Hi Ruwan,
The webservice I'm calling is installed on a server that's behind a BIG-IP
(firewall, load balancer, ...). The establishment of the SSL connection is
done with this BIG-IP which at it's turn forwards - based on a specific rule
- all webservices requests to the dedicated server.
In our Axis2-based application, the SSL connection is setup with HttpClient
by calling "new HttpClient().executeMethod(new
GetMethod("https://mywebsite";))". Once this is done, the calls to the
webservice work perfectly. So I'm wondering how Axis2 is capable of handling
the '404' HTTP response.
I will try to connect to a HTTPs-based webservice that does not use this
kind of "forwarding" configuration.
PS: Is there a way to log all incoming messages (in this case the '404' HTTP
response) received by ESB ?
Regards, Stefan Lecho.
Ruwan Linton-3 wrote:
>
> Hi Stefan,
>
> By looking at the stack trace, I think the server to which you are
> talking through ESB returns a *HTML* response rather than a *SOAP*
> response, with a 404 not found, which can not be handled by the ESB
> because it contains a DTD which cannot be built by AXIOM.
>
> Can you please tell us the server to which you are talking through ESB,
> and can you make sure to send a request which will not result in a 404
> Resource not found and see whether it is working properly.
>
> Thanks,
> Ruwan
>
> stlecho wrote:
>> Hi Asankha,
>>
>> I've changed the HTTPS Transport sender and the following error message
>> disappeared: "PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find
>> valid certification path to requested target".
>>
>> But now I'm receiving another one :o(:
>> "com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"'
>> (code 34) in DOCTYPE declaration; expected a space between public and
>> system
>> identifiers".
>>
>> The only modification I've done, is changing the trustStore parameter of
>> the
>> HTTPS Transport Sender in the webapp\WEB-INF\classes\conf\axis2.xml file.
>> Based on the stacktrace I'm not able to determine which document causes
>> this
>> error. The modified axis2.xml file does not contain a DOCTYPE
>> declaration.
>>
>> Stacktrace:
>> 2008-03-05 17:20:01,567 [192.168.13.175-INFOR2] [I/O dispatcher 3] ERROR
>> ClientHandler Received an unexpected response - of content type :
>> text/html;
>> charset=iso-8859-1 and status code : 404 with reason : Not Found
>> 2008-03-05 17:20:01,582 [192.168.13.175-INFOR2] [HttpClientWorker-1]
>> ERROR
>> ClientWorker Unexpected response received
>> org.apache.axiom.om.OMException:
>> com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"'
>> (code
>> 34) in DOCTYPE declaration; expected a space between public and system
>> identifiers
>> at [row,col {unknown-source}]: [1,50]
>> at
>> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:239)
>> at
>> org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelope(StAXSOAPModelBuilder.java:161)
>> at
>> org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.<init>(StAXSOAPModelBuilder.java:110)
>> at
>> org.apache.axis2.builder.BuilderUtil.getSOAPBuilder(BuilderUtil.java:609)
>> at
>> org.apache.axis2.transport.TransportUtils.createDocumentElement(TransportUtils.java:178)
>> at
>> org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:111)
>> at
>> org.apache.synapse.transport.nhttp.ClientWorker.run(ClientWorker.java:160)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
>> at java.lang.Thread.run(Thread.java:595)
>>
>> PS: I'm using ESB v1.6.
>>
>> Regards, Stefan Lecho.
>>
>>
>> asankha wrote:
>>
>>> Hi Stefan
>>>
>>>> In order to setup an SSL connection with the Axis2-based client, we've
>>>> added
>>>> the following: "System.setProperty("javax.net.ssl.trustStore",
>>>> "d:/path_to_file/name_of_keystore");
>>>> System.setProperty("javax.net.ssl.trustStorePassword", "secret");".
>>>>
>>>> In ESB, I've changed the value of the "truststore" parameter to use the
>>>> same
>>>> truststore used by the Axis2-based client. I've also created a Proxy
>>>> that
>>>> points to the https webservice. When calling this Proxy, the following
>>>> error
>>>> is generated: "Caused by: sun.security.validator.ValidatorException:
>>>> PKIX
>>>> path building failed:
>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>> find
>>>> valid certification path to requested target". The used truststore
>>>> contains
>>>> the SSL certificate of the site.
>>>>
>>>>
>>> Which "truststore" parameter did you change? Since you are "calling" and
>>> external HTTPS service, you must edit the HTTPS Transport Sender
>>> configuration as follows, and not the Listener
>>>
>>> <transportSender name="https"
>>> class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
>>> <parameter name="non-blocking" locked="false">true</parameter>
>>> <parameter name="keystore" locked="false">
>>> <KeyStore>
>>> <Location>identity.jks</Location>
>>> <Type>JKS</Type>
>>> <Password>password</Password>
>>> <KeyPassword>password</KeyPassword>
>>> </KeyStore>
>>> </parameter>
>>> *<parameter name="truststore" locked="false">
>>> <TrustStore>
>>> <Location>trust.jks</Location>
>>> <Type>JKS</Type>
>>> <Password>password</Password>
>>> </TrustStore>
>>> </parameter>*
>>> <!--<parameter
>>> name="HostnameVerifier">DefaultAndLocalhost</parameter>
>>> supports Strict|AllowAll|DefaultAndLocalhost or the default
>>> if none specified -->
>>> </transportSender>
>>>
>>>
>>>> I'm aware that this question is more related to JKS and SSL
>>>> configuration,
>>>> but - although I found it out for the Axis2-based client - I'm unable
>>>> to
>>>> configure it correctly for ESB.
>>>>
>>>>
>>> I am confident that this works without any issues if the keystores are
>>> properly configured. Basically I would expect the truststore to contain
>>> the CA certificate of your external server as a "trusted certificate" in
>>> the keystore
>>>
>>> If you can also send me the output of "keytool -v -list -keystore
>>> trust.jks" for your JKS, that would be helpful (please remember to hide
>>> your password from the output generated before you post it here :-))
>>>
>>> asankha
>>>
>>> _______________________________________________
>>> Esb-java-user mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
>>>
>>>
>>>
>>
>>
>
>
> _______________________________________________
> Esb-java-user mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
>
>
--
View this message in context:
http://www.nabble.com/HTTPS-connection-tp15613822p15860879.html
Sent from the WSO2 ESB Users mailing list archive at Nabble.com.
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
