Re: SSL WS-Client Configuration does not work!!

Mon, 18 Mar 2013 08:11:41 -0700 

On 03/18/2013 07:49 AM, Florin Pop wrote:

Hello everybody!

*I tried to create a WS-Client that uses a secure SSL connection with CXF
framework. Thus, I created a spring configuration file following the model


 [...]


*When i run the code, the following error occures:

Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
     at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
     at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
     at sun.security.validator.Validator.validate(Unknown Source)
     at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
     ... 30 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
     at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
     at java.security.cert.CertPathBuilder.build(Unknown Source)


[...]

Hello,
 it looks like either client or server (or both) does not have access to the
security certificatete - in order to get Jave SSL server/client pair talk to
each other they both must have access to the same (server's public) security
certificate. The somewhat complicated procedure to self-generate one and use
when communicating over SSL is described, for example here:

http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore

It boils down to:
  * self-generating a file (say, keystore) with certificate for the server

  * passing it to the server's java runtime:
      java -Djavax.net.ssl.keyStore=keystore ....

  * importing the same certificate into a file (say, truststore) containing
    info about trusted servers known to a client

  * passing it to the clients's java runtime:
      java -Djavax.net.ssl.trustStore=truststore ....

hope it helps
lukasz


--
-------------------------------------------------------------------------
 Lukasz Salwinski                             PHONE:        310-825-1402
 UCLA-DOE Institute for Genomics & Proteomics   FAX:        310-206-3914
 UCLA, Los Angeles                            EMAIL: [email protected]
-------------------------------------------------------------------------

Reply via email to