1. Use a browser to access the https:// url and check if it presents the correct certificate.
2. Don't confuse your trust store, typically your .../lib/security/cacerts file, with your key store. The trust store contains the certificates of of Certification Authorities the client side of a HTTPS connection 'trusts' and on your client side should contain the self signed certificate of your server. The key store contains the private key(s) and should only reside with the owner of the key, typically the server. Therefore you don't need a key store on the client side (and no trust store on the server side). Of course if the client is expected to authenticate to the server the client needs a keystore with its private key and the server has to have in its trust store the certificate of the CA that signed the clients certificate. Manuel On Friday 10 November 2006 20:35, [EMAIL PROTECTED] wrote: > Hi, > > > > You imported your server certificates to > /usr/j2sdk1.4.2_09/jre/lib/security/cacerts and have given some other > keystore path while deploying your webservice in > -Djavax.net.ssl.keyStore=/home/sincrho/server.keystore. > > > > Could this be the problem? > > > > I hope you understand that importing your self-signed certificate to > java keystore is to make it a "trusted" one. > > > > Regards, > > Subir S > > > > _____ > > From: Carl Gustaf Hjelt Liebe [mailto:[EMAIL PROTECTED] > Sent: Friday, November 10, 2006 5:51 PM > To: axis-user@ws.apache.org; [EMAIL PROTECTED] > Subject: Re: webservice over https - No trusted certificate found > > > > What providers have you listed in the java.security file ? > > On 11/10/06, Philippe Vandenhove < [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > wrote: > > Hello, > > I have to develop a webservice (Axis) over https. > Unfortunatelly, i have a problem during the deployment of the > webservice. > Here is the command followed by the stack trace: > > java -Djavax.net.ssl.keyStore=/home > > /sincrho/server.keystore -Djavax.net.ssl.keyStorePassword=changeit > -cp > ./lib/axis.jar:./lib/wsdl4j-1.5.1.jar:./lib/jaxrpc.jar:./lib/saaj.jar >:./ lib/commons-logging-1.0.4.jar: > ./lib/commons-discovery-0.2.jar:./lib/activation.jar:./lib/mail.jar > org.apache.axis.client.AdminClient -l > https://sincrho-staging.irisnet.be/sincrho/services/AdminService > <https://sincrho-staging.irisnet.be/sincrho/services/AdminService> > ./classes/webservices/cees/deploy.wsdd > > Processing file ./classes/webservices/cees/deploy.wsdd > Exception: AxisFault > faultCode: { > <http://schemas.xmlsoap.org/soap/envelope/%7DServer.userException> > http://schemas.xmlsoap.org/soap/envelope/}Server.userException > faultSubcode: > faultString: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate > found faultActor: > faultNode: > faultDetail: > { > <http://xml.apache.org/axis/%7DstackTrace:javax.net.ssl.SSLHandshakeE >xce ption> > http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeExce >pti on: sun.security.validator.ValidatorException: No trusted > certificate found > at > com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j (DashoA12275) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275 >) at > org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFac >tor y.java:186) > at org.apache.axis.transport.http.HTTPSender.getSocket > (HTTPSender.java:191) > at > org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.ja >va: 404) > at > org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138) > at org.apache.axis.strategies.InvocationStrategy.visit > (InvocationStrategy.java:32) > at > org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at > org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at > org.apache.axis.client.AxisClient.invoke > (AxisClient.java:165) > at org.apache.axis.client.Call.invokeEngine(Call.java:2784) > at org.apache.axis.client.Call.invoke(Call.java:2767) > at org.apache.axis.client.Call.invoke(Call.java:1792) > at > org.apache.axis.client.AdminClient.process(AdminClient.java:439) > at > org.apache.axis.client.AdminClient.process(AdminClient.java:404) > at > org.apache.axis.client.AdminClient.process(AdminClient.java > > :410) > > at > org.apache.axis.client.AdminClient.process(AdminClient.java:320) > at > org.apache.axis.client.AdminClient.main(AdminClient.java:463) Caused > by: sun.security.validator.ValidatorException: No trusted certificate > found > at > sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValida >tor .java:304) > at > sun.security.validator.SimpleValidator.engineValidate(SimpleValidator >.ja va:107) > at sun.security.validator.Validator.validate > (Validator.java:202) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( >Das hoA12275) > at > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted( >Das hoA12275) > ... 22 more > > { http://xml.apache.org/axis/}hostname:SincrhoSta.irisnet.be > <http://xml.apache.org/axis/%7Dhostname:SincrhoSta.irisnet.be> > > > > I have create my self signed certificate like this : > > //create certificate and also the .keystore file > keytool -genkey -storepass changeit -keyalg DSA -alias tomcat > -dname "CN= <http://mindprod.com/> mindprod.com, OU=Java Code, > O=Canadian Mind Products, L=Victoria, ST=British Columbia, C=CA, > EMAILADDRESS= [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > DC=mindprod, DC=com" -validity 999 > > keytool -selfcert -storepass changeit -alias tomcat -validity > 999 > > keytool -export -storepass changeit -alias tomcat -rfc -file > /home/sincrho/myCertificate.cer > > //import in cacerts file > keytool -import -keystore /usr/j2re1.4.2_09/lib/security/cacerts > -storepass changeit -alias tomcat -file > /home/sincrho/myCertificate.cer keytool -import -keystore > /usr/j2re1.4.2_09/javaws/cacerts -storepass changeit -alias tomcat > -file /home/sincrho/myCertificate.cer keytool -import -keystore > /usr/j2sdk1.4.2_09/jre/lib/security/cacerts -storepass changeit > -alias tomcat -file /home/sincrho/myCertificate.cer > keytool -import -keystore /usr/j2sdk1.4.2_09/jre/javaws/cacerts > -storepass changeit -alias tomcat -file > /home/sincrho/myCertificate.cer > > > At this point,i don't know what i'm doing wrong. > Any help would be appreciate. > > thanks in advance, > philippe > > > > > The information contained in this electronic message and any > attachments to this message are intended for the exclusive use of the > addressee(s) and may contain proprietary, confidential or privileged > information. If you are not the intended recipient, you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately and destroy all copies of this message and any > attachments. > > WARNING: Computer viruses can be transmitted via email. The recipient > should check this email and any attachments for the presence of > viruses. The company accepts no liability for any damage caused by > any virus transmitted by this email. > > www.wipro.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
