axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Friedrich" <cars...@cmcrc.com>
Subject RE: Disabling Certification validation in HTTPS
Date Wed, 12 Jan 2005 01:20:16 GMT
Instead of modifying the meta-inf stuff you can also call 

		System.setProperty(
	
"org.apache.axis.components.net.SecureSocketFactory",
			"com.xxx.client.util.UnsecureSocketFactory");

at the very start of your application. Either in main or init (if run as an
applet).
Of course you have to replace com.xxx.client.util.UnsecureSocketFactory with
whatever your actual socket factory class is. 
In the simple case you just create a factory which creates sockets that
accept any certificate, but ideally you include the self-signed server
certificate in your client and check against it.

Carsten 

-- 
Carsten Friedrich
Capital Markets CRC Limited
Level 2, 9 Castlereagh Street, Sydney NSW 2000
Tel: +61 2 9233 7999   
Fax: +61 2 9236 9177   http://www.cmcrc.com

Capital Markets CRC Ltd (CMCRC) - Confidential Communication The information
contained in this e-mail is confidential.  It is intended solely for the
addressee. If you receive this e-mail by mistake please promptly inform us
by reply e-mail and then delete the e-mail and destroy any printed copy. You
must not disclose or use in any way the information in the e-mail. There is
no warranty that this e-mail is error or virus free. It may be a private
communication, and if so, does not represent the views of the CMCRC and its
associates. 

-----Original Message-----
From: Rich Bramante [mailto:Rich_Bramante@avid.com] 
Sent: Wednesday, 12 January 2005 8:30
To: axis-user@ws.apache.org
Subject: RE: Disabling Certification validation in HTTPS

Hi Christian,
 
Take a look at this thread.
 
http://marc.theaimsgroup.com/?l=axis-user&m=110211375809714&w=2
 
What we had to do was to create a custom socket factory that trusted all
certs, and then point Axis at our factory class via the meta-inf stuff.
 
 
-----Original Message-----
From: Faucher, Christian [mailto:Christian.Faucher@axa-canada.com] 
Sent: Tuesday, January 11, 2005 3:10 PM
To: axis-user@ws.apache.org
Subject: Disabling Certification validation in HTTPS
 
Hi,
 
I have a SOAP Server that does not have (yet) its trusted certificate, but
nonetheless runs in HTTPS.  For instance, we can use portals on it,
providing we accept the fact the server cannot authenticate itself.
 
I run a Axis client that connects to this server, using a HTTPS:// URL. 
However, the client fails, saying that the server has no trusted certificate
(see exception below).
 
Is there a way in Axis to configure an Axis client  to accept the SSL
connection, no matter if the certificate is valid/trusted/found?
 
Thank you in advance!
 
Christian Faucher
 
 
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
 at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
 at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:97)
 at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:
32)
 at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
 at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
 at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
 at org.apache.axis.client.Call.invokeEngine(Call.java:2719)
 at org.apache.axis.client.Call.invoke(Call.java:2702)
 at org.apache.axis.client.Call.invoke(Call.java:1738)
 at axa.Main.main(Main.java:90)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
 at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at com.intellij.rt.execution.application.AppMain.main(AppMain.java:78)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
 at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
 at
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.ja
va:186)
 at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:131)
 at
org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:370)
 at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
 ... 13 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate
found
 at
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.jav
a:304)
 at
sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:1
07)
 at sun.security.validator.Validator.validate(Validator.java:202)
 at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA1
2275)
 at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA1
2275)
 ... 23 more
Exception in thread "main" 

"Ce message est confidentiel, a l'usage exclusif du destinataire ci-dessus
et son contenu ne represente en aucun cas un engagement de la part de AXA,
sauf en cas de stipulation expresse et par ecrit de la part de AXA. Toute
publication, utilisation ou diffusion, meme partielle, doit etre autorisee
prealablement. Si vous n'etes pas destinataire de ce message, merci d'en
avertir immediatement l'expediteur."

"This e-mail message is confidential, for the exclusive use of the addressee
and its contents shall not constitute a commitment by AXA, except as
otherwise specifically provided in writing by AXA. Any unauthorized
disclosure, use or dissemination, either whole or partial, is prohibited. If
you are not the intended recipient of the message, please notify the sender
immediately." 


Mime
View raw message