What it means is that CXF is trying to load the keystore referenced by the "javax.net.ssl.keyStore" system property. If you don't want to load a keyManager for TLS then you will need to unset this property. Otherwise, perhaps you are not also setting the "javax.net.ssl.keyStoreType" property (to "JKS")? Or the "javax.net.ssl.keyStorePassword" property?
Colm. On Thu, Jun 13, 2019 at 9:41 AM luke <[email protected]> wrote: > Hi > In my cxf client I'mconnecting to a Ws soap in https setting tls > properties. > > All works properly. > > Recently I've updated cxf libraries from a 3.0.x to 3.3.x version. > > It continue to works correctly, but I've only this warning in my logs: > > Jun 13, 2019 10:31:40 AM org.apache.cxf.configuration.jsse.SSLUtils > loadDefaultKeyManagers > WARNING: Default key managers cannot be initialized: > DerInputStream.getLength(): lengthTag=109, too big. > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. > at sun.security.util.DerInputStream.getLength(DerInputStream.java:599) > at sun.security.util.DerValue.init(DerValue.java:391) > at sun.security.util.DerValue.<init>(DerValue.java:332) > at sun.security.util.DerValue.<init>(DerValue.java:345) > at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914) > at java.security.KeyStore.load(KeyStore.java:1445) > at > > org.apache.cxf.configuration.jsse.SSLUtils.loadDefaultKeyManagers(SSLUtils.java:122) > at > > org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(SSLUtils.java:88) > at org.apache.cxf.transport.https.SSLUtils.getSSLContext(SSLUtils.java:75) > at > > org.apache.cxf.transport.https.HttpsURLConnectionFactory.decorateWithTLS(HttpsURLConnectionFactory.java:144) > at > > org.apache.cxf.transport.https.HttpsURLConnectionFactory.createConnection(HttpsURLConnectionFactory.java:101) > at > > org.apache.cxf.transport.http.URLConnectionHTTPConduit.createConnection(URLConnectionHTTPConduit.java:121) > at > > org.apache.cxf.transport.http.URLConnectionHTTPConduit.setupConnection(URLConnectionHTTPConduit.java:125) > at org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:505) > at > > org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:47) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313) > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140) > > The problem could be that I configure a trustManager but not the > KeyManager? > what does it mean in practice? > > thanks a lot > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
