 um 17:21 schrieb Karl Wright : >>> >>> If you are using SSL you need to have the proper certificate saved in >>> the connection's keystore. >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke >>> wrote: >>> >>> It is actually a server using configuration of the command - driven >>> multi-process model (but the agents executed as a service and the war on a >>> tomcat executed as a service) under Linux. >>> >>> >>> >>> I thought as well that it cannot reach the webservices, the question is >>> why. On the same server I can reach the webservices and fetch the WSDL >>> without issues. >>> >>> Maybe sth related to ssl ? >>> >>> >>> >>> Am 10.01.2020 um 14:59 schrieb Karl Wright : >>> >>> How are you running manifoldcf? Single process example, or a custom >>> setup of some kind? >>> >>> This exception is a "catch all" exception generated far below anything >>> in ManifoldCF, but usually means it cannot download the WSDLs from the >>> service. Getting the full exception dumped in the log requires a "hack" to >>> the check() method of the connector, but I'm pretty sure that's what's >>> happening anyway. >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke >>> wrote: >>> >>> Hi, >>> >>> I tried to use the CSWS connector, but already for the Authority >>> connection I receive a >>> org.apache.cxf.service.factory.ServiceConstructionException: Failed to >>> create service. >>> >>> Unfortunately I don’t see more details , also not in the log (debug is >>> activated). I try to get a little bit more output by modifying the >>> connector, but maybe someone has already an idea why this can happen? >>> >>> Are there some special instructions to use it? The pointers to the >>>
Re: CSWS Connector : ServiceConstructionException: Failed to create service
These are TLS only. So maybe you have other servers where tls and ssl are possible and it downgrades to ssl.however, this is speculation and I need to verify it. I have to rebuilt manifold for that. Probably I have to reinstall everything as the keystorefactory is a dependency in the connector. > Am 14.01.2020 um 18:34 schrieb Karl Wright : > > > If you can recommend changes to support TLS, that would be great. The basic > infrastructure should still work; it is just a custom keystone and associated > SSLSocketFactory, which I think also is used for TLS connections, unless I am > missing something. > >> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke wrote: >> Yes this works fine. I believe the error comes from the fact that TLS >> connections are not supported. >> Am 14.01.2020 um 15:31 schrieb Michael Cizmar : >>> >>> If you want to test the url and the ssl, I would recommend attempting using >>> SSLPoke to confirm that they keystore is setup properly: >>> >>> >>> >>> https://github.com/MichalHecko/SSLPoke >>> >>> >>> >>> Michael >>> >>> >>> >>> From: Karl Wright >>> Reply-To: "user@manifoldcf.apache.org" >>> Date: Tuesday, January 14, 2020 at 7:21 AM >>> To: "user@manifoldcf.apache.org" >>> Subject: Re: CSWS Connector : ServiceConstructionException: Failed to >>> create service >>> >>> >>> >>> Hmm, others have succeeded setting up SSL connections with the current >>> code. Hoping they chime in here. >>> >>> >>> >>> Karl >>> >>> >>> >>> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote: >>> >>> It seems that it has indeed a certificate issue as it cannot find a valid >>> certification path to the target. The thing is: I added those certificates >>> in the UI should it should not happen. >>> >>> >>> >>> >>> >>> >>> >>> >>> Am 10.01.2020 um 20:51 schrieb Jörn Franke : >>> >>> 2.15 ... >>> >>> I will try on the weekend to see if I can get some logs out of it. >>> >>> >>> >>> >>> Am 10.01.2020 um 19:02 schrieb Karl Wright : >>> >>> Can I ask what version of MCF you are using? There were issues with SSL in >>> the first release of the csws connector if I recall correctly, that were >>> fixed for the second release. >>> >>> >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke wrote: >>> >>> I added root, intermediate and server certificate (in base64 cer, it seems >>> to be recognized by manifoldcf), but I still get the same message. I will >>> try to get somehow the full stacktrace >>> >>> >>> >>> >>> Am 10.01.2020 um 17:21 schrieb Karl Wright : >>> >>> If you are using SSL you need to have the proper certificate saved in the >>> connection's keystore. >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke wrote: >>> >>> It is actually a server using configuration of the command - driven >>> multi-process model (but the agents executed as a service and the war on a >>> tomcat executed as a service) under Linux. >>> >>> >>> >>> I thought as well that it cannot reach the webservices, the question is >>> why. On the same server I can reach the webservices and fetch the WSDL >>> without issues. >>> >>> Maybe sth related to ssl ? >>> >>> >>> >>> >>> Am 10.01.2020 um 14:59 schrieb Karl Wright : >>> >>> How are you running manifoldcf? Single process example, or a custom setup >>> of some kind? >>> >>> This exception is a "catch all" exception generated far below anything in >>> ManifoldCF, but usually means it cannot download the WSDLs from the >>> service. Getting the full exception dumped in the log requires a "hack" to >>> the check() method of the connector, but I'm pretty sure that's what's >>> happening anyway. >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke wrote: >>> >>> Hi, >>> >>> I tried to use the CSWS connector, but already for the Authority connection >>> I receive a org.apache.cxf.service.factory.ServiceConstructionException: >>> Failed to create service. >>> >>> Unfortunately I don’t see more details , also not in the log (debug is >>> activated). I try to get a little bit more output by modifying the >>> connector, but maybe someone has already an idea why this can happen? >>> >>> Are there some special instructions to use it? The pointers to the >>> webservices are correct, I tested via Curl and SOAPUI. >>> >>> >>> Thank you. >>> Best regards
Re: CSWS Connector : ServiceConstructionException: Failed to create service
If you can recommend changes to support TLS, that would be great. The basic infrastructure should still work; it is just a custom keystone and associated SSLSocketFactory, which I think also is used for TLS connections, unless I am missing something. On Tue, Jan 14, 2020, 9:38 AM Jörn Franke wrote: > Yes this works fine. I believe the error comes from the fact that TLS > connections are not supported. > > Am 14.01.2020 um 15:31 schrieb Michael Cizmar >: > > > > If you want to test the url and the ssl, I would recommend attempting > using SSLPoke to confirm that they keystore is setup properly: > > > > https://github.com/MichalHecko/SSLPoke > > > > Michael > > > > *From: *Karl Wright > *Reply-To: *"user@manifoldcf.apache.org" > *Date: *Tuesday, January 14, 2020 at 7:21 AM > *To: *"user@manifoldcf.apache.org" > *Subject: *Re: CSWS Connector : ServiceConstructionException: Failed to > create service > > > > Hmm, others have succeeded setting up SSL connections with the current > code. Hoping they chime in here. > > > > Karl > > > > On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote: > > It seems that it has indeed a certificate issue as it cannot find a valid > certification path to the target. The thing is: I added those certificates > in the UI should it should not happen. > > > > > > > > Am 10.01.2020 um 20:51 schrieb Jörn Franke : > > 2.15 ... > > I will try on the weekend to see if I can get some logs out of it. > > > > Am 10.01.2020 um 19:02 schrieb Karl Wright : > > Can I ask what version of MCF you are using? There were issues with SSL > in the first release of the csws connector if I recall correctly, that were > fixed for the second release. > > > > Karl > > > > > > On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke wrote: > > I added root, intermediate and server certificate (in base64 cer, it seems > to be recognized by manifoldcf), but I still get the same message. I will > try to get somehow the full stacktrace > > > > Am 10.01.2020 um 17:21 schrieb Karl Wright : > > If you are using SSL you need to have the proper certificate saved in the > connection's keystore. > > Karl > > > > > > On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke wrote: > > It is actually a server using configuration of the command - driven > multi-process model (but the agents executed as a service and the war on a > tomcat executed as a service) under Linux. > > > > I thought as well that it cannot reach the webservices, the question is > why. On the same server I can reach the webservices and fetch the WSDL > without issues. > > Maybe sth related to ssl ? > > > > Am 10.01.2020 um 14:59 schrieb Karl Wright : > > How are you running manifoldcf? Single process example, or a custom setup > of some kind? > > This exception is a "catch all" exception generated far below anything in > ManifoldCF, but usually means it cannot download the WSDLs from the > service. Getting the full exception dumped in the log requires a "hack" to > the check() method of the connector, but I'm pretty sure that's what's > happening anyway. > > Karl > > > > > > On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke wrote: > > Hi, > > I tried to use the CSWS connector, but already for the Authority > connection I receive a > org.apache.cxf.service.factory.ServiceConstructionException: Failed to > create service. > > Unfortunately I don’t see more details , also not in the log (debug is > activated). I try to get a little bit more output by modifying the > connector, but maybe someone has already an idea why this can happen? > > Are there some special instructions to use it? The pointers to the > webservices are correct, I tested via Curl and SOAPUI. > > > Thank you. > Best regards > >
Re: CSWS Connector : ServiceConstructionException: Failed to create service
Yes this works fine. I believe the error comes from the fact that TLS connections are not supported. > Am 14.01.2020 um 15:31 schrieb Michael Cizmar : > > > If you want to test the url and the ssl, I would recommend attempting using > SSLPoke to confirm that they keystore is setup properly: > > https://github.com/MichalHecko/SSLPoke > > Michael > > From: Karl Wright > Reply-To: "user@manifoldcf.apache.org" > Date: Tuesday, January 14, 2020 at 7:21 AM > To: "user@manifoldcf.apache.org" > Subject: Re: CSWS Connector : ServiceConstructionException: Failed to create > service > > Hmm, others have succeeded setting up SSL connections with the current code. > Hoping they chime in here. > > Karl > > On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote: > It seems that it has indeed a certificate issue as it cannot find a valid > certification path to the target. The thing is: I added those certificates in > the UI should it should not happen. > > > > > Am 10.01.2020 um 20:51 schrieb Jörn Franke : > > 2.15 ... > I will try on the weekend to see if I can get some logs out of it. > > > Am 10.01.2020 um 19:02 schrieb Karl Wright : > > Can I ask what version of MCF you are using? There were issues with SSL in > the first release of the csws connector if I recall correctly, that were > fixed for the second release. > > Karl > > > On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke wrote: > I added root, intermediate and server certificate (in base64 cer, it seems to > be recognized by manifoldcf), but I still get the same message. I will try to > get somehow the full stacktrace > > > Am 10.01.2020 um 17:21 schrieb Karl Wright : > > If you are using SSL you need to have the proper certificate saved in the > connection's keystore. > Karl > > > On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke wrote: > It is actually a server using configuration of the command - driven > multi-process model (but the agents executed as a service and the war on a > tomcat executed as a service) under Linux. > > I thought as well that it cannot reach the webservices, the question is why. > On the same server I can reach the webservices and fetch the WSDL without > issues. > Maybe sth related to ssl ? > > > Am 10.01.2020 um 14:59 schrieb Karl Wright : > > How are you running manifoldcf? Single process example, or a custom setup of > some kind? > > This exception is a "catch all" exception generated far below anything in > ManifoldCF, but usually means it cannot download the WSDLs from the service. > Getting the full exception dumped in the log requires a "hack" to the check() > method of the connector, but I'm pretty sure that's what's happening anyway. > > Karl > > > On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke wrote: > Hi, > > I tried to use the CSWS connector, but already for the Authority connection I > receive a org.apache.cxf.service.factory.ServiceConstructionException: Failed > to create service. > > Unfortunately I don’t see more details , also not in the log (debug is > activated). I try to get a little bit more output by modifying the connector, > but maybe someone has already an idea why this can happen? > > Are there some special instructions to use it? The pointers to the > webservices are correct, I tested via Curl and SOAPUI. > > > Thank you. > Best regards
Re: CSWS Connector : ServiceConstructionException: Failed to create service
If you want to test the url and the ssl, I would recommend attempting using SSLPoke to confirm that they keystore is setup properly: https://github.com/MichalHecko/SSLPoke Michael From: Karl Wright Reply-To: "user@manifoldcf.apache.org" Date: Tuesday, January 14, 2020 at 7:21 AM To: "user@manifoldcf.apache.org" Subject: Re: CSWS Connector : ServiceConstructionException: Failed to create service Hmm, others have succeeded setting up SSL connections with the current code. Hoping they chime in here. Karl On Tue, Jan 14, 2020, 8:19 AM Jörn Franke mailto:jornfra...@gmail.com>> wrote: It seems that it has indeed a certificate issue as it cannot find a valid certification path to the target. The thing is: I added those certificates in the UI should it should not happen. Am 10.01.2020 um 20:51 schrieb Jörn Franke mailto:jornfra...@gmail.com>>: 2.15 ... I will try on the weekend to see if I can get some logs out of it. Am 10.01.2020 um 19:02 schrieb Karl Wright mailto:daddy...@gmail.com>>: Can I ask what version of MCF you are using? There were issues with SSL in the first release of the csws connector if I recall correctly, that were fixed for the second release. Karl On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke mailto:jornfra...@gmail.com>> wrote: I added root, intermediate and server certificate (in base64 cer, it seems to be recognized by manifoldcf), but I still get the same message. I will try to get somehow the full stacktrace Am 10.01.2020 um 17:21 schrieb Karl Wright mailto:daddy...@gmail.com>>: If you are using SSL you need to have the proper certificate saved in the connection's keystore. Karl On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke mailto:jornfra...@gmail.com>> wrote: It is actually a server using configuration of the command - driven multi-process model (but the agents executed as a service and the war on a tomcat executed as a service) under Linux. I thought as well that it cannot reach the webservices, the question is why. On the same server I can reach the webservices and fetch the WSDL without issues. Maybe sth related to ssl ? Am 10.01.2020 um 14:59 schrieb Karl Wright mailto:daddy...@gmail.com>>: How are you running manifoldcf? Single process example, or a custom setup of some kind? This exception is a "catch all" exception generated far below anything in ManifoldCF, but usually means it cannot download the WSDLs from the service. Getting the full exception dumped in the log requires a "hack" to the check() method of the connector, but I'm pretty sure that's what's happening anyway. Karl On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke mailto:jornfra...@gmail.com>> wrote: Hi, I tried to use the CSWS connector, but already for the Authority connection I receive a org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service. Unfortunately I don’t see more details , also not in the log (debug is activated). I try to get a little bit more output by modifying the connector, but maybe someone has already an idea why this can happen? Are there some special instructions to use it? The pointers to the webservices are correct, I tested via Curl and SOAPUI. Thank you. Best regards
Re: CSWS Connector : ServiceConstructionException: Failed to create service
I know that the CAs are correct as they work with other Java tools. > Am 14.01.2020 um 14:21 schrieb Karl Wright : > > > Hmm, others have succeeded setting up SSL connections with the current code. > Hoping they chime in here. > > Karl > >> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote: >> It seems that it has indeed a certificate issue as it cannot find a valid >> certification path to the target. The thing is: I added those certificates >> in the UI should it should not happen. >> >> >> Am 10.01.2020 um 20:51 schrieb Jörn Franke : >>> >>> 2.15 ... >>> I will try on the weekend to see if I can get some logs out of it. >>> > Am 10.01.2020 um 19:02 schrieb Karl Wright : > Can I ask what version of MCF you are using? There were issues with SSL in the first release of the csws connector if I recall correctly, that were fixed for the second release. Karl > On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke wrote: > I added root, intermediate and server certificate (in base64 cer, it > seems to be recognized by manifoldcf), but I still get the same message. > I will try to get somehow the full stacktrace > >>> Am 10.01.2020 um 17:21 schrieb Karl Wright : >>> >> >> If you are using SSL you need to have the proper certificate saved in >> the connection's keystore. >> Karl >> >> >>> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke >>> wrote: >>> It is actually a server using configuration of the command - driven >>> multi-process model (but the agents executed as a service and the war >>> on a tomcat executed as a service) under Linux. >>> >>> I thought as well that it cannot reach the webservices, the question is >>> why. On the same server I can reach the webservices and fetch the WSDL >>> without issues. >>> Maybe sth related to ssl ? >>> > Am 10.01.2020 um 14:59 schrieb Karl Wright : > How are you running manifoldcf? Single process example, or a custom setup of some kind? This exception is a "catch all" exception generated far below anything in ManifoldCF, but usually means it cannot download the WSDLs from the service. Getting the full exception dumped in the log requires a "hack" to the check() method of the connector, but I'm pretty sure that's what's happening anyway. Karl > On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke > wrote: > Hi, > > I tried to use the CSWS connector, but already for the Authority > connection I receive a > org.apache.cxf.service.factory.ServiceConstructionException: Failed > to create service. > > Unfortunately I don’t see more details , also not in the log (debug > is activated). I try to get a little bit more output by modifying the > connector, but maybe someone has already an idea why this can happen? > > Are there some special instructions to use it? The pointers to the > webservices are correct, I tested via Curl and SOAPUI. > > > Thank you. > Best regards
Re: CSWS Connector : ServiceConstructionException: Failed to create service
Hmm, others have succeeded setting up SSL connections with the current code. Hoping they chime in here. Karl On Tue, Jan 14, 2020, 8:19 AM Jörn Franke wrote: > It seems that it has indeed a certificate issue as it cannot find a valid > certification path to the target. The thing is: I added those certificates > in the UI should it should not happen. > > > > Am 10.01.2020 um 20:51 schrieb Jörn Franke : > > > 2.15 ... > I will try on the weekend to see if I can get some logs out of it. > > Am 10.01.2020 um 19:02 schrieb Karl Wright : > > > Can I ask what version of MCF you are using? There were issues with SSL > in the first release of the csws connector if I recall correctly, that were > fixed for the second release. > > Karl > > > On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke wrote: > >> I added root, intermediate and server certificate (in base64 cer, it >> seems to be recognized by manifoldcf), but I still get the same message. I >> will try to get somehow the full stacktrace >> >> Am 10.01.2020 um 17:21 schrieb Karl Wright : >> >> >> If you are using SSL you need to have the proper certificate saved in the >> connection's keystore. >> Karl >> >> >> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke >> wrote: >> >>> It is actually a server using configuration of the command - driven >>> multi-process model (but the agents executed as a service and the war on a >>> tomcat executed as a service) under Linux. >>> >>> I thought as well that it cannot reach the webservices, the question is >>> why. On the same server I can reach the webservices and fetch the WSDL >>> without issues. >>> Maybe sth related to ssl ? >>> >>> Am 10.01.2020 um 14:59 schrieb Karl Wright : >>> >>> >>> How are you running manifoldcf? Single process example, or a custom >>> setup of some kind? >>> >>> This exception is a "catch all" exception generated far below anything >>> in ManifoldCF, but usually means it cannot download the WSDLs from the >>> service. Getting the full exception dumped in the log requires a "hack" to >>> the check() method of the connector, but I'm pretty sure that's what's >>> happening anyway. >>> >>> Karl >>> >>> >>> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke >>> wrote: >>> Hi, I tried to use the CSWS connector, but already for the Authority connection I receive a org.apache.cxf.service.factory.ServiceConstructionException: Failed to create service. Unfortunately I don’t see more details , also not in the log (debug is activated). I try to get a little bit more output by modifying the connector, but maybe someone has already an idea why this can happen? Are there some special instructions to use it? The pointers to the webservices are correct, I tested via Curl and SOAPUI. Thank you. Best regards >>> >>>
Re: CSWS Connector : ServiceConstructionException: Failed to create service
It seems that it has indeed a certificate issue as it cannot find a valid certification path to the target. The thing is: I added those certificates in the UI should it should not happen. > Am 10.01.2020 um 20:51 schrieb Jörn Franke : > > > 2.15 ... > I will try on the weekend to see if I can get some logs out of it. > >>> Am 10.01.2020 um 19:02 schrieb Karl Wright : >>> >> >> Can I ask what version of MCF you are using? There were issues with SSL in >> the first release of the csws connector if I recall correctly, that were >> fixed for the second release. >> >> Karl >> >> >>> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke wrote: >>> I added root, intermediate and server certificate (in base64 cer, it seems >>> to be recognized by manifoldcf), but I still get the same message. I will >>> try to get somehow the full stacktrace >>> > Am 10.01.2020 um 17:21 schrieb Karl Wright : > If you are using SSL you need to have the proper certificate saved in the connection's keystore. Karl > On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke wrote: > It is actually a server using configuration of the command - driven > multi-process model (but the agents executed as a service and the war on > a tomcat executed as a service) under Linux. > > I thought as well that it cannot reach the webservices, the question is > why. On the same server I can reach the webservices and fetch the WSDL > without issues. > Maybe sth related to ssl ? > >>> Am 10.01.2020 um 14:59 schrieb Karl Wright : >>> >> >> How are you running manifoldcf? Single process example, or a custom >> setup of some kind? >> >> This exception is a "catch all" exception generated far below anything >> in ManifoldCF, but usually means it cannot download the WSDLs from the >> service. Getting the full exception dumped in the log requires a "hack" >> to the check() method of the connector, but I'm pretty sure that's >> what's happening anyway. >> >> Karl >> >> >>> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke >>> wrote: >>> Hi, >>> >>> I tried to use the CSWS connector, but already for the Authority >>> connection I receive a >>> org.apache.cxf.service.factory.ServiceConstructionException: Failed to >>> create service. >>> >>> Unfortunately I don’t see more details , also not in the log (debug is >>> activated). I try to get a little bit more output by modifying the >>> connector, but maybe someone has already an idea why this can happen? >>> >>> Are there some special instructions to use it? The pointers to the >>> webservices are correct, I tested via Curl and SOAPUI. >>> >>> >>> Thank you. >>> Best regards
LDAPV3 SSL Support
Hi All, Do we support LDAPV3 with/out SSL support? Kind Regards, Furkan KAMACI
