Securing webservice: valid SSL key error "ValidatorException: PKIX path building failed"

I want to secure a webservice using Netbeans开发者_Go百科 with mechansim : "Message Authentication over SSL" and I do everything that Netbeans documentation and Sun WSIT tutorial told to do. I also import the generated SSL key in client jre but when I run the client code, I still got this error :

Failed to access the WSDL at: https://localhost:8443/SecureWebService?wsdl. It failed with: sun.security.validator.ValidatorExcepti on: PKIX pathbuilding failed: un.security.provider.certpath. SunCertPathBuilderException: unable to find validcertification path to requested target.

can someone help me please ?

Looks as if the client isn't able to validate the whole certificate path. Is the client certificate self-signed? Might be that your certificate authority is unknown. If this is the problem, you may import your CA's public key using this script:

#!/bin/bash

# path to your cacerts file
CACERTS="/etc/java-6-sun/security/cacerts"
# sun's default password - change if necessary
CACERTSPASS="changeit" 

# change this
ALIAS="myAlias"
CERTPATH="/path/to/ca.der" 

if [ `keytool -list -keystore $CACERTS -storepass $CACERTSPASS | grep -c $ALIAS` -gt 0 ]; then 
    echo already installed
else 
    keytool -import -keystore $CACERTS -storepass $CACERTSPASS -alias $ALIAS -file $CERTPATH
fi

You may use the keytool commands on Windows machines as well.

you can try replacing the keytool command in sfussenegger's script to:

keytool -import -keystore $CACERTS -storepass $CACERTSPASS -alias $ALIAS -file $CERTPATH -trustcacerts

Then the script would import your self signed certificate into the root keystore as a trusted CA Certificate, which would provide a valid certification path to verify the identity of the server.