https://connect.hyland.com/t5/alfresco-archive/how-to-implement-ssl-in-apache-cxf-client/m-p/250797#M203927 <HTML><HEAD></HEAD><BODY><SPAN>Hi All,</SPAN><BR /><BR /><SPAN>I have generated CMIS stub classes using Apache CXF framework it works fine.</SPAN><BR /><BR /><SPAN>Now we have a requirement to secure Alfresco server with SSL/HTTPS protocol, which we have implemented in tomcat.</SPAN><BR /><BR /><SPAN>Now when I pass server URL as </SPAN><A href="https://serverip:8443" rel="nofollow noopener noreferrer">https://serverip:8443</A><SPAN> it gives following message in console</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />INFO [org.apache.cxf.transport.https.HttpsURLConnectionFactory]: The cipher suite filters have not been configured, falling back to default filters.<BR />INFO [org.apache.cxf.transport.https.HttpsURLConnectionFactory]: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.&nbsp; <BR /><BR /><BR />Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR: Problem parsing '<A href="https://serverip:8443/alfresco/cmis/NavigationService?wsdl" rel="nofollow noopener noreferrer">https://serverip:8443/alfresco/cmis/NavigationService?wsdl</A>'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(Unknown Source)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:232)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:179)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.cxf.wsdl11.WSDLServiceFactory.&lt;init&gt;(WSDLServiceFactory.java:91)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; … 19 more<BR />Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.<A _jive_internal="true" href="https://community.alfresco.com/www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)" rel="nofollow noopener noreferrer">www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)</A><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.<A _jive_internal="true" href="https://community.alfresco.com/www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)" rel="nofollow noopener noreferrer">www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)</A><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.<A _jive_internal="true" href="https://community.alfresco.com/www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)" rel="nofollow noopener noreferrer">www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)</A><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.<A _jive_internal="true" href="https://community.alfresco.com/www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)" rel="nofollow noopener noreferrer">www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)</A><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:677)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; … 25 more<BR />Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.security.validator.Validator.validate(Validator.java:218)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; … 43 more<BR />Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; … 49 more<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>I am not an expert in webservice part. Can anyone guide what can be done to make it work?</SPAN><BR /><SPAN>Does it require any change in CMIS WSDL document?</SPAN><BR /><BR /><SPAN>I am using following code example</SPAN><BR /><A href="https://migration33.stage.lithium.com/" rel="nofollow noopener noreferrer"><BR />http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/remote-api/source/sample/JavaCmisTest/src/org/alfresco/cmis/ws/example/CmisUtils.java<BR />'&gt;<BR />http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/projects/remote-api/source/sample/JavaCmisTest/src/org/alfresco/cmis/ws/example/CmisUtils.java<BR /></A><BR /><BR /><BR /><BR /><SPAN>Thanks</SPAN><BR /><SPAN>Nikesh</SPAN></BODY></HTML> Fri, 08 Apr 2011 11:07:00 GMT nikes 2011-04-08T11:07:00Z https://connect.hyland.com/t5/alfresco-archive/how-to-implement-ssl-in-apache-cxf-client/m-p/250797#M203927 Hi All,I have generated CMIS stub classes using Apache CXF framework it works fine.Now we have a requirement to secure Alfresco server with SSL/HTTPS protocol, which we have implemented in tomcat.Now when I pass server URL as https://serverip:8443 it gives following message in consoleINFO [org.apach Fri, 08 Apr 2011 11:07:00 GMT https://connect.hyland.com/t5/alfresco-archive/how-to-implement-ssl-in-apache-cxf-client/m-p/250797#M203927 nikes 2011-04-08T11:07:00Z https://connect.hyland.com/t5/alfresco-archive/how-to-implement-ssl-in-apache-cxf-client/m-p/250798#M203928 <HTML><HEAD></HEAD><BODY><SPAN>Are you using a self signed certificate?</SPAN><BR /><SPAN>If so, you have to add your server certificate to your trusted Java key store on the client side.</SPAN></BODY></HTML> Tue, 12 Apr 2011 11:50:16 GMT https://connect.hyland.com/t5/alfresco-archive/how-to-implement-ssl-in-apache-cxf-client/m-p/250798#M203928 fmui 2011-04-12T11:50:16Z https://connect.hyland.com/t5/alfresco-archive/how-to-implement-ssl-in-apache-cxf-client/m-p/250799#M203929 <HTML><HEAD></HEAD><BODY><SPAN>Yes. We are using self-signed certificate.</SPAN><BR /><BR /><SPAN>I imported the certificate in "cacerts" file.</SPAN><BR /><SPAN>I had to set following runtime properties to make it work.</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />System.setProperty("javax.net.ssl.keyStore", "PathTo\\cacerts");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; System.setProperty("javax.net.ssl.keyStorePassword", "Password");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; System.setProperty("javax.net.ssl.trustStore", "PathTo\\cacerts");<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; System.setProperty("javax.net.ssl.trustStorePassword", "Password");<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>I am not sure why password is required when accessing from Java and not from Web Broswer?</SPAN><BR /><BR /><SPAN>Thanks</SPAN><BR /><SPAN>Nikesh</SPAN></BODY></HTML> Mon, 18 Apr 2011 14:17:07 GMT https://connect.hyland.com/t5/alfresco-archive/how-to-implement-ssl-in-apache-cxf-client/m-p/250799#M203929 nikes 2011-04-18T14:17:07Z