5 Replies Latest reply on Oct 27, 2006 4:44 PM by jason.greene

    Question on accessing keystore/truststore that is not relati

    estrellarichardson

      Hi,
      I have a secured web service which is deployed to a secured port. The service is implemented using EJB and JSR181 annonations on the server-side, the client-side is also an EJB. Both are deployed as EAR files. My application runs in the background of a web application which uses SSL/TLS. As part of the the foreground web application, certificates are exchanged and are imported into the appropriate truststore and keystores. My diliema is that I want to use the same keystore and truststore with my client and service. I have the following in my jboss-wsse-client.xml file:
      <key-store-file>/var/cert/keystore</key-store-file>
      <key-store-password>(password)</key-store-password>
      <trust-store-file>/var/cert/truststore</trust-store-file>
      <trust-store-password>()</trust-store-password>







      and the same in my jboss-wsse-server.xml file. I am getting the following error when I try to access my service:
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      Everything that I have read on this particular exception says that it indicates that the certificate has not been imported into the truststore; however, I have used keytool to verify that the appropriate certs are in the appropriate places. I believe that I am getting this error because the location that I am giving for the keystore and truststore is located on the filesystem outside of the EJB deployment EAR file and it can not find the keystore/truststore.

      Can someone validate or invalidate my conclusion? and if my assumption is correct, can someone tell me if it is possible to access a keystore/truststore outside of the relative deployment of the EJB?

      Thank you.