Re: Jetty or CXF Http:Conduit for SSL?

Mon, 26 Aug 2013 02:26:20 -0700 

If it doesn't help, please enable SSL debuging with the JVM option "
javax.net.debug=all" as shown at [1].

[1]
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/samples/sslengine/SSLEngineSimpleDemo.java

Best,
Christian
-----------------

Software Integration Specialist

Apache Camel committer: https://camel.apache.org/team
V.P. Apache Camel: https://www.apache.org/foundation/
Apache Member: https://www.apache.org/foundation/members.html

https://www.linkedin.com/pub/christian-mueller/11/551/642


On Mon, Aug 26, 2013 at 10:39 AM, Aki Yoshida <elak...@gmail.com> wrote:

> have you verified by which certificate your service provider (SAP
> PI)'s certificate is signed and if this certificate is in your
> truststore? I think it's not in there, so the cxf client can't verify
> the provider's certificate.
>
>
>
> 2013/8/26 contactreji <contactr...@gmail.com>:
> > hi Bharath
> >
> > its as follows
> > <http:conduit
> >
> name="{urn:outotec:pi:mes:id56:CopperRecovery}.HTTPS_Port.http-conduit">
> >
> >                 <http:tlsClientParameters>
> >
> >                         <sec:keyManagers keyPassword="fuseesb">
> >                                 <sec:keyStore type="JKS"
> password="fuseesb"
> > resource="certs/keystore.jks" />
> >                         </sec:keyManagers>
> >                         <sec:trustManagers>
> >                                 <sec:keyStore type="JKS" password="fuse"
> >                                         resource="certs/truststore.jks"
> />
> >                         </sec:trustManagers>
> >
> >
> >                         <sec:cipherSuitesFilter>
> >
> >                                 <sec:include>.*_EXPORT_.*</sec:include>
> >
> <sec:include>.*_EXPORT1024_.*</sec:include>
> >                                 <sec:include>.*_WITH_DES_.*</sec:include>
> >                                 <sec:include>.*_WITH_AES_.*</sec:include>
> >
> <sec:include>.*_WITH_NULL_.*</sec:include>
> >                                 <sec:exclude>.*_DH_anon_.*</sec:exclude>
> >                         </sec:cipherSuitesFilter>
> >                 </http:tlsClientParameters>
> >
> >                 <http:client AutoRedirect="true" Connection="Keep-Alive"
> />
> >
> >         </http:conduit>
> >
> > I am getting following exception
> > *
> > Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException
> > invoking
> >
> https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery
> :
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find
> > valid certification path to requested target
> >         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> > Method)[:1.6.0_45]
> >         at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown
> > Source)[:1.6.0_45]
> >         at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
> > Source)[:1.6.0_45]
> >         at java.lang.reflect.Constructor.newInstance(Unknown
> Source)[:1.6.0_45]
> >         at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> >         at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> >         at
> >
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
> >         at
> >
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> >         at
> >
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
> >         ... 65 more
> > Caused by: javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find
> > valid certification path to requested target
> >         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> > Source)[:1.6]
> >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
> Source)[:1.6]
> >         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)[:1.6]
> >         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)[:1.6]
> >         at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)[:1.6]
> >         at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> > Source)[:1.6]
> >         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> > Source)[:1.6]
> >         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> > Source)[:1.6]
> >         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> > Source)[:1.6]
> >         at
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source)[:1.6]
> >         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)[:1.6]
> >         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)[:1.6]
> >         at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> > Source)[:1.6]
> >         at
> >
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> > Source)[:1.6]
> >         at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
> > Source)[:1.6.0_45]
> >         at
> > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
> > Source)[:1.6]
> >         at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> >         at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> >         at
> >
> org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
> >         at
> >
> org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
> >         at
> >
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
> >         ... 68 more
> > Caused by: sun.security.validator.ValidatorException: PKIX path building
> > failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable
> > to find valid certification path to requested target
> >         at sun.security.validator.PKIXValidator.doBuild(Unknown
> Source)[:1.6.0_45]
> >         at sun.security.validator.PKIXValidator.engineValidate(Unknown
> > Source)[:1.6.0_45]
> >         at sun.security.validator.Validator.validate(Unknown
> Source)[:1.6.0_45]
> >         at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> > Source)[:1.6]
> >         at
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)[:1.6]
> >         at
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)[:1.6]
> >         ... 85 more
> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested target
> >         at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> > Source)[:1.6.0_45]
> >         at java.security.cert.CertPathBuilder.build(Unknown
> Source)[:1.6.0_45]*
> >
> >
> >
> > --
> > View this message in context:
> http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737935.html
> > Sent from the Camel - Users mailing list archive at Nabble.com.
>

Reply via email to