[jboss-user] [JBoss Web Services Users] - PKIX path building failed: sun.security.provider.certpath.Su
pvenkatesh
do-not-reply at jboss.com
Tue Dec 1 07:49:03 EST 2009
Hi All
I need your help in enabling security for my webservice
I have tried to enable SSL and encryption for my service, but i failed in both.
Here i tried to enable SSL security for my service, please find below the steps i have followed
1.I have created keystore and trust store using following commands
keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"
| keytool -export -alias serverkeys -keystore server.keystore -storepass 123456 -file server.cer
| keytool -genkey -alias clientkeys -keyalg RSA -keystore client.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, S=MYSTATE, C=MY"
| keytool -export -alias clientkeys -keystore client.keystore -storepass 123456 -file client.cer
| keytool -import -v -keystore client.truststore -storepass 123456 -file server.cer
| keytool -import -v -keystore server.truststore -storepass 123456 -file client.cer
|
2.I have placed my server.keystore, server.truststore at servers home directory
3.I have updated my server.xml as follows
| <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
| maxThreads="150" scheme="https" secure="true"
| clientAuth="false" sslProtocol="TLS"
| keystoreFile="${jboss.server.home.dir}/conf/server.keystore" keystorePass="password"
| truststoreFile="${jboss.server.home.dir}/conf/server.truststore" truststorePass="password"/>
|
4.My web.xml is as follows
anonymous wrote :
|
| <servlet-name>Hello</servlet-name>
| <servlet-class>org.jbia.ws.Hello</servlet-class>
|
| <servlet-mapping>
| <servlet-name>Hello</servlet-name>
| <url-pattern>/hello</url-pattern>
| </servlet-mapping>
|
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>All resources</web-resource-name>
| <url-pattern>/*</url-pattern>
| </web-resource-collection>
| <user-data-constraint>
| <transport-guarantee>CONFIDENTIAL</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
|
My service class is as follows
anonymous wrote :
| package org.jbia.ws;
| import javax.jws.*;
| import javax.jws.soap.SOAPBinding;
| @SOAPBinding(style=SOAPBinding.Style.RPC)
| @WebService
| public class Hello {
| @WebMethod
| public String sayHello(String name){
| return "Hello " + name;
| }
| }
|
I have deployed my webservice as .war file in my server then I got the wsdl(generated), using that wsdl I generated my Stub.
My Client is as follows
anonymous wrote :
| package org.jbia.ws;
| public class Client
| {
| public static void main(String args[]) {
| if (args.length != 1) {
| System.err.println("usage: HelloClient ");
| System.exit(1);
| }
| System
| .setProperty("org.jboss.wsse.keyStore",
| "D:\\EclipseWorkspace\\Latest\\WebService\\META-INF\\client.keystore");
| System.setProperty("org.jboss.wsse.keyStorePassword", "password");
| System
| .setProperty("org.jboss.wsse.trustStore",
| "D:\\EclipseWorkspace\\Latest\\WebService\\META-INF\\client.truststore");
| System.setProperty("org.jboss.wsse.trustStorePassword", "password");
| try {
|
| HelloProxy proxy = new HelloProxy();
| proxy.setEndpoint("https://127.0.0.1:8443/JBossWS/hello?wsdl");
| proxy.sayHello("Venkat");
| System.out.println("Result = ");
| } catch (Exception ex) {
| ex.printStackTrace();
| System.out.println("Exception occurs in web services : " + ex);
| }
|
| }
| }
|
Here I am not at all using my certificates i have generated(I am not srue weather this is the issue or not). Please someone correct me if i am wrong.
When i try to acess my service i am getting the following exception
anonymous wrote :
| AxisFault
| faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
| faultSubcode:
| faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| faultActor:
| faultNode:
| faultDetail:
| {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
| at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
| at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
| at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
| at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
| at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
| at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
| at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
| at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
| at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
| at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
| at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
| at org.apache.axis.client.Call.invoke(Call.java:2767)
| at org.apache.axis.client.Call.invoke(Call.java:2443)
| at org.apache.axis.client.Call.invoke(Call.java:2366)
| at org.apache.axis.client.Call.invoke(Call.java:1812)
| at org.jbia.ws.HelloBindingStub.sayHello(HelloBindingStub.java:106)
| at org.jbia.ws.HelloProxy.sayHello(HelloProxy.java:50)
| at org.jbia.ws.Client.main(Client.java:24)
| Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
| at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
| at sun.security.validator.Validator.validate(Validator.java:218)
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
| ... 23 more
| Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
| at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
| ... 29 more
|
| {http://xml.apache.org/axis/}hostname:pvenkatesh
|
| javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
| at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
| at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
| at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118), SEND TLSv1 ALERT: fatal, description = certificate_unknown
| main, WRITE: TLSv1 Alert, length = 2
| main, called closeSocket()
| main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
|
| at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
| at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
| at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
| at org.apache.axis.client.Call.invoke(Call.java:2767)
| at org.apache.axis.client.Call.invoke(Call.java:2443)
| at org.apache.axis.client.Call.invoke(Call.java:2366)
| at org.apache.axis.client.Call.invoke(Call.java:1812)
| at org.jbia.ws.HelloBindingStub.sayHello(HelloBindingStub.java:106)
| at org.jbia.ws.HelloProxy.sayHello(HelloProxy.java:50)
| at org.jbia.ws.Client.main(Client.java:24)
| Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
| at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
| at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
| at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
| at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
| at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
| at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
| at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
| at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
| ... 12 more
| Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
| at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
| at sun.security.validator.Validator.validate(Validator.java:218)
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)Exception occurs in web services : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| HI2
|
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
| at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
| at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
| ... 23 more
| Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
| at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
| at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
| at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
| ... 29 more
|
|
your inputs are appriciated
Thanks
With Regards
Venkatesh
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4268280#4268280
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4268280
More information about the jboss-user
mailing list