One Star

Karaf and ssl

Hi all,
I'm trying to deploy a route on karaf, in this route i have a cxf with a https connexion,i have modified a org.ops4j.pax.web.cfg like this :
org.osgi.service.http.port=8040
org.osgi.service.http.port.secure=8081
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore.type=pkcs12
org.ops4j.pax.web.ssl.keystore=${karaf.base}/etc/aveo/cert/file.p12
org.ops4j.pax.web.ssl.password=pass
org.ops4j.pax.web.ssl.keypassword=pass
org.ops4j.pax.web.config.file=${karaf.base}/etc/jetty.xml

I have added a cert in firefox, but when i try access my wsdl I have got the following error :
2015-11-17 11:53:33,661 | WARN  | qtp703264812-163 | nio                              | tty.io.nio.SelectChannelEndPoint  652 | 58 - org.eclipse.jetty.util - 7.6.9.v20130131 | javax.net.ssl.SSLException: Inbound closed before receiving
 peer's close_notify: possible truncation attack?
2015-11-17 11:53:33,666 | WARN  | qtp703264812-159 | nio                              | tty.io.nio.SelectChannelEndPoint  652 | 58 - org.eclipse.jetty.util - 7.6.9.v20130131 | javax.net.ssl.SSLException: Inbound closed before receiving
 peer's close_notify: possible truncation attack?
2015-11-17 11:53:33,679 | WARN  | qtp703264812-161 | nio                              | tty.io.nio.SelectChannelEndPoint  652 | 58 - org.eclipse.jetty.util - 7.6.9.v20130131 | javax.net.ssl.SSLHandshakeException: null cert chain
2015-11-17 11:53:33,687 | WARN  | qtp703264812-158 | nio                              | tty.io.nio.SelectChannelEndPoint  652 | 58 - org.eclipse.jetty.util - 7.6.9.v20130131 | javax.net.ssl.SSLHandshakeException: null cert chain
2015-11-17 11:53:33,698 | WARN  | qtp703264812-159 | nio                              | tty.io.nio.SelectChannelEndPoint  652 | 58 - org.eclipse.jetty.util - 7.6.9.v20130131 | javax.net.ssl.SSLHandshakeException: null cert chain
2015-11-17 11:53:33,705 | WARN  | qtp703264812-161 | nio                              | tty.io.nio.SelectChannelEndPoint  652 | 58 - org.eclipse.jetty.util - 7.6.9.v20130131 | javax.net.ssl.SSLHandshakeException: null cert chain

can you help me ? 
best regard.
4 REPLIES
Fifteen Stars

Re: Karaf and ssl

This can be fiddly and if you don't get it exactly right, is not very easy to debug. Try the following blog post (http://blog.nanthrax.net/2012/12/how-to-enable-https-certificate-client-auth-with-karaf/). It is by the guy who actually created the Apache Karaf project. I have used this blog as a starting point for most of the issues I have with Karaf.
Rilhia Solutions
One Star

Re: Karaf and ssl

Hi rhall_2.0,
Ty for your reply, but i already follow this topic ... and i have got my error.
Fifteen Stars

Re: Karaf and ssl

The error looks like you are not sending a trusted certificate from the browser. Are you sure that it is configured properly in Firefox?
Rilhia Solutions
One Star

Re: Karaf and ssl

I think yes, when I check in firefox setting I can see that cert is valid.
I have juste import cert since cert folder.