It looks looks TLS is actually enabled in the SSLSocketFactory framework based on how you create the SSLSocketContext. See:
https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html Karl On Tue, Jan 14, 2020 at 5:48 PM Karl Wright <daddy...@gmail.com> wrote: > The design of ManifoldCF deliberately manages keystores on a connection by > connection basis, not globally. If you think the only way to implement TLS > is via global keystore I very much doubt it. > > I am on the road until late tomorrow but somewhere along the line I can do > some research into why TLS won't work as we are currently doing it. > > Karl > > > On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke <jornfra...@gmail.com> wrote: > >> These are TLS only. So maybe you have other servers where tls and ssl are >> possible and it downgrades to ssl.however, this is speculation and I need >> to verify it. I have to rebuilt manifold for that. Probably I have to >> reinstall everything as the keystorefactory is a dependency in the >> connector. >> >> Am 14.01.2020 um 18:34 schrieb Karl Wright <daddy...@gmail.com>: >> >> >> If you can recommend changes to support TLS, that would be great. The >> basic infrastructure should still work; it is just a custom keystone and >> associated SSLSocketFactory, which I think also is used for TLS >> connections, unless I am missing something. >> >> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke <jornfra...@gmail.com> wrote: >> >>> Yes this works fine. I believe the error comes from the fact that TLS >>> connections are not supported. >>> >>> Am 14.01.2020 um 15:31 schrieb Michael Cizmar < >>> michael.ciz...@mcplusa.com>: >>> >>> >>> >>> If you want to test the url and the ssl, I would recommend attempting >>> using SSLPoke to confirm that they keystore is setup properly: >>> >>> >>> >>> https://github.com/MichalHecko/SSLPoke >>> >>> >>> >>> Michael >>> >>> >>> >>> *From: *Karl Wright <daddy...@gmail.com> >>> *Reply-To: *"user@manifoldcf.apache.org" <user@manifoldcf.apache.org> >>> *Date: *Tuesday, January 14, 2020 at 7:21 AM >>> *To: *"user@manifoldcf.apache.org" <user@manifoldcf.apache.org> >>> *Subject: *Re: CSWS Connector : ServiceConstructionException: Failed to >>> create service >>> >>> >>> >>> Hmm, others have succeeded setting up SSL connections with the current >>> code. Hoping they chime in here. >>> >>> >>> >>> Karl >>> >>> >>> >>> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke <jornfra...@gmail.com> wrote: >>> >>> It seems that it has indeed a certificate issue as it cannot find a >>> valid certification path to the target. The thing is: I added those >>> certificates in the UI should it should not happen. >>> >>> >>> >>> >>> >>> >>> >>> Am 10.01.2020 um 20:51 schrieb Jörn Franke <jornfra...@gmail.com>: >>> >>> 2.15 ... >>> >>> I will try on the weekend to see if I can get some logs out of it. >>> >>> >>> >>> Am 10.01.2020 um 19:02 schrieb Karl Wright <daddy...@gmail.com>: >>> >>> Can I ask what version of MCF you are using? There were issues with SSL >>> in the first release of the csws connector if I recall correctly, that were >>> fixed for the second release. >>> >>> >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke <jornfra...@gmail.com> >>> wrote: >>> >>> I added root, intermediate and server certificate (in base64 cer, it >>> seems to be recognized by manifoldcf), but I still get the same message. I >>> will try to get somehow the full stacktrace >>> >>> >>> >>> Am 10.01.2020 um 17:21 schrieb Karl Wright <daddy...@gmail.com>: >>> >>> If you are using SSL you need to have the proper certificate saved in >>> the connection's keystore. >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke <jornfra...@gmail.com> >>> wrote: >>> >>> It is actually a server using configuration of the command - driven >>> multi-process model (but the agents executed as a service and the war on a >>> tomcat executed as a service) under Linux. >>> >>> >>> >>> I thought as well that it cannot reach the webservices, the question is >>> why. On the same server I can reach the webservices and fetch the WSDL >>> without issues. >>> >>> Maybe sth related to ssl ? >>> >>> >>> >>> Am 10.01.2020 um 14:59 schrieb Karl Wright <daddy...@gmail.com>: >>> >>> How are you running manifoldcf? Single process example, or a custom >>> setup of some kind? >>> >>> This exception is a "catch all" exception generated far below anything >>> in ManifoldCF, but usually means it cannot download the WSDLs from the >>> service. Getting the full exception dumped in the log requires a "hack" to >>> the check() method of the connector, but I'm pretty sure that's what's >>> happening anyway. >>> >>> Karl >>> >>> >>> >>> >>> >>> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke <jornfra...@gmail.com> >>> wrote: >>> >>> Hi, >>> >>> I tried to use the CSWS connector, but already for the Authority >>> connection I receive a >>> org.apache.cxf.service.factory.ServiceConstructionException: Failed to >>> create service. >>> >>> Unfortunately I don’t see more details , also not in the log (debug is >>> activated). I try to get a little bit more output by modifying the >>> connector, but maybe someone has already an idea why this can happen? >>> >>> Are there some special instructions to use it? The pointers to the >>> webservices are correct, I tested via Curl and SOAPUI. >>> >>> >>> Thank you. >>> Best regards >>> >>>