Apache CXF issue while using mutual SSL

Question

I am using apache cxf for calling a web service from a weblogic server.The web service is SSL with mutual authentication based authorization.

There were some issues with the weblogic version 10.3 supporting the jdk version which i managed to resolve.

But now i am getting another error and not able to get much help on the internet

Caused by: org.apache.cxf.transport.http.UntrustedURLConnectionIOException: RequireClientCertificate is set, but no local certificates were negotiated.  Is
the server set to ask for client authorization?
        at org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider$HttpsTokenOutInterceptor$1.establishTrust(HttpsTokenInterceptorProvider.java:117)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.makeTrustDecision(HTTPConduit.java:1680)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1264)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1234)
        at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:195)
        at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
        at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1291)
        ... 43 more

I am using the configuration given here : http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html

Answer 1

we were getting this error also in these cases:

• wrong path to keystore
• referencing non existing alias in the keystore
• wrong certificate (cert for DEV environment used in TEST environment)

So I would suggest to double check the whole chain of settings to private certificate used to authenthicate against the ws.