Re: SSL: ValidatorException: PKIX path building failed

Fri, 19 Sep 2008 04:03:19 -0700 

Hi Sagi,
       It seems we get this same error in both almost all the cases, where
we don't set the system property, where the path to key store is wrong and
where the keystore password is wrong. You can check with java keytool
whether the password is correct.

thanks,
nandana

On Fri, Sep 19, 2008 at 3:28 PM, Sagi Mann <[EMAIL PROTECTED]> wrote:

>
> Hi all,
> I am unable to get Axis2 clients to work with via HTTPS. I've read the
> numerous threads here about it, and I think I have set up everything
> correcly, but still - no luck. The client code works great over HTTP. I'm
> using Axis2 1.4.1, NetBeans 5.5.1, SJSAS 9.1 for hosting the web service.
>
> The setup:
> My web service is inside a .war and has its web.xml set to constraint all
> clients requests to CONFIDENTIAL (it is not an Axis2-based web service). It
> does NOT enforce client authentication, i.e. no CLIENT-AUTH. In fact, the
> login section is omitted entirely. I don't want to test login at this
> point.
>
> I then access the remote wsdl using IE:
> https://hostname:8181/myapp/HelloService?wsdl to verify it is accessible
> (IE
> prompts me for a security confirmation).
> I then generate the client-side proxy using wsdl2java (ADB), using the WDL
> URI above. I also set the following system properties prior to running
> wsdl2java, or else wsdl2java fails due to an untrusted certificate:
> javax.net.ssl.trustStore=v:/tmp/clienttrust.jks
> javax.net.ssl.trustStorePassword=changeit
>
> Finally, in my standalone client code, I do the following:
>        System.setProperty("javax.net.ssl.trustStore",
> "v:/tmp/clienttrust.jks");
>        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
>        HelloServiceStub stub =
>                new HelloServiceStub(
>                "https://hostname:8181/myapp/HelloService?wsdl";);
>        doTest(); // this involes a simple web service method
>
> However, I get an exception (see below) which usually appears only if a
> trustStore and its pwd are not specified. In fact, if I omit the
> System.setProperty calls above, I get the same exact exception (verified
> with diff tool).
>
> Does anyone have an idea how to resolve this?
> thanks.
>
>
> org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX
> path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>        at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
>        at
>
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
>        at
>
> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
>        at
>
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
>        at
>
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
>        at
>
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
>        at
>
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
>        at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
>        at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
>        at
>
> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:542)
>        at
> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:189)
>        at
> org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
>        at
>
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:371)
>        at
>
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:209)
>        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:448)
>        at
>
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
>        at
>
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
>        at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>        at
>
> samples.quickstart.service.adb.HelloServiceStub.test(HelloServiceStub.java:183)
>        at samples.quickstart.clients.ADBClient.test(ADBClient.java:83)
>        at samples.quickstart.clients.ADBClient.main(ADBClient.java:68)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at
> org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202)
>        at
> org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134)
>        at org.apache.tools.ant.taskdefs.Java.run(Java.java:710)
>        at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178)
>        at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84)
>        at
> org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
>        at org.apache.tools.ant.Task.perform(Task.java:364)
>        at org.apache.tools.ant.Target.execute(Target.java:341)
>        at org.apache.tools.ant.Target.performTasks(Target.java:369)
>        at
> org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
>        at org.apache.tools.ant.Project.executeTarget(Project.java:1185)
>        at
>
> org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40)
>        at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
>        at
> org.apache.tools.ant.module.bridge.impl.BridgeImpl.run(BridgeImpl.java:240)
>        at
> org.apache.tools.ant.module.run.TargetExecutor.run(TargetExecutor.java:293)
>        at
> org.netbeans.core.execution.RunClassThread.run(RunClassThread.java:131)
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>        at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
>        at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
>        at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
>        at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
>        at
>
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
>        at
>
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
>        at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
>        at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
>        at
>
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
>        at
>
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
>        at
>
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
>        at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
>        at
> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
>        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
>        at
>
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:94)
>        ... 39 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
>        at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
>        at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
>        at sun.security.validator.Validator.validate(Validator.java:218)
>        at
>
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
>        at
>
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
>        at
>
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
>        at
>
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
>        ... 49 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>        at
>
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
>        at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
>        at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
>        ... 55 more
>
> --
> View this message in context:
> http://www.nabble.com/SSL%3A-ValidatorException%3A-PKIX-path-building-failed-tp19569509p19569509.html
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
Nandana Mihindukulasooriya
WSO2 inc.

http://nandana83.blogspot.com/
http://www.wso2.org

Reply via email to