axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Magnus Andersson" <dime...@popstar.com>
Subject Re: AW: SSL - java.security.cert.CertificateException: Couldn't find trusted certificate
Date Thu, 06 May 2004 10:53:58 GMT
<P>Hi,</P>
<P>I've done a working SSL over AXIS implementation using an own generated keystore
file.</P>
<P>But I wonder, is there a way to use some kind of standard certificate without having
an "own" certificate file ? </P>
<P>Magnus<BR><BR>----- Original Message ----- <BR>From: "Benjamin
Marcel Flohr" <BENJAMIN.M.FLOHR@TIPP24.DE><BR>Date: Thu, 6 May 2004 09:47:48 +0200
<BR>To: <AXIS-USER@WS.APACHE.ORG><BR>Subject: AW: SSL - java.security.cert.CertificateException:
Couldn't find trusted certificate <BR><BR>&gt; Hi Mark, <BR>&gt;
<BR>&gt; the error occures because you didnt install the certificate requiered in
your keystore. <BR>&gt; You have to set the trustet Certificat in your Keystore
and load this keystore by using this method in your client: <BR>&gt; (maybe here
in your code is missing sth) <BR>&gt; <BR>&gt; private static void setHttps()
<BR>&gt; { <BR>&gt; // specify the location of where to find key material
for the default TrustManager (this overrides jssecacerts and cacerts) <BR>&gt; System.setProperty(
"javax.net.ssl.trustStore", "c:/client.keystore" ); <BR>&gt; <BR>&gt;
// use Sun's reference implementation of a URL handler for the "https" URL protocol type.
<BR>&gt; System.setProper
 ty( "java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol" ); <BR>&gt;
<BR>&gt; // dynamically register sun's ssl provider <BR>&gt; Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider() ); <BR>&gt; } <BR>&gt; <BR>&gt;
You can install the Certificate like the following: <BR>&gt; <BR>&gt;
1. Save your cer in a file by using the InternetExplorer. Call your webservice with the IE
<BR>&gt; and save the cer in a file. <BR>&gt; <BR>&gt; 2. Import
this cer in a keystore-file by using the keytool. <BR>&gt; 3. place this file somewhere
reachable from the application. <BR>&gt; <BR>&gt; here you will find some
help using the keytool: <BR>&gt; http://www.informit.com/articles/article.asp?p=24604&amp;redir=1
<BR>&gt; <BR>&gt; <BR>&gt; Greets Benjamin <BR>&gt;
<BR>&gt; <BR>&gt; -----Urspr√ľngliche Nachricht----- <BR>&gt;
Von: Mark Melia [mailto:meliamark@eircom.net] <BR>&gt; Gesendet: Donnerstag, 6.
Mai 2004 00:00 <BR>&gt; An: Axis User Group <BR>&gt; Betreff: SSL
  - java.security.cert.CertificateException: Couldn't find <BR>&gt; trusted certificate
<BR>&gt; <BR>&gt; <BR>&gt; Hi all <BR>&gt; <BR>&gt;
**I need help** <BR>&gt; <BR>&gt; I am a bit of a newbie to web services,
so go easy on me. I am creating a <BR>&gt; web services that uses SOAP messaging.
I will be transferring confidential <BR>&gt; info, and the employment of SSL technology
is a requirement. I am having <BR>&gt; awful trouble getting SSL to work. Every
time I try to run the code I get <BR>&gt; the following exception in the client...
<BR>&gt; <BR>&gt; AxisFault <BR>&gt; faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
<BR>&gt; faultSubcode: <BR>&gt; faultString: javax.net.ssl.SSLHandshakeException:
<BR>&gt; java.security.cert.CertificateException: Couldn&amp;apos;t find trusted
c <BR>&gt; ertificate <BR>&gt; faultActor: <BR>&gt; faultNode:
<BR>&gt; faultDetail: <BR>&gt; {http://xml.apache.org/axis/}stackTrace:
<BR>&gt; javax.net.ssl.SSLHandsha
 keException: java.security.cert.CertificateExce <BR>&gt; ption: Couldn't find trusted
certificate <BR>&gt; at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
<BR>&gt; at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) <BR>&gt;
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275) <BR>&gt; at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
<BR>&gt; at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275) <BR>&gt;
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275) <BR>&gt; at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
<BR>&gt; at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275) <BR>&gt;
at <BR>&gt; com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
<BR>&gt; at <BR>&gt; org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.ja
<BR>&gt; va:224) <BR>&gt; at <BR>&gt; org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
<BR>&gt; at <BR>&gt; org.apache.axis.transpo
 rt.http.HTTPSender.invoke(HTTPSender.java:114) <BR>&gt; at <BR>&gt; org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:
<BR>&gt; 71) <BR>&gt; at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
<BR>&gt; at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120) <BR>&gt;
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180) <BR>&gt; at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
<BR>&gt; at org.apache.axis.client.Call.invoke(Call.java:2553) <BR>&gt;
at org.apache.axis.client.Call.invoke(Call.java:1753) <BR>&gt; at test.SubmitPOService.execute(SubmitPOService.java:64)
<BR>&gt; at test.SubmitPOService.main(SubmitPOService.java:79) <BR>&gt;
Caused by: java.security.cert.CertificateException: Couldn't find trusted <BR>&gt;
certificate <BR>&gt; at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
<BR>&gt; at <BR>&gt; com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
<BR>&gt; 275)
  <BR>&gt; at <BR>&gt; com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
<BR>&gt; 275) <BR>&gt; ... 18 more <BR>&gt; <BR>&gt;
<BR>&gt; <BR>&gt; I think that my client does not have a list of trusted
certificates but I do <BR>&gt; set this in the client using <BR>&gt; <BR>&gt;
System.setProperty("javax.net.ssl.trustStore", "clientCacerts"); <BR>&gt; System.setProperty("javax.net.ssl.trustStorePassword",
<BR>&gt; "******"); <BR>&gt; <BR>&gt; It should find clientCacerts
because it is in the same directory as where I <BR>&gt; call the client from and
this clientCacerts definely has the server <BR>&gt; certificate, I know this because
the server cert that is printed out by the <BR>&gt; server on startup is the same
cert as in clientCvacerts. One point is that <BR>&gt; if I change the password to
be wrong I get the same error, even if I change <BR>&gt; to the wrong file name
for the cert store, which would lead me to believe it <BR>&gt; is looking at som
 e other cert store, does anyone have any idea what is going <BR>&gt; on??? Could
someone send me a client with SSL working(partiualry if using <BR>&gt; the org.apache.axis.client.Call
class). Does anyone have any good tutorials. <BR>&gt; I really need help, anything
you say will be of benefit! <BR>&gt; <BR>&gt; Thanks in advance! <BR>&gt;
<BR>&gt; Mark <BR>&gt; <BR>&gt; Thanks, <BR>&gt; Mark
<BR>&gt; <BR>&gt; Thanks, <BR>&gt; Mark <BR>&gt; <BR>&gt;
meliamark@eircom.net <BR>&gt; --- <BR>&gt; Outgoing mail is certified
Virus Free. <BR>&gt; Checked by AVG anti-virus system (http://www.grisoft.com).
<BR>&gt; Version: 6.0.620 / Virus Database: 399 - Release Date: 11/03/2004 <BR>&gt;
<BR></P><BR>
-- 
<p>___________________________________________________________<br>Sign-up for
Ads Free at Mail.com<br>
<a href="http://mail01.mail.com/scripts/payment/adtracking.cgi?bannercode=adsfreejump01"
target="_blank">http://www.mail.com/?sr=signup</a></p>


Mime
View raw message