Providing keystore to webService client

Question

Hi I have created a web service client in eclipse from wsdl file. But when I try to access the service from client it says. No SSL configuration available for the endpoint. And then the address of my endpoint. Please let me know how can I provide ssl configuration through key store to my webservice client. I have standalone client and keystore provided by the client. TIA

Answer 1

You can do this by using Apache CXF and set up the client conduit. Refer to the Configuring SSL Support section in this great tutorial.

Hope this helps.

Answer 2

You may start by checking whats there in your keystore:

keytool -list -keystore D:\Tomcat\ukdp.keystore -storepass 123456

A sample of what your conduit definition might look like:-

<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:sec="http://cxf.apache.org/configuration/security"
  xmlns:http="http://cxf.apache.org/transports/http/configuration"
  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
  xsi:schemaLocation="
      http://cxf.apache.org/configuration/security
      http://cxf.apache.org/schemas/configuration/security.xsd
      http://cxf.apache.org/transports/http/configuration
      http://cxf.apache.org/schemas/configuration/http-conf.xsd
      http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

  <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">

    <http:tlsClientParameters>
      <sec:keyManagers keyPassword="password">
        <sec:keyStore type="JKS" password="password"
                      file="my/file/dir/Morpit.jks"/>
      </sec:keyManagers>
      <sec:trustManagers>
        <sec:keyStore type="JKS" password="password"
                      file="my/file/dir/Truststore.jks"/>
      </sec:trustManagers>
      <sec:cipherSuitesFilter>
        <!-- these filters ensure that a ciphersuite with
             export-suitable or null encryption is used,
             but exclude anonymous Diffie-Hellman key change as
             this is vulnerable to man-in-the-middle attacks -->
        <sec:include>.*_EXPORT_.*</sec:include>
        <sec:include>.*_EXPORT1024_.*</sec:include>
        <sec:include>.*_WITH_DES_.*</sec:include>
        <sec:include>.*_WITH_AES_.*</sec:include>
        <sec:include>.*_WITH_NULL_.*</sec:include>
        <sec:exclude>.*_DH_anon_.*</sec:exclude>
      </sec:cipherSuitesFilter>
    </http:tlsClientParameters>
    <http:authorization>
      <sec:UserName>Betty</sec:UserName>
      <sec:Password>password</sec:Password>
    </http:authorization>
    <http:client AutoRedirect="true" Connection="Keep-Alive"/>

  </http:conduit>

</beans>

Also I found some Threads which could help you:-

• Apache CXF wsdl download via SSL/TLS
• Problems accessing a HTTPS Webservice
• No SSL configuration is available for endpoint
• SSL configuration for fedex web service using command line