Hello! the <http:conduit name="https://localhost:.*";> not worked (same error), so I try to dig deeper, and find out, the keystore definition was wrong. I fix it, and its read the "*.http-conduit" too, but when I try to test, its read the global keystore again and not what I defined in the conduit: ------------ ... Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 trustStore is: C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts trustStore type is : jks trustStore provider is : init truststore .... -----------------
Csaba On 2018.03.20. 11:26, Colm O hEigeartaigh wrote: > What if you use something like this instead? > > <http:conduit name="https://localhost:.*";> > > If that doesn't work (with the correct domain name) then it looks like the > config is not getting picked up properly. > > Colm. > > On Mon, Mar 19, 2018 at 4:56 PM, Tóth Csaba <[email protected]> wrote: > >> Hello! >> >> I'd like call webservice from a server. I created everything, jut I need >> help to config the conduit proper: >> <http:conduit >> name="{urn:ihe:iti:hpd:2010}ProviderInformationDirectory_ >> Port_Soap12.http-conduit"> >> <http:tlsClientParameters> >> <sec:keyManagers keyPassword="password"> >> <sec:keyStore type="JKS" password="password" >> file="key/ldapClient.jks"/> >> </sec:keyManagers> >> <sec:trustManagers> >> <sec:keyStore type="JKS" password="password" >> file="key/ldapClient.jks"/> >> </sec:trustManagers> >> <sec:cipherSuitesFilter> >> <!-- these filters ensure that a ciphersuite with >> export-suitable or null encryption is used, >> but exclude anonymous Diffie-Hellman key change as >> this is vulnerable to man-in-the-middle attacks --> >> <sec:include>.*_EXPORT_.*</sec:include> >> <sec:include>.*_EXPORT1024_.*</sec:include> >> <sec:include>.*_WITH_DES_.*</sec:include> >> <sec:include>.*_WITH_AES_.*</sec:include> >> <sec:include>.*_WITH_NULL_.*</sec:include> >> <sec:exclude>.*_DH_anon_.*</sec:exclude> >> </sec:cipherSuitesFilter> >> </http:tlsClientParameters> >> >> </http:conduit> >> the port name in the wsdl: >> <port name="ProviderInformationDirectory_Port_Soap12" >> and the >> targetNamespace="urn:ihe:iti:hpd:2010" >> >> and its look like not working (the ssl log search the cert in the global >> java keystore and not in the conduit defined one) >> I try with: >> {urn:ihe:iti:hpd:2010}ProviderInformationDirectory_ >> Port_Soap12.http-conduit >> {urn:ihe:iti:hpd:2010}*.http-conduit >> *ProviderInformationDirectory_Port_Soap12.http-conduit >> with the same result. >> if I try with "*.http-conduit" I get an error: >> Error creating bean with name '*.http-conduit': Cannot create inner bean >> '(inner bean)#7a90b2df' of type >> [org.apache.cxf.configuration.jsse.TLSClientParametersConfig] while >> setting bean property 'tlsClientParameters' >> >> thanx for any help >> >> Csaba >> >> >
