2014-03-18 22:58 GMT+01:00 Maria Cristina Siena <mariacristinasi...@sourcecable.net>: > Hi, > > I developed a web service using jax-ws and configured Tomcat to support SSL > connection. Here are my steps: > > ****** Step 1 - Generate a self-signed server certificate > > Use JDK 1.7 keytool: > > keytool -genkey -alias trackerdev -keypass changeit -storepass changeit > -keystore D:\Tomcat7\htdkeystore\trackerdev.ks -ext san=ip:xx.x.x.xxx > > Is CN=xx.x.x.xxx, OU=it, O=companynamehere, L=citynamehere, > ST=provincenamehere, C=ca correct? > [no]: yes > > ****** Step 2 - Configure Tomcat to support SSL connection > > On the dev server: > > Modify TOMCAT_HOME\conf\server.xml by adding the following block where > keystoreFile and keystorePass are set to values from the previous step: > > <Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" clientAuth="false" > sslProtocol="TLS" > keystoreFile="htdkeystore/trackerdev.ks" > keystorePass="changeit" /> > > ****** Step 3 - Export the generated server certificate to a certificate > file > > On the dev server: > > keytool -export -alias trackerdev -storepass changeit -file > D:\Tomcat7\htdkeystore\serverdev.cer -keystore > D:\Tomcat7\htdkeystore\trackerdev.ks > > ****** Step 4 - Import the server certificate into the truststore file (Open > an administrator cmd window and hit Shift, Ctrl, Enter) > > Copy serverdev.cer from the dev server and on the local machine: > > keytool -import -v -trustcacerts -alias trackerdev -file > C:\fromdevserver\serverdev.cer -keystore "C:\Program > Files\Java\jdk1.7.0_51\jre\lib\security\cacerts" -keypass changeit > -storepass changeit > > Trust this certificate? [no]: yes > > ****** Step 5 - Modify webapps's web.xml > > Add the following: > <listener> > <listener-class> > > com.sun.xml.ws.transport.http.servlet.WSServletContextListener > </listener-class> > </listener> > <servlet> > <servlet-name>tracker</servlet-name> > <servlet-class> > com.sun.xml.ws.transport.http.servlet.WSServlet > </servlet-class> > </servlet> > <servlet-mapping> > <servlet-name>tracker</servlet-name> > <url-pattern>/tracker</url-pattern> > </servlet-mapping> > <security-constraint> > <web-resource-collection> > <web-resource-name>securedapp</web-resource-name> > <url-pattern>/tracker</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > ****** MY QUESTION IS THIS: > > I tested the web service using https and it worked for me. I provided > another team with my server certificate so that they could add it to their > truststore file but I have no idea if they did or not. All I know is that > they got an error loading the wsdl. The exception they got was: > > Error loading [https://xx.x.x.xxx:8444/appname/tracker?wsdl] > org.apache.xmlbeans.XmlException: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > They claim that the certificate is not properly signed. Well, I don't know. > It is a self-signed certificate. > > Any ideas would help! > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
I guess that they must add your PK certificate to their keystore. Ask them Read the next link ( in Spanish ): http://danielriab.wordpress.com/2012/08/13/java-pkix-path-building-failed/ Regards --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
