Yes I think :-) The problem is that Java will not establish a connection, because it does not trust the other party. Java will only trust the HTTP server on the other side of the connection, if it is able to check the path of the site's certificate, thus it originates from a trusted source.
Because of this you need to tell java that you trust the issuer of the other site's certificate. 2008/9/30 Bazaj, Taru (IT) <[EMAIL PROTECTED]> > Thanks for replying... I am pretty new to this area so don't know much... > But as far as I know if I have included the certs file location in the > spring config file of my project there should not be any problem in picking > it up... > > Do you still think I have to configure Java security to be able to > establish a https connection..? > > Thanks! > Taru > > Taru Bazaj > Morgan Stanley | Technology > Bldg. 5, Sector 30, Mindspace, Goregaon (West) > Mumbai (Ex Bombay), 400 090 > Phone: +91 22 6641-0281 > [EMAIL PROTECTED] > > -----Original Message----- > From: Balazs Kollar [mailto:[EMAIL PROTECTED] > Sent: 30 September 2008 18:24 > To: [email protected] > Subject: Re: FW: Generating apache cxf client for an https connection > > Hi, > I think that this problem is not CXF related. You have to configure Java > security, so javax.net.ssl.HttpsURLConnection will be able to establish a > HTTPS connection. > > See this: > http://forums.sun.com/thread.jspa?threadID=515154&messageID=2453574 > > Balázs > > 2008/9/30 Bazaj, Taru (IT) <[EMAIL PROTECTED]> > > > Hi friends, > > > > I am working on a project to create java client for a web service that > > uses https protocol. I have added the certificate required for the > > connection in my project and provided the path in my spring config file. > > > > But, when I run the project I get the exception "unable to find valid > > certification path to requested target". I am not able to find out > > what am I doing wrong. > > > > I have attached the certificate( ypou have to change it from .abc to > > .cer), the wsdl exposed by the web service . > > > > The cofig file I wrote is as follows: > > > > > > <? > > xml version="1.0" encoding="UTF-8"?> > > > > < > > beans xmlns="http://www.springframework.org/schema/beans"; > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > > xmlns:cxf="http://cxf.apache.org/core"; > > > > xmlns:jaxws="http://cxf.apache.org/jaxws"; > > > > xmlns:http="http://cxf.apache.org/transports/http/configuration"; > > > > xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; > > > > xmlns:sec="http://cxf.apache.org/configuration/security"; > > > > xsi:schemaLocation=*"* > > > > http:*//schemas.xmlsoap.or*g*/wsdl/* > > http:*//schemas.xmlsoap.or*g*/wsdl/* > > > > http:*//cxf.apache.or*g*/confi*guration*/security* > > http:*//cxf.apache.or*g > > */schemas/confi*guration*/security.xsd* > > > > http:*//cxf.apache.or*g*/transports/http/confi*guration > > > > http:*//cxf.apache.or*g*/schemas/confi*guration*/http-conf.xsd* > > > > http:*//cxf.apache.or*g*/transports/http-jetty/confi*guration > > > > http:*//cxf.apache.or*g*/schemas/confi*guration*/http-jetty.xsd* > > > > http: > > *//cxf.apache.or*g*/core* http:*//cxf.apache.or*g*/schemas/core.xsd* > > > > http: > > *//www.sprin*gframework.org*/schema/beans* http:*//www.sprin* > > gframework.org*/schema/beans/sprin*g-beans-2.0.xsd > > > > http: > > *//cxf.apache.or*g*/jaxws* > > http:*//cxf.apache.or*g*/schemas/jaxws.xsd"*> > > > > <http:conduit name="{ > > http://schemas.microsoft.com/exchange/services/2006/messages}ExchangeS > > ervicePort-http-conduit<http://schemas.microsoft.com/exchange/services > > /2006/messages%7DExchangeServicePort-http-conduit> > > "> > > > > <http:tlsClientParameters> > > > > <sec:trustManagers> > > > > <sec:keyStore type="JKS" password="123456" > > > > file="C:\Documents and > > > Settings\bazajta\MSDE\eclipseide\3.2\workspace\default\ews_client\packages\com\microsoft\schemas\exchange\services\_2006\certs\keystore" > > /> > > > > </sec:trustManagers> > > > > <sec:cipherSuitesFilter> > > > > <!-- these filters ensure that a ciphersuite with--> > > > > <!-- export-suitable or null encryption is used, but--> > > > > <!-- exclude anonymous Diffie-Hellman key change as this--> > > > > <!-- is vulnerable to man-in-the-middle attacks--> > > > > <sec:include>.*_EXPORT_.*</sec:include> > > > > <sec:include>.*_EXPORT1024_.*</sec:include> > > > > <sec:include>.*_WITH_DES_.*</sec:include> > > > > <sec:include>.*_WITH_NULL_.*</sec:include> > > > > <sec:exclude>.*_DH_anon_.*</sec:exclude> > > > > </sec:cipherSuitesFilter> > > > > </http:tlsClientParameters> > > > > </http:conduit> > > > > <!-- We need a bean named "cxf" --> > > > > <!-- <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />--> > > > > </ > > beans> > > > > If anyone has worked on anything similar or could think of anything to > > solve the issue please get back to me. I need this working urgently. > > > > Any help is much appreciated. > > > > Thanks a lot ! > > > > Taru > > > > Taru Bazaj > > Morgan Stanley | Technology > > Bldg. 5, Sector 30, Mindspace, Goregaon (West) Mumbai (Ex Bombay), 400 > > 090 > > Phone: +91 22 6641-0281 > > [EMAIL PROTECTED] > > > > ------------------------------ > > > > NOTICE: If received in error, please destroy and notify sender. Sender > > does not intend to waive confidentiality or privilege. Use of this > > email is prohibited when received in error. > > > > > > -- > Balázs > > "A good indication of when you are really starting to get to grips with a > subject, I find, is when you start to know the right questions to ask. > (Knowing the answers to these questions comes much later. That's > expertise.) Once you are at this point, you can really start to take off: if > only because once at this point, Google can usually help you out." > -------------------------------------------------------- > > NOTICE: If received in error, please destroy and notify sender. Sender does > not intend to waive confidentiality or privilege. Use of this email is > prohibited when received in error. > -- Balázs "A good indication of when you are really starting to get to grips with a subject, I find, is when you start to know the right questions to ask. (Knowing the answers to these questions comes much later. That's expertise.) Once you are at this point, you can really start to take off: if only because once at this point, Google can usually help you out."
