wood burning stoves*
The moose likes Web Services and the fly likes SSL, AXIS, Web Service Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "SSL, AXIS, Web Service" Watch "SSL, AXIS, Web Service" New topic
Author

SSL, AXIS, Web Service

Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Hi All,

I have https enabled web service whose wsdl address location is similiar to
https://mysc.mycom.com:443/PtrAcc/DM.

I am behind a firewall and now I have written a web service java client program that uses AXIS Stubs. Also I think this
web service employs 2 way authentication since when I type https://mysc.mycom.com:443/PtrAcc/DM
in my browser I am getting a IE dialog "Client Authentication" saying "The web site you
want to view requests identification. Select the certificate to use when connection" and there are
no certificates available on my client machine to choose from and eventually if I press Ok button of this dialog I am
getting below message in browser :


No service was found matching the request
Requested path: /PtrAcc/DM
Client IP: 343.232.121.99
SOAPAction Header: NULL


Now, I created a an entry in my default keystore file using below keytool command on my windows2000 command prompt :

keytool -genkey -dname "CN=Nick Chase, OU=InformIT, O=Pearson, L=NPR, S=Florida, C=US" -alias nick -storepass mystorepassword -keypass mykeypassword -storetype jks

and I wrote a web service java client program and used below lines inside it :


System.setProperty("http.proxyHost", "343.232.121.99");
System.setProperty("http.proxyPort", "1563");

System.setProperty("javax.net.ssl.trustStore", "C:\\Documents and Settings\\113342\\.keystore");

but when I run my web service client program I am getting below error message :

AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator
Exception: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:130)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:382)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
at org.apache.axis.client.Call.invokeEngine(Call.java:2737)
at org.apache.axis.client.Call.invoke(Call.java:2720)
at org.apache.axis.client.Call.invoke(Call.java:2396)
at org.apache.axis.client.Call.invoke(Call.java:2319)
at org.apache.axis.client.Call.invoke(Call.java:1776)




Guys, what am I missing here. My certificate in .keystore should be imported to server trust store ? Please suggest ...



Thanks & Regards,


RR Kumaran
SCJP 1.4
Tasja Mango
Greenhorn

Joined: Mar 03, 2004
Posts: 8
You may use

System.setProperty("javax.net.debug", "all");

before starting a test...

by this, the soft shows which certificate store file is loaded. So you can check if your setting is taken into account.

In fact, there are 3 properties that should be used (and they are taken into account by/via AXIS).
System.setProperty("javax.net.ssl.keyStore", "...ty\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "");
System.setProperty("javax.net.ssl.trustStore", "...curity\\cacerts");

Alternatively, you can disable certificate checking with

AxisProperties.setProperty("axis.socketSecureFactory","org.apache.axis.components.net.SunFakeTrustSocketFactory");

(of interrest only when it doesnt matter to ensure the servers identity, when e.g. when only the SSL encryption itself is of importance).

Hope this helps
Tasha
Terry Jeske
Greenhorn

Joined: Apr 06, 2004
Posts: 17
I had a the same problem. My company was using some homegrown certs for testing and a thawte cert for production. I had to add the cert to my cacerts file and it worked fine. Here are the steps I used.

Open MS IE and navigate to the URL using https.
Accept and install the cert when prompted.
IE Tools, Options, Content, Certificates, Trusted Root Certs, find the cert you installed. Example Equifax Global Cert
Export the cert using Der x.509 Format. e.g. c:\test\equifax.cer.
Make sure you have Java on your path.
Open a command window.
Navigate to %JAVA_HOME% \jre\lib\security.
Use the keytool to add the certificate to the cacerts file:
keytool -import -alias EquifaxGlobalCert -file c:\test\equifax.cer -keystore cacerts
Password is "changeit"
For WSAD (developers only) using WS4, copy cacert to WSAD's jre.
C:\WSAD\aes_4\java\jre\lib\security


Note, the fakecert mentioned in other posts is probably the way to go, but this worked for me.
Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Guys, thank you for the inputs. I shall give it a try and 'll update you soon ...
Vikas Phonsa
Greenhorn

Joined: Jan 21, 2003
Posts: 3
Guys,

The information that you have provided here is very hands on and extremely useful. It helped me to make my web services client work with https within minutes of reaching this page.

If you ever come to southern california, the drinks are on me.

Thanks a bunch.

Vikas
Rr Kumaran
Ranch Hand

Joined: Sep 17, 2001
Posts: 548
Vikas- I dont want any drink. Just let me know more about urself by sending a private message :-)
sshag sshag
Greenhorn

Joined: Feb 14, 2005
Posts: 1
Hello,

Thanks for your support, but for me I have the following error (in debug mode ) : -Djavax.net.debug=all

main, WRITE: TLSv1 Handshake, length = 32
waiting for close_notify or alert: state 1
Exception while waiting for close java.net.SocketException: Software caused connection abort: recv f
ailed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
Plaintext before ENCRYPTION: len = 18
0000: 02 0A 57 C5 F1 DA 4E 95 A9 3B CB 31 A3 9C 0D F0 ..W...N..;.1....
0010: 14 7B ..
main, WRITE: TLSv1 Alert, length = 18
Exception sending alert: java.net.SocketException: Software caused connection abort: socket write er
ror
main, called closeSocket()
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.net.SocketException: Software caused connection abort: recv failed
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: java.net.SocketException: Software caused connectio
n abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)


I import the CA.cer and Client.cer with keytool ... here is the command :

java -Djavax.net.ssl.trustStore=C:\newFrontEndApplicationServer\j2sdk1.4.2_05\jre\lib\security\cacer
ts -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.keyStore=C:\newFrontEndApplicationSer
ver\j2sdk1.4.2_05\jre\lib\security\cacerts -Djavax.net.ssl.keyStorePassword=password -Djavax.net.deb
ug=all secured.Client -u tomcat -w tomcat -lhttps://mysite/axisSecurised/services/SecuredService "test"

The password password is ok I test it with keytool -v -list.
Alex Beekman
Greenhorn

Joined: Dec 22, 2004
Posts: 9
What are some of the potential risks when using the fake certificate?

I have a client module that connects to a single hard-coded webservice.
The communication between my client and this webservice is locked down by single IP addresses.

Does the information still go out encrypted when using the fake certificate?
Luis Munoz
Greenhorn

Joined: Dec 15, 2010
Posts: 1
It works perfect to me into JDeveloper 11.1.1.1


Thank you and Regards
Sujoy Choudhury
Ranch Hand

Joined: Sep 17, 2008
Posts: 136

After doing all these, I am getting
java.security.cert.CertPathValidatorException: Certificate chaining error


Thanks and Regards,
~Sujoy
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSL, AXIS, Web Service
 
Similar Threads
certificates,https, axis and weblogic 8.1
Web Service with SSL Certificate exception
Authentication web services
SSL Certificate Compatibility Issue in Tomcat 4.1
HttpsURLConnection - Problem in SSL Handshaking