Actually what Tom said makes sense. I'm able to download the wsdl file from the internet explorer because I'm presenting the "client certificate" when asked by the "server certificate" and thereby letting the server know I'm the same host as specified by the client certificate.
To work over ssl, it is just not enough to generate the stub files and write a java client program to access the web services. I've to use a keystore which has the "server certificate" imported instead of the "client certificate" which I was doing earlier.(Thanks Tom!, I've corrected this and now it is working partially :)) And I've to present this keystore everytime I've to make a call to the web services.
After importing the "server certificate" into my keystore and using it along with my java client, it looks like the connection is being done to the web services.(by looking at the debug statements). However after some point it is throwing me the following error.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: Received fatal alert: handsha
ke_failure
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLHandshakeExcep
tion: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at org.apache.axis.transport.http.HTTPSender.readHeadersFromSocket(HTTPS
ender.java:506)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:127)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg
y.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
Any ideas?
Thanks in advance, Srikrishna
From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: using certificate to access wsdl file Date: Tue, 18 May 2004 21:05:11 +0000
Silly suggestion. If you can download the WSDL file from Internet Explorer, why not just save it as a file and then use the tools to generate stubs, etc?
Rick
> Thanks Tom,
> I'm assuming the the certificate I'm using is the server certificate. And
> the reason is as follows:
>
> We have received a myCertificate.p12 file to be installed on our side. I've
> installed the same and when I hit the URL through IE it brings up the list
> of certificates which can be used to authenticate us as a valid entity
> allowed to access the web services. Here when I selected the installed
> "myCertificate" it allows me to go in and see the web services.
>
> I've used this installed "myCertificate" in the internet explorer to export
> it into "myCertificate.cer" and import this ".cer" into
> "myCertificate.keystore" and use this keystore file for all further secure
> communication.
>
> When I try to hit their web services using this "myCertificate.keystore"
> file, I can see the CN name is *different* for "myCertificate.cer" which is
> imported into "myCertificate.keystore" and does not match with any of the CN
> names that come from the server in the certificate chain.
>
> My question is, if this might cause a problem, how come internet explorer is
> able to resolve and able to present me as a valid host to the server,
> whereas my java client program is not able to do the same?
>
> Thanks in advance
> Srikrishna
>
>
>
> >From: Tom Oinn <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: Re: using certificate to access wsdl file
> >Date: Tue, 18 May 2004 20:42:24 +0100
> >
> >Hi,
> >
> >I believe your problem is that the certificate is a client one. The only
> >time I've seen that error was when we were missing a server certificate -
> >the one that is used to authenticate the server rather than the one used to
> >authenticate the client. The certificate that, say, IE asks you whether you
> >want to install when you visit a https URL is a server certificate.
> >
> >I'm guessing this based on the command line 'client.cer' reference. Try
> >with the server certificate in your keystore and see if the error is still
> >there, if it is then double check the certificate (certificate CN should be
> >equal to the hostname IIRC but you can get around that sometimes by munging
> >the hosts file on your client... hack hack hack)
> >
> >HTH,
> >
> >Tom
> >
>
> _________________________________________________________________
> Get 200+ ad-free, high-fidelity stations and LIVE Major League Baseball
> Gameday Audio! http://radio.msn.click-url.com/go/onm00200491ave/direct/01/
>
_________________________________________________________________
Watch LIVE baseball games on your computer with MLB.TV, included with MSN Premium! http://join.msn.click-url.com/go/onm00200439ave/direct/01/
