Yes it you do not change this setting as what I suspect happens here. See my previous mail for details.
> Am 14.01.2020 um 23:51 schrieb Karl Wright <[email protected]>: > > > It looks looks TLS is actually enabled in the SSLSocketFactory framework > based on how you create the SSLSocketContext. See: > > https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html > > Karl > > >> On Tue, Jan 14, 2020 at 5:48 PM Karl Wright <[email protected]> wrote: >> The design of ManifoldCF deliberately manages keystores on a connection by >> connection basis, not globally. If you think the only way to implement TLS >> is via global keystore I very much doubt it. >> >> I am on the road until late tomorrow but somewhere along the line I can do >> some research into why TLS won't work as we are currently doing it. >> >> Karl >> >> >>> On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke <[email protected]> wrote: >>> These are TLS only. So maybe you have other servers where tls and ssl are >>> possible and it downgrades to ssl.however, this is speculation and I need >>> to verify it. I have to rebuilt manifold for that. Probably I have to >>> reinstall everything as the keystorefactory is a dependency in the >>> connector. >>> >>>>> Am 14.01.2020 um 18:34 schrieb Karl Wright <[email protected]>: >>>>> >>>> >>>> If you can recommend changes to support TLS, that would be great. The >>>> basic infrastructure should still work; it is just a custom keystone and >>>> associated SSLSocketFactory, which I think also is used for TLS >>>> connections, unless I am missing something. >>>> >>>>> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke <[email protected]> wrote: >>>>> Yes this works fine. I believe the error comes from the fact that TLS >>>>> connections are not supported. >>>>> >>>>>>> Am 14.01.2020 um 15:31 schrieb Michael Cizmar >>>>>>> <[email protected]>: >>>>>>> >>>>>> >>>>>> If you want to test the url and the ssl, I would recommend attempting >>>>>> using SSLPoke to confirm that they keystore is setup properly: >>>>>> >>>>>> >>>>>> >>>>>> https://github.com/MichalHecko/SSLPoke >>>>>> >>>>>> >>>>>> >>>>>> Michael >>>>>> >>>>>> >>>>>> >>>>>> From: Karl Wright <[email protected]> >>>>>> Reply-To: "[email protected]" <[email protected]> >>>>>> Date: Tuesday, January 14, 2020 at 7:21 AM >>>>>> To: "[email protected]" <[email protected]> >>>>>> Subject: Re: CSWS Connector : ServiceConstructionException: Failed to >>>>>> create service >>>>>> >>>>>> >>>>>> >>>>>> Hmm, others have succeeded setting up SSL connections with the current >>>>>> code. Hoping they chime in here. >>>>>> >>>>>> >>>>>> >>>>>> Karl >>>>>> >>>>>> >>>>>> >>>>>> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke <[email protected]> wrote: >>>>>> >>>>>> It seems that it has indeed a certificate issue as it cannot find a >>>>>> valid certification path to the target. The thing is: I added those >>>>>> certificates in the UI should it should not happen. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Am 10.01.2020 um 20:51 schrieb Jörn Franke <[email protected]>: >>>>>> >>>>>> 2.15 ... >>>>>> >>>>>> I will try on the weekend to see if I can get some logs out of it. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Am 10.01.2020 um 19:02 schrieb Karl Wright <[email protected]>: >>>>>> >>>>>> Can I ask what version of MCF you are using? There were issues with SSL >>>>>> in the first release of the csws connector if I recall correctly, that >>>>>> were fixed for the second release. >>>>>> >>>>>> >>>>>> >>>>>> Karl >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke <[email protected]> >>>>>> wrote: >>>>>> >>>>>> I added root, intermediate and server certificate (in base64 cer, it >>>>>> seems to be recognized by manifoldcf), but I still get the same message. >>>>>> I will try to get somehow the full stacktrace >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Am 10.01.2020 um 17:21 schrieb Karl Wright <[email protected]>: >>>>>> >>>>>> If you are using SSL you need to have the proper certificate saved in >>>>>> the connection's keystore. >>>>>> >>>>>> Karl >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke <[email protected]> >>>>>> wrote: >>>>>> >>>>>> It is actually a server using configuration of the command - driven >>>>>> multi-process model (but the agents executed as a service and the war on >>>>>> a tomcat executed as a service) under Linux. >>>>>> >>>>>> >>>>>> >>>>>> I thought as well that it cannot reach the webservices, the question is >>>>>> why. On the same server I can reach the webservices and fetch the WSDL >>>>>> without issues. >>>>>> >>>>>> Maybe sth related to ssl ? >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Am 10.01.2020 um 14:59 schrieb Karl Wright <[email protected]>: >>>>>> >>>>>> How are you running manifoldcf? Single process example, or a custom >>>>>> setup of some kind? >>>>>> >>>>>> This exception is a "catch all" exception generated far below anything >>>>>> in ManifoldCF, but usually means it cannot download the WSDLs from the >>>>>> service. Getting the full exception dumped in the log requires a "hack" >>>>>> to the check() method of the connector, but I'm pretty sure that's >>>>>> what's happening anyway. >>>>>> >>>>>> Karl >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke <[email protected]> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> I tried to use the CSWS connector, but already for the Authority >>>>>> connection I receive a >>>>>> org.apache.cxf.service.factory.ServiceConstructionException: Failed to >>>>>> create service. >>>>>> >>>>>> Unfortunately I don’t see more details , also not in the log (debug is >>>>>> activated). I try to get a little bit more output by modifying the >>>>>> connector, but maybe someone has already an idea why this can happen? >>>>>> >>>>>> Are there some special instructions to use it? The pointers to the >>>>>> webservices are correct, I tested via Curl and SOAPUI. >>>>>> >>>>>> >>>>>> Thank you. >>>>>> Best regards
