Hi,
I have run into a strange problem with AXIS and hope someone can point
me into the right direction.
I have an applet which uses the AXIS client to talk to an AXIS server in
an apache - jboss - tomcat - axis environment. All certificates involved
are self-signed. I signed all the AXIS jar files as well so they have
the appropriate permissions. This works fine with one server, but not
with our second server (which is on a different network). On the second
server I get the error message below in the client. The self-signed
server certificate was imported into the Java applet plugin using the
usual plugin dialog that pops up when the applet plugin encounters a
self-signed certificate. Also, it's only the applet that does not work.
Firefox and IE are happy to talk to our second server over https and
also or webstart version which uses its own (un)secure socket factory
System.setProperty(
"org.apache.axis.components.net.SecureSocketFactory",
"com.dtecht.client.util.UnsecureSocketFactory");
Is happy to talk to the second server. In case you wonder, yes we tried
using this socket factory for the applet as well, but the property
doesn't not seem to get picked up for some reason and it still fails.
Thanks,
Carsten
Ps> I'm not a subscriber to this email list so please cc all responses
to my
The Exception:
AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLException: java.lang.RuntimeException:
Unexpected error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected
error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactor
y.java:224)
at
org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at
org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.j
ava:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at
com.dtecht.client.webservices.ReportQueryServiceSoapBindingStub.getAvail
ableReports(ReportQueryServiceSoapBindingStub.java:273)
at
com.dtecht.client.reports.ReportQuerySOAPClient.getAvailableReports(Repo
rtQuerySOAPClient.java:132)
at
com.dtecht.reporter.ReportController.getAvailableReports(ReportControlle
r.java:236)
at
com.dtecht.reporter.ReporterControl.createUI(ReporterControl.java:75)
at
com.dtecht.reporter.ReportController.showDefaultBrowser(ReportController
.java:162)
at com.dtecht.client.ReportApplet.start(ReportApplet.java:98)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors
parameter must be non-empty
at sun.security.validator.PKIXValidator.<init>(Unknown
Source)
at sun.security.validator.Validator.getInstance(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk
nown Source)
at
com.dtecht.client.util.AllowAllX509TrustManager.checkServerTrusted(Allow
AllX509TrustManager.java:46)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unk
nown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unkno
wn Source)
... 21 more
Caused by: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(Unknown
Source)
at java.security.cert.PKIXParameters.<init>(Unknown
Source)
at java.security.cert.PKIXBuilderParameters.<init>(Unknown
Source)
... 33 more
--
Carsten Friedrich
Capital Markets CRC Limited
Level 2, 9 Castlereagh Street, Sydney NSW 2000
Tel: +61 2 9233 7999 Direct: +61 2 9236 9156
Fax: +61 2 9236 9177 http://www.cmcrc.com
Capital Markets CRC Ltd (CMCRC) - Confidential Communication The
information contained in this e-mail is confidential.
It is intended solely for the addressee.
If you receive this e-mail by mistake please promptly inform us by reply
e-mail
and then delete the e-mail and destroy any printed copy.
You must not disclose or use in any way the information in the e-mail.
There is no warranty that this e-mail is error or virus free.
It may be a private communication, and if so, does not represent the
views of the CMCRC and its associates.
