desiboy1974
asked on
using ssl in web services
can someone tell me what this error is..
faultString: javax.net.ssl.SSLHandshake Exception: sun.security.validator.Val ida
torException: PKIX path building failed: sun.security.provider.cert path.SunCe rtP
athBuilderException: unable to find valid certification path to requested target
I'm running axis on tomcat and and trying to invoke a web service using https...
faultString: javax.net.ssl.SSLHandshake
torException: PKIX path building failed: sun.security.provider.cert
athBuilderException: unable to find valid certification path to requested target
I'm running axis on tomcat and and trying to invoke a web service using https...
you need to add the relevent cert to tomcat keystore
ASKER
>>you need to add the relevent cert to tomcat keystore....
the web service is not on my server though..its on a third party's...and i have sent my public cer(client.cer) to them and they have imported it...so basically i have generated the client and server keystores on my tomcat server and sent the client.cer to them..
i am just running the client..i have specified this in my client code though....
System.setProperty("java.p rotocol.ha ndler.pkgs ", "com.sun.net.ssl.internal. www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.s sl.Provide r());
System.setProperty("javax. net.ssl.ke yStore", "C:\\Program Files\\Apache Software Foundation\\Tomcat 5.5\\conf\\server.keystore ");
System.setProperty("javax. net.ssl.ke yStorePass word", "changeit");
System.setProperty("javax. net.ssl.tr ustStore", "C:\\Program Files\\Apache Software Foundation\\Tomcat 5.5\\conf\\client.keystore ");
System.setProperty("javax. net.ssl.tr ustStorePa ssword", "changeit");
Thanks
the web service is not on my server though..its on a third party's...and i have sent my public cer(client.cer) to them and they have imported it...so basically i have generated the client and server keystores on my tomcat server and sent the client.cer to them..
i am just running the client..i have specified this in my client code though....
System.setProperty("java.p
Security.addProvider(new com.sun.net.ssl.internal.s
System.setProperty("javax.
System.setProperty("javax.
System.setProperty("javax.
System.setProperty("javax.
Thanks
ASKER
you mean to say that they havent imported the client.cer on their end?
Thanks
Thanks
ASKER
Objects, can you assist?
Thanks
Thanks
See this URL
It may help a little
http://e-docs.bea.com/wls/docs81/webserv/security.html.
There is an example of once such invocation. Not sure if that will be helpful, Which i got it from this source
http://www.mail-archive.com/axis-user@xml.apache.org/msg26069.html
It may help a little
http://e-docs.bea.com/wls/docs81/webserv/security.html.
There is an example of once such invocation. Not sure if that will be helpful, Which i got it from this source
http://www.mail-archive.com/axis-user@xml.apache.org/msg26069.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes i have using these commands
echo Generating the Server KeyStore in file server.keystore
"C:\Program Files\Java\jre1.6.0_02\bin \keytool" -genkey -alias tomcat-sv -dname "CN=localhost, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore
echo Exporting the certificate from keystore to an external file server.cer
"C:\Program Files\Java\jre1.6.0_02\bin \keytool" -export -alias tomcat-sv -storepass changeit -rfc -file server.cer -keystore server.keystore
echo Generating the Client KeyStore in file client.keystore
"C:\Program Files\Java\jre1.6.0_02\bin \keytool" -genkey -alias tomcat-cl -dname "CN=Client, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore client.keystore
echo Exporting the certificate from keystore to external file client.cer
"C:\Program Files\Java\jre1.6.0_02\bin \keytool" -export -alias tomcat-cl -storepass changeit -rfc -file client.cer -keystore client.keystore
echo Importing Client's certificate into Server's keystore
"C:\Program Files\Java\jre1.6.0_02\bin \keytool" -import -v -trustcacerts -alias tomcat -rfc -file server.cer -keystore client.keystore -keypass changeit -storepass changeit
echo Importing Server's certificate into Client's keystore
"C:\Program Files\Java\jre1.6.0_02\bin \keytool" -import -v -trustcacerts -alias tomcat -rfc -file client.cer -keystore server.keystore -keypass changeit -storepass changeit
echo Generating the Server KeyStore in file server.keystore
"C:\Program Files\Java\jre1.6.0_02\bin
echo Exporting the certificate from keystore to an external file server.cer
"C:\Program Files\Java\jre1.6.0_02\bin
echo Generating the Client KeyStore in file client.keystore
"C:\Program Files\Java\jre1.6.0_02\bin
echo Exporting the certificate from keystore to external file client.cer
"C:\Program Files\Java\jre1.6.0_02\bin
echo Importing Client's certificate into Server's keystore
"C:\Program Files\Java\jre1.6.0_02\bin
echo Importing Server's certificate into Client's keystore
"C:\Program Files\Java\jre1.6.0_02\bin
ASKER
Objects...does that look right?
Thanks
Thanks
ASKER
Objects, any advice on what could be wrong?
Thanks
Thanks
ASKER
my mistake..i imported it into the wrong keystore...:)
ASKER
Objects, i have one question outstanding..i was wondering if you could help?..:)
https://www.experts-exchange.com/questions/21703105/SSL-certification-path-problems.html
http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services