On 03/18/2013 07:49 AM, Florin Pop wrote:
Hello everybody!
*I tried to create a WS-Client that uses a secure SSL connection with CXF
framework. Thus, I created a spring configuration file following the model
[...]
*When i run the code, the following error occures:
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 30 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
[...]
Hello,
it looks like either client or server (or both) does not have access to the
security certificatete - in order to get Jave SSL server/client pair talk to
each other they both must have access to the same (server's public) security
certificate. The somewhat complicated procedure to self-generate one and use
when communicating over SSL is described, for example here:
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
It boils down to:
* self-generating a file (say, keystore) with certificate for the server
* passing it to the server's java runtime:
java -Djavax.net.ssl.keyStore=keystore ....
* importing the same certificate into a file (say, truststore) containing
info about trusted servers known to a client
* passing it to the clients's java runtime:
java -Djavax.net.ssl.trustStore=truststore ....
hope it helps
lukasz
--
-------------------------------------------------------------------------
Lukasz Salwinski PHONE: 310-825-1402
UCLA-DOE Institute for Genomics & Proteomics FAX: 310-206-3914
UCLA, Los Angeles EMAIL: [email protected]
-------------------------------------------------------------------------