Jagannath,
If you wish not to authenticate the client, then in the
server.xml you may set clientAuth=false, for SSL handshake.
Also you should ensure that the keystore server.xml is
referring to has the server certificate. Your JDK's cacerts file should
also have the root cert installed (the CA you obtained the CA cert
from...) .
If using two way authentication (clientAuth=true) then ensure
that your client code is pointing to the correct client keystore, and you have
the server's public key imported, and clients cacerts has the correct root
cert.
I hope this helps...
Regards,
Rommel Sharma.
PS:Since earlier message was signed and could not be seen by
many, I am re-posting the message without digitally signing
it.
----- Original Message -----
Sent: Tuesday, February 17, 2004 2:45
PM
Subject: RE: SSLHandshakeException
Did
you mention where you have the trust store in the client
side?
Thanks & regards,
Ayyappan Gandhirajan
[GANDHIRAJAN,AYYAPPAN
(HP-India,ex2)] -----Original
Message-----
From: jagannath
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 17, 2004
3:00 PM
To: [EMAIL PROTECTED]
Subject:
SSLHandshakeException
Hi,
I am trying to run WSOverSSL example. I have
installed axis in tomcat. I have generated certificates and keystore using
the keytool as mentioned in the README of the example. I have also
configured Tomcat for SSL. But when I invoke a method in my deployed Web
Service I get an SSLHandshake Exception.
Feb 11, 2004 6:00:24 PM
org.apache.axis.client.Call invoke
INFO: Mapping Exception to
AxisFault
AxisFault
faultCode: {http://xml.apache.org/axis/}Server.userException
faultString:
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted
certificate
faultActor:
null
faultDetail:
stackTrace: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted
certificate
at
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:244)
at
org.apache.axis.transport.http.HTTPSender.getSecureSocket(HTTPSender.java:156)
at
org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:116)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:156)
at
org.apache.axis.SimpleChain.invoke(SimpleChain.java:126)
at
org.apache.axis.client.AxisClient.invoke(AxisClient.java:182)
at
org.apache.axis.client.Call.invokeEngine(Call.java:2113)
at
org.apache.axis.client.Call.invoke(Call.java:2102)
at
org.apache.axis.client.Call.invoke(Call.java:1851)
at
org.apache.axis.client.Call.invoke(Call.java:1777)
at
org.apache.axis.client.Call.invoke(Call.java:1315)
at
com.adventnet.adaptors.soap.axis.SoapEngine.deployAgentService(SoapEngine.java:116)
at
com.adventnet.adaptors.soap.SoapAdaptor.instantiateAdaptor(SoapAdaptor.java:369)
at
com.adventnet.adaptors.AbstractAdaptor.startService(AbstractAdaptor.java:103)
at
com.adventnet.adaptors.soap.SoapAdaptor.preRegister(SoapAdaptor.java:325)
at
com.adventnet.jmx.MBeanServerImpl.registerMBean(MBeanServerImpl.java:642)
at
com.adventnet.manageengine.configuration.SOAPAdaptorInitializer.initializeAdaptor(SOAPAdaptorInitializer.java:90)
at
com.agent.SubAgentStartup.initAdaptors(SubAgentStartup.java:223)
at
com.agent.SubAgentStartup.initAdaptorsServices(SubAgentStartup.java:197)
at
com.agent.SubAgentStartup.initialize(SubAgentStartup.java:119)
at com.agent.SubAgentStartup.main(SubAgentStartup.java:744)
Caused by:
java.security.cert.CertificateException: Couldn't find trusted
certificate
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
... 28 more
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Couldn't find trusted
certificate
at
org.apache.axis.AxisFault.makeFault(AxisFault.java:120)
at
org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:134)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:156)
at
org.apache.axis.SimpleChain.invoke(SimpleChain.java:126)
at
org.apache.axis.client.AxisClient.invoke(AxisClient.java:182)
at
org.apache.axis.client.Call.invokeEngine(Call.java:2113)
at
org.apache.axis.client.Call.invoke(Call.java:2102)
at
org.apache.axis.client.Call.invoke(Call.java:1851)
at
org.apache.axis.client.Call.invoke(Call.java:1777)
at
org.apache.axis.client.Call.invoke(Call.java:1315)
at
com.adventnet.adaptors.soap.axis.SoapEngine.deployAgentService(SoapEngine.java:116)
at
com.adventnet.adaptors.soap.SoapAdaptor.instantiateAdaptor(SoapAdaptor.java:369)
at
com.adventnet.adaptors.AbstractAdaptor.startService(AbstractAdaptor.java:103)
at
com.adventnet.adaptors.soap.SoapAdaptor.preRegister(SoapAdaptor.java:325)
Can
I configure axis to allow non trusted certificates or else what should be
done so that I can invoke the method.
Any help is greatly
appreciated.
Thanks,
Jagannath
*********************************************************
Disclaimer
This message (including any attachments) contains
confidential information intended for a specific
individual and purpose, and is protected by law.
If you are not the intended recipient, you should
delete this message and are hereby notified that
any disclosure, copying, or distribution of this
message, or the taking of any action based on it,
is strictly prohibited.
*********************************************************
Visit us at http://www.mahindrabt.com
|
