Search code examples
javaweb-servicessslapache-axis

2 way SSL :: SSL Handshake Failure Error

I have created a trustore with certificates and keystore with the private key. i have put the following code, loaded the trsustore manger and keystore manager and then created the instance of SSL Context.

This below code is called whenever i am making a request to webservice. We are using axis2 API.

SSLContext context = SSLContext.getInstance(protocolVersion); 
context.init(keyManagers, trustManagers, null); 

SSLSocketFactory socketFactory = context.getSocketFactory(); 

SslContextedSecureProtocolSocketFactory secureProtocolSocketFactory = new SslContextedSecureProtocolSocketFactory(context); 

Protocol authhttps = new Protocol("https", secureProtocolSocketFactory, port);
HttpClient httpclient = new HttpClient();
httpclient.getHostConfiguration().setHost(hostname, port, authhttps);
GetMethod httpget  = new GetMethod("/RTAPService/RTAPService");

Tried with this as well GetMethod httpget = new GetMethod("/");

httpclient.executeMethod(httpget);

it gives me below error..

org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Where hostname is "qartap.csnet.assurity.sg" and my webservice URL is "https://qartap.csnet.assurity.sg:8443/RTAPService/RTAPService"

Issue is when i register my "HTTPS" protocol, it effects my whole application, can i somehow set these for a particular host only or particular webservice..???

Either i want to set this using hostname or creating new protocol itself...I tried the approach given in the solution here. But it gave me the following exception..

While passing the webservice URl to the generated stub constructor, i replaced the "HTTPS" from the url with my own customised "myHTTPS".

The system cannot infer the transport information from the myhttps://serverUrl:7001/app/services/RTAPDevService.RTAPDevServiceHttpSoap12Endpoint/ URL.
Solution

  • The same was resolved by adding the certificates to cacerts file and pointing the same to weblogic. Intially certificates chain was not properly imported into cacerts file. Also there were some issues regarding import for certificates.

    Below link can be referred

    http://ankursinghal86.blogspot.in/2014/06/authentication-with-client-certificate.html