10 Replies Latest reply on Feb 3, 2014 6:35 PM by bfitzpat

    Web Service Tester and https

    juergen.zimmermann

      I want to test a RESTful Web Service on WIldFly 8 which is configured for https. However, I'm getting in the response body just this error message for both GET and POST requests:

       

      sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

       

      Any hint is appreciated.

        • 1. Re: Web Service Tester and https
          maxandersen

          I believe you need to add the certs to the JavaVM you load to have Java connect.

           

          We might be able to ignore the certification error but I believe there are some issues with that since it requires a global disablement.

          1 of 1 people found this helpful
          • 2. Re: Web Service Tester and https
            xcoulon

            That may actually be due to the type of certificate that you deployed on your server. If the certificate is not signed by one of the authorities configured on the JVM that runs JBT/JBDS, then you may have this error.

            Please, open a JIRA and I'll see if that can be disabled, depending on the library we use to submit the HTTP(s) request.

            • 4. Re: Web Service Tester and https
              bfitzpat

              Any additional information, such as any entries in the Eclipse error log or a project I can use to reproduce this along with what setting changes need to be made would be great. I've not played with Wildfly at all and will need more to try and reproduce this locally with the WS Tester. Please attach any additional information to the JIRA so we can continue to explore this issue.

               

              Thanks!

              • 5. Re: Web Service Tester and https
                juergen.zimmermann

                As I mentioned in the JIRA on Sep 15th: "there is nothing else - no single line in the eclipse log file". Are there any news on your site?

                • 6. Re: Web Service Tester and https
                  bfitzpat

                  Sorry Juergen, I've been working on a different project for the last couple of weeks and haven't had a chance to get back to this. It's still on my list!

                  • 7. Re: Web Service Tester and https
                    bfitzpat

                    Ok Juergen, I'm finally back to looking into this today. Any help you can provide on configuring Wildfly to be https? Or is it https by default?

                    • 8. Re: Re: Web Service Tester and https
                      juergen.zimmermann

                      Brian, I'll give you the Windows commands in the steps 1) to 4) to prepare WildFly for https. Steps 5) and 6) are editing standalone.xml:

                       

                      1) Create a server-side keystore (in the file server.keystore):

                      keytool -genkeypair -v -alias https ^

                        -keystore %JBOSS_HOME%\standalone\configuration\server.keystore ^

                        -storepass ChangeIt -keypass ChangeIt -keyalg RSA -validity 180 ^

                        -dname "CN=localhost, OU=Brian, O=Red Hat, C=us"

                       

                      2) Visualize this keystore:

                      keytool -list -keystore %JBOSS_HOME%\standalone\configuration\server.keystore -storepas ChangeIt

                       

                      3) Export the keystore as a certificat:

                      keytool -v -exportcert -file %JBOSS_HOME%\standalone\configuration\server.cer ^

                        -alias https ^

                        -keystore %JBOSS_HOME%\standalone\configuration\server.keystore ^

                        -storepass ChangeIt

                       

                      4) Create a client-side truststore (i.e. import the certificate into a new keystore):

                      keytool -importcert -v ^

                        -alias https -file %JBOSS_HOME%\standalone\configuration\server.cer ^

                        -noprompt ^

                        -keystore %JBOSS_HOME%\standalone\configuration\client.truststore ^

                        -storepass ChangeIt

                       

                      5) Edit standalone.xml below the tags <management> and <security-realms> and add this entry:

                      <security-realm name="HttpsRealm">

                         <server-identities>

                            <ssl>

                               <keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="ChangeIt"/>

                            </ssl>

                         </server-identities>

                      </security-realm>

                       

                      6) Edit standalone.xml inside the subsystem undertow and add the following line after <http-listener .../>:

                      <https-listener name="https-listener" socket-binding="https" security-realm="HttpsRealm" max-post-size="10485760"/>

                      • 9. Re: Re: Web Service Tester and https
                        bfitzpat

                        Thanks Juergen. I'll give that a shot.

                        • 10. Re: Web Service Tester and https
                          bfitzpat

                          Ok. I've got my server configured. What UID & PWD am I sending in for the authentication?