I don't see where the cert is loaded in your code. BTW, the latest httpclient version is 4.5.13.
Anyways, if unsure you can find the cert of the target server via: openssl s_client -connect myserver.com:443 <http://myarch.com:443> -showcerts Then you can set up httpclient like so ... tested with JSON, not SOAP but the SSL init should be the same. And I am actually using HC5 legacy packages in this example - hope this helps anyways as this should be close to what you need. Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(new File("mycert.crt"))); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry("server", certificate); TrustManagerFactory trustManagerFactory = null; trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) { throw new Exception("Unexpected default trust managers:" + Arrays.toString(trustManagers)); } logger.warn("TrustManagerFactory init completed ..."); SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); sslContext.init(null, trustManagers, new SecureRandom()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() .setSSLSocketFactory(sslsf) .build(); final CloseableHttpClient httpclient = HttpClients.custom().setConnectionManager(cm).build(); On Tue, Nov 2, 2021 at 4:16 AM Dorofeev Yury <yury.dorof...@aklagare.se.invalid> wrote: > Hi! > > > > I’ve experiencing problem with sending Soap request from my client stub to > server. The server requires SSL cert. Soap client stub was generated with > wsdl2java from axis2 1.8.0 by using adb databinding. > > I’ve tested to send request with SoapUI program and it works fine which > means that there is no problem with my SSL cert. > > > > *What is the best practices to rewrite axis2 httpclient to make it use my > SSL cert? Do you have an example? * > > > > Unfortunately I did not manage to find good example either on axis2 > documentation or other java-comunities for axis2. Please help! > > > > > > Attaching my code and config here: > > > > Java Soap Client Stub: wsdl2java.bat -uri Navet\personpost_xml.wsdl -p > se.skatteverket.navet.ws_stubV3 -o Navet\classes > > Axis2 1.8.0 > > httpclient-4.4.1.jar > > Java8 > > > > Min client java-code: > > > > CobCustomSSLSocketFactory socketFactory = new > CobCustomSSLSocketFactory(null, null, "secret"); > org.apache.http.impl.client.CloseableHttpClient lHttpClient = > HttpClients.custom() > > .setSslcontext(socketFactory.getSSLContext()) > .build(); > > > > String lAxisConfPath = > CobServerEnv.getProperty("se.aklagare.axis2.property.path"); > String lAxisConfFile = lAxisConfPath + "/" + > CobServerEnv.getProperty("se.aklagare.axis2.property.file"); > > org.apache.axis2.context.ConfigurationContext ctx = > ConfigurationContextFactory.createConfigurationContextFromFileSystem(lAxisConfPath, > lAxisConfFile); > > ClientXMLStub lStub = new ClientXMLStub(ctx, mURL); > > lStub._getServiceClient().getOptions().setProperty(HTTPConstants.CACHED_HTTP_CLIENT, > lHttpClient); > > > > > > public class CobCustomSSLSocketFactory extends SSLSocketFactory implements > LayeredConnectionSocketFactory { > > private KeyStore mAmKeystore = null; > private KeyStore mAmTruststore = null; > private SSLContext mSSLContext = null; > private String DEFAULT_ALGORITHM = "SunX509"; > > … > > > > @Override > public Socket createSocket(InetAddress pAddress, int pPort, InetAddress > pInetAddress, int pLocalPort) throws IOException { > return mSSLContext.getSocketFactory().createSocket(pAddress, pPort, > pInetAddress, pLocalPort); > } > > @Override > public Socket createSocket(String pHost, int pPort, InetAddress > pInetAddress, int pLocalPort) throws IOException { > return mSSLContext.getSocketFactory().createSocket(pHost, pPort, > pInetAddress, pLocalPort); > } > > @Override > public Socket createSocket(InetAddress pHost, int pPort) throws > IOException { > return mSSLContext.getSocketFactory().createSocket(pHost, pPort); > } > > @Override > public Socket createSocket(String pHost, int pPort) throws IOException { > return mSSLContext.getSocketFactory().createSocket(pHost, pPort); > } > > @Override > public String[] getSupportedCipherSuites() { > return mSSLContext.getSocketFactory().getSupportedCipherSuites(); > } > > @Override > public String[] getDefaultCipherSuites() { > return mSSLContext.getSocketFactory().getDefaultCipherSuites(); > } > > @Override > public Socket createSocket(Socket pSocket, String pHost, int pPort, > boolean pAutoClose) throws IOException { > return mSSLContext.getSocketFactory().createSocket(pSocket, pHost, > pPort, pAutoClose); > } > > @Override > public Socket createLayeredSocket(Socket pSocket, String pS, int pI, > HttpContext pHttpContext) throws IOException, UnknownHostException { > return mSSLContext.getSocketFactory().createSocket(pSocket, pS, pI, > false); > } > > @Override > public Socket createSocket(HttpContext pHttpContext) throws IOException { > return mSSLContext.getSocketFactory().createSocket(); > } > > @Override > public Socket connectSocket(int pI, Socket pSocket, HttpHost pHttpHost, > InetSocketAddress pInetSocketAddress, InetSocketAddress > pInetSocketAddress1, HttpContext pHttpContext) throws IOException { > return mSSLContext.getSocketFactory().createSocket(); > } > > > > } > > > > *axis2.xml* > > <axisconfig name="AxisJava2.0"> > <!-- ================================================= --> > <!-- Transport Outs --> > <!-- ================================================= --> > <parameter name="hotdeployment">true</parameter> > <parameter name="hotupdate">false</parameter> > <parameter name="enableMTOM">false</parameter> > <parameter name="enableSwA">false</parameter> > > <transportSender name="local" > class > ="org.apache.axis2.transport.local.LocalTransportSender"/> > > <transportSender name="http" > class > ="org.apache.axis2.transport.http.impl.httpclient4.HTTPClient4TransportSender" > > > <parameter name="PROTOCOL">HTTP/1.1</parameter> > <parameter name="Transfer-Encoding">chunked</parameter> > > <!-- If following is set to 'true', optional action part of the > Content-Type will not be added to the SOAP 1.2 messages --> > <!-- <parameter name="OmitSOAP12Action">true</parameter> --> > </transportSender> > > <transportSender name="https" > class > ="org.apache.axis2.transport.http.impl.httpclient4.HTTPClient4TransportSender" > > > <parameter name="PROTOCOL">HTTP/1.1</parameter> > <parameter name="Transfer-Encoding">chunked</parameter> > </transportSender> > > <!-- ================================================= --> > <!-- Phases --> > <!-- ================================================= --> > <phaseOrder type="InFlow"> > <!-- System predefined phases --> > <phase name="Transport"> > <handler name="RequestURIBasedDispatcher" > class > ="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"> > <order phase="Transport"/> > </handler> > <handler name="SOAPActionBasedDispatcher" > class > ="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"> > <order phase="Transport"/> > </handler> > </phase> > <phase name="Addressing"> > <handler name="AddressingBasedDispatcher" > class > ="org.apache.axis2.dispatchers.AddressingBasedDispatcher"> > <order phase="Addressing"/> > </handler> > </phase> > <phase name="Security"/> > <phase name="PreDispatch"/> > <phase name="Dispatch" class > ="org.apache.axis2.engine.DispatchPhase"> > <handler name="RequestURIBasedDispatcher" > class > ="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/> > <handler name="SOAPActionBasedDispatcher" > class > ="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/> > <handler name="RequestURIOperationDispatcher" > class > ="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/> > <handler name="SOAPMessageBodyBasedDispatcher" > class > ="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/> > <handler name="HTTPLocationBasedDispatcher" > class > ="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/> > <handler name="GenericProviderDispatcher" > class > ="org.apache.axis2.jaxws.dispatchers.GenericProviderDispatcher"/> > <handler name="MustUnderstandValidationDispatcher" > class > ="org.apache.axis2.jaxws.dispatchers.MustUnderstandValidationDispatcher"/> > </phase> > <phase name="RMPhase"/> > <!-- System predefined phases --> > <!-- After Postdispatch phase module author or service author > can add any phase he want --> > <phase name="OperationInPhase"> > <handler name="MustUnderstandChecker" > class > ="org.apache.axis2.jaxws.dispatchers.MustUnderstandChecker"> > <order phase="OperationInPhase"/> > </handler> > </phase> > <phase name="soapmonitorPhase"/> > </phaseOrder> > <phaseOrder type="OutFlow"> > <!-- user can add his own phases to this area --> > <phase name="soapmonitorPhase"/> > <phase name="OperationOutPhase"/> > <!--system predefined phase--> > <!--these phase will run irrespective of the service--> > <phase name="RMPhase"/> > <phase name="PolicyDetermination"/> > <phase name="MessageOut"/> > <phase name="Security"/> > </phaseOrder> > <phaseOrder type="InFaultFlow"> > <phase name="Addressing"> > <handler name="AddressingBasedDispatcher" > class > ="org.apache.axis2.dispatchers.AddressingBasedDispatcher"> > <order phase="Addressing"/> > </handler> > </phase> > <phase name="Security"/> > <phase name="PreDispatch"/> > <phase name="Dispatch" class > ="org.apache.axis2.engine.DispatchPhase"> > <handler name="RequestURIBasedDispatcher" > class > ="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/> > <handler name="SOAPActionBasedDispatcher" > class > ="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/> > <handler name="RequestURIOperationDispatcher" > class > ="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/> > <handler name="SOAPMessageBodyBasedDispatcher" > class > ="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/> > <handler name="HTTPLocationBasedDispatcher" > class > ="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/> > <handler name="GenericProviderDispatcher" > class > ="org.apache.axis2.jaxws.dispatchers.GenericProviderDispatcher"/> > <handler name="MustUnderstandValidationDispatcher" > class > ="org.apache.axis2.jaxws.dispatchers.MustUnderstandValidationDispatcher"/> > </phase> > <phase name="RMPhase"/> > <!-- user can add his own phases to this area --> > <phase name="OperationInFaultPhase"/> > <phase name="soapmonitorPhase"/> > </phaseOrder> > <phaseOrder type="OutFaultFlow"> > <!-- user can add his own phases to this area --> > <phase name="soapmonitorPhase"/> > <phase name="OperationOutFaultPhase"/> > <phase name="RMPhase"/> > <phase name="PolicyDetermination"/> > <phase name="MessageOut"/> > <phase name="Security"/> > </phaseOrder> > </axisconfig> > > > > *Error when I send request* > > Warning: no suitable certificate found - continuing without client > authentication > > > > > > > > *Regards * > > *Yury Dorofeev* > Cåbrakonsult > > *[image: akm_logo]* > > It-avdelningen| It-utvecklingsenheten > > Box 5553 | 114 85 Stockholm > > Mob: 072 701 7632 > > *www.aklagare.se <http://www.aklagare.se/>* > > >
