Have you tried adding the following to the constructor in your generated
code stub? If the path and password matches that of the keystore you
imported the key in, that would help.
System.setProperty(
"java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
Security.addProvider( new
com.sun.net.ssl.internal.ssl.Provider() );
System.setProperty("javax.net.ssl.trustStore",
path);
System.setProperty("javax.net.ssl.trustStorePassword", changeit);
-----Original Message-----
From: r1c4r60 [mailto:[EMAIL PROTECTED]
Sent: Monday, June 25, 2007 2:48 PM
To: axis-user@ws.apache.org
Subject: RE: WSDL2Java for HTTPS
Hi,
"Certificates for IP addresses will not work
Quite simply, issuing and using certificates that authenticate IP
addresses rather than host names will not work. Don't do it. For
anything larger than a trivial installation, your CAS server and its
clients need real hostnames and certificates that authenticate those
hostnames (for proxy ticket functionality). In particular, if you get an
error like ("unable to find valid certification path to requested
target") in the CAS server log, it means that the SSL callback was
specified in terms of an IP address rather than a hostname."
Quoted from: http://www.ja-sig.org/products/cas/server/ssl/index.html
Does this seem to be your case?
Regards,
Ricardo
Mark Babcock-3 wrote:
>
> I did everything you listed step by step and this is the stack trace I
> get:
>
> [axis-wsdl2java] javax.net.ssl.SSLHandshakeException:
> sun.security.validator.Val
> idatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCe
> rtPathBuilderException: unable to find valid certification path to
> requested tar get
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(A
> lerts.java:174)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLS
> ocketImpl.java:1520)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Hands
> haker.java:182)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Hands
> haker.java:176)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverC
> ertificate(ClientHandshaker.java:975)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.process
> Message(ClientHandshaker.java:123)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(H
> andshaker.java:511)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.Handshaker.process_recor
> d(Handshaker.java:449)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord
> (SSLSocketImpl.java:817)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performIni
> tialHandshake(SSLSocketImpl.java:1029)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHands
> hake(SSLSocketImpl.java:1056)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHands
> hake(SSLSocketImpl.java:1040)
> [axis-wsdl2java] at
> sun.net.www.protocol.https.HttpsClient.afterConnect(H
> ttpsClient.java:405)
> [axis-wsdl2java] at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLCo
> nnection.connect(AbstractDelegateHttpsURLConnection.java:170)
> [axis-wsdl2java] at
> sun.net.www.protocol.http.HttpURLConnection.getInputS
> tream(HttpURLConnection.java:981)
> [axis-wsdl2java] at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.get
> InputStream(HttpsURLConnectionImpl.java:234)
> [axis-wsdl2java] at
> org.apache.xerces.impl.XMLEntityManager.setupCurrentE
> ntity(Unknown Source)
> [axis-wsdl2java] at
> org.apache.xerces.impl.XMLVersionDetector.determineDo
> cVersion(Unknown Source)
> [axis-wsdl2java] at
> org.apache.xerces.parsers.XML11Configuration.parse(Un
> known Source)
> [axis-wsdl2java] at
> org.apache.xerces.parsers.XML11Configuration.parse(Un
> known Source)
> [axis-wsdl2java] at
> org.apache.xerces.parsers.XMLParser.parse(Unknown Sou
> rce)
> [axis-wsdl2java] at
> org.apache.xerces.parsers.DOMParser.parse(Unknown Sou
> rce)
> [axis-wsdl2java] at
> org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unkn
> own Source)
> [axis-wsdl2java] at
> org.apache.axis.utils.XMLUtils.newDocument(XMLUtils.j
> ava:369)
> [axis-wsdl2java] at
> org.apache.axis.utils.XMLUtils.newDocument(XMLUtils.j
> ava:420)
> [axis-wsdl2java] at
> org.apache.axis.wsdl.symbolTable.SymbolTable.populate
> (SymbolTable.java:482)
> [axis-wsdl2java] at
> org.apache.axis.wsdl.gen.Parser$WSDLRunnable.run(Pars
> er.java:361)
> [axis-wsdl2java] at java.lang.Thread.run(Thread.java:619)
> [axis-wsdl2java] Caused by: sun.security.validator.ValidatorException:
> PKIX path
> building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: un able to
> find valid certification path to requested target
> [axis-wsdl2java] at
> sun.security.validator.PKIXValidator.doBuild(PKIXVali
> dator.java:285)
> [axis-wsdl2java] at
> sun.security.validator.PKIXValidator.engineValidate(P
> KIXValidator.java:191)
> [axis-wsdl2java] at
> sun.security.validator.Validator.validate(Validator.j
> ava:218)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.val
> idate(X509TrustManagerImpl.java:126)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.che
> ckServerTrusted(X509TrustManagerImpl.java:209)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.che
> ckServerTrusted(X509TrustManagerImpl.java:249)
> [axis-wsdl2java] at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverC
> ertificate(ClientHandshaker.java:954)
> [axis-wsdl2java] ... 23 more
> [axis-wsdl2java] Caused by:
> sun.security.provider.certpath.SunCertPathBuilderExc
> eption: unable to find valid certification path to requested target
> [axis-wsdl2java] at
> sun.security.provider.certpath.SunCertPathBuilder.eng
> ineBuild(SunCertPathBuilder.java:174)
> [axis-wsdl2java] at
> java.security.cert.CertPathBuilder.build(CertPathBuil
> der.java:238)
> [axis-wsdl2java] at
> sun.security.validator.PKIXValidator.doBuild(PKIXVali
> dator.java:280)
> [axis-wsdl2java] ... 29 more
> -----Original Message-----
> From: r1c4r60 [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 25, 2007 10:57 AM
> To: axis-user@ws.apache.org
> Subject: RE: WSDL2Java for HTTPS
>
>
> Hi Mark,
>
> Most likely you haven't set the Axis Classpath. It could be done in
> several different ways as for example the one described at the Axis
> Installation
> page:
>
> http://ws.apache.org/axis/java/install.html#ClasspathSetup
>
> ----
> Or just follow the instruction below:
>
> Add these lines to your build.xml and it should start working.
>
> <property name="axis.home" value="C:\axis-1_4" /> <!--The value should
> be your AXIS home directory-->
>
> <path id="axis.classpath">
> <fileset dir="${axis.home}/lib">
> <include name="**/*.jar" />
> </fileset>
> </path>
>
> <taskdef resource="axis-tasks.properties"
classpathref="axis.classpath"
> />
>
> PS. This is a refence to http://ws.apache.org/axis/java/ant/ant.html
>
> Best Regards,
> Ricardo
>
>
>
> Mark Babcock-3 wrote:
>>
>> Ricardo,
>>
>> Thank you for that amazing help. However, I'm having problems with
> the
>> ant tag axis-wsdl2java. Getting the name is undefined.
>>
>> -----Original Message-----
>> From: r1c4r60 [mailto:[EMAIL PROTECTED]
>> Sent: Monday, June 25, 2007 9:22 AM
>> To: axis-user@ws.apache.org
>> Subject: Re: WSDL2Java for HTTPS
>>
>>
>> Hi,
>>
>> This is a way to solve the WSDL over HTTPS issue reported by so many
>> resulting in "No Trusted Certificate".
>>
>> 1 - Export Certificate from Internet Explorer
>>
>> 1.1 -> Access the service WSDL location (Ex.
>> https://foo.com/bar?wsdl)
>> 1.2 -> Internet explorer will prompt a security alert
>> 1.3 -> Select the "View Certificate" button
>> 1.4 -> Navigate to the tab "Details"
>> 1.5 -> Select the "Copy to File.." button
>> 1.6 -> Certificate Export Wizard will be displayed. Select "NEXT"
>> button.
>> 1.7 -> The option "DER encoded binary X.509 (.CER) will by default be
>> selected. Select "Next"
>> 1.8 -> Place the file where it suits you better. (Ex. foobar) PS.
> Don't
>> add
>> an extension. It will be store as: [given name].cer
>> 1.9 -> Select "Next"
>> 1.10 -> The "Completing Certificate Export Wizard" will be displayed.
>> 1.11 -> Select "Finish"
>> 1.12 -> The will be a pop-up saying "The export was successful"
>>
>> 2 - Importing the certificate signature into the keystore
>>
>> 2.1 -> Find out which keystore is being used by ANT by using the
>> command:
>> ant -diagnostics
>> 2.2 -> Lots of information will be displayed. Find the key
"java.home"
>> (Ex.
>> "java.home : C:\j2sdk1.4.2_14\jre")
>> 2.3 -> Thereby the truststore being used by ANT is in:
>> C:\j2sdk1.4.2_14\jre\lib\security\cacerts
>> 2.4 -> Now you have to import the certificate into the keystore:
>> "keytool
>> -import -trustcacerts -keystore
>> "C:\j2sdk1.4.2_14\jre\lib\security\cacerts"
>> -storepass changeit -alias [foo bar] -file [the name you gave in step
>> 1.8].cer"
>> 2.5 -> Verify if the entry was created correctly.
>> "C:\j2sdk1.4.2_14\jre\lib\security>keytool -keystore cacerts
> -storepass
>> changeit -list -alias [foo bar]"
>>
>> 3 - Run the Ant task
>>
>> <target name="wsdl2java">
>> <mkdir dir="src/main/java-generated"/> <axis-wsdl2java
>> output="src/main/java-generated"
>> testcase="false"
>> verbose="true"
>> serverside="false"
>> url="https://foo.com/bar?wsdl"/>
>> </target>
>>
>> Best Regards,
>> Ricardo
>>
>>
>> Mark Babcock-3 wrote:
>>>
>>> I am trying to generate stubs with the WSDL2Java tool
>>>
>>> I imported my certificate into my keystore (cacerts) using
>>>
>>> The keytool.
>>>
>>>
>>>
>>> When I run my build file I get the following exception:
>>>
>>>
>>>
>>> [java] javax.net.ssl.SSLHandshakeException:
>>> sun.security.validator.Validato
>>>
>>> rException: PKIX path building failed:
>>> sun.security.provider.certpath.SunCertPat
>>>
>>> hBuilderException: unable to find valid certification path to
>> requested
>>> target
>>>
>>>
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>>
>>>
>>>
>>> <!-- ========================================= -->
>>>
>>> <!-- xxx wsdl2java -->
>>>
>>> <!-- ========================================= -->
>>>
>>>
>>>
>>> <project name="xxxWSDL2Java" default="main" basedir=".">
>>>
>>>
>>>
>>>
>>>
>>> <!--
>>> ====================================================================
>> -->
>>>
>>> <!-- creates axis stubs for webservices
>>> -->
>>>
>>> <!--
>>> ====================================================================
>> -->
>>>
>>> <target name="generateWebServiceStubs" depends="">
>>
>>>
>>> <java classname="org.apache.axis.wsdl.WSDL2Java"
>>> fork="true">
>>>
>>> <classpath>
>>>
>>> <pathelement location="axis.jar"/>
>>>
>>> <pathelement location="axis-ant.jar" />
>>>
>>> <pathelement location="jaxrpc.jar" />
>>>
>>> <pathelement
>>> location="commons-logging-1.0.4.jar" />
>>>
>>> <pathelement
>>> location="commons-discovery-0.2.jar" />
>>>
>>> <pathelement location="wsdl4j-1.5.1.jar" />
>>>
>>> </classpath>
>>>
>>> <arg value="https://URL/"/>
>>>
>>> <arg value="-o" />
>>>
>>> <arg value="-Djavax.net.ssl.trustStore=c:/program
>>> files/javajre1.6.0_01/lib/security/cacerts" />
>>>
>>> </java>
>>>
>>> </target>
>>>
>>>
>>>
>>> <target name="main" depends="generateWebServiceStubs">
>>>
>>> <echo>
>>>
>>> Building xxx WSDL 2 Java\par
>>>
>>> </echo>
>>>
>>> </target>
>>>
>>> </project>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/WSDL2Java-for-HTTPS-tf3965233.html#a11286558
>> Sent from the Axis - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
> --
> View this message in context:
> http://www.nabble.com/WSDL2Java-for-HTTPS-tf3965233.html#a11288117
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/WSDL2Java-for-HTTPS-tf3965233.html#a11294269
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
