Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SSLHandshakeException

 
Rr Kumaran
Ranch Hand
Posts: 548
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have a web service wsdl given by some third party and I am trying to create a axis web service consumer java program to access this web service. I imported the certificate to my client trusted store but when I run the client I am getting below exception. What am I missing here :

Exception in thread "main" AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
 
Saurabh Rai
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am facing exactly same problem while using axis .......

Any one having solution for the same...................
 
Rr Kumaran
Ranch Hand
Posts: 548
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
saurabhrais-

Can you please explain what is that you are trying to achieve. I didnt resolve this issue however I guess the reason is the service provider is expecting a soap message which is signed using xml signatures and also there is digital certificates enabled and the client need to identify itself by providing its certificat to the web service provider. Please let me know your views ...
 
Alex Beekman
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you create a local certificate on the client machine?

Use the keytool.exe in the JDK to create a .keystore file.

Then in your java code set
System.setProperty("javax.net.ssl.keyStore", "/folderA/.keystore);
System.setProperty("javax.net.ssl.keyStorePassword", "abcdefg");

before invoking the call.
[ January 05, 2005: Message edited by: Alex Beekman ]
 
Rr Kumaran
Ranch Hand
Posts: 548
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Casan,

Below are the entries %JAVA_HOME%\jre\lib\security\java.security file
and I am using java
version 1.4.2_04

security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.rsajca.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider

When I run the commands "keytool -list" or "keytool -list -storetype
JKS" on my dos prompt I am getting below error :
keytool error: java.io.IOException: Invalid keystore format

And when I the command "keytool -list -storetype JCEKS" I am getting
below output :
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 0 entries

There is some java file given by some third party (actually it is
dsig.SampleSign2 that comes bundled with IBM XML Security Suite) that
uses the below line in its code :
KeyStore keystore = KeyStore.getInstance("JKS");

And so in accordance with the above JKS keystore type used I want to
update the default .keystore with my newly generated certificate and
so when I apply the command

keytool -genkey -dname "CN=Doug Tidwell, OU=developerWorks, O=IBM,
L=Research Triangle Park, S=North Carolina, C=US"
-keypass changeit -storepass changeit -alias xss4j1

I am getting below error message :

keytool error: java.io.IOException: Invalid keystore format

Can anyone please help me. What am I doing wrong here ...

You reply has always been timely. Thank you.

What I want is to create a key pair and certifcate whose storetype is
JKS but not JCEKS (using keytool -storetype JKS option) in the default
keystore file (i.e.C:\Documents and Settings\117382\.keystore) and I
want to read this keystore programatically using KeyStore keystore =
KeyStore.getInstance("JKS")

Hope I am clear on my illustration ... Please help
 
Tasja Mango
Greenhorn
Posts: 8
 
Alex Beekman
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If all you need to do is get the wsdl2java to create the client -
Save the WSDL xml to a local file and then run the client generator tool using the file and not a URL.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic