0

I have created a trustore with certificates and keystore with the private key. i have put the following code, loaded the trsustore manger and keystore manager and then created the instance of SSL Context.

This below code is called whenever i am making a request to webservice. We are using axis2 API.

SSLContext context = SSLContext.getInstance(protocolVersion); 
context.init(keyManagers, trustManagers, null); 

SSLSocketFactory socketFactory = context.getSocketFactory(); 

SslContextedSecureProtocolSocketFactory secureProtocolSocketFactory = new SslContextedSecureProtocolSocketFactory(context); 

Protocol authhttps = new Protocol("https", secureProtocolSocketFactory, port);
HttpClient httpclient = new HttpClient();
httpclient.getHostConfiguration().setHost(hostname, port, authhttps);
GetMethod httpget  = new GetMethod("/RTAPService/RTAPService");

Tried with this as well GetMethod httpget = new GetMethod("/");

httpclient.executeMethod(httpget);

it gives me below error..

org.apache.axis2.AxisFault: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Where hostname is "qartap.csnet.assurity.sg" and my webservice URL is "https://qartap.csnet.assurity.sg:8443/RTAPService/RTAPService"

Issue is when i register my "HTTPS" protocol, it effects my whole application, can i somehow set these for a particular host only or particular webservice..???

Either i want to set this using hostname or creating new protocol itself...I tried the approach given in the solution here. But it gave me the following exception..

While passing the webservice URl to the generated stub constructor, i replaced the "HTTPS" from the url with my own customised "myHTTPS".

The system cannot infer the transport information from the myhttps://serverUrl:7001/app/services/RTAPDevService.RTAPDevServiceHttpSoap12Endpoint/ URL.
Community
  • 1
  • 1
Ankur Singhal
  • 26,012
  • 16
  • 82
  • 116
  • 1
    What happened when you tried it? and surely 8433 should be 8443? – user207421 Apr 07 '12 at 11:10
  • "*[...] available in one of the jars on internet*". There are many jars on the internet. I guess you're talking about [this](http://code.google.com/p/jsslutils/wiki/ApacheHttpClientUsage). – Bruno Apr 07 '12 at 12:32
  • I have included the above mentioned code and given a release to client..Monday they will test it and i will revert you if it works or not or what is the error, i cannot access there webservice from local environment due to security reasons....i just want to ask you if anything else is also required apart from above mentioned code...Yes port is 8443 and i am using the jar file that is mentioned in the link.... – Ankur Singhal Apr 07 '12 at 17:05
  • HI Bruno, EJP please help me on this...Recently we introduced one more webservice to our current application, for that we need 2 way SSL communication...initially i did the chnages to set the system level properties, system.setProperty() for all trustores and keystores...but with this approach my new webservice worked but existing ones did not work..so later as suggested i changed the approach to register.protocol service and with this my new webservice is still working but the older ones are still not working...below is the error... "apache.axis2.AxisFault: peer not authenticated" – Ankur Singhal Apr 09 '12 at 03:26
  • 1
    possible duplicate of [Two Way SSL Authentication ::](http://stackoverflow.com/questions/10072351/two-way-ssl-authentication) – Ivaylo Strandjev Apr 09 '12 at 11:53
  • Yes i was not able to put my question correctly so i created a new post for this... – Ankur Singhal Apr 09 '12 at 11:58

1 Answers1

0

The same was resolved by adding the certificates to cacerts file and pointing the same to weblogic. Intially certificates chain was not properly imported into cacerts file. Also there were some issues regarding import for certificates.

Below link can be referred

http://ankursinghal86.blogspot.in/2014/06/authentication-with-client-certificate.html

Ankur Singhal
  • 26,012
  • 16
  • 82
  • 116