You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by uib <ur...@yahoo.com> on 2012/01/05 19:31:38 UTC
consumig a web service with https
I am trying to consume a web service call that uses https.
I am getting this error:
Exception in thread "main"
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport
error: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
while searching I have seen that this might be because the server
certificate is not issued by certification authority, but a self signed or
issued by a private CMS.
but when I connect to the wsdl through the browser I do not get any warning
about the certificate.
I have also seen that you need to configure a http conduit so that it will
make proper use of SSL.
Is this my problem?
If it is is there any clear and easy explanation how to set this up because
I have not understood the documentation that I have read.
Any help would be very appreciated.
--
View this message in context: http://cxf.547215.n5.nabble.com/consumig-a-web-service-with-https-tp5123480p5123480.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: consumig a web service with https
Posted by Bernhard Thalmayr <be...@painstakingminds.com>.
You may enable SSL tracing on your deployment container by setting
'-Djavax.net.debug=SSL,handshake,trustmanager' jvm option ... see
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
This should enable you to find out
which truststore is used and why the verification fails.
-Bernhard
On 1/18/12, uib <ur...@yahoo.com> wrote:
> thank you for your help.
> I did this in my development environment and it worked. (I was able to
> connect to web service)
> I also put the certificate in my production server and it is said that
> certificate added successfully to key store.
> When I run the code I am still getting the error:
>
> javax.net.ssl.SSLHandshakeException: sun.security.val
> idator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> val
> id certification path to requested target
>
> any ideas.
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/consumig-a-web-service-with-https-tp5123480p5154088.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
IT-Consulting Bernhard Thalmayr
- Painstaking Minds -
83620 Vagen (Munich area)
Germany
Re: consumig a web service with https
Posted by Bernhard Thalmayr <be...@painstakingminds.com>.
You may enable SSL tracing on your deployment container by setting
'-Djavax.net.debug=SSL,handshake,trustmanager' jvm option ... see
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
This should enable you to find out
which truststore is used and why the verification fails.
-Bernhard
On 1/18/12, uib <ur...@yahoo.com> wrote:
> thank you for your help.
> I did this in my development environment and it worked. (I was able to
> connect to web service)
> I also put the certificate in my production server and it is said that
> certificate added successfully to key store.
> When I run the code I am still getting the error:
>
> javax.net.ssl.SSLHandshakeException: sun.security.val
> idator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> val
> id certification path to requested target
>
> any ideas.
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/consumig-a-web-service-with-https-tp5123480p5154088.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
IT-Consulting Bernhard Thalmayr
- Painstaking Minds -
83620 Vagen (Munich area)
Germany
Re: consumig a web service with https
Posted by uib <ur...@yahoo.com>.
thank you for your help.
I did this in my development environment and it worked. (I was able to
connect to web service)
I also put the certificate in my production server and it is said that
certificate added successfully to key store.
When I run the code I am still getting the error:
javax.net.ssl.SSLHandshakeException: sun.security.val
idator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
val
id certification path to requested target
any ideas.
--
View this message in context: http://cxf.547215.n5.nabble.com/consumig-a-web-service-with-https-tp5123480p5154088.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: consumig a web service with https
Posted by Glen Mazza <gm...@talend.com>.
Answer to your question is "yes"--at least that's how I've done it
before on a prior project.
Glen
On 01/06/2012 07:11 AM, uib wrote:
> I do not understand exactly the documentation from the link you gave me.
>
> How do I exactly get the severs certificates public key to put it in the
> cacerts file.
>
> The server that the web service is running on is not under my control
>
> Do I just copy to file the public key from the page info of the servers web
> site that i see in my browser.
>
> Then run the keytool command mentioned in #8 in the documentation.
>
> Hope I have not missed the boat completely.
>
> Thank you for your help
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/consumig-a-web-service-with-https-tp5123480p5125360.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders
http://coders.talend.com
blog: http://www.jroller.com/gmazza
Re: consumig a web service with https
Posted by uib <ur...@yahoo.com>.
I do not understand exactly the documentation from the link you gave me.
How do I exactly get the severs certificates public key to put it in the
cacerts file.
The server that the web service is running on is not under my control
Do I just copy to file the public key from the page info of the servers web
site that i see in my browser.
Then run the keytool command mentioned in #8 in the documentation.
Hope I have not missed the boat completely.
Thank you for your help
--
View this message in context: http://cxf.547215.n5.nabble.com/consumig-a-web-service-with-https-tp5123480p5125360.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: consumig a web service with https
Posted by Glen Mazza <gm...@talend.com>.
http://www.jroller.com/gmazza/entry/ssl_for_web_services ; you'll need
to put the server provider's public key in your client JRE's truststore
(or a truststore specifically attached to the client as mentioned in the
link.)
HTH,
Glen
On 01/05/2012 01:31 PM, uib wrote:
> I am trying to consume a web service call that uses https.
>
> I am getting this error:
>
> Exception in thread "main"
> com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport
> error: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
> while searching I have seen that this might be because the server
> certificate is not issued by certification authority, but a self signed or
> issued by a private CMS.
>
> but when I connect to the wsdl through the browser I do not get any warning
> about the certificate.
>
> I have also seen that you need to configure a http conduit so that it will
> make proper use of SSL.
>
> Is this my problem?
>
> If it is is there any clear and easy explanation how to set this up because
> I have not understood the documentation that I have read.
>
> Any help would be very appreciated.
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/consumig-a-web-service-with-https-tp5123480p5123480.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders
http://coders.talend.com
blog: http://www.jroller.com/gmazza