[
https://issues.apache.org/jira/browse/CXF-5652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14066020#comment-14066020
]
Vjacheslav Borisov commented on CXF-5652:
-----------------------------------------
actually client with certificate authentication works with
-Djavax.net.ssl.trustStore=/etc/ssl/certs/trusted.cacerts
-Djavax.net.ssl.keyStore=/home/slavb/.java/deployment/security/trusted.clientcerts
-Djavax.net.ssl.keyStorePassword=changeit
when I use other types of ssl clients (URL.getConnection(), apache http client,
ldap client to ldaps:// url)
Well ,actually it is not too hard to configure apache webclient specially, but
after some time of work with https services on production system (3-4 hours)
i got the same handshake_failure error, which i cannot track down. this error
only happens with intensive https client work.
this is strange, becouse we working with client certifiacate auth for many
years in java with other types of cleints, and this configuration is working
stable
with only three properties
-Djavax.net.ssl.trustStore
-Djavax.net.ssl.keyStore
-Djavax.net.ssl.keyStorePassword
May be i configure webclient incorectly, but this error (handshake failere
in3-4 hours on production system) is really hard to track down, i cannot repeat
it on development system.
> WebClient with SSL: javax.net.ssl.SSLHandshakeException handshake_failure
> -------------------------------------------------------------------------
>
> Key: CXF-5652
> URL: https://issues.apache.org/jira/browse/CXF-5652
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS
> Affects Versions: 3.0.0-milestone2
> Reporter: Vjacheslav Borisov
> Assignee: Andrei Shakirin
> Priority: Minor
>
> I got error when using WebClient with SSL using client certificate:
> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
> I found a way to fix this error
> KeyStore keyStore = KeyStore.getInstance("JKS");
> String trustpass = "chageit";
> File truststore = new
> File("/home/slavb/.java/deployment/security/trusted.clientcerts");
> keyStore.load(new FileInputStream(truststore),
> trustpass.toCharArray());
> KeyStore ts = KeyStore.getInstance("JKS");
> truststore = new File("/etc/ssl/certs/trusted.cacerts");
> ts.load(new FileInputStream(truststore), "".toCharArray());
> Client client = ClientBuilder.newBuilder().keyStore(keyStore,
> trustpass).
> trustStore(ts).build();
> And I have question, why WebClient is not working like embedded in java
> URLConnection or
> apache http client when I specify system properties
> -Djavax.net.ssl.trustStore=/etc/ssl/certs/trusted.cacerts
> -Djavax.net.ssl.keyStore=/home/slavb/.java/deployment/security/trusted.clientcerts
>
> -Djavax.net.ssl.keyStorePassword=changeit
> (i got error javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure when using SSL web client)
> Why it is need to configure ssl in code?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
