[jboss-user] [JBossWS] - Question on accessing keystore/truststore that is not relati

EstrellaRichardson do-not-reply at jboss.com
Wed Oct 25 12:56:36 EDT 2006 

Hi,
  I have a secured web service which is deployed to a secured port.  The service is implemented using EJB and JSR181 annonations on the server-side, the client-side is also an EJB.  Both are deployed as EAR files.  My application runs in the background of a web application which uses SSL/TLS.  As part of the the foreground web application, certificates are exchanged and are imported into the appropriate truststore and keystores.  My diliema is that I want to use the same keystore and truststore with my client and service.  I have the following in  my jboss-wsse-client.xml file: 
  <key-store-file>/var/cert/keystore</key-store-file>
  <key-store-password>(password)</key-store-password>
  <trust-store-file>/var/cert/truststore</trust-store-file>
  <trust-store-password>()</trust-store-password>
   
    
    
      
    
  

and the same in my jboss-wsse-server.xml file.  I am getting the following error when I try to access my service:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Everything that I have read on this particular exception says that it indicates that the certificate has not been imported into the truststore; however, I have used keytool to verify that the appropriate certs are in the appropriate places.  I believe that I am getting this error because the location that I am giving for the keystore and truststore is located on the filesystem outside of the EJB deployment EAR file and it can not find the keystore/truststore.

Can someone validate or invalidate my conclusion?  and if my assumption is correct, can someone tell me if it is possible to access a keystore/truststore outside of the relative deployment of the EJB?

Thank you.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980776#3980776

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3980776

More information about the jboss-user mailing list