Caused by: sun.security.validator.ValidatorException: No tru
vbatista Sep 4, 2008 7:06 PMHello,
I am using JBoss-4.2.2.GA with Java 1.6.0_04. My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.
I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:
-Djavax.net.ssl.trustStore=/Path-to-file -Djavax.net.ssl.trustStorePassword=password
On my development environment I can call the Web Service correctly.
Although, on the production environment, I amgetting the following exception:
javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317) at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255) at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164) at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150) at $Proxy171.send(Unknown Source) at com.xpto.integration.SmsHelper.send(SmsHelper.java:57) at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106) at java.lang.Thread.run(Thread.java:619) Caused by: java.io.IOException: Could not transmit message at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204) at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77) at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337) at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243) ... 6 more Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker. at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:333) at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135) at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122) at org.jboss.remoting.Client.invoke(Client.java:1634) at org.jboss.remoting.Client.invoke(Client.java:548) at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183) ... 9 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230) at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:275) ... 14 more Caused by: sun.security.validator.ValidatorException: No trusted certificate found at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304) at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954) ... 26 more
Both systems are configured with the same JBoss, JVM, ...
The certificate details are:
Owner= CN=*...., OU=..., O=..., L=..., ST=..., C=PT Issuer= CN=..., O=..., C=PT Version=3 Serial Number=BC81A81843E26C2597CD10354588F61E Valid From=Monday, 3 March 2008 18:50 Valid Until=Tuesday, 3 March 2009 18:50 Signature Algorithm=SHA1withRSA Fingerprints= MD5: 0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85 SHA1: 35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A Key Usage= critical List: . digitalSignature . keyEncipherment . dataEncipherment . keyAgreement Extended Key Usage= none
On production I have also tried adding the following properties:
-Djavax.net.ssl.keyStore=/Path-to-file -Djavax.net.ssl.keyStorePassword=password
But I still get the error.
Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?
Any help would really be welcome.
Thanks in advance.
Best regards,
Victor Batista