The design of ManifoldCF deliberately manages keystores on a connection by connection basis, not globally. If you think the only way to implement TLS is via global keystore I very much doubt it.
I am on the road until late tomorrow but somewhere along the line I can do some research into why TLS won't work as we are currently doing it. Karl On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke <jornfra...@gmail.com> wrote: > These are TLS only. So maybe you have other servers where tls and ssl are > possible and it downgrades to ssl.however, this is speculation and I need > to verify it. I have to rebuilt manifold for that. Probably I have to > reinstall everything as the keystorefactory is a dependency in the > connector. > > Am 14.01.2020 um 18:34 schrieb Karl Wright <daddy...@gmail.com>: > > > If you can recommend changes to support TLS, that would be great. The > basic infrastructure should still work; it is just a custom keystone and > associated SSLSocketFactory, which I think also is used for TLS > connections, unless I am missing something. > > On Tue, Jan 14, 2020, 9:38 AM Jörn Franke <jornfra...@gmail.com> wrote: > >> Yes this works fine. I believe the error comes from the fact that TLS >> connections are not supported. >> >> Am 14.01.2020 um 15:31 schrieb Michael Cizmar <michael.ciz...@mcplusa.com >> >: >> >> >> >> If you want to test the url and the ssl, I would recommend attempting >> using SSLPoke to confirm that they keystore is setup properly: >> >> >> >> https://github.com/MichalHecko/SSLPoke >> >> >> >> Michael >> >> >> >> *From: *Karl Wright <daddy...@gmail.com> >> *Reply-To: *"user@manifoldcf.apache.org" <user@manifoldcf.apache.org> >> *Date: *Tuesday, January 14, 2020 at 7:21 AM >> *To: *"user@manifoldcf.apache.org" <user@manifoldcf.apache.org> >> *Subject: *Re: CSWS Connector : ServiceConstructionException: Failed to >> create service >> >> >> >> Hmm, others have succeeded setting up SSL connections with the current >> code. Hoping they chime in here. >> >> >> >> Karl >> >> >> >> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke <jornfra...@gmail.com> wrote: >> >> It seems that it has indeed a certificate issue as it cannot find a valid >> certification path to the target. The thing is: I added those certificates >> in the UI should it should not happen. >> >> >> >> >> >> >> >> Am 10.01.2020 um 20:51 schrieb Jörn Franke <jornfra...@gmail.com>: >> >> 2.15 ... >> >> I will try on the weekend to see if I can get some logs out of it. >> >> >> >> Am 10.01.2020 um 19:02 schrieb Karl Wright <daddy...@gmail.com>: >> >> Can I ask what version of MCF you are using? There were issues with SSL >> in the first release of the csws connector if I recall correctly, that were >> fixed for the second release. >> >> >> >> Karl >> >> >> >> >> >> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke <jornfra...@gmail.com> >> wrote: >> >> I added root, intermediate and server certificate (in base64 cer, it >> seems to be recognized by manifoldcf), but I still get the same message. I >> will try to get somehow the full stacktrace >> >> >> >> Am 10.01.2020 um 17:21 schrieb Karl Wright <daddy...@gmail.com>: >> >> If you are using SSL you need to have the proper certificate saved in the >> connection's keystore. >> >> Karl >> >> >> >> >> >> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke <jornfra...@gmail.com> >> wrote: >> >> It is actually a server using configuration of the command - driven >> multi-process model (but the agents executed as a service and the war on a >> tomcat executed as a service) under Linux. >> >> >> >> I thought as well that it cannot reach the webservices, the question is >> why. On the same server I can reach the webservices and fetch the WSDL >> without issues. >> >> Maybe sth related to ssl ? >> >> >> >> Am 10.01.2020 um 14:59 schrieb Karl Wright <daddy...@gmail.com>: >> >> How are you running manifoldcf? Single process example, or a custom >> setup of some kind? >> >> This exception is a "catch all" exception generated far below anything in >> ManifoldCF, but usually means it cannot download the WSDLs from the >> service. Getting the full exception dumped in the log requires a "hack" to >> the check() method of the connector, but I'm pretty sure that's what's >> happening anyway. >> >> Karl >> >> >> >> >> >> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke <jornfra...@gmail.com> wrote: >> >> Hi, >> >> I tried to use the CSWS connector, but already for the Authority >> connection I receive a >> org.apache.cxf.service.factory.ServiceConstructionException: Failed to >> create service. >> >> Unfortunately I don’t see more details , also not in the log (debug is >> activated). I try to get a little bit more output by modifying the >> connector, but maybe someone has already an idea why this can happen? >> >> Are there some special instructions to use it? The pointers to the >> webservices are correct, I tested via Curl and SOAPUI. >> >> >> Thank you. >> Best regards >> >>
