Axis and SSL

Return-Path: Delivered-To: apmail-ws-axis-dev-archive@www.apache.org Received: (qmail 10865 invoked from network); 10 Jan 2005 19:55:31 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 10 Jan 2005 19:55:31 -0000 Received: (qmail 26402 invoked by uid 500); 10 Jan 2005 19:55:28 -0000 Delivered-To: apmail-ws-axis-dev-archive@ws.apache.org Received: (qmail 26376 invoked by uid 500); 10 Jan 2005 19:55:28 -0000 Mailing-List: contact axis-dev-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-dev@ws.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list axis-dev@ws.apache.org Received: (qmail 26362 invoked by uid 99); 10 Jan 2005 19:55:28 -0000 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE,HTML_50_60,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: neutral (hermes.apache.org: local policy) Received: from isecmail2.hqisec.army.mil (HELO isecmail2.hqisec.army.mil) (137.80.60.22) by apache.org (qpsmtpd/0.28) with ESMTP; Mon, 10 Jan 2005 11:55:27 -0800 Received: by isecmail2.hqisec.army.mil with Internet Mail Service (5.5.2657.72) id ; Mon, 10 Jan 2005 12:55:23 -0700 Message-ID: <3D708E7ED0363C4CB030C3767CD010E1023C9716@isecmail2.hqisec.army.mil> From: "Milazzo, Michael A HQISEC" To: axis-dev@ws.apache.org Subject: Axis and SSL Date: Mon, 10 Jan 2005 12:55:22 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C4F74E.51CF8200" X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C4F74E.51CF8200 Content-Type: text/plain; charset="iso-8859-1" Hello, I deployed an Axis-based web service on Tomcat 5.0.16 and I can access the web service over SSL within Eclipse. I added the certificate for the web service server and our CAs into both the local java keystore and the cacerts keystore. I unJARed all the Axis JARs and created one JAR for my client application. When I attempt to invoke the program from the command line, I get an SSLHandshakeException saying that a trusted certificate could not be found (but it works in Eclipse!). I know the certificates have not expired, been revoked, and are still valid. I am using Java 1.4.2_06 on the Windows platform. Has anyone else encountered this issue? Also, I am not using SSL client authentication. Thanks, Mike Here is some of the output from the command line. AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.Valida torException: No trusted certificate found faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeExcept ion: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Sou rce) at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFac tory.java:186) at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:1 31) at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.ja va:370) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg y.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147) at org.apache.axis.client.Call.invokeEngine(Call.java:2719) at org.apache.axis.client.Call.invoke(Call.java:2702) at org.apache.axis.client.Call.invoke(Call.java:2378) at org.apache.axis.client.Call.invoke(Call.java:2301) at org.apache.axis.client.Call.invoke(Call.java:1758) ------_=_NextPart_001_01C4F74E.51CF8200 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Axis and SSL

Hello,

I deployed an Axis-based web service = on Tomcat 5.0.16 and I can access the web service over SSL within = Eclipse. I added the certificate for the web service server and = our CAs into both the local java keystore and the cacerts = keystore. I unJARed all the Axis JARs and created one JAR for my = client application. When I attempt to invoke the program from the = command line, I get an SSLHandshakeException saying that a trusted = certificate could not be found (but it works in Eclipse!). I know = the certificates have not expired, been revoked, and are still = valid. I am using Java 1.4.2_06 on the Windows platform. = Has anyone else encountered this issue? Also, I am not using SSL client = authentication.

Thanks,

Mike

Here is some of the output from the = command line.

AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.u= serException
faultSubcode:
faultString: = javax.net.ssl.SSLHandshakeException: = sun.security.validator.Valida
torException: No trusted certificate = found
faultActor:
faultNode:
faultDetail:
        {http://xml.apache.org/axis/}stackTrace:javax.net.s= sl.SSLHandshakeExcept
ion: = sun.security.validator.ValidatorException: No trusted certificate = found
        at = com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
        at = com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
        at = com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
        at = com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
        at = com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
        at = com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
        at = com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
        at = com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
        at = com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown = Sou
rce)
        at = org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFac
tory.java:186)
        at = org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:1
31)
        at = org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.ja
va:370)
        at = org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
        at = org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg
y.java:32)
        at = org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at = org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at = org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
        at = org.apache.axis.client.Call.invokeEngine(Call.java:2719)
        at = org.apache.axis.client.Call.invoke(Call.java:2702)
        at = org.apache.axis.client.Call.invoke(Call.java:2378)
        at = org.apache.axis.client.Call.invoke(Call.java:2301)
        at = org.apache.axis.client.Call.invoke(Call.java:1758)

------_=_NextPart_001_01C4F74E.51CF8200--