Hi. I'm trying to use the SOAP API over HTTPS connections with Java 1.4.1. I must implement a custom trust manager that trusts all certificates. I think this is where things go wrong.
I suspect that the SOAP API is maybe using some handling from version Java 1.3, but cannot pinpoint any of that in the api's source code. I start off by initializing the SSL/SSLContext with: java.security.Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider() ); System.setProperty( "java.protocol.handler.pkgs", "javax.net.ssl" ); TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return ( null ) } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {} public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) {) } }; // The openHostnameVerifier trusts all hostnames HostnameVerifier openHostnameVerifier = new HostnameVerifier() { public boolean verify( String hostname, String session ) { return ( true ); } public boolean verify( String hostname, SSLSession session) { return ( true ); } }; SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init( null, trustAllCerts, new java.security.SecureRandom()); javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory( sslContext.getSocketFactory() ); javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier( openHostnameVerifier ); I do not know if the last two lines have any meaning to the SOAP API. As far as I can see, it creates its own SSL Socket and does not use the HttpsURLConnection...? Then I simply make a SOAP call: soapCall.setTargetObjectURI( address.getContent() ); soapCall.setMethodName( METHOD_NAME ); soapCall.setEncodingStyleURI( Constants.NS_URI_SOAP_ENC) ; Parameter pUsername = new Parameter( PARAMETER_USERNAME, String.class, username.getContent(), null ); . . . Vector parameters = new Vector(); parameters.add( pUsername ); . . . soapCall.setParams( parameters ); try { Response response = soapCall.invoke( new java.net.URL( address.getContent() ), "" ); } catch ( MalformedURLException exp ) { // Handle } catch ( SOAPException exp ) { // Handle } This causes the followin SOAPException: Error opening socket: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate Any help with my problem is greatly appreciated! Regards, Lars Ove Claesson