0 Replies Latest reply on Dec 1, 2009 7:49 AM by Venkatesh Venkatesh

    PKIX path building failed: sun.security.provider.certpath.Su

    Venkatesh Venkatesh Newbie

      Hi All

      I need your help in enabling security for my webservice

      I have tried to enable SSL and encryption for my service, but i failed in both.

      Here i tried to enable SSL security for my service, please find below the steps i have followed

      1.I have created keystore and trust store using following commands

      keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"
      keytool -export -alias serverkeys -keystore server.keystore -storepass 123456 -file server.cer
      keytool -genkey -alias clientkeys -keyalg RSA -keystore client.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, S=MYSTATE, C=MY"
      keytool -export -alias clientkeys -keystore client.keystore -storepass 123456 -file client.cer
      keytool -import -v -keystore client.truststore -storepass 123456 -file server.cer
      keytool -import -v -keystore server.truststore -storepass 123456 -file client.cer
      


      2.I have placed my server.keystore, server.truststore at servers home directory

      3.I have updated my server.xml as follows

      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS"
       keystoreFile="${jboss.server.home.dir}/conf/server.keystore" keystorePass="password"
       truststoreFile="${jboss.server.home.dir}/conf/server.truststore" truststorePass="password"/>
      

      4.My web.xml is as follows

      <servlet>
      <servlet-name>Hello</servlet-name>
      <servlet-class>org.jbia.ws.Hello</servlet-class>
      </servlet>
      <servlet-mapping>
      <servlet-name>Hello</servlet-name>
      <url-pattern>/hello</url-pattern>
      </servlet-mapping>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>All resources</web-resource-name>
      <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      My service class is as follows

      package org.jbia.ws;
      import javax.jws.*;
      import javax.jws.soap.SOAPBinding;
      @SOAPBinding(style=SOAPBinding.Style.RPC)
      @WebService
      public class Hello {
      @WebMethod
      public String sayHello(String name){
      return "Hello " + name;
      }
      }

      I have deployed my webservice as .war file in my server then I got the wsdl(generated), using that wsdl I generated my Stub.

      My Client is as follows

      package org.jbia.ws;
      public class Client
      {
      public static void main(String args[]) {
      if (args.length != 1) {
      System.err.println("usage: HelloClient <message>");
      System.exit(1);
      }
      System
      .setProperty("org.jboss.wsse.keyStore",
      "D:\\EclipseWorkspace\\Latest\\WebService\\META-INF\\client.keystore");
      System.setProperty("org.jboss.wsse.keyStorePassword", "password");
      System
      .setProperty("org.jboss.wsse.trustStore",
      "D:\\EclipseWorkspace\\Latest\\WebService\\META-INF\\client.truststore");
      System.setProperty("org.jboss.wsse.trustStorePassword", "password");
      try {

      HelloProxy proxy = new HelloProxy();
      proxy.setEndpoint("https://127.0.0.1:8443/JBossWS/hello?wsdl");
      proxy.sayHello("Venkat");
      System.out.println("Result = ");
      } catch (Exception ex) {
      ex.printStackTrace();
      System.out.println("Exception occurs in web services : " + ex);
      }

      }
      }


      Here I am not at all using my certificates i have generated(I am not srue weather this is the issue or not). Please someone correct me if i am wrong.

      When i try to acess my service i am getting the following exception


      AxisFault
      faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
      faultSubcode:
      faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      faultActor:
      faultNode:
      faultDetail:
      {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
      at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
      at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
      at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
      at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
      at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
      at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
      at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
      at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
      at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
      at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
      at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
      at org.apache.axis.client.Call.invoke(Call.java:2767)
      at org.apache.axis.client.Call.invoke(Call.java:2443)
      at org.apache.axis.client.Call.invoke(Call.java:2366)
      at org.apache.axis.client.Call.invoke(Call.java:1812)
      at org.jbia.ws.HelloBindingStub.sayHello(HelloBindingStub.java:106)
      at org.jbia.ws.HelloProxy.sayHello(HelloProxy.java:50)
      at org.jbia.ws.Client.main(Client.java:24)
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
      at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
      at sun.security.validator.Validator.validate(Validator.java:218)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
      ... 23 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
      ... 29 more

      {http://xml.apache.org/axis/}hostname:pvenkatesh

      javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
      at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
      at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
      at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118), SEND TLSv1 ALERT: fatal, description = certificate_unknown
      main, WRITE: TLSv1 Alert, length = 2
      main, called closeSocket()
      main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
      at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
      at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
      at org.apache.axis.client.Call.invoke(Call.java:2767)
      at org.apache.axis.client.Call.invoke(Call.java:2443)
      at org.apache.axis.client.Call.invoke(Call.java:2366)
      at org.apache.axis.client.Call.invoke(Call.java:1812)
      at org.jbia.ws.HelloBindingStub.sayHello(HelloBindingStub.java:106)
      at org.jbia.ws.HelloProxy.sayHello(HelloProxy.java:50)
      at org.jbia.ws.Client.main(Client.java:24)
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
      at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
      at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
      at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
      at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
      at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
      at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
      ... 12 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
      at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
      at sun.security.validator.Validator.validate(Validator.java:218)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)Exception occurs in web services : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      HI2

      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
      at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
      ... 23 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
      ... 29 more



      your inputs are appriciated

      Thanks

      With Regards
      Venkatesh