You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Harish Kumar <ha...@yahoo.com> on 2013/03/06 09:53:55 UTC
Issue with SSL3 - Bad certificate
I am using Axis2 (1.5) for invoking webservice method on SoftwareAG Webmethod integration server.
Our JDK version is 1.6.05 and webmethod server JDK is 1.5.
At time call is made on WebMethod integration server. Get error as "Fatal error - Bad certificate"
Though i have cross checked server keys are imported into our keystore. Webmethod server on other side raise bad certificate
error only when SSL protocol is not SSL. For enabling Https setting, i did following change inside Axis2.xml.
#1. What additional settings i need to make so that SSL version 3 is used for communication with other server?
#2. Any issue related to mismatch between JDK version?
HTTPS setting inside Axis2.xml
=========================
What steps i need to follow to make sure SSL3 protocol is used for communication
<transportReceiver
name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter
name="port">443</parameter></transportReceiver
Thanks,
Harish
RE: Issue with SSL3 - Bad certificate
Posted by Martin Gainty <mg...@hotmail.com>.
SSL and or TLS Transport Protocols are verified by the container (usually as an attribute in 'Container' element)
If you reference SOAP With Attachments Profile 1.1 you will be able to view this breakout
Non-goals include:
• Provide guidance on which of a variety of security mechanisms are appropriate to a given application.
The choice of transport layer security (e.g. SSL/TLS), S/MIME, application use of XML Signature and
XML Encryption, and other SOAP attachment mechanisms (MTOM) is explicitly out of scope. This
profile assumes a need and desire to secure SwA using SOAP Message security.
Bad Cert is *usually* caused by
-Cert was not issued by CA Authority (e.g. not issued by Verisign or Thawte)
-Cert valid date range was out of range from date SSL request was issued
-The SiteOwner you are contacting is NOT the owner of the site from the certificate
Quickest solution would be to contact the site owner and have their CA (Certificate Authority) for you to test with
and verify the SSL support attributes with the AppServer Administrator
Viel Gluck!
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
Date: Wed, 6 Mar 2013 00:53:55 -0800
From: harish_k_s007@yahoo.com
Subject: Issue with SSL3 - Bad certificate
To: java-user@axis.apache.org
I am using Axis2 (1.5) for invoking webservice method on SoftwareAG Webmethod integration server.
Our JDK version is 1.6.05 and webmethod server JDK is 1.5.
At time call is made on WebMethod integration server. Get error as "Fatal error - Bad certificate"
Though i have cross checked server keys are imported into our keystore. Webmethod server on other side raise bad certificate
error only when SSL protocol is not SSL. For enabling Https setting, i did following change inside Axis2.xml.
#1. What additional settings i need to make so that SSL version 3 is used for communication with other server?
#2. Any issue related to mismatch between JDK version?
HTTPS setting inside Axis2.xml
=========================
What steps i need to follow to make sure SSL3 protocol is used for communication
<transportReceiver name="https" class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">443</parameter></transportReceiver
Thanks,
Harish
RE: Issue with SSL3 - Bad certificate
Posted by Martin Gainty <mg...@hotmail.com>.
Ongen
this will only work in the container connector he is connecting to supports SSLv3
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> Date: Wed, 6 Mar 2013 12:18:33 +0100
> From: ognjen.d.blagojevic@gmail.com
> To: java-user@axis.apache.org
> Subject: Re: Issue with SSL3 - Bad certificate
>
> Harish,
>
> On 6.3.2013 9:53, Harish Kumar wrote:
> > #1. What additional settings i need to make so that SSL version 3 is
> > used for communication with other server?
>
> You may try to add Java system property -Dhttps.protocols="SSLv3" to
> your WS client.
>
> -Ognjen
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-user-help@axis.apache.org
>
Re: Issue with SSL3 - Bad certificate
Posted by Ognjen Blagojevic <og...@gmail.com>.
Harish,
On 6.3.2013 9:53, Harish Kumar wrote:
> #1. What additional settings i need to make so that SSL version 3 is
> used for communication with other server?
You may try to add Java system property -Dhttps.protocols="SSLv3" to
your WS client.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org