using ssl in web services

can someone tell me what this error is..

faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.Valida
torException: PKIX path building failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested target

I'm running axis on tomcat and and trying to invoke a web service using https...

desiboy1974Asked:
Who is Participating?
 
objectsConnect With a Mentor Commented:
have u imported the cert into your keystore
0
 
objectsCommented:
you need to add the relevent cert to tomcat keystore
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
desiboy1974Author Commented:
>>you need to add the relevent cert to tomcat keystore....

the web service is not on my server though..its on a third party's...and i have sent my public cer(client.cer) to them and they have imported it...so basically i have generated the client and server keystores on my tomcat server and sent the client.cer to them..

i am just running the client..i have specified this in my client code though....

System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Apache Software Foundation\\Tomcat 5.5\\conf\\server.keystore");
    System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
    System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Apache Software Foundation\\Tomcat 5.5\\conf\\client.keystore");
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

Thanks





0
 
desiboy1974Author Commented:
you mean to say that they havent imported the client.cer on their end?

Thanks
0
 
desiboy1974Author Commented:
Objects, can you assist?

Thanks
0
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
See this URL

It may help a little

http://e-docs.bea.com/wls/docs81/webserv/security.html.

There is an example of once such invocation. Not sure if that will be helpful, Which i got it from this source

http://www.mail-archive.com/axis-user@xml.apache.org/msg26069.html
0
 
desiboy1974Author Commented:
yes i have using these commands

echo Generating the Server KeyStore in file server.keystore
"C:\Program Files\Java\jre1.6.0_02\bin\keytool" -genkey -alias tomcat-sv -dname "CN=localhost, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore


echo Exporting the certificate from keystore to an external file server.cer
"C:\Program Files\Java\jre1.6.0_02\bin\keytool" -export -alias tomcat-sv -storepass changeit -rfc -file server.cer -keystore server.keystore

echo Generating the Client KeyStore in file client.keystore
"C:\Program Files\Java\jre1.6.0_02\bin\keytool" -genkey -alias tomcat-cl -dname "CN=Client, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore client.keystore

echo Exporting the certificate from keystore to external file client.cer
"C:\Program Files\Java\jre1.6.0_02\bin\keytool" -export -alias tomcat-cl -storepass changeit -rfc -file client.cer -keystore client.keystore

echo Importing Client's certificate into Server's keystore
"C:\Program Files\Java\jre1.6.0_02\bin\keytool" -import -v -trustcacerts -alias tomcat -rfc -file server.cer -keystore client.keystore -keypass changeit -storepass changeit

echo Importing Server's certificate into Client's keystore
"C:\Program Files\Java\jre1.6.0_02\bin\keytool" -import -v -trustcacerts -alias tomcat -rfc -file client.cer -keystore server.keystore -keypass changeit -storepass changeit
0
 
desiboy1974Author Commented:
Objects...does that look right?

Thanks
0
 
desiboy1974Author Commented:
Objects, any advice on what could be wrong?

Thanks
0
 
desiboy1974Author Commented:
my mistake..i imported it into the wrong keystore...:)
0
 
desiboy1974Author Commented:
Objects, i have one question outstanding..i was wondering if you could help?..:)
0
All Courses

From novice to tech pro — start learning today.