?
Solved

2 Java client apps, one SSL protected web services, and inconsistent results depending upon client machine

Posted on 2012-08-21
5
Medium Priority
?
927 Views
Last Modified: 2012-08-22
Two building blocks (instructorAccess and advisorAccess) written by A&A.

I am a Windows OS admin and .NET programmer --  not a JAVA programmer   But here goes.

The Java development team wrote two web apps using common code.

There are 5 Windows 2008 R2 64bit machines which run these apps using one tomcat/iis site.  All are using JDK/JRE 1.6.31, were built/configured at the same time and designed to be as identical as possible.

The web service's SSL certificate is current and issued by USERTrust Legacy Secure Server CA.

On 4 of 5 Windows 2008 R2 machines, both applications work fine as expected.

On the 5th machine, one app works fine.   The second fails and logs this error:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

On the face of it, it appears the JRE rejects the certificate while running the one  application while while accepting it while running the second.

Does that make any sense at all?

Where would I look to discover differences in SSL acceptance parameters?

Thank you.
0
Comment
Question by:RichardKline
  • 3
  • 2
5 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 38317611
The web service's SSL certificate is current and issued by USERTrust Legacy Secure Server CA.

Might be worth posting the url to that so it can be inspected

Unless you've got a good reason for not doing so, i would recommend removing any java installation you can find on the failing box that's not the intended target version
0
 
LVL 1

Author Comment

by:RichardKline
ID: 38317945
Thanks!
Unfortunately, the URL points to an intranet site and is not viewable to the public.

I did have an old JDK installed -- it is now gone.  


The web service SSL certificate was quoted in your reply.    Any significance to that?

I've restarted the web service and the problem isn't occurring now -- I suspect that's just luck.

In a scenario like this, does the JAVA client store "good certificate" criteria outside of the OS?
0
 
LVL 86

Accepted Solution

by:
CEHJ earned 2000 total points
ID: 38318021
I've restarted the web service and the problem isn't occurring now -- I suspect that's just luck.
Keep an eye on it. My guess is that your box was somehow hitting the old installation and not finding what could be a relatively recent part of the cert chain.

In a scenario like this, does the JAVA client store "good certificate" criteria outside of the OS?
It stores its cert info inside the trust store of the JRE
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 38320261
:)
0
 
LVL 1

Author Comment

by:RichardKline
ID: 38321494
Thank you, CEHJ !

It will take awhile to verify that problem is permanently resolved but I really appreciate your information and guidance.

I'm trying to understand the relationships better.   In your opinion, does this blog entry fairly represent what's going on?
Andy's stuff:  Changing Tomcat’s CA Trust Keystore File
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
This video teaches viewers about errors in exception handling.
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question