aspose file tools*
The moose likes Web Services and the fly likes Problem in accessing webservice over https with auth cert enabled...Urgent Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Problem in accessing webservice over https with auth cert enabled...Urgent" Watch "Problem in accessing webservice over https with auth cert enabled...Urgent" New topic
Author

Problem in accessing webservice over https with auth cert enabled...Urgent

Anuj Shukla
Greenhorn

Joined: Jun 23, 2008
Posts: 1
Hi All,


I am stuck in accessing webservices using ssl and auth certificate.
I am using jdk 6 and it is not any issue with the problem I am facing...

This is what I do...
###########################
I have a webservice deployed which is accessible over https.


On server, I run..
-----------------
*- to generate keystoye*
keytool -genkey -alias tomcat-sv -dname "CN=<Server Machine Id>, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore

generate server certificate
keytool -export -alias tomcat-sv -storepass changeit -file server.cer -keystore server.keystore


*On client, i run..*
-----------------
To generate client keystore-
keytool -genkey -alias tomcat-cl -dname "CN=<Client Machine Id>, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore client.keystore

To generate client certificate -
keytool -export -alias tomcat-cl -storepass changeit -file client.cer -keystore client.keystore

-----------------------------
Thne I import server's certificate into client keystore and Client's certificate to server's keystore by

import server's cer to client keystore -
keytool -import -v -trustcacerts -alias tomcat -file "C:\java\jdk1.6.0_10\bin\server.cer" -keystore client.keystore -keypass changeit -storepass changeit

inport client's cer to server keystore -
keytool -import -v -trustcacerts -alias tomcat -file "C:\jdk1.6.0_06\bin\client.cer" -keystore server.keystore -keypass changeit -storepass changeit


*--------------------------*
when i try to call webservices through a java client (which is called by a python script), I get error as
*"Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed"*
&
*"faultString: java.net.SocketException: Software caused connection abort: recv failed"*

complete log is as following
################

C:\apache-tomcat-6.0.10\webapps\webservice>tradereport.py

Jun 23, 2008 3:05:59 PM currenex.share.log.CxLogger log
INFO: details=before SSL change
Jun 23, 2008 3:05:59 PM currenex.share.log.CxLogger log
INFO: details=after SSL change
log4j:WARN No appenders could be found for logger (org.apache.axis.i18n.ProjectResourceBundle).
log4j:WARN Please initialize the log4j system properly.
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1214213509 bytes = { 50, 7, 252, 244, 34, 192, 54, 190, 160, 197, 162, 65, 78, 3, 120, 182, 179, 199
, 160, 208, 223, 247, 41, 216, 188, 138, 228, 70 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_1
28_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_
DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA
_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WI
TH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 7873
*** ServerHello, TLSv1
RandomCookie: GMT: 1214213504 bytes = { 98, 89, 26, 148, 19, 15, 45, 155, 163, 196, 220, 193, 150, 127, 19, 44, 130, 16
5, 78, 243, 155, 34, 214, 123, 198, 89, 102, 15 }
Session ID: {72, 95, 110, 128, 129, 101, 2, 252, 120, 147, 235, 106, 51, 210, 236, 197, 28, 197, 154, 236, 116, 85, 185
, 177, 153, 9, 235, 160, 228, 124, 191, 206}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=Anuj-Shukla, OU=X, O=Y, L=Z, ST=XY, C=YZ
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 1155910927093088021038703558200517321935975136532818479526927502986487608253029863427194046282623217778572406
007584457425344367852682875007488075549568987019062497769571000978532532156228707400592262495876461712276454493567147822
56749486566093981751121311864618619780132448329770352303648687445023336431685957
public exponent: 65537
Validity: [From: Mon Jun 23 14:17:18 GMT+05:30 2008,
To: Sun Sep 21 14:17:18 GMT+05:30 2008]
Issuer: CN=Anuj-Shukla, OU=X, O=Y, L=Z, ST=XY, C=YZ
SerialNumber: [ 485f6316]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 48 05 F9 A9 89 C6 87 83 C4 02 C4 44 F4 7C A0 54 H..........D...T
0010: F6 9A 57 69 F0 DB 37 79 FD 8F 90 E9 8F 3E C2 DB ..Wi..7y.....>..
0020: 9F D7 CC 15 28 0A 73 80 0A DC D0 7F EC 1C EE BD ....(.s.........
0030: 23 EF E7 28 79 F3 7F C7 CC 7D A6 C6 F7 59 9A 17 #..(y........Y..
0040: 73 ED 8B FF 6A 76 7F F7 4F 97 48 DF 23 A6 4C 42 s...jv..O.H.#.LB
0050: B2 B4 5C 00 D0 77 88 12 F4 97 4E 66 7C EE F0 66 ..\..w....Nf...f
0060: E6 95 8C B1 58 BF C5 E8 B5 64 A3 D5 5E EA 07 02 ....X....d..^...
0070: FE 3D 63 7F F4 0B DC 86 66 B7 4B 4F 0C 1C 69 0F .=c.....f.KO..i.

]
***
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
<EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte
Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA>
<CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE>
<CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US>
<CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE>
<CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by
ref. (limits liab.), O=Entrust.net>
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE>
<CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certificat
ion Authority - G2, O="VeriSign, Inc.", C=US>
<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. b
y ref. (limits liab.), O=Entrust.net, C=US>
<CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE>
<EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consu
lting cc, L=Cape Town, ST=Western Cape, C=ZA>
<CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS i
ncorp. by ref. limits liab., O=Entrust.net, C=US>
<CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only"
, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCe
rt, Inc.", L=ValiCert Validation Network>
<CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE>
<CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE>
<OU=Equifax Secure Certificate Authority, O=Equifax, C=US>
<OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US>
<CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US>
<CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only"
, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certificat
ion Authority - G2, O="VeriSign, Inc.", C=US>
<CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certificat
ion Authority - G2, O="VeriSign, Inc.", C=US>
<OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US>
<CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2>
<CN=Anuj-Shukla, OU=X, O=Y, L=Z, ST=XY, C=YZ>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incor
p. by ref. (limits liab.), O=Entrust.net>
<OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
<EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte C
onsulting, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consu
lting, L=Cape Town, ST=Western Cape, C=ZA>
<CN=Client, OU=X, O=Y, L=Z, ST=XY, C=YZ>
<CN=GeoTrust Global CA, O=GeoTrust Inc., C=US>
<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=Sonera Class1 CA, O=Sonera, C=FI>
<OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US>
<CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
<CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake Cit
y, ST=UT, C=US>
<CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only"
, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=America Online Root Certification Authority 1, O=America Online Inc., C=US>
<CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by
ref. (limits liab.), O=Entrust.net>
<CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
<CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
<CN=Sonera Class2 CA, O=Sonera, C=FI>
<CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 E5 87 BC 2A E8 70 60 BA DE FA BB 42 2D 1E .....*.p`....B-.
0010: 3D 21 DB 52 A7 6C FC 55 9F 77 3A 97 B5 33 F7 33 =!.R.l.U.w:..3.3
0020: 2A FD 65 5A 78 CE 1F F4 63 29 15 D1 48 4C 46 7A *.eZx...c)..HLFz
CONNECTION KEYGEN:
Client Nonce:
0000: 48 5F 6E 85 32 07 FC F4 22 C0 36 BE A0 C5 A2 41 H_n.2...".6....A
0010: 4E 03 78 B6 B3 C7 A0 D0 DF F7 29 D8 BC 8A E4 46 N.x.......)....F
Server Nonce:
0000: 48 5F 6E 80 62 59 1A 94 13 0F 2D 9B A3 C4 DC C1 H_n.bY....-.....
0010: 96 7F 13 2C 82 A5 4E F3 9B 22 D6 7B C6 59 66 0F ...,..N.."...Yf.
Master Secret:
0000: 98 D5 9E C0 97 14 DB 9F 0E 3B 15 6B 1E F8 06 2C .........;.k...,
0010: 27 99 A4 69 B8 E4 16 03 BD 89 B9 D0 CB C5 C9 DF '..i............
0020: AE 4B 16 56 56 B2 02 F8 E0 71 1D D8 04 05 11 BF .K.VV....q......
Client MAC write Secret:
0000: 6F B7 22 74 D6 1E 44 16 C5 CB CE CE 8E 0F 46 E1 o."t..D.......F.
Server MAC write Secret:
0000: F8 DA 34 1A 53 55 E0 6D 50 25 3E 7F E5 69 91 51 ..4.SU.mP%>..i.Q
Client write key:
0000: F7 05 6E 10 62 0C AE 4A BC 96 E2 25 BA BC 46 BD ..n.b..J...%..F.
Server write key:
0000: E2 7D 11 FF 4A F3 C5 4F 94 9D 5C 57 71 5A 16 D1 ....J..O..\WqZ..
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 216, 54, 180, 236, 72, 70, 181, 20, 31, 128, 165, 12 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, waiting for close_notify or alert: state 1
main, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
Jun 23, 2008 3:06:06 PM currenex.share.log.CxLogger log
INFO: details=Exception occured while calling Login service in callLoginWebService
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.net.SocketException: Software caused connection abort: recv failed
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(Unknown Source)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at currenex.webservice.share.definitions.AuthenticationBindingStub.login(AuthenticationBindingStub.java:362)
at currenex.webservice.clients.util.WebserviceTestUtil.callLoginLogoutWebService(WebserviceTestUtil.java:132)
at currenex.webservice.clients.util.TradeCreateTester.createWebLogin(TradeCreateTester.java:64)

{http://xml.apache.org/axis/}hostname:anuj

java.net.SocketException: Software caused connection abort: recv failed
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at currenex.webservice.share.definitions.AuthenticationBindingStub.login(AuthenticationBindingStub.java:362)
at currenex.webservice.clients.util.WebserviceTestUtil.callLoginLogoutWebService(WebserviceTestUtil.java:132)
at currenex.webservice.clients.util.TradeCreateTester.createWebLogin(TradeCreateTester.java:64)
Caused by: java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(Unknown Source)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
... 12 more
Jun 23, 2008 3:06:06 PM currenex.share.log.CxLogger log
INFO: details=Login response is null, login was not successful
Login was unsuccessful



#####################################
*In apache's server.xml, My webservice is deployed as*

<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75" enableLookups="true"
acceptCount="10" debug="0"
protocol="HTTP/1.1" SSLEnabled="true" secure="true"
maxThreads="150" scheme="https"
keystoreFile="lib/server.keystore"
keystorePass="changeit" clientAuth="true"
>
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
protocol="TLS"/>
</Connector>


Please note clientAuth="true" parameter,

when I set it to false, My test runs smoothly and no exception/issue is reported


*******


Not to forget, my javaclient has following lines too..
//System.setProperty("javax.net.ssl.keyStore", "C:\\java\\jdk1.6.0_10\\jre\\lib\\security\\cacerts");
//System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
//System.setProperty("javax.net.ssl.trustStore", "C:\\java\\jdk1.6.0_10\\jre\\lib\\security\\cacerts");

//System.setProperty("java.protocol.handler.pkgs" , "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.trustStore","C:\\java\\jdk1.6.0_10\\bin\\client.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
//System.setProperty("com.sun.net.ssl.rsaPreMasterSecretFix" , "true");
//System.setProperty("javax.net.ssl.keyStore", "C:\\java\\jdk1.6.0_10\\bin\\server.keystore");
//System.setProperty("javax.net.ssl.keyStorePassword","changeit");
System.setProperty("javax.net.debug", "ssl");
s_log.info("after SSL change");


I tried all possible combinbations of these properties but nothing worked...
Please let me know if I am missing any required step.. here


Ask me if you want to know more details about my problem.
This is very urgent and critical.. Many thanks in advance.
Azahrudhin Mohammad
Greenhorn

Joined: Sep 04, 2012
Posts: 18

Hi Anju,
Did you managed to solve the problem. I have same problem if you have handled the situation please guide me.

01. I have generated the client binds using wsimport (JAX-WS)
02. Webservice provider has shared the server.cer file , we have generated client.cer file using makecert.exe.
03. Created the jks files and importing the certificates

------- Export the public key of the client from the client.jks and import it to the service.jks--------------

keytool -alias client -export -keystore C:\Azhar\DDrive\ProjectDetails\APIs\UniStream\ExtraTry\Soft\keystores\client\client.jks -storepass clientstorekey -file C:\Azhar\DDrive\ProjectDetails\APIs\UniStream\ExtraTry\Soft\keystores\client\FirstMobile.cer


keytool -import -alias client -file C:\Azhar\DDrive\ProjectDetails\APIs\UniStream\ExtraTry\Soft\keystores\client\FirstMobile.cer -keystore C:\Azhar\DDrive\ProjectDetails\APIs\UniStream\ExtraTry\Soft\keystores\service\service.jks -storepass servicestorekey

------ export the public key of the service from the service.jks and import it to the client.jks------------
keytool -alias service -export -keystore C:\Azhar\DDrive\ProjectDetails\APIs\UniStream\ExtraTry\Soft\keystores\service\service.jks -storepass servicestorekey -file C:\Azhar\DDrive\ProjectDetails\APIs\UniStream\ExtraTry\Soft\keystores\service\Global2TestServerM9.cer

keytool -import -alias service -file C:\Azhar\DDrive\ProjectDetails\APIs\UniStream\ExtraTry\Soft\keystores\service\Global2TestServerM9.cer -keystore C:\Azhar\DDrive\ProjectDetails\APIs\UniStream\ExtraTry\Soft\keystores\client\client.jks -storepass clientstorekey

Here I am getting error as
keytool error: java.lang.Exception: Input not an X.509 certificate

Please guide me , I am struck with the issue. I am using the below client code i any changes please let me know.



Thanks and Regards,
azahrudhin.mohd@gmail.com
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem in accessing webservice over https with auth cert enabled...Urgent