2 Replies Latest reply on Sep 16, 2008 2:04 AM by ron_sigal

    Caused by: sun.security.validator.ValidatorException: No tru

    vbatista Sep 4, 2008 7:06 PM

      Hello,
      I am using JBoss-4.2.2.GA with Java 1.6.0_04. My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.

      I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:

      -Djavax.net.ssl.trustStore=/Path-to-file -Djavax.net.ssl.trustStorePassword=password


      On my development environment I can call the Web Service correctly.
      Although, on the production environment, I amgetting the following exception: 

      javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
 at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
 at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
 at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
 at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
 at $Proxy171.send(Unknown Source)
 at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
 at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
 at java.lang.Thread.run(Thread.java:619)
Caused by: java.io.IOException: Could not transmit message
 at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
 at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
 at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
 at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
 ... 6 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
 at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:333)
 at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
 at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
 at org.jboss.remoting.Client.invoke(Client.java:1634)
 at org.jboss.remoting.Client.invoke(Client.java:548)
 at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
 ... 9 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
 at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
 at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
 at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:275)
 ... 14 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
 at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
 at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
 at sun.security.validator.Validator.validate(Validator.java:218)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
 ... 26 more


      Both systems are configured with the same JBoss, JVM, ...

      The certificate details are: 

      Owner=
 CN=*...., OU=..., O=..., L=..., ST=..., C=PT
Issuer=
 CN=..., O=..., C=PT
Version=3
Serial Number=BC81A81843E26C2597CD10354588F61E
Valid From=Monday, 3 March 2008 18:50
Valid Until=Tuesday, 3 March 2009 18:50
Signature Algorithm=SHA1withRSA

Fingerprints=
 MD5: 0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
 SHA1: 35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
Key Usage= critical
 List:
 . digitalSignature
 . keyEncipherment
 . dataEncipherment
 . keyAgreement
Extended Key Usage= none


      On production I have also tried adding the following properties: 

      -Djavax.net.ssl.keyStore=/Path-to-file -Djavax.net.ssl.keyStorePassword=password


      But I still get the error.

      Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?

      Any help would really be welcome.
      Thanks in advance.

      Best regards,
      Victor Batista

      • 6763 Views
      • Tags:
        • 1. sun.security.validator.ValidatorException: No trusted certif
          vbatista Sep 4, 2008 7:07 PM (in response to vbatista)

           

          "vbatista" wrote:
          Hello,
          I am using JBoss-4.2.2.GA with Java 1.6.0_04. My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.

          I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:

          -Djavax.net.ssl.trustStore=/Path-to-file -Djavax.net.ssl.trustStorePassword=password


          On my development environment I can call the Web Service correctly.
          Although, on the production environment, I amgetting the following exception:

          javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
 at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
 at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
 at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
 at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
 at $Proxy171.send(Unknown Source)
 at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
 at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
 at java.lang.Thread.run(Thread.java:619)
Caused by: java.io.IOException: Could not transmit message
 at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
 at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
 at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
 at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
 ... 6 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
 at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:333)
 at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
 at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
 at org.jboss.remoting.Client.invoke(Client.java:1634)
 at org.jboss.remoting.Client.invoke(Client.java:548)
 at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
 ... 9 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
 at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
 at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
 at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:275)
 ... 14 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
 at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
 at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
 at sun.security.validator.Validator.validate(Validator.java:218)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
 ... 26 more


          Both systems are configured with the same JBoss, JVM, ...

          The certificate details are:

          Owner=
 CN=*...., OU=..., O=..., L=..., ST=..., C=PT
Issuer=
 CN=..., O=..., C=PT
Version=3
Serial Number=BC81A81843E26C2597CD10354588F61E
Valid From=Monday, 3 March 2008 18:50
Valid Until=Tuesday, 3 March 2009 18:50
Signature Algorithm=SHA1withRSA

Fingerprints=
 MD5: 0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
 SHA1: 35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
Key Usage= critical
 List:
 . digitalSignature
 . keyEncipherment
 . dataEncipherment
 . keyAgreement
Extended Key Usage= none


          On production I have also tried adding the following properties:

          -Djavax.net.ssl.keyStore=/Path-to-file -Djavax.net.ssl.keyStorePassword=password


          But I still get the error.

          Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?

          Any help would really be welcome.
          Thanks in advance.

          Best regards,
          Victor Batista


            • Actions
          • 2. Re: Caused by: sun.security.validator.ValidatorException: No
            ron_sigal
            ron_sigal Sep 16, 2008 2:04 AM (in response to vbatista)

            Hi Victor,

            Your question doesn't really concern Remoting. I suggest posing it on the "JBossWS" forum: http://www.jboss.com/index.html?module=bb&op=viewforum&f=200.

              • Actions