axis2: accept/handle HTTPS (SSL) self-signed certificate

Mon, 24 Jul 2006 15:46:46 -0700 

Hi, 

I am writing a client to a web service that is running over HTTPS/SSL and is
using self-signed certificate. I am using axis2 version 1.0 and am getting
"sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target". The complete stack trace is
below. 

Now on commons httpclient site they mention that (from
http://jakarta.apache.org/commons/httpclient/sslguide.html) :
The default behaviour of HttpClient is suitable for most uses, however there
are some aspects which you may want to configure. The most common
requirements for customizing SSL are:

    * Ability to accept self-signed or untrusted SSL certificates. This is
highlighted by an SSLException with the message Unrecognized SSL handshake
(or similar) being thrown when a connection attempt is made.
    * You want to use a third party SSL library instead of Sun's default
implementation.



So, I am wondering as to whether there is any support in axis2 for doing
this. I know there is a way to get the certificate and import it into local
keystore/truststore using "keytool" tool from Sun but that is my last
option. 

Thanks in advance.  

-Jay

Exception trace: 
15:46:06,949 DEBUG [org.apache.commons.httpclient.HttpMethodDirector]
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:378) Attempt number 1 to process request
15:47:01,589 DEBUG [org.apache.commons.httpclient.HttpMethodDirector]
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:403) Closing the connection.
15:47:22,730 INFO  [org.apache.commons.httpclient.HttpMethodDirector]
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:438) I/O exception (org.apache.axis2.AxisFault) caught when
processing request: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target; nested
exception is: 
        com.ctc.wstx.exc.WstxIOException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
15:47:26,902 DEBUG [org.apache.commons.httpclient.HttpMethodDirector]
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:442) sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target; nested
exception is: 
        com.ctc.wstx.exc.WstxIOException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target; nested exception is: 
        com.ctc.wstx.exc.WstxIOException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at
org.apache.axis2.transport.http.SOAPOverHTTPSender$AxisSOAPRequestEntity.wri
teRequest(SOAPOverHTTPSender.java:194)
        at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody
(EntityEnclosingMethod.java:495)
        at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.jav
a:1973)
        at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993
)
        at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethod
Director.java:397)
        at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDir
ector.java:170)
        at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
        at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
        at
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTT
PSender.java:530)
        at
org.apache.axis2.transport.http.SOAPOverHTTPSender.send(SOAPOverHTTPSender.j
ava:92)
        at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithC
ommons(CommonsHTTPTransportSender.java:299)
        at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTT
PTransportSender.java:207)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:589)
        at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio
n.java:328)
        at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOpera
tion.java:279)
        at
net.semandex.adaptor.seaweb.webservice.QPS_x0020_Influx_x0020_GatewayStub.Ge
tTargetsInArea(QPS_x0020_Influx_x0020_GatewayStub.java:637)
        at
net.semandex.adaptor.seaweb.webservice.WebServiceTestCase.testGetTargetsInAr
ea(WebServiceTestCase.java:203)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at junit.framework.TestCase.runTest(TestCase.java:154)
        at junit.framework.TestCase.runBare(TestCase.java:127)
        at junit.framework.TestResult$1.protect(TestResult.java:106)
        at junit.framework.TestResult.runProtected(TestResult.java:124)
        at junit.framework.TestResult.run(TestResult.java:109)
        at junit.framework.TestCase.run(TestCase.java:118)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRu
nner.java:478)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.
java:344)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner
.java:196)
Caused by: com.ctc.wstx.exc.WstxIOException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at
com.ctc.wstx.sw.BaseStreamWriter.safeFlushStream(BaseStreamWriter.java:1439)
        at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
        at
org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:
119)
        at
org.apache.axiom.om.impl.llom.OMNodeImpl.serializeAndConsume(OMNodeImpl.java
:382)
        at
org.apache.axis2.transport.http.SOAPOverHTTPSender$AxisSOAPRequestEntity.han
dleOMOutput(SOAPOverHTTPSender.java:145)
        at
org.apache.axis2.transport.http.SOAPOverHTTPSender$AxisSOAPRequestEntity.wri
teRequest(SOAPOverHTTPSender.java:180)
        ... 29 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
        at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:847)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake
r.java:106)
        at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815
)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
Impl.java:1025)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:61
9)
        at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
        at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
        at
org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.
java:190)
        at
sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:410)
        at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
        at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
        at java.io.BufferedWriter.flush(BufferedWriter.java:236)
        at
com.ctc.wstx.sw.BaseStreamWriter.flushStream(BaseStreamWriter.java:1430)
        at
com.ctc.wstx.sw.BaseStreamWriter.safeFlushStream(BaseStreamWriter.java:1437)
        ... 34 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
        at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru
stManagerImpl.java:172)
        at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLCont
extImpl.java:320)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh
aker.java:840)
        ... 50 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBui
lder.java:236)
        at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
        ... 55 more



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to