Hi Shasta,
I've never had any problems setting the client truststore using the
javax.net.ssl.truststore property, so I suspect something is wrong with
your actual truststore/keystore files. You might want to check what's
actually in the stores using a tool such as http://portecle.sourceforge.net/
For convenience, you can also set the value of these properties using
JVM parameters rather than in your client code, using this type of
format: -Djavax.net.ssl.trustStore=path
If you do a search on javax.net.ssl.truststore you'll find many articles
and discussions of the topic. The Tomcat documentation also has a good
discussion of configuring SSL for the server, though I don't think that
includes anything on a Java client configuration.
- Dennis
--
Dennis M. Sosnoski
Java XML and Web Services
Axis2 Training and Consulting
http://www.sosnoski.com - http://www.sosnoski.co.nz
Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117
Shasta Willson wrote:
Thought I'd reply to my own message with some information that might be useful:
despite using keytool
(http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html) to
install the certificate, and various combinations of these properties
to theoretically point to it (where keyStore and trustStorePass are
paths to generated files):
System.setProperty("javax.net.ssl.keyStore",keyStore);
System.setProperty("javax.net.ssl.keyStorePassword", keyPass);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword",
trustStorePass);
I never did get it to work that way. (I eventually built an
SSLTest.java that JUST connected so I could eliminate other
configuration issues, but even in that simplified context I couldn't
get it working.)
What finally worked for me (for the SSLTest program) was to put the
certificate into the normal java location and over-write cacerts. I
could do that since noone else is using Java on this server and this
is the first time I've needed to place a certificate. i.e. I wasn't
going to break something else in the process.
I found this very useful tool during my research :
http://dreamingthings.blogspot.com/2006/12/no-more-unable-to-find-valid.html
I could have avoided three days waiting for the service-owner to send
a certificate, had I known about it.
Hope that helps someone else save time.
- Shasta
On Tue, Jun 23, 2009 at 8:34 AM, Shasta Willson<[email protected]> wrote:
I have an SSL secured web service to consume. It also uses a
usertoken/password in the SOAP header, which I'm doing with Rampart,
but I don't think that's relevant to my question.
I'd like to understand how to go from "have a certificate" to
trustStore (and/or KeyStore?) properly configured. Currently I get
this error, which a google search suggests is related to not having it
set up right:
org.apache.axis2.AxisFault: Unconnected sockets not implemented
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
Thank you,
- Shasta
