Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

javax.net.ssl.SSLException: SSLException invoking https

 
Ranch Hand
Posts: 52
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I am trying to call a webservices, which is hosted on a remote server and is exposed through an https endpoint.

My client is an application hosted on my local tomcat, and in my tomcat's setenv.bat, I have set the following properties:

echo setting JAVA OPTS for certificates
set "JAVA_OPTS= -Dhttps.proxyHost=10.64.X.XXX -Dhttps.proxyPort=8080 -Djavax.net.ssl.trustStore=%CATALINA_HOME%/certificateStore/XXXProdTrustStore.jks -Djavax.net.ssl.trustStorePassword=XXX -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.keyStore=%CATALINA_HOME%/certificateStore/XXXProdKeyStore.pfx -Djavax.net.ssl.keyStorePassword=XXX -Djavax.net.ssl.keyStoreType=pkcs12 -Djava.security.debug=all -Dorg.apache.ws.security.crypto.merlin.file=%CATALINA_HOME%/certificateStore/XXXProdKeyStore.jks %JAVA_OPTS%"

NOTE: I have generated the XXXProdTrustStore.jks, XXXProdKeyStore.pfx and XXXProdKeyStore.jks through supplier's provided certificate. From supplier, i mean the company hosting the webservice.

On my calling the service, I get the following error:



Could someone give me some pointers as to where the problem lies?

Another important observation is that if is implement a standalone client (standard java) and execute it "not" as a JEE/Tomcat component then the I get no issues. There I set everything as system properties, part of java code and not as batch file JAVA OPTS properties.

It's only when i run the application in Tomcat, I get the above error message.

Any help shall be appreciated.

Thanks.
 
Saloon Keeper
Posts: 24557
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm confused here.

If you are making an HTTPS request to an external server from within a webapp, usually you don't need all this environmental information.

Actually, the JVM environment is generally discouraged for that kind of stuff, since it affects the entire JVM, not just a single webapp within the JVM. Webapps are primarily expected to get their external information from their deployment Context definition.

As to why all the security info, I'm even more confused. If you're planning to do standard SSL, everything you need is pre-configured and pre-installed for all JVM instances, both stand-alone java Applications and Java-based webapp servers (which actually are just a specialized class of Java Application). If you need to add a special encryption scheme, that would be more likely to require mods in the JDK directory than at runtime. If you have a client-side security cert, I'm pretty sure that there's a Tomcat config option for that. But I don't believe it requires a keystore. The keystore is normally used for SSL coming in to your webapp, and it's definitely a Tomcat configuration matter, not a JVM one.

Finally, I'm missing the point on setting proxy parameters. The webapp should be capable of targeting the destination (webservices) server directly. That destination might itself be a proxy, but a good proxy is transparent, so no client-side config options should apply.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic