Hi, thanks for your Help. But I solved the problem by entering the URL of the Service-Endpoint as the http:conduit-name, instead of the Namespace, Port and "http-conduit".
It now looks like this: <http:conduit name=" https://localhost:8443/test/service/userService";> --Benjamin 2009/4/28 Vassilis Virvilis <[email protected]> > On Monday 27 April 2009, Benjamin Ernst wrote: > > Hi, > > > > I am having problems with the Client-Configuration for HTTPS. My > > configuration looks like this: > > > > <http:conduit name="*.http-conduit"> > > <http:tlsClientParameters disableCNCheck="true"> > > <sec:trustManagers> > > <sec:keyStore type="JKS" password="password" > > file="conf/truststore.jks"/> > > </sec:trustManagers> > > <sec:keyManagers keyPassword="password"> > > <sec:keyStore type="JKS" password="password" > > file="conf/localhost.jks"/> > > </sec:keyManagers> > > <sec:cipherSuitesFilter> > > <!-- these filters ensure that a ciphersuite with > > export-suitable or null encryption is used, > > but exclude anonymous Diffie-Hellman key change as > > this is vulnerable to man-in-the-middle attacks --> > > <sec:include>.*_EXPORT_.*</sec:include> > > <sec:include>.*_EXPORT1024_.*</sec:include> > > <sec:include>.*_WITH_DES_.*</sec:include> > > <sec:include>.*_WITH_NULL_.*</sec:include> > > <sec:exclude>.*_DH_anon_.*</sec:exclude> > > </sec:cipherSuitesFilter> > > </http:tlsClientParameters> > > </http:conduit> > > You have to make sure you are using spring - otherwise the configuration is > not picked up. > > Alternatively you can configure your client through code like the fragment > below (~more or less) > > There is also a nice example in cxf tests or examples (can't remember). > Just search for SSL or TLS. It is more or less along these lines... > > if (protocol.equalsIgnoreCase("https")) { > log.debug("Customizing https://";); > HTTPConduit http = (HTTPConduit) client.getConduit(); > TLSClientParameters params = new TLSClientParameters(); > params.setSecureSocketProtocol("SSLv3"); > try { > params.setTrustManagers(getTrustManagers()); > } catch(Exception e) { > log.error(e, e); > } > > FiltersType filters = new FiltersType(); > filters.getInclude().add(".*"); > filters.getExclude().add(".*_DH_anon_.*"); > params.setCipherSuitesFilter(filters); > > http.setTlsClientParameters(params); > } > > > protected static TrustManager[] getTrustManagers() throws IOException, > GeneralSecurityException { > // First, get the default TrustManagerFactory. > String alg = TrustManagerFactory.getDefaultAlgorithm(); > TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg); > > // Next, set up the TrustStore to use. We need to load the file into > // a KeyStore instance. > InputStream fis = Resource.getInputStream("keystore.jks"); > KeyStore ks = KeyStore.getInstance("jks"); > ks.load(fis, null); > fis.close(); > > // Now we initialize the TrustManagerFactory with this KeyStore > tmFact.init(ks); > > // And now get the TrustManagers > TrustManager[] tms = tmFact.getTrustManagers(); > return tms; > } > > >
