SSL handshaking problem in webservice with Java and Tomcat

I have to consume a webservice done in Axis with my Java web application (that runs on Tomcat). The company that made the webservice uses H开发者_运维技巧TTPS and a certificate self signed for testing.

I have run a Netbeans wizzard to generate a Webservice based on the WSDL, and that is done correctly. If I enter to the website of the webservice using a browser, I get a warning because of the SSL certificate, and I have to create an exception.

When trying to run my code, I get exceptions when the SSL connection is made. The exceptions are:

1.

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

and some times (without changing the code)

2.

com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I imagine that I have to incorporate a certificate into the Java VM and/or Tomcat, and also tells to ignore that is not a trusted source.

How to do this? How to consume this secure webservice correctly?

If the information I provide is not enough, please ask for more.

Thanks

Ezequiel

UPDATE:

I have tried this two things, both without success, the exceptions are the same.

Option 1)

System.setProperty("javax.net.ssl.trustStore","/home/serverapp/BSS-cert.p12");
System.setProperty("javax.net.ssl.trustStorePassword","password");
System.setProperty("javax.net.ssl.trustStoreType","PKCS12");

Option 2) KeyStore ks = KeyStore.getInstance( "pkcs12" ); ks.load( new FileInputStream("/home/serverapp/BSS-cert.p12"), "password".toCharArray() );

    KeyStore jks = KeyStore.getInstance( "JKS" );
    jks.load( null );


    KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
    kmf.init( ks, "f0p6k9n2".toCharArray() );

    TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" );
    tmf.init( jks );

    SSLContext ctx = SSLContext.getInstance( "TLS" );
    ctx.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null );

Also, as I thought that may be the problem was the web service, I tried to stablish an HTTPS connection, and it fails with the same error when openning an input stream.

   String httpsURL = "https://serverurl:443/theservice?wsdl";
   URL myurl = new URL(httpsURL);
   HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
   InputStream ins = con.getInputStream();   //Exception here!
   InputStreamReader isr = new InputStreamReader(ins);
   BufferedReader in = new BufferedReader(isr);

Two common approaches here:
http://ws.apache.org/xmlrpc/ssl.html
WebLogic has its own stuff:
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/security/SSL_client.html#wp1029670

I think you have to configure, that the unsigned certificate can be trusted. Maybe this will help you.

In order to trust a certificate, you have to tell java that you trust the certificate authority that signed the cert. In the case of a self-signed cert, that is the cert itself. You need to set the javax.net.ssl.trustStore system property to a keystore that contains the CA for the cert of the server you're connecting to.

You may be able to get the cert from your browser when you fetch it to get through the untrusted connection error. Try finding an option to export the cert in PKCS12 format, save that file. When you run your code, set the javax.net.ssl.trustStore property to the file you just saved and also set the javax.net.ssl.trustStoreType to PKCS12.

perhaps missing proper SSL certification. Read this blog entry: http://blogs.oracle.com/andreas/entry/no_more_unable_to_find the program given here helped me once.