Re: [ebxmlms-develop] about Hermes & SSL

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

well, something's wrong for sure :-)
to set up https client/server communication, you need to set the URL =
property in the msh_client.properties.xml:

<Property>
<Request>
...
<Config>
<URL>https://localhost:8443/msh</URL>
...

setting in my LoopBack.java =20
            String transportType =3D "https";
            String toMshUrl =3D "https://localhost:8443/msh";

would make tomcat talk to itself (toMshUrl is the 'other' MSH server). I =
presume you set=20
            String toMshUrl =3D "https://localhost:9453/msh";
as that is where the message is sent, judging from msh.log.

The server at https://localhost:9453/msh sent a certificate that is not =
trusted by your MSH (https://localhost:8443/msh), and SSL authentication =
fails.=20

The security settings in msh.properties.xml have nothing to do with SSL, =
SSL handshake is a function of tomcat's HTTPS forwarding, and what you =
need to do in this case is add the https://localhost:9453/msh =
certificate signer to the default cacerts file in the JRE that tomcat is =
using, that's <JRE>/lib/security/cacerts. If the certificate is =
self-signed, just add that, otherwise you'll need to add the signer's =
certificate....
Also note that the certificate's CN sent by https://localhost:9453/msh =
must say localhost (you may get away with 1.0.0.127, not entirely sure), =
otherwise the SSL lib's will complain about a server name mismatch.

--Gait Boxman.

----- Original Message -----=20
  From: henry=20
  To: ebx...@li...=20
  Sent: Tuesday, February 10, 2004 4:18 AM
  Subject: [ebxmlms-develop] about Hermes & SSL

  Hi :
   =20

      I hava some program about herms , I want use ssl ..

      my job like that

      client  ---->   msh.clinet  ------>        msh.server ----> server
                http            https                   http

      in my LoopBack.java =20
              String transportType =3D "https";
              String toMshUrl =3D "https://localhost:8443/msh";
     in msh.properties.xml  =20

      <TrustedAnchor>
          <KeyStore>
            <Path>C:\JBuilder7\j2sdk1.4.2\jre\lib\security</Path>
            <File>cacerts</File>
            <Password>root</Password>
          </KeyStore>
        </TrustedAnchor>
   my tomcat https://localhost:8443/ is ok ...=20
           but when I run LoopBack.java  something wrong

   tomcat's  log
   =20
  javax.net.ssl.SSLHandshakeException: =
sun.security.validator.ValidatorException:
  No trusted certificate found
          at =
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
  ....
  in   msh's  log
  2004-02-10 11:00:49,021 INFO  [Thread-16]: Sending message to =
https://localhost:9453/msh
  ERROR [Thread-16]: [10505] Cannot send SOAP message
  Exception: com.sun.xml.messaging.saaj.SOAPExceptionImpl

  (localhost:9543  is msh.server )

  what's wrong ?
  thx..

                                                                         =
                                 henry