aspose file tools*
The moose likes Web Services and the fly likes Unsigned Certificates with Axis2 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Unsigned Certificates with Axis2" Watch "Unsigned Certificates with Axis2" New topic
Author

Unsigned Certificates with Axis2

Nathan Hook
Ranch Hand

Joined: Jan 10, 2005
Posts: 81
For testing purposes we're working with a web service provider that has signed their own SSL Certificate.

In Axis (Axis 1.4) there was a way to use the SunFakeTrustSocketFactory. This allowed the application to use any self-signed certificates without worrying about the local keystore.

In the command line of the application the following was added:



Is there something similar in Axis2? I've tried reading though the documentation, but I have been unable to find anything.

Thank you for your time.
Nathan Hook
Ranch Hand

Joined: Jan 10, 2005
Posts: 81
So, I've already found the solution. It wasn't easy to find, but here is what I did...

Download the not-yet-commons-ssl-0.3.7.jar from:

http://juliusdavies.ca/commons-ssl/

This jar contains the class org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory which is needed to allow self-signed certificates.


Axis2 uses the commons-httpclient.jar and that jar file contains a class called org.apache.commons.httpclient.protocol.Protocol.

In your code do the following to register the EasySSLProtocolSocketFactory for the "https" protocol BEFORE you do any calls with your web services.



Here are the links I found to figure this out:

- http://archives.devshed.com/forums/apache-92/using-easysslprotocolsocketfactory-to-accept-self-signed-certs-1847276.html
- http://java2.5341.com/msg/164253.html

[ UD: added line break to make it more readable ]
[ May 16, 2008: Message edited by: Ulf Dittmer ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
Interesting stuff. Just to be clear on what this actually does: It allows the server to use any certificate, and that will be trusted by the client, without being in the local keystore or the signing authority being trusted by the client?

It seems like this technique should work everywhere where HTTPS is used, not just for WS.


Ping & DNS - my free Android networking tools app
Nathan Hook
Ranch Hand

Joined: Jan 10, 2005
Posts: 81
You are correct. This should work in any case where the commons-httpclient components are used.
Till Gartner
Greenhorn

Joined: Jun 03, 2007
Posts: 1
Hi Gentlemen,

I followed what you mentioned and something changed indeed: instead of getting the error about missing PKIX path and certification problems I now get the following error: "No X509TrustManager implementation available".

Does anyone have an idea what that could be?

Just a note: I don't use it in the Axis environment, I just try to retrieve some data from a self signed HTTPS site with apaches HttpClient (from within the commons package).

Thank you for your help,
-- Till.
Teodor Baciu
Greenhorn

Joined: May 16, 2008
Posts: 1
I post this answer regarding the "No X509TrustManager implementation" when using commons httpclient.

The problem arise because EasyX509TrustManager is extending com.sun.net.ssl.X509TrustManager which has been deprecated.

If you hit this problem when using httpclient then you need to change the source code of EasyX509TrustManager so that it extends javax.net.ssl.X509TrustManager. Implement the aditional two abstract methods by leaving the method body empty and that's it. Should work now.
Good luck !
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Unsigned Certificates with Axis2