Reputation: 437
keystore.jks to be used in Java application
I have a java application, which connects to some web service. When I try to call web service's function(s), I get an exception .
Although if I call the same web service function(s) from my other web application, which is deployed on tomcat 7 server , it works fine.
Only difference is that I have keystore.jks file in Tomcat's home folder.
How can I make my java application use the keystore.jks file, since my guess is that it's the reason my application fails to work ?
Here is the stack trace of an exception :
2013-10-11 15:24:14.0685 DEBUG main org.apache.axis.enterprise – Mapping Exception to AxisFault
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.tieto.issuing.ws.Issuing.IssuingSoapBindingStub.addCardToStop(IssuingSoapBindingStub.java:2398)
at ge.ufc.cscupdator.utils.IssuingWsOperationManager.addCardToStopList(IssuingWsOperationManager.java:74)
at ge.ufc.cscupdator.CardStopCauseUpdator.main(CardStopCauseUpdator.java:51)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Upvotes: 1
Views: 2967
Answers (2)
Reputation: 13709
This error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
indicates that the client received the SSL certificate chain from the server but was not able to verify this chain using the trust anchor (aka root CA) certificates. The default trust anchor list is stored in the lib/security/cacerts keystore file in the Java home directory.
To specify another trust store for the SSL trust anchor (in that case it is called a trust store) you have to pass this option to the client:
-Djavax.net.ssl.trustStore=/path/to/trsutstore
This trust store should contain the Root CA certificate of the server SSL certificate chain. Actually keystore.jks may contain this certifcate but it also may not. I suggest you use the keytool tool with the -list command to verify if the root CA certificate is present.
Upvotes: 1
Reputation: 437
Exported certificate from web browser and then imported it in cacert in "PATH_TO_JAVA"\jdk1.7.0_25\jre\lib\security with keytool
Upvotes: 0
Related Questions
- SSL and cert keystore
- Java KeyStore jks as certificate authority
- Create java keystore from private key and CA certificate bundle
- Windows keystores and certificates
- Accessing keystore certificates in Java
- Create a keystore file (.jks) and a self signed certificate (.cer/.crt) in Java
- certificate in jks keystore to be imported in java home
- Java client certificates and keystores
- Loading a Certificate from a Keystore
- java using private key with Certificates and Keystore?