Tomcat axis2 web service with HTTPS

Hi,

I'm trying to get a tomcat/axis2 web service working over HTTPS.
I know this has been ask over and over but I haven't (yet) found the solution.

To keep things clear I've created a web service that simply add two integers together and returns the sum.

Relevant info:
Eclipse Indigo
Axis 2 (2-1.6.1)
Tomcat 6:
-with keytool created certificate in the ${user.home}./keystore file:
- server.xml has:
<Connector SSLEnabled="true" clientAuth="false" keystoreFile="${user.home}/.keystore" keystorePass="changeit" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>

Basically I followed these instructions: Tomcat6_SSL_HOW_TO


So, first things first I create the addNums web service :
package wtp; public class addNums { public int addNumbers(int n1, int n2) { return n1 + n2; } }

Eclipse creates the WebContent directory with the following relevant files:

WebContent\WEB-INF\services\addNums\META-INF\services.xml:
<service name="addNums" > <Description> Please Type your service description here </Description> <messageReceivers> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only" class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver" /> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out" class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> </messageReceivers> <parameter name="ServiceClass" locked="false">wtp.addNums</parameter> </service>

WebContent\WEB-INF\web.xml:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>AddNumbers</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> <welcome-file>/axis2-web/index.jsp</welcome-file> </welcome-file-list> <servlet> <display-name>Apache-Axis Servlet</display-name> <servlet-name>AxisServlet</servlet-name> <servlet-class>org.apache.axis2.transport.http.AxisServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>AxisServlet</servlet-name> <url-pattern>/servlet/AxisServlet</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>AxisServlet</servlet-name> <url-pattern>*.jws</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>AxisServlet</servlet-name> <url-pattern>/services/*</url-pattern> </servlet-mapping> <servlet> <display-name>Apache-Axis Admin Servlet Web Admin</display-name> <servlet-name>AxisAdminServlet</servlet-name> <servlet-class>org.apache.axis2.transport.http.AxisAdminServlet</servlet-class> <load-on-startup>100</load-on-startup> </servlet> <servlet-mapping> <servlet-name>AxisAdminServlet</servlet-name> <url-pattern>/axis2-admin/*</url-pattern> </servlet-mapping> </web-app>

At this point I can access the main web service page with https
https://localhost:8443/AddNumbers/

But if I click on the 'Services' link I get the error "https is forbidden"

To fix that I add the following the the /WebContent/WEB-INF/conf/axis2.xml file:
<transportReceiver name="https" class="org.apache.axis2.transport.http.SimpleHTTPServer"> <parameter name="port">8443</parameter> </transportReceiver>

I restart tomcat and I can get to the 'Services' page (https://localhost:8443/AddNumbers/services/listServices)
It correctly shows my addNums web service. I can click on that link to get the WSDL (https://localhost:8443/AddNumbers/services/addNums?wsdl)

All good so far.

Using the Eclipse wizard I create a web service client to test.
AddNumbersClient
- AddNumsCallbackHandler.java
- AddNumsStub.java
- AddNumbersClient.java (manually created by me and calls stub.addNumbers(Numbers); with the numbers 41 and 1)

I run this as a 'Java application' and the console windows displays the answer 42.
Good.

Then I edit AddNumsStub.java to change:
this(configurationContext,"http://localhost:8080/AddNumbers/services/addNums.addNumsHttpSoap11Endpoint/" );
to
this(configurationContext,"https://localhost:8443/AddNumbers/services/addNums.addNumsHttpSoap11Endpoint/" );

and rerun the client. This time I get errors:
[INFO] Unable to sendViaPost to url[https://localhost:8443/AddNumbers/services/addNums.addNumsHttpSoap11Endpoint/] org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78) at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84) at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621) at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193) at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at wtp.AddNumsStub.addNumbers(AddNumsStub.java:183) at wtp.AddNumbersClient.main(AddNumbersClient.java:12) Caused by: com.ctc.wstx.exc.WstxIOException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1692) at com.ctc.wstx.sw.BaseStreamWriter.close(BaseStreamWriter.java:288) at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46) at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:188) at org.apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:197) at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74) ... 18 more


So, what else do I need to do to get HTTPS to work? I'm guessing it has something to do with the WSDL file but I'm stuck.

Any ideas?

Thanks
Chris

Found the solution.

The problem was:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I needed to import the certificate on my client machine (even on the server in fact for the client to work):

keytool -export -keystore .keystore -alias tomcat -file localhost.cer

Then I did an import of the above certificate into client machine:

keytool -import -alias tomcat -file localhost.cer -keystore "C:\Program Files"\Java\jdk1.6.0_17\jre\lib\security\cacerts"

Now the client (addNumsClient.jar) runs on any machine that has this certificate.