Hi,
I have a secured web service which is deployed to a secured port. The service is
implemented using EJB and JSR181 annonations on the server-side, the client-side is also
an EJB. Both are deployed as EAR files. My application runs in the background of a web
application which uses SSL/TLS. As part of the the foreground web application,
certificates are exchanged and are imported into the appropriate truststore and keystores.
My diliema is that I want to use the same keystore and truststore with my client and
service. I have the following in my jboss-wsse-client.xml file:
<key-store-file>/var/cert/keystore</key-store-file>
<key-store-password>(password)</key-store-password>
<trust-store-file>/var/cert/truststore</trust-store-file>
<trust-store-password>()</trust-store-password>
and the same in my jboss-wsse-server.xml file. I am getting the following error when I
try to access my service:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Everything that I have read on this particular exception says that it indicates that the
certificate has not been imported into the truststore; however, I have used keytool to
verify that the appropriate certs are in the appropriate places. I believe that I am
getting this error because the location that I am giving for the keystore and truststore
is located on the filesystem outside of the EJB deployment EAR file and it can not find
the keystore/truststore.
Can someone validate or invalidate my conclusion? and if my assumption is correct, can
someone tell me if it is possible to access a keystore/truststore outside of the relative
deployment of the EJB?
Thank you.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980776#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...