Hi,
I've done a working SSL over AXIS implementation using an own generated keystore file.
But I wonder, is there a way to use some kind of standard certificate without having an "own" certificate file ?
Magnus
----- Original Message -----
From: "Benjamin Marcel Flohr" <[EMAIL PROTECTED]>
Date: Thu, 6 May 2004 09:47:48 +0200
To: <[EMAIL PROTECTED]>
Subject: AW: SSL - java.security.cert.CertificateException: Couldn't find trusted certificate
> Hi Mark,
>
> the error occures because you didnt install the certificate requiered in your keystore.
> You have to set the trustet Certificat in your Keystore and load this keystore by using this method in your client:
> (maybe here in your code is missing sth)
>
> private static void setHttps()
> {
> // specify the location of where to find key material for the default TrustManager (this overrides jssecacerts and cacerts)
> System.setProperty( "javax.net.ssl.trustStore", "c:/client.keystore" );
>
> // use Sun's reference implementation of a URL handler for the "https" URL protocol type.
> System.setProper
ty( "java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol" );
>
> // dynamically register sun's ssl provider
> Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider() );
> }
>
> You can install the Certificate like the following:
>
> 1. Save your cer in a file by using the InternetExplorer. Call your webservice with the IE
> and save the cer in a file.
>
> 2. Import this cer in a keystore-file by using the keytool.
> 3. place this file somewhere reachable from the application.
>
> here you will find some help using the keytool:
> http://www.informit.com/articles/article.asp?p=24604&redir=1
>
>
> Greets Benjamin
>
>
> -----Urspr�ngliche Nachricht-----
> Von: Mark Melia [mailto:[EMAIL PROTECTED]
> Gesendet: Donnerstag, 6. Mai 2004 00:00
> An: Axis User Group
> Betreff: SSL
- java.security.cert.CertificateException: Couldn't find
> trusted certificate
>
>
> Hi all
>
> **I need help**
>
> I am a bit of a newbie to web services, so go easy on me. I am creating a
> web services that uses SOAP messaging. I will be transferring confidential
> info, and the employment of SSL technology is a requirement. I am having
> awful trouble getting SSL to work. Every time I try to run the code I get
> the following exception in the client...
>
> AxisFault
> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> faultSubcode:
> faultString: javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: Couldn't find trusted c
> ertificate
> faultActor:
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:
> javax.net.ssl.SSLHandsha
keException: java.security.cert.CertificateExce
> ption: Couldn't find trusted certificate
> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
> at
> org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.ja
> va:224)
> at
> org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
> at
> org.apache.axis.transpo
rt.http.HTTPSender.invoke(HTTPSender.java:114)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:
> 71)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
> at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
> at org.apache.axis.client.Call.invoke(Call.java:2553)
> at org.apache.axis.client.Call.invoke(Call.java:1753)
> at test.SubmitPOService.execute(SubmitPOService.java:64)
> at test.SubmitPOService.main(SubmitPOService.java:79)
> Caused by: java.security.cert.CertificateException: Couldn't find trusted
> certificate
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6
> 275)
> at
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6
> 275)
> ... 18 more
>
>
>
> I think that my client does not have a list of trusted certificates but I do
> set this in the client using
>
> System.setProperty("javax.net.ssl.trustStore", "clientCacerts");
> System.setProperty("javax.net.ssl.trustStorePassword",
> "******");
>
> It should find clientCacerts because it is in the same directory as where I
> call the client from and this clientCacerts definely has the server
> certificate, I know this because the server cert that is printed out by the
> server on startup is the same cert as in clientCvacerts. One point is that
> if I change the password to be wrong I get the same error, even if I change
> to the wrong file name for the cert store, which would lead me to believe it
> is looking at som
e other cert store, does anyone have any idea what is going
> on??? Could someone send me a client with SSL working(partiualry if using
> the org.apache.axis.client.Call class). Does anyone have any good tutorials.
> I really need help, anything you say will be of benefit!
>
> Thanks in advance!
>
> Mark
>
> Thanks,
> Mark
>
> Thanks,
> Mark
>
> [EMAIL PROTECTED]
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.620 / Virus Database: 399 - Release Date: 11/03/2004
>
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://www.mail.com/?sr=signup
