You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by uravi <ur...@ucdavis.edu> on 2010/12/06 03:36:09 UTC
Re: SSL: ValidatorException: PKIX path building failed
Hi All,
I have a similar issue.I am trying to set trustStore and keyStore as JVM
options on my glassfish server.But when I try to set trustStorePassword
and keyStorePassword Glassfish server does not start and throws the
following error. java.lang.IllegalStateException: Keystore was tampered
with, or password was incorrect.I have the certs imported in
jre/lib/security /folder also.
But when I try to access the same wsdl from my local machine which is a
windos box it works fine.But on linux which is our development server I get
the error.Let me know if you have any suggestions for this.
Thanks in advance
Uma
Sagi Mann wrote:
>
> Hi all,
> I am unable to get Axis2 clients to work with via HTTPS. I've read the
> numerous threads here about it, and I think I have set up everything
> correcly, but still - no luck. The client code works great over HTTP. I'm
> using Axis2 1.4.1, NetBeans 5.5.1, SJSAS 9.1 for hosting the web service.
>
> The setup:
> My web service is inside a .war and has its web.xml set to constraint all
> clients requests to CONFIDENTIAL (it is not an Axis2-based web service).
> It does NOT enforce client authentication, i.e. no CLIENT-AUTH. In fact,
> the login section is omitted entirely. I don't want to test login at this
> point.
>
> I then access the remote wsdl using IE:
> https://hostname:8181/myapp/HelloService?wsdl to verify it is accessible
> (IE prompts me for a security confirmation).
> I then generate the client-side proxy using wsdl2java (ADB), using the WDL
> URI above. I also set the following system properties prior to running
> wsdl2java, or else wsdl2java fails due to an untrusted certificate:
> javax.net.ssl.trustStore=v:/tmp/clienttrust.jks
> javax.net.ssl.trustStorePassword=changeit
>
> Finally, in my standalone client code, I do the following:
> System.setProperty("javax.net.ssl.trustStore",
> "v:/tmp/clienttrust.jks");
> System.setProperty("javax.net.ssl.trustStorePassword",
> "changeit");
> HelloServiceStub stub =
> new HelloServiceStub(
> "https://hostname:8181/myapp/HelloService?wsdl");
> doTest(); // this involes a simple web service method
>
> However, I get an exception (see below) which usually appears only if a
> trustStore and its pwd are not specified. In fact, if I omit the
> System.setProperty calls above, I get the same exact exception (verified
> with diff tool).
>
> Does anyone have an idea how to resolve this?
> thanks.
>
>
> org.apache.axis2.AxisFault: sun.security.validator.ValidatorException:
> PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
> at
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
> at
> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
> at
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
> at
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
> at
> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:542)
> at
> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:189)
> at
> org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
> at
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:371)
> at
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:209)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:448)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> at
> samples.quickstart.service.adb.HelloServiceStub.test(HelloServiceStub.java:183)
> at samples.quickstart.clients.ADBClient.test(ADBClient.java:83)
> at samples.quickstart.clients.ADBClient.main(ADBClient.java:68)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202)
> at
> org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134)
> at org.apache.tools.ant.taskdefs.Java.run(Java.java:710)
> at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178)
> at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84)
> at
> org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
> at org.apache.tools.ant.Task.perform(Task.java:364)
> at org.apache.tools.ant.Target.execute(Target.java:341)
> at org.apache.tools.ant.Target.performTasks(Target.java:369)
> at
> org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
> at org.apache.tools.ant.Project.executeTarget(Project.java:1185)
> at
> org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40)
> at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
> at
> org.apache.tools.ant.module.bridge.impl.BridgeImpl.run(BridgeImpl.java:240)
> at
> org.apache.tools.ant.module.run.TargetExecutor.run(TargetExecutor.java:293)
> at
> org.netbeans.core.execution.RunClassThread.run(RunClassThread.java:131)
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at
> java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94)
> ... 39 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
> ... 49 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
> ... 55 more
>
>
--
View this message in context: http://old.nabble.com/SSL%3A-ValidatorException%3A-PKIX-path-building-failed-tp19569509p30366682.html
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org