File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Services and the fly likes SSL, AXIS, Web Service Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "SSL, AXIS, Web Service" Watch "SSL, AXIS, Web Service" New topic

SSL, AXIS, Web Service

Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Hi All,

I have https enabled web service whose wsdl address location is similiar to

I am behind a firewall and now I have written a web service java client program that uses AXIS Stubs. Also I think this
web service employs 2 way authentication since when I type
in my browser I am getting a IE dialog "Client Authentication" saying "The web site you
want to view requests identification. Select the certificate to use when connection" and there are
no certificates available on my client machine to choose from and eventually if I press Ok button of this dialog I am
getting below message in browser :

No service was found matching the request
Requested path: /PtrAcc/DM
Client IP: 343.232.121.99
SOAPAction Header: NULL

Now, I created a an entry in my default keystore file using below keytool command on my windows2000 command prompt :

keytool -genkey -dname "CN=Nick Chase, OU=InformIT, O=Pearson, L=NPR, S=Florida, C=US" -alias nick -storepass mystorepassword -keypass mykeypassword -storetype jks

and I wrote a web service java client program and used below lines inside it :

System.setProperty("http.proxyHost", "343.232.121.99");
System.setProperty("http.proxyPort", "1563");

System.setProperty("", "C:\\Documents and Settings\\113342\\.keystore");

but when I run my web service client program I am getting below error message :

faultCode: {}Server.userException
faultString: No trusted certificate found
Exception: No trusted certificate found
at org.apache.axis.transport.http.HTTPSender.getSocket(
at org.apache.axis.transport.http.HTTPSender.writeToSocket(
at org.apache.axis.transport.http.HTTPSender.invoke(
at org.apache.axis.strategies.InvocationStrategy.visit(
at org.apache.axis.SimpleChain.doVisiting(
at org.apache.axis.SimpleChain.invoke(
at org.apache.axis.client.AxisClient.invoke(
at org.apache.axis.client.Call.invokeEngine(
at org.apache.axis.client.Call.invoke(
at org.apache.axis.client.Call.invoke(
at org.apache.axis.client.Call.invoke(
at org.apache.axis.client.Call.invoke(

Guys, what am I missing here. My certificate in .keystore should be imported to server trust store ? Please suggest ...

Thanks & Regards,

RR Kumaran
SCJP 1.4
Tasja Mango

Joined: Mar 03, 2004
Posts: 8
You may use

System.setProperty("", "all");

before starting a test...

by this, the soft shows which certificate store file is loaded. So you can check if your setting is taken into account.

In fact, there are 3 properties that should be used (and they are taken into account by/via AXIS).
System.setProperty("", "...ty\\cacerts");
System.setProperty("", "");
System.setProperty("", "...curity\\cacerts");

Alternatively, you can disable certificate checking with


(of interrest only when it doesnt matter to ensure the servers identity, when e.g. when only the SSL encryption itself is of importance).

Hope this helps
Terry Jeske

Joined: Apr 06, 2004
Posts: 17
I had a the same problem. My company was using some homegrown certs for testing and a thawte cert for production. I had to add the cert to my cacerts file and it worked fine. Here are the steps I used.

Open MS IE and navigate to the URL using https.
Accept and install the cert when prompted.
IE Tools, Options, Content, Certificates, Trusted Root Certs, find the cert you installed. Example Equifax Global Cert
Export the cert using Der x.509 Format. e.g. c:\test\equifax.cer.
Make sure you have Java on your path.
Open a command window.
Navigate to %JAVA_HOME% \jre\lib\security.
Use the keytool to add the certificate to the cacerts file:
keytool -import -alias EquifaxGlobalCert -file c:\test\equifax.cer -keystore cacerts
Password is "changeit"
For WSAD (developers only) using WS4, copy cacert to WSAD's jre.

Note, the fakecert mentioned in other posts is probably the way to go, but this worked for me.
Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Guys, thank you for the inputs. I shall give it a try and 'll update you soon ...
Vikas Phonsa

Joined: Jan 21, 2003
Posts: 3

The information that you have provided here is very hands on and extremely useful. It helped me to make my web services client work with https within minutes of reaching this page.

If you ever come to southern california, the drinks are on me.

Thanks a bunch.

Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Vikas- I dont want any drink. Just let me know more about urself by sending a private message :-)
sshag sshag

Joined: Feb 14, 2005
Posts: 1

Thanks for your support, but for me I have the following error (in debug mode ) :

main, WRITE: TLSv1 Handshake, length = 32
waiting for close_notify or alert: state 1
Exception while waiting for close Software caused connection abort: recv f
main, handling exception: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
Plaintext before ENCRYPTION: len = 18
0000: 02 0A 57 C5 F1 DA 4E 95 A9 3B CB 31 A3 9C 0D F0 ..W...N..;.1....
0010: 14 7B ..
main, WRITE: TLSv1 Alert, length = 18
Exception sending alert: Software caused connection abort: socket write er
main, called closeSocket()
faultCode: {}Server.userException
faultString: Software caused connection abort: recv failed
{}stackTrace: Software caused connectio
n abort: recv failed
at Method)

I import the CA.cer and Client.cer with keytool ... here is the command :

ug=all secured.Client -u tomcat -w tomcat -lhttps://mysite/axisSecurised/services/SecuredService "test"

The password password is ok I test it with keytool -v -list.
Alex Beekman

Joined: Dec 22, 2004
Posts: 9
What are some of the potential risks when using the fake certificate?

I have a client module that connects to a single hard-coded webservice.
The communication between my client and this webservice is locked down by single IP addresses.

Does the information still go out encrypted when using the fake certificate?
Luis Munoz

Joined: Dec 15, 2010
Posts: 1
It works perfect to me into JDeveloper

Thank you and Regards
Sujoy Choudhury
Ranch Hand

Joined: Sep 17, 2008
Posts: 136

After doing all these, I am getting Certificate chaining error

Thanks and Regards,
I agree. Here's the link:
subject: SSL, AXIS, Web Service
It's not a secret anymore!