You are viewing a plain text version of this content. The canonical link for it is here.

Posted to soap-dev@xml.apache.org by Ed Keen <ed...@interactiveportal.com> on 2001/05/17 16:50:13 UTC

ssl: untrusted server cert chain

I am having problems getting a soap client to use ssl.  My server is running
weblogic, and I can successfully connect to it using https on a browser.  In
my client code, I have added these lines:

    System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
    java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());

I also added jsse.jar to the classpath in both the client and the server.
But when I change the protocol to https on my client, I get the below error.
What am I missing?

Thanks,
Ed

-----------------------------------
java.lang.reflect.InvocationTargetException: javax.net.ssl.SSLException:
untrusted server cert chain
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-
120198])
        at
com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198
])
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
        at java.io.OutputStream.write(OutputStream.java:61)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120
198])
        at
org.apache.soap.util.net.SSLUtils.buildSSLSocket(SSLUtils.java:98)
        at java.lang.reflect.Method.invoke(Native Method)
        at
org.apache.soap.util.net.HTTPUtils.buildSocket(HTTPUtils.java:117)
        at org.apache.soap.util.net.HTTPUtils.post(HTTPUtils.java:165)
        at
org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.ja
va:208)
        at org.apache.soap.rpc.Call.invoke(Call.java:203)
        at com.iportal.iws.client.SoapClient.main(SoapClient.java:69)
Caught SOAPException (SOAP-ENV:Client): Error opening socket: null

Re: ssl: untrusted server cert chain

Posted by Ram Sadasiv <rs...@quantumstream.com>.

Ed,

JSSE does not automagically perform the certificate request/import which the
browser is doing.  You need to request a server certificate from the SSL server,
and then import it into your JSSE key chain:

keytool -alias servername -import -keystore $JAVA_HOME/lib/security/cacerts
-file servercertificate.crt

where servername is the server you want to connect to, and servercertificate.crt
is the x509 certificate from that server.  Once you have done that, your
https:// urls should open like a (slow) charm.

HTH,

Ram Sadasiv


Ed Keen wrote:
> 
> I am having problems getting a soap client to use ssl.  My server is running
> weblogic, and I can successfully connect to it using https on a browser.  In
> my client code, I have added these lines:
> 
>     System.setProperty("java.protocol.handler.pkgs",
> "com.sun.net.ssl.internal.www.protocol");
>     java.security.Security.addProvider(new
> com.sun.net.ssl.internal.ssl.Provider());
> 
> I also added jsse.jar to the classpath in both the client and the server.
> But when I change the protocol to https on my client, I get the below error.
> What am I missing?
> 
> Thanks,
> Ed
> 
> -----------------------------------
> java.lang.reflect.InvocationTargetException: javax.net.ssl.SSLException:
> untrusted server cert chain
>         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
>         at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
>         at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-
> 120198])
>         at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198
> ])
>         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
>         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
>         at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
>         at java.io.OutputStream.write(OutputStream.java:61)
>         at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120
> 198])
>         at
> org.apache.soap.util.net.SSLUtils.buildSSLSocket(SSLUtils.java:98)
>         at java.lang.reflect.Method.invoke(Native Method)
>         at
> org.apache.soap.util.net.HTTPUtils.buildSocket(HTTPUtils.java:117)
>         at org.apache.soap.util.net.HTTPUtils.post(HTTPUtils.java:165)
>         at
> org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.ja
> va:208)
>         at org.apache.soap.rpc.Call.invoke(Call.java:203)
>         at com.iportal.iws.client.SoapClient.main(SoapClient.java:69)
> Caught SOAPException (SOAP-ENV:Client): Error opening socket: null