manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jörn Franke <jornfra...@gmail.com>
Subject Re: CSWS Connector : ServiceConstructionException: Failed to create service
Date Tue, 14 Jan 2020 23:02:14 GMT
Yes it you do not change this setting as what I suspect happens here. See my previous mail
for details.

> Am 14.01.2020 um 23:51 schrieb Karl Wright <daddywri@gmail.com>:
> 
> 
> It looks looks TLS is actually enabled in the SSLSocketFactory framework based on how
you create the SSLSocketContext.  See:
> 
> https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html 
> 
> Karl
>  
> 
>> On Tue, Jan 14, 2020 at 5:48 PM Karl Wright <daddywri@gmail.com> wrote:
>> The design of ManifoldCF deliberately manages keystores on a connection by connection
basis, not globally.  If you think the only way to implement TLS is via global keystore I
very much doubt it.
>> 
>> I am on the road until late tomorrow but somewhere along the line I can do some research
into why TLS won't work as we are currently doing it.
>> 
>> Karl
>> 
>> 
>>> On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke <jornfranke@gmail.com> wrote:
>>> These are TLS only. So maybe you have other servers where tls and ssl are possible
and it downgrades to ssl.however, this is speculation and I need to verify it. I have to rebuilt
manifold for that. Probably I have to reinstall everything as the keystorefactory is a dependency
in the connector.
>>> 
>>>>> Am 14.01.2020 um 18:34 schrieb Karl Wright <daddywri@gmail.com>:
>>>>> 
>>>> 
>>>> If you can recommend changes to support TLS, that would be great.  The basic
infrastructure should still work; it is just a custom keystone and associated SSLSocketFactory,
which I think also is used for TLS connections, unless I am missing something.
>>>> 
>>>>> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke <jornfranke@gmail.com>
wrote:
>>>>> Yes this works fine. I believe the error comes from the fact that TLS
connections are not supported. 
>>>>> 
>>>>>>> Am 14.01.2020 um 15:31 schrieb Michael Cizmar <michael.cizmar@mcplusa.com>:
>>>>>>> 
>>>>>> 
>>>>>> If you want to test the url and the ssl, I would recommend attempting
using SSLPoke to confirm that they keystore is setup properly:
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> https://github.com/MichalHecko/SSLPoke
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Michael
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> From: Karl Wright <daddywri@gmail.com>
>>>>>> Reply-To: "user@manifoldcf.apache.org" <user@manifoldcf.apache.org>
>>>>>> Date: Tuesday, January 14, 2020 at 7:21 AM
>>>>>> To: "user@manifoldcf.apache.org" <user@manifoldcf.apache.org>
>>>>>> Subject: Re: CSWS Connector : ServiceConstructionException: Failed
to create service
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Hmm, others have succeeded setting up SSL connections with the current
code.  Hoping they chime in here.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Karl
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke <jornfranke@gmail.com>
wrote:
>>>>>> 
>>>>>> It seems that it has indeed a certificate issue as it cannot find
a valid certification path to the target. The thing is: I added those certificates in the
UI should it should not happen.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Am 10.01.2020 um 20:51 schrieb Jörn Franke <jornfranke@gmail.com>:
>>>>>> 
>>>>>> 2.15 ...
>>>>>> 
>>>>>> I will try on the weekend to see if I can get some logs out of it.

>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Am 10.01.2020 um 19:02 schrieb Karl Wright <daddywri@gmail.com>:
>>>>>> 
>>>>>> Can I ask what version of MCF you are using?  There were issues with
SSL in the first release of the csws connector if I recall correctly, that were fixed for
the second release.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Karl
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke <jornfranke@gmail.com>
wrote:
>>>>>> 
>>>>>> I added root, intermediate and server certificate (in base64 cer,
it seems to be recognized by manifoldcf), but I still get the same message. I will try to
get somehow the full stacktrace 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Am 10.01.2020 um 17:21 schrieb Karl Wright <daddywri@gmail.com>:
>>>>>> 
>>>>>> If you are using SSL you need to have the proper certificate saved
in the connection's keystore.
>>>>>> 
>>>>>> Karl
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke <jornfranke@gmail.com>
wrote:
>>>>>> 
>>>>>> It is actually a server using configuration of the command - driven
multi-process model (but the agents executed as a service and the war on a tomcat executed
as a service) under Linux.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> I thought as well that it cannot reach the webservices, the question
is why. On the same server I can reach the webservices and fetch the WSDL without issues.
>>>>>> 
>>>>>> Maybe sth related to ssl ?
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Am 10.01.2020 um 14:59 schrieb Karl Wright <daddywri@gmail.com>:
>>>>>> 
>>>>>> How are you running manifoldcf?  Single process example, or a custom
setup of some kind?
>>>>>> 
>>>>>> This exception is a "catch all" exception generated far below anything
in ManifoldCF, but usually means it cannot download the WSDLs from the service.  Getting the
full exception dumped in the log requires a "hack" to the check() method of the connector,
but I'm pretty sure that's what's happening anyway.
>>>>>> 
>>>>>> Karl
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke <jornfranke@gmail.com>
wrote:
>>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>> I tried to use the CSWS connector, but already for the Authority
connection I receive a org.apache.cxf.service.factory.ServiceConstructionException: Failed
to create service.
>>>>>> 
>>>>>> Unfortunately I don’t see more details , also not in the log (debug
is activated). I try to get a little bit more output by modifying the connector, but maybe
someone has already an idea why this can happen?
>>>>>> 
>>>>>> Are there some special instructions to use it? The pointers to the
webservices are correct, I tested via Curl and SOAPUI.
>>>>>> 
>>>>>> 
>>>>>> Thank you.
>>>>>> Best regards

Mime
View raw message