How to connect to an SSL-enabled endpoint using CXF
Issue
- I need to consume a web service on the internet that is using TLS/HTTPS communication.
- Why does the Picketlink
WSTrustClientfail over HTTPS when CXF is installed? TheWSTrustClientworks when the STS server is not using mutual authentication with SSL. Enabling mutual authentication on the STS server causes the client to fail. - I have a JAX-WS client trying to connect to an SSL-enabled endpoint, but I get the following errors in the logs:
-
The endpoint's logs show:
SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification?" -
JBoss logs show:
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1694) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:939) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1467) at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103) ... -
We are trying to access CXF web services from within our Jboss application. We are getting SSLhandshake exceptions. The remote web service uses a wild card in the certificate and we need to use a wildcard host name verifier. We are unsure how to configure the truststore within JBoss. Is the cacerts file under the JVM used? We have these services running successfully on Weblogic but are trying to port them to JBoss.
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 5.1.x
- 6.x
- JBoss Web Services CXF
- Fuse Services Framework
- 2.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
