开发者

SSL keys and client auth in Java

问答 作者:

I am connecting to a webservice SSL client auth, I set up the keystore by:

System.getProperties().setProperty("javax.net.ssl.keyStore", 
                                  "d:/banking/BankClient/classes/xxcompany/bank/certificate/keystore.jks");
System.getProperties().setProperty("javax.net.ssl.keyStorePassword","password");

When calling the webservice:

GetAccountBalanceResponse resp = services.getAccountBalance(request);

I get a following error

WARNING:Cannot connecti with url: https://[redacted] ; reason: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Exception in thread "main" java.rmi.RemoteException: ; nested exception is: 
    HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:146)
    at xxcompany.bank.proxy.ServicesPortClient.getAccountBalance(ServicesPortClient.java:48)
    at xx.bank.client.main(client.java:111)
Caused by: HTTP transport error: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.va开发者_如何学运维lidator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at oracle.j2ee.ws.client.http.HttpClientTransport.invokeImpl(HttpClientTransport.java:174)
    at oracle.j2ee.ws.client.http.HttpClientTransport.invoke(HttpClientTransport.java:150)
    at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:176)
    at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:113)
    at xxcompany.bank.proxy.runtime.ServicesBinding_Stub.getAccountBalance(ServicesBinding_Stub.java:130)
    ... 2 more

The keystore containes the private certificate for the client, the certificate is valid and works fine when used in the browser. How should I fix it?

Many thanks.

This error occurs when the CA which signed the server cert is either not one of the well know CAs or the public certificate of the CA is not in the trust store of the client. To get around this you will have to add the public certificate of the CA to the trust store of the client.

See unable to find valid certification path to requested target and No more 'unable to find valid certification path to requested target' for detailed instructions.

继续阅读:authenticationsslssl-certificateweb-services

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9