You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Sagi Mann <sa...@gmail.com> on 2008/09/19 11:58:58 UTC
SSL: ValidatorException: PKIX path building failed
Hi all,
I am unable to get Axis2 clients to work with via HTTPS. I've read the
numerous threads here about it, and I think I have set up everything
correcly, but still - no luck. The client code works great over HTTP. I'm
using Axis2 1.4.1, NetBeans 5.5.1, SJSAS 9.1 for hosting the web service.
The setup:
My web service is inside a .war and has its web.xml set to constraint all
clients requests to CONFIDENTIAL (it is not an Axis2-based web service). It
does NOT enforce client authentication, i.e. no CLIENT-AUTH. In fact, the
login section is omitted entirely. I don't want to test login at this point.
I then access the remote wsdl using IE:
https://hostname:8181/myapp/HelloService?wsdl to verify it is accessible (IE
prompts me for a security confirmation).
I then generate the client-side proxy using wsdl2java (ADB), using the WDL
URI above. I also set the following system properties prior to running
wsdl2java, or else wsdl2java fails due to an untrusted certificate:
javax.net.ssl.trustStore=v:/tmp/clienttrust.jks
javax.net.ssl.trustStorePassword=changeit
Finally, in my standalone client code, I do the following:
System.setProperty("javax.net.ssl.trustStore",
"v:/tmp/clienttrust.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
HelloServiceStub stub =
new HelloServiceStub(
"https://hostname:8181/myapp/HelloService?wsdl");
doTest(); // this involes a simple web service method
However, I get an exception (see below) which usually appears only if a
trustStore and its pwd are not specified. In fact, if I omit the
System.setProperty calls above, I get the same exact exception (verified
with diff tool).
Does anyone have an idea how to resolve this?
thanks.
org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
at
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:542)
at
org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:189)
at
org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:371)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:209)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:448)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at
samples.quickstart.service.adb.HelloServiceStub.test(HelloServiceStub.java:183)
at samples.quickstart.clients.ADBClient.test(ADBClient.java:83)
at samples.quickstart.clients.ADBClient.main(ADBClient.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202)
at
org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134)
at org.apache.tools.ant.taskdefs.Java.run(Java.java:710)
at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178)
at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84)
at
org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
at org.apache.tools.ant.Task.perform(Task.java:364)
at org.apache.tools.ant.Target.execute(Target.java:341)
at org.apache.tools.ant.Target.performTasks(Target.java:369)
at
org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
at org.apache.tools.ant.Project.executeTarget(Project.java:1185)
at
org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40)
at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
at
org.apache.tools.ant.module.bridge.impl.BridgeImpl.run(BridgeImpl.java:240)
at
org.apache.tools.ant.module.run.TargetExecutor.run(TargetExecutor.java:293)
at
org.netbeans.core.execution.RunClassThread.run(RunClassThread.java:131)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94)
... 39 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 49 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 55 more
--
View this message in context: http://www.nabble.com/SSL%3A-ValidatorException%3A-PKIX-path-building-failed-tp19569509p19569509.html
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: SSL: ValidatorException: PKIX path building failed
Posted by Ramesh Vishwanatham <rv...@dtcc.com>.
Hi Sagi
Are you able to resolve this issue? I am getting the same error when I try
to run axis2 client to connect to a service using "https". Below is my
environment:
client side:
----------------
Java 1.5.0_15-b04
Windows xp
axis2 1.4.1
server side:
-----------------
Java 1.4.2
axis2 1.3 deployed with my sample service under WAS 6.0 running under
unix.
When I tried client with axis2 1.3 I am getting totally different errors.
Please let me know your solution and would like to resolve this problem.
Thanks in advance
Ramesh
Sagi Mann <sa...@gmail.com>
09/25/2008 04:23 AM
Please respond to
axis-user@ws.apache.org
To
axis-user@ws.apache.org
cc
Subject
Re: SSL: ValidatorException: PKIX path building failed
I have an update:
The sample standalone application only behaves as expected when launched
from outside NetBeans 5.5.1 (using cmdline ANT). I.e. when no truststore
is
configured, the error occurs, and when it is set, the webservice is
invoked
correctly. As far as running a servlet client (not standalone), the
servlet
client behaves as expected when deployed from within/outside NetBeans, and
tested via a browser.
I still don't know why NB has an impact, but I'll investigate this later
on.
thanks...
--
View this message in context:
http://www.nabble.com/SSL%3A-ValidatorException%3A-PKIX-path-building-failed-tp19569509p19665120.html
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
-----------------------------------------
________________________________________________________
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted
by this email.
Re: SSL: ValidatorException: PKIX path building failed
Posted by Sagi Mann <sa...@gmail.com>.
I have an update:
The sample standalone application only behaves as expected when launched
from outside NetBeans 5.5.1 (using cmdline ANT). I.e. when no truststore is
configured, the error occurs, and when it is set, the webservice is invoked
correctly. As far as running a servlet client (not standalone), the servlet
client behaves as expected when deployed from within/outside NetBeans, and
tested via a browser.
I still don't know why NB has an impact, but I'll investigate this later on.
thanks...
--
View this message in context: http://www.nabble.com/SSL%3A-ValidatorException%3A-PKIX-path-building-failed-tp19569509p19665120.html
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: SSL: ValidatorException: PKIX path building failed
Posted by Sagi Mann <sa...@gmail.com>.
Hi,
I not only verified the trust store, but also wrote a second client-server
application to verify the entire environment:
1. the server side was a simple servlet, running on the same app server as
my webservice
2. the client side was a standalone HttpClient-based application (same
version used by axis2)
I setup the http client with the default behavior: hc = new
HttpClient(myConMgr)
I also setup the trust store as I do in the original app.
Then I try to access both http://xxx and https://xxx URLs to the servlet -
no problem in both cases. If I omit the trust store settings when using
https, I get the PKIX error, as expected.
I found some articles stating that, by default, HttpClient does not support
self-signed certificates. If that were true, the above test would have
failed, since I use a default configuration for the HttpClient.
Conclusion: the trust store is fine, its password is fine, the certificate
seems to be fine, and I still don't know what is going on. How come a simple
servlet application, accessed by a simple HttpClient code, can use both http
and https, but a simple webservice, accessed by a simple axis2 client can
only use http?
--
View this message in context: http://www.nabble.com/SSL%3A-ValidatorException%3A-PKIX-path-building-failed-tp19569509p19588163.html
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: SSL: ValidatorException: PKIX path building failed
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Sagi,
It seems we get this same error in both almost all the cases, where
we don't set the system property, where the path to key store is wrong and
where the keystore password is wrong. You can check with java keytool
whether the password is correct.
thanks,
nandana
On Fri, Sep 19, 2008 at 3:28 PM, Sagi Mann <sa...@gmail.com> wrote:
>
> Hi all,
> I am unable to get Axis2 clients to work with via HTTPS. I've read the
> numerous threads here about it, and I think I have set up everything
> correcly, but still - no luck. The client code works great over HTTP. I'm
> using Axis2 1.4.1, NetBeans 5.5.1, SJSAS 9.1 for hosting the web service.
>
> The setup:
> My web service is inside a .war and has its web.xml set to constraint all
> clients requests to CONFIDENTIAL (it is not an Axis2-based web service). It
> does NOT enforce client authentication, i.e. no CLIENT-AUTH. In fact, the
> login section is omitted entirely. I don't want to test login at this
> point.
>
> I then access the remote wsdl using IE:
> https://hostname:8181/myapp/HelloService?wsdl to verify it is accessible
> (IE
> prompts me for a security confirmation).
> I then generate the client-side proxy using wsdl2java (ADB), using the WDL
> URI above. I also set the following system properties prior to running
> wsdl2java, or else wsdl2java fails due to an untrusted certificate:
> javax.net.ssl.trustStore=v:/tmp/clienttrust.jks
> javax.net.ssl.trustStorePassword=changeit
>
> Finally, in my standalone client code, I do the following:
> System.setProperty("javax.net.ssl.trustStore",
> "v:/tmp/clienttrust.jks");
> System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
> HelloServiceStub stub =
> new HelloServiceStub(
> "https://hostname:8181/myapp/HelloService?wsdl");
> doTest(); // this involes a simple web service method
>
> However, I get an exception (see below) which usually appears only if a
> trustStore and its pwd are not specified. In fact, if I omit the
> System.setProperty calls above, I get the same exact exception (verified
> with diff tool).
>
> Does anyone have an idea how to resolve this?
> thanks.
>
>
> org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX
> path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
> at
>
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
> at
>
> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
> at
>
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
> at
>
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at
>
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at
>
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
> at
>
> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:542)
> at
> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:189)
> at
> org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
> at
>
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:371)
> at
>
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:209)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:448)
> at
>
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
> at
>
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> at
>
> samples.quickstart.service.adb.HelloServiceStub.test(HelloServiceStub.java:183)
> at samples.quickstart.clients.ADBClient.test(ADBClient.java:83)
> at samples.quickstart.clients.ADBClient.main(ADBClient.java:68)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202)
> at
> org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134)
> at org.apache.tools.ant.taskdefs.Java.run(Java.java:710)
> at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178)
> at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84)
> at
> org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
> at org.apache.tools.ant.Task.perform(Task.java:364)
> at org.apache.tools.ant.Target.execute(Target.java:341)
> at org.apache.tools.ant.Target.performTasks(Target.java:369)
> at
> org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
> at org.apache.tools.ant.Project.executeTarget(Project.java:1185)
> at
>
> org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40)
> at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
> at
> org.apache.tools.ant.module.bridge.impl.BridgeImpl.run(BridgeImpl.java:240)
> at
> org.apache.tools.ant.module.run.TargetExecutor.run(TargetExecutor.java:293)
> at
> org.netbeans.core.execution.RunClassThread.run(RunClassThread.java:131)
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at
>
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
> at
>
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at
>
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at
>
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
> at
>
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at
>
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94)
> ... 39 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at
>
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at
>
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at
>
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at
>
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
> ... 49 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at
>
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 55 more
>
> --
> View this message in context:
> http://www.nabble.com/SSL%3A-ValidatorException%3A-PKIX-path-building-failed-tp19569509p19569509.html
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org
Re: SSL: ValidatorException: PKIX path building failed
Posted by uravi <ur...@ucdavis.edu>.
Hi All,
I have a similar issue.I am trying to set trustStore and keyStore as JVM
options on my glassfish server.But when I try to set trustStorePassword
and keyStorePassword Glassfish server does not start and throws the
following error. java.lang.IllegalStateException: Keystore was tampered
with, or password was incorrect.I have the certs imported in
jre/lib/security /folder also.
But when I try to access the same wsdl from my local machine which is a
windos box it works fine.But on linux which is our development server I get
the error.Let me know if you have any suggestions for this.
Thanks in advance
Uma
Sagi Mann wrote:
>
> Hi all,
> I am unable to get Axis2 clients to work with via HTTPS. I've read the
> numerous threads here about it, and I think I have set up everything
> correcly, but still - no luck. The client code works great over HTTP. I'm
> using Axis2 1.4.1, NetBeans 5.5.1, SJSAS 9.1 for hosting the web service.
>
> The setup:
> My web service is inside a .war and has its web.xml set to constraint all
> clients requests to CONFIDENTIAL (it is not an Axis2-based web service).
> It does NOT enforce client authentication, i.e. no CLIENT-AUTH. In fact,
> the login section is omitted entirely. I don't want to test login at this
> point.
>
> I then access the remote wsdl using IE:
> https://hostname:8181/myapp/HelloService?wsdl to verify it is accessible
> (IE prompts me for a security confirmation).
> I then generate the client-side proxy using wsdl2java (ADB), using the WDL
> URI above. I also set the following system properties prior to running
> wsdl2java, or else wsdl2java fails due to an untrusted certificate:
> javax.net.ssl.trustStore=v:/tmp/clienttrust.jks
> javax.net.ssl.trustStorePassword=changeit
>
> Finally, in my standalone client code, I do the following:
> System.setProperty("javax.net.ssl.trustStore",
> "v:/tmp/clienttrust.jks");
> System.setProperty("javax.net.ssl.trustStorePassword",
> "changeit");
> HelloServiceStub stub =
> new HelloServiceStub(
> "https://hostname:8181/myapp/HelloService?wsdl");
> doTest(); // this involes a simple web service method
>
> However, I get an exception (see below) which usually appears only if a
> trustStore and its pwd are not specified. In fact, if I omit the
> System.setProperty calls above, I get the same exact exception (verified
> with diff tool).
>
> Does anyone have an idea how to resolve this?
> thanks.
>
>
> org.apache.axis2.AxisFault: sun.security.validator.ValidatorException:
> PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
> at
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
> at
> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
> at
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
> at
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
> at
> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:542)
> at
> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:189)
> at
> org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
> at
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:371)
> at
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:209)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:448)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> at
> samples.quickstart.service.adb.HelloServiceStub.test(HelloServiceStub.java:183)
> at samples.quickstart.clients.ADBClient.test(ADBClient.java:83)
> at samples.quickstart.clients.ADBClient.main(ADBClient.java:68)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202)
> at
> org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134)
> at org.apache.tools.ant.taskdefs.Java.run(Java.java:710)
> at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178)
> at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84)
> at
> org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
> at org.apache.tools.ant.Task.perform(Task.java:364)
> at org.apache.tools.ant.Target.execute(Target.java:341)
> at org.apache.tools.ant.Target.performTasks(Target.java:369)
> at
> org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
> at org.apache.tools.ant.Project.executeTarget(Project.java:1185)
> at
> org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40)
> at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
> at
> org.apache.tools.ant.module.bridge.impl.BridgeImpl.run(BridgeImpl.java:240)
> at
> org.apache.tools.ant.module.run.TargetExecutor.run(TargetExecutor.java:293)
> at
> org.netbeans.core.execution.RunClassThread.run(RunClassThread.java:131)
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94)
> ... 39 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
> ... 49 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 55 more
>
>
--
View this message in context: http://old.nabble.com/SSL%3A-ValidatorException%3A-PKIX-path-building-failed-tp19569509p30366682.html
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org