Carsten, I am not sure if this will help or not but here it is. We have found that the certificates imported to the Java Plugin environment have no effect on the Axis client. The Axis client uses the default behavior of the JRE which looks for trusted certs in the JRE keystore at %JAVA_HOME%/jre/lib/security/cacerts. We needed to add our self-signed certs to this cacerts key store in order for the Axis client to connect to our server over https. We were getting a different error message than you, however. Likewise, the proxy server settings in the Java Plugin have no effect on the Axis client. We needed to set the proxy server settings as usual for the JRE and found it useful to use the approach presented here for this: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4337876
Good luck, Mark -----Original Message----- From: Carsten Friedrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 04, 2005 11:15 PM To: [EMAIL PROTECTED] Subject: Strange AXIS over https problem Hi, I have run into a strange problem with AXIS and hope someone can point me into the right direction. I have an applet which uses the AXIS client to talk to an AXIS server in an apache - jboss - tomcat - axis environment. All certificates involved are self-signed. I signed all the AXIS jar files as well so they have the appropriate permissions. This works fine with one server, but not with our second server (which is on a different network). On the second server I get the error message below in the client. The self-signed server certificate was imported into the Java applet plugin using the usual plugin dialog that pops up when the applet plugin encounters a self-signed certificate. Also, it's only the applet that does not work. Firefox and IE are happy to talk to our second server over https and also or webstart version which uses its own (un)secure socket factory System.setProperty( "org.apache.axis.components.net.SecureSocketFactory", "com.dtecht.client.util.UnsecureSocketFactory"); Is happy to talk to the second server. In case you wonder, yes we tried using this socket factory for the applet as well, but the property doesn't not seem to get picked up for some reason and it still fails. Thanks, Carsten Ps> I'm not a subscriber to this email list so please cc all responses to my The Exception: AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactor y.java:224) at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.j ava:71) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180) at org.apache.axis.client.Call.invokeEngine(Call.java:2564) at org.apache.axis.client.Call.invoke(Call.java:2553) at org.apache.axis.client.Call.invoke(Call.java:2248) at org.apache.axis.client.Call.invoke(Call.java:2171) at org.apache.axis.client.Call.invoke(Call.java:1691) at com.dtecht.client.webservices.ReportQueryServiceSoapBindingStub.getAvail ableReports(ReportQueryServiceSoapBindingStub.java:273) at com.dtecht.client.reports.ReportQuerySOAPClient.getAvailableReports(Repo rtQuerySOAPClient.java:132) at com.dtecht.reporter.ReportController.getAvailableReports(ReportControlle r.java:236) at com.dtecht.reporter.ReporterControl.createUI(ReporterControl.java:75) at com.dtecht.reporter.ReportController.showDefaultBrowser(ReportController .java:162) at com.dtecht.client.ReportApplet.start(ReportApplet.java:98) at sun.applet.AppletPanel.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.<init>(Unknown Source) at sun.security.validator.Validator.getInstance(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk nown Source) at com.dtecht.client.util.AllowAllX509TrustManager.checkServerTrusted(Allow AllX509TrustManager.java:46) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unk nown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unkno wn Source) ... 21 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source) at java.security.cert.PKIXParameters.<init>(Unknown Source) at java.security.cert.PKIXBuilderParameters.<init>(Unknown Source) ... 33 more -- Carsten Friedrich Capital Markets CRC Limited Level 2, 9 Castlereagh Street, Sydney NSW 2000 Tel: +61 2 9233 7999 Direct: +61 2 9236 9156 Fax: +61 2 9236 9177 http://www.cmcrc.com Capital Markets CRC Ltd (CMCRC) - Confidential Communication The information contained in this e-mail is confidential. It is intended solely for the addressee. If you receive this e-mail by mistake please promptly inform us by reply e-mail and then delete the e-mail and destroy any printed copy. You must not disclose or use in any way the information in the e-mail. There is no warranty that this e-mail is error or virus free. It may be a private communication, and if so, does not represent the views of the CMCRC and its associates.
