0

org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I am getting the baove exception, i know it is because it is not able to find the certificates.

when i created a new JKS file with only the certificate enteries provided by the 3rd party and setting in system.setProperty("javax.net.XXXX") it works. But due to this my other functionalities in application does not work as it is not able to find any certificate. so i created jssecacerts using class file and imported the two certificates as well, but pointing and setting in system properties this jssecaerts file, it does not work and rest everything works fine.

What could be the issue..???

Ankur Singhal
  • 26,012
  • 16
  • 82
  • 116

1 Answers1

0

You could add your additional certificates for use by Axis2 in your own X509TrustManager and build an SSLContext from it. This is described in this answer.

Then you would have to pass the subsequent SSLSocketFactory to Axis2 using an Apache HttpClient 3.x SecureProtocolSocketFactory (see the Axis 2 documentation on the subject).

Community
  • 1
  • 1
Bruno
  • 119,590
  • 31
  • 270
  • 376
  • I did the following...SSLContext context = SSLContext.getInstance(protocolVersion); context.init(keyManagers, trustManagers, null); SSLSocketFactory socketFactory = context.getSocketFactory(); URL url = new URL(urlString); URLConnection connection = url.openConnection(); if (connection instanceof HttpsURLConnection) { ((HttpsURLConnection) connection) .setSSLSocketFactory(sslSocketFactory); connection.connect(); } i created and loaded trustmanagers and keymanagers..but after this i do not knwo what to do...can you please guide through code – Ankur Singhal Apr 05 '12 at 14:13
  • 1
    Ignore the `HttpsURLConnection`, it's your own implementation of an Apache HttpClient 3.x `SecureProtocolSocketFactory` you need to register. – Bruno Apr 05 '12 at 14:15
  • it gave me following error..org.apache.axis2.AxisFault: Unconnected sockets not implemented at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:203) at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:76) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:400) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:225) – Ankur Singhal Apr 05 '12 at 14:16
  • Bruno can you please help me with a little code..i am not much experinced in this..will be really gratefull...please help me..what to do after creating sslsocketfactory instance... – Ankur Singhal Apr 05 '12 at 14:21
  • 1
    There a longer example [here](http://code.google.com/p/jsslutils/wiki/ApacheHttpClientUsage): you'd need to do something similar to this `SslContextedSecureProtocolSocketFactory` or use it. What you need is to register the `Protocol` afterwards with that factory. – Bruno Apr 05 '12 at 14:43
  • Thanks Bruno..i will try and revert you..thanks again..how about this link..http://svn.apache.org/viewvc/httpcomponents/oac.hc3x/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/AuthSSLProtocolSocketFactory.java?view=markup – Ankur Singhal Apr 05 '12 at 15:23
  • HI Bruno, i did the SSLContext context = SSLContext.getInstance(protocolVersion); context.init(keyManagers, trustManagers, null); SSLSocketFactory socketFactory = context.getSocketFactory(); SslContextedSecureProtocolSocketFactory secureProtocolSocketFactory = new SslContextedSecureProtocolSocketFactory(context); Protocol.registerProtocol("https", new Protocol("https", (ProtocolSocketFactory)secureProtocolSocketFactory, port)); Is this correct...??? – Ankur Singhal Apr 06 '12 at 10:27
  • this class "SslContextedSecureProtocolSocketFactory " i got from one of the jars available on internet and just used that...will thsi work..since i cannot test in my environment.. i have to give it to client for testing.... – Ankur Singhal Apr 06 '12 at 10:29