web services - IBM Liberty SSL HANDSHAKE FAILURE -


i using liberty 16.0.0.4

i trying call xxxx soap services, got following errors

[error ] cwpki0022e: ssl handshake failure: signer subjectdn cn=xxxx, sent target host. signer might need added local trust store serverhome/resources/security/key.jks, located in ssl configuration alias defaultsslconfig. extended error message ssl handshake exception is: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target

i used next command generate certificate

openssl s_client -connect xxxxurl:443 | sed -ne '/-begin certificate-/,/-end certificate-/p' > xxx.cert

then injecting liberty jks default file next command

keytool -import -trustcacerts -alias xxxsigner -file xxx.cert -keystore *pathtohomeserver/resources/security/key.jks* -storepass liberty -storetype jks

also server.xml tags related that

<featuremanager>     <feature>webprofile-7.0</feature>     <feature>jaxb-2.2</feature>     <feature>concurrent-1.0</feature>     <feature>javamail-1.5</feature>     <feature>localconnector-1.0</feature>     <feature>jaxws-2.2</feature>     <feature>apidiscovery-1.0</feature>     <feature>ssl-1.0</feature> </featuremanager>  <keystore id="defaultkeystore" location="${server.config.dir}/resources/security/key.jks" password="{xor}ezy9oi0rjg==" type="jks" /> <keystore id="defaulttruststore" location="${server.config.dir}/resources/security/key.jks" password="{xor}ezy9oi0rjg==" type="jks" />  <ssldefault sslref="defaultsslconfig" />  <ssl id="defaultsslconfig" keystoreref="defaultkeystore" truststoreref="defaulttruststore" sslprotocol="tlsv1.2"/>  <httpendpoint id="defaulthttpendpoint" httpport="9080" httpsport="9443">     <ssloptions sslref="defaultsslconfig"></ssloptions> </httpendpoint>

so problem side

not sure why approach not working, way go use browser retrieve certificate , keytool add it, described here (see 8/5/2015 comment @ bottom of article): developer.ibm.com/wasdev/docs/single-sign-google-liberty


Comments

Post a Comment

Popular posts from this blog

inversion of control - Autofac named registration constructor injection -

does autofac support specifying registration name in components' constructors? example: ninject's namedattribute . you need use autofac.extras.attributed package on top achieve this so let's have 1 interface , 2 classes: public interface ihello { string sayhello(); } public class englishhello : ihello { public string sayhello() { return "hello"; } } public class frenchhello : ihello { public string sayhello() { return "bonjour"; } } then have consumer class, in want select instance injected: public class helloconsumer { private readonly ihello helloservice; public helloconsumer([withkey("en")] ihello helloservice) { if (helloservice == null) { throw new argumentnullexception("helloservice"); } this.helloservice = helloservice; } public string sayhello() { return this.helloservice.sayhello()...
Read more

verilog - Systemverilog dynamic casting issues -

i've code snippet following in testbench function void write_to_port( my_data_type_base data ); my_data_type_extended data_ext; if(!$cast(data_ext, data)); `uvm_error(get_type_name(), "failed cast"); `uvm_info(get_name(), $psprintf("data_ext :\n%s", data_ext.sprint()), uvm_medium) // write data_ext out port.... endfunction when run it, i'm getting uvm_error "failed cast." i'm not quire sure why $cast not returning 1. can see, i'm printing out extended class data item after casting uvm_info. can see it's being cast properly. if don't use $cast if condition, don't runtime error. isn't coding practice use if dynamic cast check if $cast returning 1 ? what might reason behind cast not returning 1 in above case? i think semicolon on line 'if' not belong? i think consumes if statement, , uvm_error executes regardless of how if evaluates: if(!$cast(data_ext, data)); <- no semico...
Read more

ios - Change Storyboard View using Seague -

i have following code checks connection server, , depending on want change views if no connection found. nsstring *connect = [nsstring stringwithcontentsofurl:[nsurl urlwithstring:@"http://myserver.com"] encoding:nsutf8stringencoding error:nil]; if (connect == null) { [self performseguewithidentifier:@"network_failure" sender:self]; } else { // other code here } my problem not change views. have added storyboard segue between 2 views identifier of network_failure . not have navigation controller or that, problem? thanks help! no not problem. first of all, in objectivec exists nil object oriented null . must use that. so: if(connect == nil) or better: if(!connect) so due fact nil not same of null , probably code does't enter in if scope . you have been able discover breakpoint. anyway: be sure set trigger segue (line) 2 view controller , , name network_failure (that not best name. should instead view1toview2 ) as, m...
Read more