wood burning stoves 2.0*
The moose likes Web Services and the fly likes SSLHandshakeException Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "SSLHandshakeException" Watch "SSLHandshakeException" New topic
Author

SSLHandshakeException

Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Hi All,

I have a web service wsdl given by some third party and I am trying to create a axis web service consumer java program to access this web service. I imported the certificate to my client trusted store but when I run the client I am getting below exception. What am I missing here :

Exception in thread "main" AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)


RR Kumaran
SCJP 1.4
Saurabh Rai
Greenhorn

Joined: Oct 07, 2004
Posts: 15
Hi,

I am facing exactly same problem while using axis .......

Any one having solution for the same...................


~Saurabh Rai<br />==================<br />SCJP, SCBCD, OCP 9i-DBA, OCP-PL/SQL
Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
saurabhrais-

Can you please explain what is that you are trying to achieve. I didnt resolve this issue however I guess the reason is the service provider is expecting a soap message which is signed using xml signatures and also there is digital certificates enabled and the client need to identify itself by providing its certificat to the web service provider. Please let me know your views ...
Alex Beekman
Greenhorn

Joined: Dec 22, 2004
Posts: 9
Did you create a local certificate on the client machine?

Use the keytool.exe in the JDK to create a .keystore file.

Then in your java code set
System.setProperty("javax.net.ssl.keyStore", "/folderA/.keystore);
System.setProperty("javax.net.ssl.keyStorePassword", "abcdefg");

before invoking the call.
[ January 05, 2005: Message edited by: Alex Beekman ]
Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Hi Casan,

Below are the entries %JAVA_HOME%\jre\lib\security\java.security file
and I am using java
version 1.4.2_04

security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.rsajca.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider

When I run the commands "keytool -list" or "keytool -list -storetype
JKS" on my dos prompt I am getting below error :
keytool error: java.io.IOException: Invalid keystore format

And when I the command "keytool -list -storetype JCEKS" I am getting
below output :
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 0 entries

There is some java file given by some third party (actually it is
dsig.SampleSign2 that comes bundled with IBM XML Security Suite) that
uses the below line in its code :
KeyStore keystore = KeyStore.getInstance("JKS");

And so in accordance with the above JKS keystore type used I want to
update the default .keystore with my newly generated certificate and
so when I apply the command

keytool -genkey -dname "CN=Doug Tidwell, OU=developerWorks, O=IBM,
L=Research Triangle Park, S=North Carolina, C=US"
-keypass changeit -storepass changeit -alias xss4j1

I am getting below error message :

keytool error: java.io.IOException: Invalid keystore format

Can anyone please help me. What am I doing wrong here ...

You reply has always been timely. Thank you.

What I want is to create a key pair and certifcate whose storetype is
JKS but not JCEKS (using keytool -storetype JKS option) in the default
keystore file (i.e.C:\Documents and Settings\117382\.keystore) and I
want to read this keystore programatically using KeyStore keystore =
KeyStore.getInstance("JKS")

Hope I am clear on my illustration ... Please help
Tasja Mango
Greenhorn

Joined: Mar 03, 2004
Posts: 8
http://www.coderanch.com/t/221523/Web-Services/java/AXIS-over-SSL-trusting-all

Cheers
Natasha
Alex Beekman
Greenhorn

Joined: Dec 22, 2004
Posts: 9
If all you need to do is get the wsdl2java to create the client -
Save the WSDL xml to a local file and then run the client generator tool using the file and not a URL.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSLHandshakeException