1

I've generated classes from wsdl with wsimport, wsdl location: https://somehost/wsdl. There was no problem with generation. But when I tried to send soap request, I've received exception:

com.sun.xml.internal.ws.client.ClientTransportException: The server sent HTTP status code 403: Client certificate required

I find out, surfing the internet, that I have to add certificate in my keystore. I've done it, but this doesn't help. And I have no idea what to do or even what to google.

Can anybody help me?(

Mary Ryllo
  • 2,321
  • 7
  • 34
  • 53

1 Answers1

1

It sounds like a mutual authentication problem.

The server is requiring that your client use a known digital certificate to sign your messages and send that information within the request. It is like a user/password mechanism, but you and the server agree to use a known key-pair for identification.

This situation usually means that the web service server administrator will generate a key-pair and send the private part of the certificate to you.

But you can send the public certificate for him as well if you created it yourself. The server must have access to the public certificate, and it maybe you will have to publish it to a Certification Authority. In some cases it has to be a commercial certificate (you will have to buy it).

You will then use the private key to digitally sign your messages.

I've found some links that may help:

If you already did those steps, then something is wrong with your implementation or the certificate/keys provided are invalid.

I recommend you to use a mock server to make sure you are implementing the client authentication properly before you try to connect to the real service. Making it to work locally will set the knowledge you need to call the real functions. You can also ask the web service administrator to send you debug information.

Community
  • 1
  • 1
Evandro Pomatti
  • 13,341
  • 16
  • 97
  • 165