Thank you for your reply. Yes the server only allows one I.P. Address that they specify to talk to it. I can't get them to change this it's the policy they have in place. How can I get this to work if certificates for IP address will not work?
-----Original Message----- From: r1c4r60 [mailto:[EMAIL PROTECTED] Sent: Monday, June 25, 2007 3:48 PM To: axis-user@ws.apache.org Subject: RE: WSDL2Java for HTTPS Hi, "Certificates for IP addresses will not work Quite simply, issuing and using certificates that authenticate IP addresses rather than host names will not work. Don't do it. For anything larger than a trivial installation, your CAS server and its clients need real hostnames and certificates that authenticate those hostnames (for proxy ticket functionality). In particular, if you get an error like ("unable to find valid certification path to requested target") in the CAS server log, it means that the SSL callback was specified in terms of an IP address rather than a hostname." Quoted from: http://www.ja-sig.org/products/cas/server/ssl/index.html Does this seem to be your case? Regards, Ricardo Mark Babcock-3 wrote: > > I did everything you listed step by step and this is the stack trace I > get: > > [axis-wsdl2java] javax.net.ssl.SSLHandshakeException: > sun.security.validator.Val > idatorException: PKIX path building failed: > sun.security.provider.certpath.SunCe > rtPathBuilderException: unable to find valid certification path to > requested tar > get > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(A > lerts.java:174) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLS > ocketImpl.java:1520) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Hands > haker.java:182) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Hands > haker.java:176) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverC > ertificate(ClientHandshaker.java:975) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.ClientHandshaker.process > Message(ClientHandshaker.java:123) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(H > andshaker.java:511) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.Handshaker.process_recor > d(Handshaker.java:449) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord > (SSLSocketImpl.java:817) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performIni > tialHandshake(SSLSocketImpl.java:1029) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHands > hake(SSLSocketImpl.java:1056) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHands > hake(SSLSocketImpl.java:1040) > [axis-wsdl2java] at > sun.net.www.protocol.https.HttpsClient.afterConnect(H > ttpsClient.java:405) > [axis-wsdl2java] at > sun.net.www.protocol.https.AbstractDelegateHttpsURLCo > nnection.connect(AbstractDelegateHttpsURLConnection.java:170) > [axis-wsdl2java] at > sun.net.www.protocol.http.HttpURLConnection.getInputS > tream(HttpURLConnection.java:981) > [axis-wsdl2java] at > sun.net.www.protocol.https.HttpsURLConnectionImpl.get > InputStream(HttpsURLConnectionImpl.java:234) > [axis-wsdl2java] at > org.apache.xerces.impl.XMLEntityManager.setupCurrentE > ntity(Unknown Source) > [axis-wsdl2java] at > org.apache.xerces.impl.XMLVersionDetector.determineDo > cVersion(Unknown Source) > [axis-wsdl2java] at > org.apache.xerces.parsers.XML11Configuration.parse(Un > known Source) > [axis-wsdl2java] at > org.apache.xerces.parsers.XML11Configuration.parse(Un > known Source) > [axis-wsdl2java] at > org.apache.xerces.parsers.XMLParser.parse(Unknown Sou > rce) > [axis-wsdl2java] at > org.apache.xerces.parsers.DOMParser.parse(Unknown Sou > rce) > [axis-wsdl2java] at > org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unkn > own Source) > [axis-wsdl2java] at > org.apache.axis.utils.XMLUtils.newDocument(XMLUtils.j > ava:369) > [axis-wsdl2java] at > org.apache.axis.utils.XMLUtils.newDocument(XMLUtils.j > ava:420) > [axis-wsdl2java] at > org.apache.axis.wsdl.symbolTable.SymbolTable.populate > (SymbolTable.java:482) > [axis-wsdl2java] at > org.apache.axis.wsdl.gen.Parser$WSDLRunnable.run(Pars > er.java:361) > [axis-wsdl2java] at java.lang.Thread.run(Thread.java:619) > [axis-wsdl2java] Caused by: sun.security.validator.ValidatorException: > PKIX path > building failed: > sun.security.provider.certpath.SunCertPathBuilderException: un > able to find valid certification path to requested target > [axis-wsdl2java] at > sun.security.validator.PKIXValidator.doBuild(PKIXVali > dator.java:285) > [axis-wsdl2java] at > sun.security.validator.PKIXValidator.engineValidate(P > KIXValidator.java:191) > [axis-wsdl2java] at > sun.security.validator.Validator.validate(Validator.j > ava:218) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.val > idate(X509TrustManagerImpl.java:126) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.che > ckServerTrusted(X509TrustManagerImpl.java:209) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.che > ckServerTrusted(X509TrustManagerImpl.java:249) > [axis-wsdl2java] at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverC > ertificate(ClientHandshaker.java:954) > [axis-wsdl2java] ... 23 more > [axis-wsdl2java] Caused by: > sun.security.provider.certpath.SunCertPathBuilderExc > eption: unable to find valid certification path to requested target > [axis-wsdl2java] at > sun.security.provider.certpath.SunCertPathBuilder.eng > ineBuild(SunCertPathBuilder.java:174) > [axis-wsdl2java] at > java.security.cert.CertPathBuilder.build(CertPathBuil > der.java:238) > [axis-wsdl2java] at > sun.security.validator.PKIXValidator.doBuild(PKIXVali > dator.java:280) > [axis-wsdl2java] ... 29 more > -----Original Message----- > From: r1c4r60 [mailto:[EMAIL PROTECTED] > Sent: Monday, June 25, 2007 10:57 AM > To: axis-user@ws.apache.org > Subject: RE: WSDL2Java for HTTPS > > > Hi Mark, > > Most likely you haven't set the Axis Classpath. It could be done in > several > different ways as for example the one described at the Axis Installation > page: > > http://ws.apache.org/axis/java/install.html#ClasspathSetup > > ---- > Or just follow the instruction below: > > Add these lines to your build.xml and it should start working. > > <property name="axis.home" value="C:\axis-1_4" /> <!--The value should > be > your AXIS home directory--> > > <path id="axis.classpath"> > <fileset dir="${axis.home}/lib"> > <include name="**/*.jar" /> > </fileset> > </path> > > <taskdef resource="axis-tasks.properties" classpathref="axis.classpath" > /> > > PS. This is a refence to http://ws.apache.org/axis/java/ant/ant.html > > Best Regards, > Ricardo > > > > Mark Babcock-3 wrote: >> >> Ricardo, >> >> Thank you for that amazing help. However, I'm having problems with > the >> ant tag axis-wsdl2java. Getting the name is undefined. >> >> -----Original Message----- >> From: r1c4r60 [mailto:[EMAIL PROTECTED] >> Sent: Monday, June 25, 2007 9:22 AM >> To: axis-user@ws.apache.org >> Subject: Re: WSDL2Java for HTTPS >> >> >> Hi, >> >> This is a way to solve the WSDL over HTTPS issue reported by so many >> resulting in "No Trusted Certificate". >> >> 1 - Export Certificate from Internet Explorer >> >> 1.1 -> Access the service WSDL location (Ex. https://foo.com/bar?wsdl) >> 1.2 -> Internet explorer will prompt a security alert >> 1.3 -> Select the "View Certificate" button >> 1.4 -> Navigate to the tab "Details" >> 1.5 -> Select the "Copy to File.." button >> 1.6 -> Certificate Export Wizard will be displayed. Select "NEXT" >> button. >> 1.7 -> The option "DER encoded binary X.509 (.CER) will by default be >> selected. Select "Next" >> 1.8 -> Place the file where it suits you better. (Ex. foobar) PS. > Don't >> add >> an extension. It will be store as: [given name].cer >> 1.9 -> Select "Next" >> 1.10 -> The "Completing Certificate Export Wizard" will be displayed. >> 1.11 -> Select "Finish" >> 1.12 -> The will be a pop-up saying "The export was successful" >> >> 2 - Importing the certificate signature into the keystore >> >> 2.1 -> Find out which keystore is being used by ANT by using the >> command: >> ant -diagnostics >> 2.2 -> Lots of information will be displayed. Find the key "java.home" >> (Ex. >> "java.home : C:\j2sdk1.4.2_14\jre") >> 2.3 -> Thereby the truststore being used by ANT is in: >> C:\j2sdk1.4.2_14\jre\lib\security\cacerts >> 2.4 -> Now you have to import the certificate into the keystore: >> "keytool >> -import -trustcacerts -keystore >> "C:\j2sdk1.4.2_14\jre\lib\security\cacerts" >> -storepass changeit -alias [foo bar] -file [the name you gave in step >> 1.8].cer" >> 2.5 -> Verify if the entry was created correctly. >> "C:\j2sdk1.4.2_14\jre\lib\security>keytool -keystore cacerts > -storepass >> changeit -list -alias [foo bar]" >> >> 3 - Run the Ant task >> >> <target name="wsdl2java"> >> <mkdir dir="src/main/java-generated"/> >> <axis-wsdl2java >> output="src/main/java-generated" >> testcase="false" >> verbose="true" >> serverside="false" >> url="https://foo.com/bar?wsdl"/> >> </target> >> >> Best Regards, >> Ricardo >> >> >> Mark Babcock-3 wrote: >>> >>> I am trying to generate stubs with the WSDL2Java tool >>> >>> I imported my certificate into my keystore (cacerts) using >>> >>> The keytool. >>> >>> >>> >>> When I run my build file I get the following exception: >>> >>> >>> >>> [java] javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.Validato >>> >>> rException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPat >>> >>> hBuilderException: unable to find valid certification path to >> requested >>> target >>> >>> >>> >>> <?xml version="1.0" encoding="UTF-8"?> >>> >>> >>> >>> <!-- ========================================= --> >>> >>> <!-- xxx wsdl2java --> >>> >>> <!-- ========================================= --> >>> >>> >>> >>> <project name="xxxWSDL2Java" default="main" basedir="."> >>> >>> >>> >>> >>> >>> <!-- >>> ==================================================================== >> --> >>> >>> <!-- creates axis stubs for webservices >>> --> >>> >>> <!-- >>> ==================================================================== >> --> >>> >>> <target name="generateWebServiceStubs" depends=""> >> >>> >>> <java classname="org.apache.axis.wsdl.WSDL2Java" >>> fork="true"> >>> >>> <classpath> >>> >>> <pathelement location="axis.jar"/> >>> >>> <pathelement location="axis-ant.jar" /> >>> >>> <pathelement location="jaxrpc.jar" /> >>> >>> <pathelement >>> location="commons-logging-1.0.4.jar" /> >>> >>> <pathelement >>> location="commons-discovery-0.2.jar" /> >>> >>> <pathelement location="wsdl4j-1.5.1.jar" /> >>> >>> </classpath> >>> >>> <arg value="https://URL/"/> >>> >>> <arg value="-o" /> >>> >>> <arg value="-Djavax.net.ssl.trustStore=c:/program >>> files/javajre1.6.0_01/lib/security/cacerts" /> >>> >>> </java> >>> >>> </target> >>> >>> >>> >>> <target name="main" depends="generateWebServiceStubs"> >>> >>> <echo> >>> >>> Building xxx WSDL 2 Java\par >>> >>> </echo> >>> >>> </target> >>> >>> </project> >>> >>> >>> >>> >>> >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/WSDL2Java-for-HTTPS-tf3965233.html#a11286558 >> Sent from the Axis - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- > View this message in context: > http://www.nabble.com/WSDL2Java-for-HTTPS-tf3965233.html#a11288117 > Sent from the Axis - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/WSDL2Java-for-HTTPS-tf3965233.html#a11294269 Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
