Reputation: 23
Web service client application on weblogic to invoke web service
I have a web application on weblogic 10.3.3 which is the client for invoking a secure web service. Note: I have been able to test the web service through a stand-alone java class by setting the two properties below:
System.setProperty("javax.net.ssl.keyStore", "C:/keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "######");
But when i try to deploy the client application to weblogic, it gives me the below error:
weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Failed to receive m
essage javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain receive
d from ******* was not trusted causing SSL handshake failure.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown S
ource)
In weblogic console i have checked the "SSL Listen Port Enabled" checkbox. In Keystores tab I have selected "Custom identity and Standard Trust Store". And for custom identity I have pointed to C:/keystore.jks.
Upvotes: 0
Views: 3084
Answers (1)
Reputation: 42019
The keystore is where you put your keys. You will use these to prove who you are to your peer. This is most likely what is meant by "Custom Identity". The truststore is where you put your trust anchors. These are the certificates that you already trust, and your peer must present you a certificate chain that ends with one of the certificates in the trust store. As a degenerate case, you can put the peer certificate itself right into this truststore. This degenerate case must be used for self-signed certificates.
For most normal SSL uses the truststore includes well know CA roots like Verisign, Thawte, GoDaddy, Comodo, GlobalSign, etc. The Oracle JRE include a truststore in a file usually named cacerts that contains a large collection of such CA roots that Oracle thinks should be there. This is most likely what is meant by "Standard Trust Store".
I'm guessing your peer is using a self-signed certificate. Therefore you should use a custom truststore containing this certificate.
Upvotes: 1
Related Questions
- WebLogic javax.net.ssl.SSLHandshakeException
- Client Certificate using Weblogic
- enabling SSL on weblogic
- Two way ssl with Tomcat as client to weblogic
- Consuming a WebService over SSL in Java
- Web service client with Java application and SSL
- Webservices client and ssl
- Consuming ssl-secured web service in web application
- weblogic as ssl client (single side auth)
- Weblogic web service + SSL