Hi, I can tell your configuration didn't has the part of http-conduit setting, and the stack trace shows that HTTPConduit didn't configured rightly. Can you go through the example[1] I showed you before?
[1]http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-ConfiguringSSLSupport -- Willem Jiang Red Hat, Inc. Web: http://www.redhat.com Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English) http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese) Twitter: willemjiang Weibo: 姜宁willem On Saturday, August 24, 2013 at 3:16 PM, contactreji wrote: > Hi William > > I am getting a HANDSHAKE exception in the case now. I gave the proper path > to the jks file still its showing the following exception. > "unable to find valid certification path to requested target" > > Please find my error log > > > Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException > invoking > https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method)[:1.6.0_45] > at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown > Source)[:1.6.0_45] > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown > Source)[:1.6.0_45] > at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45] > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] > at > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] > at > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] > at > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] > ... 65 more > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown > Source)[:1.6] > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6] > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown > Source)[:1.6] > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown > Source)[:1.6] > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown > Source)[:1.6] > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown > Source)[:1.6] > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > Source)[:1.6] > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source)[:1.6] > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source)[:1.6] > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source)[:1.6] > at sun.net.www.protocol.https.HttpsClient.afterConnect > (http://www.protocol.https.HttpsClient.afterConnect)(Unknown > Source)[:1.6] > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect > (http://www.protocol.https.AbstractDelegateHttpsURLConnection.connect)(Unknown > Source)[:1.6] > at sun.net.www.protocol.http.HttpURLConnection.getOutputStream > (http://www.protocol.http.HttpURLConnection.getOutputStream)(Unknown > Source)[:1.6.0_45] > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream > (http://www.protocol.https.HttpsURLConnectionImpl.getOutputStream)(Unknown > Source)[:1.6] > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] > at > org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] > at > org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] > ... 68 more > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.6.0_45] > at sun.security.validator.PKIXValidator.engineValidate(Unknown > Source)[:1.6.0_45] > at sun.security.validator.Validator.validate(Unknown Source)[:1.6.0_45] > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown > Source)[:1.6] > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source)[:1.6] > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source)[:1.6] > ... 85 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown > Source)[:1.6.0_45] > at java.security.cert.CertPathBuilder.build(Unknown Source)[:1.6.0_45] > > > > Can I do the same using JETTY? > I have configured the jetty as follows > > > <bean id="jetty" > class="org.apache.camel.component.jetty.JettyHttpComponent"> > <property name="sslSocketConnectorProperties"> > <map> > <entry key="password" value="keystorepassword" /> > <entry key="keyPassword" value="keystorepassword" /> > <entry key="keystore" value="src/main/resources/certs/keystore.jks" /> > <entry key="truststore" value="src/main/resources/certs/truststore.jks" > /> > <entry key="trustPassword" value="truststorepassword" /> > <entry key="needClientAuth" value="true" /> > </map> > </property> > </bean> > > and configured jax:ws client as > > <jaxws:client id="PIServiceProxy" > > address="jetty:https://server1:8105/XISOAPAdapter/MessageServlet?senderParty=&senderService=BS_Q_MES_Miheevsky&receiverParty=&receiverService=&interface=SI_ID56_CopperRecovery_async_out&interfaceNamespace=urn:server:pi:mes:id56:CopperRecovery"; > > serviceClass="outotec.pi.mes.id56.copperrecovery.SIID56CopperRecoveryAsyncOut" > > username="userid" password="pwd" /> > > > Please let me know in case anything is wrong in the above configuration > settings. > > Reji > > > > -- > View this message in context: > http://camel.465427.n5.nabble.com/Using-SSL-Certificates-and-connecting-to-https-port-Truststore-files-provided-tp5737735p5737849.html > Sent from the Camel - Users mailing list archive at Nabble.com > (http://Nabble.com).
