You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by babloosony <ba...@gmail.com> on 2005/01/19 12:05:07 UTC
SSL, AXIS, Web Service
Hi All,
I have https enabled web service whose wsdl address location is similiar to
https://mysc.mycom.com:443/PtrAcc/DM.
I am behind a firewall and now I have written a web service java
client program that uses AXIS Stubs. Also I think this
web service employs 2 way authentication since when I type
https://mysc.mycom.com:443/PtrAcc/DM
in my browser I am getting a IE dialog "Client Authentication" saying
"The web site you
want to view requests identification. Select the certificate to use
when connection" and there are
no certificates available on my client machine to choose from and
eventually if I press Ok button of this dialog I am
getting below message in browser :
No service was found matching the request
Requested path: /PtrAcc/DM
Client IP: 343.232.121.99
SOAPAction Header: NULL
Now, I created a an entry in my default keystore file using below
keytool command on my windows2000 command prompt :
keytool -genkey -dname "CN=Nick Chase, OU=InformIT, O=Pearson, L=NPR,
S=Florida, C=US" -alias nick -storepass mystorepassword -keypass
mykeypassword -storetype jks
and I wrote a web service java client program and used below lines inside it :
System.setProperty("http.proxyHost", "343.232.121.99");
System.setProperty("http.proxyPort", "1563");
System.setProperty("javax.net.ssl.trustStore", "C:\\Documents and
Settings\\113342\\.keystore");
but when I run my web service client program I am getting below error message :
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate
found
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException:
sun.security.validator.Validator
Exception: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:130)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:382)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
at org.apache.axis.client.Call.invokeEngine(Call.java:2737)
at org.apache.axis.client.Call.invoke(Call.java:2720)
at org.apache.axis.client.Call.invoke(Call.java:2396)
at org.apache.axis.client.Call.invoke(Call.java:2319)
at org.apache.axis.client.Call.invoke(Call.java:1776)
Guys, what am I missing here. My certificate in .keystore should be
imported to server trust store ? Please suggest ...
Thanks & Regards,
Kumar.
Re: SSL, AXIS, Web Service
Posted by Alex Karshakevich <al...@thoughtspeed.biz>.
That would be defeating the purpose of having a client certificate,
right? The server has to have your cert in its trust store before it
will communicate with you, so that has to be done outside of your
application.
Alex.
babloosony wrote:
>Dear Sir,
>
>Thank you for the prompt and timely response. But the third party ssl
>enabled web service provider (who is somewhere in UK) is not in my
>control. How can I import my certificate to their trust store. Can't I
>programatically handle it from my web service standlone java program
>(in INDIA) ?
>
>Thanks & Regards,
>Kumar.
>
>
Re: SSL, AXIS, Web Service
Posted by babloosony <ba...@gmail.com>.
Dear Sir,
Thank you for the prompt and timely response. But the third party ssl
enabled web service provider (who is somewhere in UK) is not in my
control. How can I import my certificate to their trust store. Can't I
programatically handle it from my web service standlone java program
(in INDIA) ?
Thanks & Regards,
Kumar.
On Wed, 19 Jan 2005 09:56:11 -0500, Alex Karshakevich
<al...@thoughtspeed.biz> wrote:
>
> >Guys, what am I missing here. My certificate in .keystore should be
> >imported to server trust store ? Please suggest ...
> >
> >
> The error you showed happens on the client side, right? So you need to
> export the server's key and add it to the client's truststore:
>
> export server key into temp file
> keytool -export -file temp$.cer -alias serverkey -keyalg RSA -keystore
> <server's keystore>
>
> then import this file into client's keystore
> keytool -import -file temp$.cer -alias serverkey -keyalg RSA -keystore
> <client's keystore>
>
> check that it got imported:
> keytool -list -keystore <keystore file>
>
> This needs to go both ways if you are using client certificates: the
> client's key needs to be exported the same way and imported into
> server's truststore
>
Re: SSL, AXIS, Web Service
Posted by Alex Karshakevich <al...@thoughtspeed.biz>.
>Guys, what am I missing here. My certificate in .keystore should be
>imported to server trust store ? Please suggest ...
>
>
The error you showed happens on the client side, right? So you need to
export the server's key and add it to the client's truststore:
export server key into temp file
keytool -export -file temp$.cer -alias serverkey -keyalg RSA -keystore
<server's keystore>
then import this file into client's keystore
keytool -import -file temp$.cer -alias serverkey -keyalg RSA -keystore
<client's keystore>
check that it got imported:
keytool -list -keystore <keystore file>
This needs to go both ways if you are using client certificates: the
client's key needs to be exported the same way and imported into
server's truststore
Re: SSL, AXIS, Web Service
Posted by Chris <ch...@us-hampton.mail.saic.com>.
> Now, I created a an entry in my default keystore file using below
> keytool command on my windows2000 command prompt :
>
> keytool -genkey -dname "CN=Nick Chase, OU=InformIT, O=Pearson, L=NPR,
> S=Florida, C=US" -alias nick -storepass mystorepassword -keypass
> mykeypassword -storetype jks
Do you want 2 way auth? If so, you have to pass the certs both ways.
You create a cert on the client machine and import it on the server, and
vice versa. If you don't want the 2 way auth, you need to turn it off
on the server.
Chris