You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Dhananjay Makwana <ma...@semandex.net> on 2006/07/25 00:46:23 UTC
axis2: accept/handle HTTPS (SSL) self-signed certificate
Hi,
I am writing a client to a web service that is running over HTTPS/SSL and is
using self-signed certificate. I am using axis2 version 1.0 and am getting
"sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target". The complete stack trace is
below.
Now on commons httpclient site they mention that (from
http://jakarta.apache.org/commons/httpclient/sslguide.html) :
The default behaviour of HttpClient is suitable for most uses, however there
are some aspects which you may want to configure. The most common
requirements for customizing SSL are:
* Ability to accept self-signed or untrusted SSL certificates. This is
highlighted by an SSLException with the message Unrecognized SSL handshake
(or similar) being thrown when a connection attempt is made.
* You want to use a third party SSL library instead of Sun's default
implementation.
So, I am wondering as to whether there is any support in axis2 for doing
this. I know there is a way to get the certificate and import it into local
keystore/truststore using "keytool" tool from Sun but that is my last
option.
Thanks in advance.
-Jay
Exception trace:
15:46:06,949 DEBUG [org.apache.commons.httpclient.HttpMethodDirector]
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:378) Attempt number 1 to process request
15:47:01,589 DEBUG [org.apache.commons.httpclient.HttpMethodDirector]
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:403) Closing the connection.
15:47:22,730 INFO [org.apache.commons.httpclient.HttpMethodDirector]
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:438) I/O exception (org.apache.axis2.AxisFault) caught when
processing request: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target; nested
exception is:
com.ctc.wstx.exc.WstxIOException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
15:47:26,902 DEBUG [org.apache.commons.httpclient.HttpMethodDirector]
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:442) sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target; nested
exception is:
com.ctc.wstx.exc.WstxIOException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target; nested exception is:
com.ctc.wstx.exc.WstxIOException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
org.apache.axis2.transport.http.SOAPOverHTTPSender$AxisSOAPRequestEntity.wri
teRequest(SOAPOverHTTPSender.java:194)
at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody
(EntityEnclosingMethod.java:495)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.jav
a:1973)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993
)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:397)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDir
ector.java:170)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
at
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTT
PSender.java:530)
at
org.apache.axis2.transport.http.SOAPOverHTTPSender.send(SOAPOverHTTPSender.j
ava:92)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithC
ommons(CommonsHTTPTransportSender.java:299)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTT
PTransportSender.java:207)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:589)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio
n.java:328)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOpera
tion.java:279)
at
net.semandex.adaptor.seaweb.webservice.QPS_x0020_Influx_x0020_GatewayStub.Ge
tTargetsInArea(QPS_x0020_Influx_x0020_GatewayStub.java:637)
at
net.semandex.adaptor.seaweb.webservice.WebServiceTestCase.testGetTargetsInAr
ea(WebServiceTestCase.java:203)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at junit.framework.TestCase.runTest(TestCase.java:154)
at junit.framework.TestCase.runBare(TestCase.java:127)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:118)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRu
nner.java:478)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.
java:344)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner
.java:196)
Caused by: com.ctc.wstx.exc.WstxIOException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
com.ctc.wstx.sw.BaseStreamWriter.safeFlushStream(BaseStreamWriter.java:1439)
at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
at
org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:
119)
at
org.apache.axiom.om.impl.llom.OMNodeImpl.serializeAndConsume(OMNodeImpl.java
:382)
at
org.apache.axis2.transport.http.SOAPOverHTTPSender$AxisSOAPRequestEntity.han
dleOMOutput(SOAPOverHTTPSender.java:145)
at
org.apache.axis2.transport.http.SOAPOverHTTPSender$AxisSOAPRequestEntity.wri
teRequest(SOAPOverHTTPSender.java:180)
... 29 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:847)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake
r.java:106)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815
)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
Impl.java:1025)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:61
9)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at
org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.
java:190)
at
sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at java.io.BufferedWriter.flush(BufferedWriter.java:236)
at
com.ctc.wstx.sw.BaseStreamWriter.flushStream(BaseStreamWriter.java:1430)
at
com.ctc.wstx.sw.BaseStreamWriter.safeFlushStream(BaseStreamWriter.java:1437)
... 34 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru
stManagerImpl.java:172)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLCont
extImpl.java:320)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:840)
... 50 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBui
lder.java:236)
at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 55 more
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: [Axis2]: accept/handle HTTPS (SSL) self-signed certificate
Posted by Dhananjay Makwana <ma...@semandex.net>.
Resending following the "Mailing Guidelines". I am not sure whether this is
the right forum but figured I will try here first.
Your help is much appreciated,
-Jay
> -----Original Message-----
> From: Dhananjay Makwana [mailto:makwana@semandex.net]
> Sent: Monday, July 24, 2006 5:46 PM
> To: axis-user@ws.apache.org
> Cc: My Self
> Subject: axis2: accept/handle HTTPS (SSL) self-signed certificate
>
> Hi,
>
> I am writing a client to a web service that is running over HTTPS/SSL and
> is
> using self-signed certificate. I am using axis2 version 1.0 and am getting
> "sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find
> valid certification path to requested target". The complete stack trace is
> below.
>
> Now on commons httpclient site they mention that (from
> http://jakarta.apache.org/commons/httpclient/sslguide.html) :
> The default behaviour of HttpClient is suitable for most uses, however
> there
> are some aspects which you may want to configure. The most common
> requirements for customizing SSL are:
>
> * Ability to accept self-signed or untrusted SSL certificates. This is
> highlighted by an SSLException with the message Unrecognized SSL handshake
> (or similar) being thrown when a connection attempt is made.
> * You want to use a third party SSL library instead of Sun's default
> implementation.
>
>
>
> So, I am wondering as to whether there is any support in axis2 for doing
> this. I know there is a way to get the certificate and import it into
> local
> keystore/truststore using "keytool" tool from Sun but that is my last
> option.
>
> Thanks in advance.
>
> -Jay
>
> Exception trace:
> 15:46:06,949 DEBUG [org.apache.commons.httpclient.HttpMethodDirector]
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMeth
> od
> Director.java:378) Attempt number 1 to process request
> 15:47:01,589 DEBUG [org.apache.commons.httpclient.HttpMethodDirector]
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMeth
> od
> Director.java:403) Closing the connection.
> 15:47:22,730 INFO [org.apache.commons.httpclient.HttpMethodDirector]
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMeth
> od
> Director.java:438) I/O exception (org.apache.axis2.AxisFault) caught when
> processing request: sun.security.validator.ValidatorException: PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target; nested
> exception is:
> com.ctc.wstx.exc.WstxIOException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> 15:47:26,902 DEBUG [org.apache.commons.httpclient.HttpMethodDirector]
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMeth
> od
> Director.java:442) sun.security.validator.ValidatorException: PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target; nested
> exception is:
> com.ctc.wstx.exc.WstxIOException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> org.apache.axis2.AxisFault: sun.security.validator.ValidatorException:
> PKIX
> path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target; nested exception is:
> com.ctc.wstx.exc.WstxIOException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at
> org.apache.axis2.transport.http.SOAPOverHTTPSender$AxisSOAPRequestEntity.w
> ri
> teRequest(SOAPOverHTTPSender.java:194)
> at
> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBo
> dy
> (EntityEnclosingMethod.java:495)
> at
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.j
> av
> a:1973)
> at
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:9
> 93
> )
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMeth
> od
> Director.java:397)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodD
> ir
> ector.java:170)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396
> )
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346
> )
> at
> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractH
> TT
> PSender.java:530)
> at
> org.apache.axis2.transport.http.SOAPOverHTTPSender.send(SOAPOverHTTPSender
> .j
> ava:92)
> at
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWit
> hC
> ommons(CommonsHTTPTransportSender.java:299)
> at
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsH
> TT
> PTransportSender.java:207)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:589)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperat
> io
> n.java:328)
> at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOpe
> ra
> tion.java:279)
> at
> net.semandex.adaptor.seaweb.webservice.QPS_x0020_Influx_x0020_GatewayStub.
> Ge
> tTargetsInArea(QPS_x0020_Influx_x0020_GatewayStub.java:637)
> at
> net.semandex.adaptor.seaweb.webservice.WebServiceTestCase.testGetTargetsIn
> Ar
> ea(WebServiceTestCase.java:203)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 39
> )
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
> pl
> .java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at junit.framework.TestCase.runTest(TestCase.java:154)
> at junit.framework.TestCase.runBare(TestCase.java:127)
> at junit.framework.TestResult$1.protect(TestResult.java:106)
> at junit.framework.TestResult.runProtected(TestResult.java:124)
> at junit.framework.TestResult.run(TestResult.java:109)
> at junit.framework.TestCase.run(TestCase.java:118)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTest
> Ru
> nner.java:478)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunne
> r.
> java:344)
> at
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunn
> er
> .java:196)
> Caused by: com.ctc.wstx.exc.WstxIOException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at
> com.ctc.wstx.sw.BaseStreamWriter.safeFlushStream(BaseStreamWriter.java:143
> 9)
> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
> at
> org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.jav
> a:
> 119)
> at
> org.apache.axiom.om.impl.llom.OMNodeImpl.serializeAndConsume(OMNodeImpl.ja
> va
> :382)
> at
> org.apache.axis2.transport.http.SOAPOverHTTPSender$AxisSOAPRequestEntity.h
> an
> dleOMOutput(SOAPOverHTTPSender.java:145)
> at
> org.apache.axis2.transport.http.SOAPOverHTTPSender$AxisSOAPRequestEntity.w
> ri
> teRequest(SOAPOverHTTPSender.java:180)
> ... 29 more
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHand
> sh
> aker.java:847)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandsha
> ke
> r.java:106)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433
> )
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:8
> 15
> )
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSock
> et
> Impl.java:1025)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:
> 61
> 9)
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59
> )
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at
> org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStrea
> m.
> java:190)
> at
> sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
> at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
> at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
> at java.io.BufferedWriter.flush(BufferedWriter.java:236)
> at
> com.ctc.wstx.sw.BaseStreamWriter.flushStream(BaseStreamWriter.java:1430)
> at
> com.ctc.wstx.sw.BaseStreamWriter.safeFlushStream(BaseStreamWriter.java:143
> 7)
> ... 34 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145
> )
> at sun.security.validator.Validator.validate(Validator.java:203)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509T
> ru
> stManagerImpl.java:172)
> at
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLCo
> nt
> extImpl.java:320)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHand
> sh
> aker.java:840)
> ... 50 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathB
> ui
> lder.java:236)
> at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
> ... 55 more
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org