I have generated client side classes using wsimport by downloading wsdl file. The url of the wsdl file uses https protocol.
They have provided me a pfx file with password. I converted it into cer file using IE export tool. Then I imported it into tmpkeystore.jks using keytool command with "12345678" password.
Then I have set system property like this
After this I am creating here webservice client passing wsdl url with https protocol.
But I get this error
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Please, tell me what am I doing wrong here?
Thanks
Yogesh Gandhi
Ranch Hand
Joined: Dec 05, 2008
Posts: 176
posted
0
Very sad to see no response even after 2 years...
I think there are very less people who know web services on coderanch.
H Paul
Ranch Hand
Joined: Jul 26, 2011
Posts: 299
posted
0
I was given this to trouble shoot:
-Djavax.net.debug=ssl
OR
System.setProperty("javax.net.debug", "ssl");
Yogesh Gandhi
Ranch Hand
Joined: Dec 05, 2008
Posts: 176
posted
0
Thanks Paul, I'll also definitely try this.
I wish adding debug information prints something that proves useful for me
Yogesh Gandhi
Ranch Hand
Joined: Dec 05, 2008
Posts: 176
posted
0
Can someone brief me what is difference between keyStore and trustStore?
1) Do they both exist on client side?
2) What is the significance of each?
3) If I need to access a web service running on SSL, do i need to set both ?
4) Is setting the password of keystore mandatory? My client was saying that he didnt' set any password specifically, is that possible?
I am closely watching this topic. So if anybody has any clue, I'll be thankful if someone can answer my questions.
H Paul
Ranch Hand
Joined: Jul 26, 2011
Posts: 299
posted
0
The answer is your patience :-D. Quickly scan over these and walk over them slowly.
Yogesh Gandhi wrote:I think there are very less people who know web services on coderanch.
Or possibly people don't feel like answering something for which the solution can be found simply by googling the exception message. The second search result I get is the ultimate problem description and solution, straight from the horse's mouth, i.e. Oracle.
Yogesh Gandhi
Ranch Hand
Joined: Dec 05, 2008
Posts: 176
posted
0
H Paul,
if i set debug proprrty as suggested. where can i see the info getting printed? in seever logs or in my application logs or on console?
Yogesh Gandhi
Ranch Hand
Joined: Dec 05, 2008
Posts: 176
posted
0
Manan Panchal,
I know, I am answering it very late, but yes for the sake of others who visit this forum, i want to add my drop.
the file that you have set in trustStore, must be generated on the client side (giving input file as .cer or .crt) using keytool -import command.
I also have seen this problem, and the reason was that I was using a wrong certificate.
Check that if this file was generated on client side.
Moreover, I think this type of exception will come, when you are either using a wrong certificate or no certificate.
The pfx file is provided to me. I know that the file should contain private key and certificate. But, I don't know whom private key it contains. Me or them? I cannot understand how private key can be provided. It is subject to be generated. Right?
It is working fine with HttpsURLConnection.setDefaultSSLFactory(sslFactory) where sslFactory is created using inputstream of pfx file. But, how can I use above approach?
Thanks.
Yogesh Gandhi
Ranch Hand
Joined: Dec 05, 2008
Posts: 176
posted
0
what happens if you set your trust store to pfx file.
i know that sounds stupid but i want to know.
i am also working on ssl these days and facing an error which says javax.net.ssl.* properties are not set.
struggling with this issue for last 5 days...
Yogesh Gandhi
Ranch Hand
Joined: Dec 05, 2008
Posts: 176
posted
0
Now, I am also getting exactly the same exception as you. Still not able to resolve it.
I am trying to call web services from Websphere Application Server.
I have tried everything available on net.
One of my friends in this forum as saying that the solution is directly available on the second link in google. But it didn't help me. It just says that we need to add the certificate to websphere trust store.
I am stuck badly.
I have even tried setting the properties using System.setProperty as Manan was doing. But nothing came to rescue.
Manan Panchal
Greenhorn
Joined: Nov 17, 2008
Posts: 19
posted
0
I have never tried to set pfx file as truststore!! It will not work surely.
I create a SSLFactory using pfx file and then I set the SSLFactory to HttpsURLConnection.setDefaultSSLFactory(sslFactory).
This is working for me. But the system properties approach is not working for me.
This is very disappointing.
Yogesh Gandhi
Ranch Hand
Joined: Dec 05, 2008
Posts: 176
posted
0
System properties approach was not working for me as well.
What came to my rescue was the guide of IBM websphere given on
if you search "CellDefaultTrustStore" in the above guide, you'll find a single page.
You can see CellDefaultTrustStore and NodeDefaultTrustStore.
Earlier i was adding certificate only to NodeDefaultTrustStore, but after reading the guide, i just wanted to try setting the certificate in CellDefaultTrustStore as well and it worked for me !!!
Manan Panchal
Greenhorn
Joined: Nov 17, 2008
Posts: 19
posted
0
Yogesh Gandhi, I am not using any application server. I am just creating webservice client using wsimport.
And I am simply using this client with desktop application to call webservice.
Yogesh Gandhi
Ranch Hand
Joined: Dec 05, 2008
Posts: 176
posted
0
@Manan,
Two things I would like to say
1) ==============================================================
You said that you problem is solved. But if you still want to explore this area more
You might like to try these sample programs, that make a socket connection over ssl.
You can also visit the source URL given in this post if required.
I was able to make a socket connection, when both client and server were on the same machine. But Don't know, it didn't work for me when i actually tested in production (I was getting a handshake failure msg).
If you would like to try them out, please do that, I would like to know the results you get with these programs.
0
