SSL handshaking problem in webservice with Java and Tomcat
Two common approaches here:
http://ws.apache.org/xmlrpc/ssl.html
WebLogic has its own stuff:
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/security/SSL_client.html#wp1029670
Ezequiel
Updated on July 09, 2022Comments
-
Ezequiel almost 2 years
I have to consume a webservice done in Axis with my Java web application (that runs on Tomcat). The company that made the webservice uses HTTPS and a certificate self signed for testing.
I have run a Netbeans wizzard to generate a Webservice based on the WSDL, and that is done correctly. If I enter to the website of the webservice using a browser, I get a warning because of the SSL certificate, and I have to create an exception.
When trying to run my code, I get exceptions when the SSL connection is made. The exceptions are:
1.
com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
and some times (without changing the code)
2.
com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I imagine that I have to incorporate a certificate into the Java VM and/or Tomcat, and also tells to ignore that is not a trusted source.
How to do this? How to consume this secure webservice correctly?
If the information I provide is not enough, please ask for more.
Thanks
Ezequiel
UPDATE:
I have tried this two things, both without success, the exceptions are the same.
Option 1)
System.setProperty("javax.net.ssl.trustStore","/home/serverapp/BSS-cert.p12"); System.setProperty("javax.net.ssl.trustStorePassword","password"); System.setProperty("javax.net.ssl.trustStoreType","PKCS12");
Option 2) KeyStore ks = KeyStore.getInstance( "pkcs12" ); ks.load( new FileInputStream("/home/serverapp/BSS-cert.p12"), "password".toCharArray() );
KeyStore jks = KeyStore.getInstance( "JKS" ); jks.load( null ); KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" ); kmf.init( ks, "f0p6k9n2".toCharArray() ); TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" ); tmf.init( jks ); SSLContext ctx = SSLContext.getInstance( "TLS" ); ctx.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null );
Also, as I thought that may be the problem was the web service, I tried to stablish an HTTPS connection, and it fails with the same error when openning an input stream.
String httpsURL = "https://serverurl:443/theservice?wsdl"; URL myurl = new URL(httpsURL); HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection(); InputStream ins = con.getInputStream(); //Exception here! InputStreamReader isr = new InputStreamReader(ins); BufferedReader in = new BufferedReader(isr);
-
Ezequiel about 13 yearsI'll try this and let you know. I have tried exporting a DER formated X509 file and importing that into "cacerts" but it didn't work.
-
Ezequiel about 13 yearsI have tried this approach, and when I execute InstallCerts from the second time, it again throws the exception. If I look in the jssecerts store, the certificate is present.