• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSLHandshakeException

 
Ranch Hand
Posts: 548
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I have a web service wsdl given by some third party and I am trying to create a axis web service consumer java program to access this web service. I imported the certificate to my client trusted store but when I run the client I am getting below exception. What am I missing here :

Exception in thread "main" AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am facing exactly same problem while using axis .......

Any one having solution for the same...................
 
Rr Kumaran
Ranch Hand
Posts: 548
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
saurabhrais-

Can you please explain what is that you are trying to achieve. I didnt resolve this issue however I guess the reason is the service provider is expecting a soap message which is signed using xml signatures and also there is digital certificates enabled and the client need to identify itself by providing its certificat to the web service provider. Please let me know your views ...
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Did you create a local certificate on the client machine?

Use the keytool.exe in the JDK to create a .keystore file.

Then in your java code set
System.setProperty("javax.net.ssl.keyStore", "/folderA/.keystore);
System.setProperty("javax.net.ssl.keyStorePassword", "abcdefg");

before invoking the call.
[ January 05, 2005: Message edited by: Alex Beekman ]
 
Rr Kumaran
Ranch Hand
Posts: 548
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Casan,

Below are the entries %JAVA_HOME%\jre\lib\security\java.security file
and I am using java
version 1.4.2_04

security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.rsajca.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider

When I run the commands "keytool -list" or "keytool -list -storetype
JKS" on my dos prompt I am getting below error :
keytool error: java.io.IOException: Invalid keystore format

And when I the command "keytool -list -storetype JCEKS" I am getting
below output :
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 0 entries

There is some java file given by some third party (actually it is
dsig.SampleSign2 that comes bundled with IBM XML Security Suite) that
uses the below line in its code :
KeyStore keystore = KeyStore.getInstance("JKS");

And so in accordance with the above JKS keystore type used I want to
update the default .keystore with my newly generated certificate and
so when I apply the command

keytool -genkey -dname "CN=Doug Tidwell, OU=developerWorks, O=IBM,
L=Research Triangle Park, S=North Carolina, C=US"
-keypass changeit -storepass changeit -alias xss4j1

I am getting below error message :

keytool error: java.io.IOException: Invalid keystore format

Can anyone please help me. What am I doing wrong here ...

You reply has always been timely. Thank you.

What I want is to create a key pair and certifcate whose storetype is
JKS but not JCEKS (using keytool -storetype JKS option) in the default
keystore file (i.e.C:\Documents and Settings\117382\.keystore) and I
want to read this keystore programatically using KeyStore keystore =
KeyStore.getInstance("JKS")

Hope I am clear on my illustration ... Please help
 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
https://coderanch.com/t/221523/Web-Services/java/AXIS-over-SSL-trusting-all

Cheers
Natasha
 
Alex Beekman
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If all you need to do is get the wsdl2java to create the client -
Save the WSDL xml to a local file and then run the client generator tool using the file and not a URL.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic