2 Replies Latest reply on Sep 16, 2008 2:04 AM by Ron Sigal

    Caused by: sun.security.validator.ValidatorException: No tru

    Victor Batista Newbie

      Hello,
      I am using JBoss-4.2.2.GA with Java 1.6.0_04. My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.

      I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:

      -Djavax.net.ssl.trustStore=/Path-to-file -Djavax.net.ssl.trustStorePassword=password
      


      On my development environment I can call the Web Service correctly.
      Although, on the production environment, I amgetting the following exception:

      javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
       at $Proxy171.send(Unknown Source)
       at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
       at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
       at java.lang.Thread.run(Thread.java:619)
      Caused by: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
       at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
       at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
       ... 6 more
      Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:333)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
       at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
       at org.jboss.remoting.Client.invoke(Client.java:1634)
       at org.jboss.remoting.Client.invoke(Client.java:548)
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
       ... 9 more
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:275)
       ... 14 more
      Caused by: sun.security.validator.ValidatorException: No trusted certificate found
       at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 more
      


      Both systems are configured with the same JBoss, JVM, ...

      The certificate details are:

      Owner=
       CN=*...., OU=..., O=..., L=..., ST=..., C=PT
      Issuer=
       CN=..., O=..., C=PT
      Version=3
      Serial Number=BC81A81843E26C2597CD10354588F61E
      Valid From=Monday, 3 March 2008 18:50
      Valid Until=Tuesday, 3 March 2009 18:50
      Signature Algorithm=SHA1withRSA
      
      Fingerprints=
       MD5: 0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
       SHA1: 35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
      Key Usage= critical
       List:
       . digitalSignature
       . keyEncipherment
       . dataEncipherment
       . keyAgreement
      Extended Key Usage= none
      


      On production I have also tried adding the following properties:

      -Djavax.net.ssl.keyStore=/Path-to-file -Djavax.net.ssl.keyStorePassword=password
      


      But I still get the error.

      Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?

      Any help would really be welcome.
      Thanks in advance.

      Best regards,
      Victor Batista

        • 1. sun.security.validator.ValidatorException: No trusted certif
          Victor Batista Newbie

           

          "vbatista" wrote:
          Hello,
          I am using JBoss-4.2.2.GA with Java 1.6.0_04. My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.

          I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:

          -Djavax.net.ssl.trustStore=/Path-to-file -Djavax.net.ssl.trustStorePassword=password
          


          On my development environment I can call the Web Service correctly.
          Although, on the production environment, I amgetting the following exception:

          javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
           at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
           at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
           at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
           at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
           at $Proxy171.send(Unknown Source)
           at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
           at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
           at java.lang.Thread.run(Thread.java:619)
          Caused by: java.io.IOException: Could not transmit message
           at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
           at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
           at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
           at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
           ... 6 more
          Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
           at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:333)
           at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
           at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
           at org.jboss.remoting.Client.invoke(Client.java:1634)
           at org.jboss.remoting.Client.invoke(Client.java:548)
           at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
           ... 9 more
          Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
           at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
           at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
           at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
           at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
           at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
           at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
           at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
           at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
           at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
           at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
           at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
           at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
           at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:275)
           ... 14 more
          Caused by: sun.security.validator.ValidatorException: No trusted certificate found
           at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
           at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
           at sun.security.validator.Validator.validate(Validator.java:218)
           at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
           at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
           at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
           at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
           ... 26 more
          


          Both systems are configured with the same JBoss, JVM, ...

          The certificate details are:

          Owner=
           CN=*...., OU=..., O=..., L=..., ST=..., C=PT
          Issuer=
           CN=..., O=..., C=PT
          Version=3
          Serial Number=BC81A81843E26C2597CD10354588F61E
          Valid From=Monday, 3 March 2008 18:50
          Valid Until=Tuesday, 3 March 2009 18:50
          Signature Algorithm=SHA1withRSA
          
          Fingerprints=
           MD5: 0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
           SHA1: 35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
          Key Usage= critical
           List:
           . digitalSignature
           . keyEncipherment
           . dataEncipherment
           . keyAgreement
          Extended Key Usage= none
          


          On production I have also tried adding the following properties:

          -Djavax.net.ssl.keyStore=/Path-to-file -Djavax.net.ssl.keyStorePassword=password
          


          But I still get the error.

          Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?

          Any help would really be welcome.
          Thanks in advance.

          Best regards,
          Victor Batista


          • 2. Re: Caused by: sun.security.validator.ValidatorException: No
            Ron Sigal Master

            Hi Victor,

            Your question doesn't really concern Remoting. I suggest posing it on the "JBossWS" forum: http://www.jboss.com/index.html?module=bb&op=viewforum&f=200.