IOException reading keystore for Web Service

Solution Verified - Updated -

Issue

We've configured a CXF Web Service client to call a Web Service secured with SSL. Here is out WS client configuration:

        <http:conduit name="*.http-conduit">

            <!--
            NOTE:  CNCheck is used to verify that the server's hostname matches the 
            DN in the presented certificate.  This should NOT be diabled in a 
            production environment.
            -->
            <http:tlsClientParameters disableCNCheck="true">
                <sec:keyManagers keyPassword="soaesb">
                    <sec:keyStore type="JKS" password="soaesb"
resource="/usr/local/fuse/esb/conf/esp-system.ks"/>
                </sec:keyManagers>
                <sec:trustManagers>
                    <sec:keyStore type="JKS" password="soaesb"
resource="/usr/local/fuse/esb/conf/esp-system.ts"/>
                </sec:trustManagers>
                <sec:cipherSuitesFilter>
                    <!-- these filters ensure that a ciphersuite with
                    export-suitable or null encryption is used,
                    but exclude anonymous Diffie-Hellman key change as
                    this is vulnerable to man-in-the-middle attacks -->
                    <sec:include>.*_EXPORT_.*</sec:include>
                    <sec:include>.*_EXPORT1024_.*</sec:include>
                    <sec:include>.*_WITH_DES_.*</sec:include>
                    <sec:include>.*_WITH_NULL_.*</sec:include>
                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
                </sec:cipherSuitesFilter>
            </http:tlsClientParameters>

        </http:conduit>

However, when we restart, we get this exception stack trace:

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory': Cannot create inner bean 'httpj:engine#ec9441' of type [org.apache.cxf.transport.http_jetty.spring.JettyHTTPServerEngineBeanDefinitionParser$SpringJettyHTTPServerEngine] while setting bean property 'enginesList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'httpj:engine#ec9441': Cannot create inner bean '(inner bean)' of type [org.apache.cxf.transport.http_jetty.spring.JettyHTTPServerEngineBeanDefinitionParser] while setting bean property 'tlsServerParameters'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#2': Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public static org.apache.cxf.configuration.jsse.spring.TLSServerParametersConfig org.apache.cxf.transport.http_jetty.spring.JettyHTTPServerEngineBeanDefinitionParser.createTLSServerParametersConfig(java.lang.String) throws java.security.GeneralSecurityException,java.io.IOException] threw exception; nested exception is java.io.IOException: Could not load keystore resource /usr/local/fuse/esp-system-certificates/esp-system.ks
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:230)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:117)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:287)

Environment

FUSE ESB 3.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.