Keytool - HTTPS
Good afternoon.
There are pages in my application that should have the https protocol.
For this reason, I had to use tool keytool.
First, i create a certificate keystore by executing the following command in the msdos prompt:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSAWith this, i can easily create a "self-signed" certificate
Second, i uncomment the "SSL HTTP/1.1 Connector" entry in $CATALINA_HOME/conf/server.xml.
This works and i can see this pages with https protocol.
However, I have a number of doubts.
1.When I go to the page with https protocol, I see two dialogs.
--The first shows the following text:
"Unable to verify the identity of 'My name' site as a reliable"
--The second shows the following text:
"Error safety: The domain name does not match. He has tried to establish a connection with 'localhost'. however, the safety certificate presented belongs to
'My name'. It is possible, though unlikely, that this someone trying to intercept your communication with this site."
How can I avoid these 2 dialogs?
2.Does a "self-signed" certificate is as safe as a certificate purchased from a well-known Certificate Authority (CA) such as VeriSign?
Are all these certificates cost money? What are the best? What are the cheapest?
3.I read that the first time a person attempts to access a secured page on a site (with "self-signed" certificate), he is typically presented with a dialog containing the details of the certificate (such as the company and contact name), and asked if I wishes to accept the Certificate as valid and continue with the transaction.
Do the same thing happen with a certificate purchased from a well-known Certificate Authority?
Is there a way to avoid this dialog?
How can I avoid these 2 dialogs? Put the correct hostname into the certificate when you create it.
2.Does a "self-signed" certificate is as safe as a certificate purchased from a well-known Certificate Authority (CA) such as VeriSign?No, unless you can arrange for the client to trust your self-signed certificate. This is what the dialog is for.
Do the same thing happen with a certificate purchased from a well-known Certificate Authority?No, because the client already trusts the CA.
Similar Messages
-
Web service call with v3 client cert in CF8
I'm trying to call an external web service which requires a
v3 client certificate be installed on our end. Our code platform is
CF8, which I understand supports v3 certs. I've imported the
external party's client cert into the CF server's cert store
(cacerts) via keytool, and confirmed it's there. I've restarted the
CF server. How do I attach the certificate to the cfhttp call to
the external web service? I figure I can use a cfhttpparam, but am
not sure what type to use, and what the value should be. Thanks in
advance.DrewBlah wrote:
> I'm trying to call an external web service which
requires a v3 client
> certificate be installed on our end. Our code platform
is CF8, which I
> understand supports v3 certs. I've imported the external
party's client cert
> into the CF server's cert store (cacerts) via keytool,
and confirmed it's
> there.
You should not import the client certificate, but the server
certificate:
http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool
http://jochem.vandieten.net/2008/02/28/cfhttp-and-client-certificates/
> I've restarted the CF server. How do I attach the
certificate to the
> cfhttp call to the external web service? I figure I can
use a cfhttpparam, but
> am not sure what type to use, and what the value should
be. Thanks in advance.
The certificate for the HTTP call should be on the filesystem
in PKCS#12
format. Then use the following code:
<cfset variables.certificatePath =
ExpandPath("certificate.pkcs") />
<cfset variables.certificatePass =
"fillOutYourOwnPassword"/>
<cfset variables.webserviceURL = "https://server/service"
/>
<cfsavecontent variable="theSoap">
<soapenv:Envelope
xmlns:soapenv="
http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns="https://server/service">
<soapenv:Header/>
<soapenv:Body>
<ns:GetXXX>
<xxx>YYY</xxx>
</ns:GetXXX>
</soapenv:Body>
</soapenv:Envelope>
</cfsavecontent>
<cfhttp
url = "#variables.webserviceURL#"
clientCert = "#variables.certificatePath#"
clientCertPassword = "#variables.certificatePass#"
method = "get"
port="443"
>
<cfhttpparam type="header" name="Connection"
value="Keep-Alive">
<cfhttpparam type="header" name="SOAPAction"
value="service">
<cfhttpparam type="xml" value="#theSoap#">
</cfhttp>
<cfdump var="#XMLParse(cfhttp.filecontent)#">
Jochem
Jochem van Dieten
Adobe Community Expert for ColdFusion -
hi,
i seem to have a problem with establishing an ssl socket between 2 machines. This problem has to do with certificates as the runtime error i get specifies.
So i figured out there must be a concept that i'm misssing.
So why do i have to place a certificate on my client? how can i generate it? where do i place it?
Can anyone please provide me with a sample code that establishes an sslsocket connection.
thnx a millionA good place to start is:
http://java.sun.com/j2se/1.4.1/docs/guide/rmi/socketfactory/SSLInfo.html
There is a code example, but you will also need to follow the guide in the other link below to create the required key files.
Don't base your knowledge of SSL RMI sockets solely on what I say here, as I'm fairly new to this so I may express myself wrong. But here is a 30,000 foot overview of what I did to get them to work:
If you are using RSA on your SSL connection, a public and private key are required. For this to work, you must create a key (keystore) via Java's "keytool.exe" tool using the '-genkey' option (the keystore should eventually reside on your server). You will then create a certificate from that keystore using the '-export' option of the keytool. Lastly, you will import the certificate into your client's store of accepted certificates (the file java\lib\security\cacerts) via the '-import' option of keytool.
For a full description, you need to read:
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html
the section from this page on using keytool:
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#CreateKeystore
The example shows using a new custom file for the truststore, but I imported the certificate into Java's cacerts file instead. I was unable to find the certificate if it was not in this file, but I very well may have been doing something wrong. -
I am writing a program that accepts multiple users using sockets. It works well on my home network when i use the ip address 192.168.1.12. But when I try to get computers to connect outside of the network it doesnt work. Even when I change the ip address that the client is connecting to to the one i found at http://www.whatismyipaddress.com/
which is 24.50.xxx.yy
The port i'm using for the server and client is 11114.
How do i make it work over the internet and not just my home network?A good place to start is:
http://java.sun.com/j2se/1.4.1/docs/guide/rmi/socketfactory/SSLInfo.html
There is a code example, but you will also need to follow the guide in the other link below to create the required key files.
Don't base your knowledge of SSL RMI sockets solely on what I say here, as I'm fairly new to this so I may express myself wrong. But here is a 30,000 foot overview of what I did to get them to work:
If you are using RSA on your SSL connection, a public and private key are required. For this to work, you must create a key (keystore) via Java's "keytool.exe" tool using the '-genkey' option (the keystore should eventually reside on your server). You will then create a certificate from that keystore using the '-export' option of the keytool. Lastly, you will import the certificate into your client's store of accepted certificates (the file java\lib\security\cacerts) via the '-import' option of keytool.
For a full description, you need to read:
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html
the section from this page on using keytool:
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#CreateKeystore
The example shows using a new custom file for the truststore, but I imported the certificate into Java's cacerts file instead. I was unable to find the certificate if it was not in this file, but I very well may have been doing something wrong. -
Web service security (HTTPS)
hi all..
i am devloping a web service application ..
i have create a web service - server and publish it on tomcat server using https on port 8443.
but when i want to creat the client in jbuilder (reading WSDL file from URL), it was faild.......so i read it using file system. but when i tried to invoke a method i have the following exception
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:130)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:380)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
at org.apache.axis.client.Call.invokeEngine(Call.java:2735)
at org.apache.axis.client.Call.invoke(Call.java:2718)
at org.apache.axis.client.Call.invoke(Call.java:2394)
at org.apache.axis.client.Call.invoke(Call.java:2317)
at org.apache.axis.client.Call.invoke(Call.java:1774)
at com.eska.WSSTestSoapBindingStub.lastName(WSSTestSoapBindingStub.java:137)
at test.main(test.java:36)
the certificate file i have generate it using keytool
any idea how to solve this problem...is there any parameters can be added on client to let the client accept the certificate
thanx in advance for ur helpIn the thread below I set up the CAs root cert for my client, maybe this will help you.
http://forum.java.sun.com/thread.jspa?threadID=726513&tstart=0 -
Web service client not working with HTTP Analyzer turned on
So the subject explains it all.
I have a simple JAXWS web service with @Policy(uri = "policy:Wssp1.2-2007-Https.xml") on remote secured (real SSL cert) Weblogic 10.3.5.
A simple client is generated in JDev 11.1.2.3 and run on my machine locally.
I'm really not sure I've tuned everything right with client certificates but the thing is when JDeveloper HTTP Analyzer is turned on client run gives bad_certificate SSLException.
With Analyzer turned off the service call is successfull.
javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from localhost - 127.0.0.1 --> wl1n2.miit.ru was not trusted causing SSL handshake failureCould someone explain me this issue?Puthanampatti,
First of all, how am I to determine what security folder is being used for certificates when I run local client in JDev?
My JDev folder is D:\JDeveloper-11.1.2.*3* and there's D:\JDeveloper-11.1.2.3\jdk160_24\jre\lib\security
My JDEV_USER_DIR is set to another folder: D:\JDeveloper-11.1.2.*2* \home so I'm not sure where should I import certificates.
To import a certificate I:
Open our https web site in Chrome browser. Click the HTTPS mark and expoer the certificate as Base64 (does it matter what encoding to use?) .cer file.
Then I open Windows command line and run setDomainEnv in my local weblogic folder:
D:\JDeveloper-11.1.2.2\home\system11.1.2.3.39.62.76.1\DefaultDomain\bin\setDomainEnv.exe
cd D:\JDeveloper-11.1.2.3\jdk160_24\jre\lib\security
keytool -import -alias miitcert -keystore cacerts -file d:\cer\miit-base64.cerA bit confusing might be the fact that system11.1.2.*3* folder is inside JDeveloper-11.1.2.*2* folder but that is how it is.
So that were the steps I did to import a certificate, but the problem with HTTP Analyzer is still here.
And what is demotrust.jks? There's no such file in security folder. -
Using keytool to generate self signed cert. for Microsft Certificate Mrg.
Hi All,
I want to be able to generate a self signed certificate that I can Import into
Microsoft's Certificate Manager, to enable an HTTPS Listener for
Microsoft's WinRM and WinRS.
The certificate would only be for internal use, not used externally.
Here's the problem. I can create a certificate using this (path obscured):
"C:\Program Files\.....\jre\bin\keytool" -genkey -al
ias dMobX -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -dname "CN=your-f5c57803
53" -keypass changeit -validity 90 -storetype pkcs12 -keystore "C:\Program Files
\......\jre\lib\keystore\.keystore" -storepass changeit
"C:\Program Files\......\jre\bin\keytool" -export -alias dMob
X -file "C:\Program Files\......\jre\lib\keystore\dMobX.cer" -stor
etype pkcs12 -keystore "C:\Program Files\.......\jre\lib\keystore\.
keystore" -storepass changeit -v
Microsoft's Certificate Manager will accept it, the .cer, using "Import", into
Trusted Root Certification Authorities, but when I run the command to create the HTTPS Listener, I get this error message:
The WS-Management service cannot find the certificate that was requested.
If I use another tool, like selfssl, I can generate a self signed certificate using:
selfssl /N:CN=your-f5c5780353 /K:1024 /V:90 /P:443 /T
This will populate a certificate in Trusted Root Certification Authorities,
and when I run the command to create the HTTPS Listener, it succeeds with
no problem.
So my question is, am I doing something wrong with keytool, or are there
extra steps that I need to take, or is it even capable of generating a "self signed
certificate" that will work in the above case?
There are some concepts involved, certificate wise, that I'm not sure about.
Do I need to create a CSR and use a tool like openssl, as a CA, and
use the resulting certificate?
I just want to be able to programmatically create the needed certificate using keytool, or
using an API.
Thanks,Download the latest JDK on http://download.java.net/jdk7/binaries/.
Run "keytool -genkeypair -ext KU=? -ext EKU=? ...". Substitute the "?" with the usages you see in the other cert (for example, "digitalSignature" or "codeSigning". If there are multiple ones, separate with comma). -
Please read my problem when I configure Weblogic https
I want to use https protocol and SSL for my web application in Weblogic
I have a problem but I am not sure it's related to configuring Weblogic or not please if you can advice me
I use "openssl" to be my own Certificate Authority (CA)
I used this instructions for using openssl [http://www.g-loaded.eu/2005/11/10/be-your-own-ca/]
after configuring openssl I used these steps for creating my keystore
1. First I use this keytool for creating my private key and public key
keytool -genkeypair -keyalg rsa -keystore ali_keytool.jks -storepass ali120 -alias ali_alias
What is your first and last name?
[Unknown]: AliKhosravi
What is the name of your organizational unit?
[Unknown]: Boors
What is the name of your organization?
[Unknown]: software
What is the name of your City or Locality?
[Unknown]: Tehranali_keytool.jks
What is the name of your State or Province?
[Unknown]: Tehran_Province
What is the two-letter country code for this unit?
[Unknown]: IR
Is CN=AliKhosravi, OU=Boors, O=software, L=Tehran, ST=Tehran_Province, C=IR correct?
[no]: y
2. I create my CSR by this command
keytool -certreq -alias ali_alias -keystore ali_keytool.jks -storepass ali120 -file ali_keytool.csr
3. I sign the ali_keytool.csr by openssl . I do it like this :
openssl x509 -req -in ali_keytool.csr -CA certs/myca.crt -CAkey private/myca.key -out ali_keytool.crt -days 365 -CAcreateserial -CAserial my_ca.seq
4.Now my I have a signed certificate (ali_keytool.crt) and my CA certificate (myca.crt)
and I import CA certificate to my keystore
keytool -import -alias Openssl_ca -file myca.crt -keystore ali_keytool.jks -storepass ali120
5. I import the signed certificate into my keystore by alias of private key
keytool -import -alias ali_alias -file ali_keytool.crt -keystore ali_keytool.jks -storepass ali120
6. I import the CA certificate again into a new keystore for creating Trust
keytool -import -alias my_ca -file myca.crt -keystore ali_keytool_trust.jks -storepass ali120
All steps done without any errors
I used this address for help [http://www.startux.de/java/44-dealing-with-java-keystores]
Now I want to configure kestores ans ssl in Weblogic
7. I go to the Environment-->Servers-->AdminServer-->Keystore tab in wblogic
8. I set "Keystores=Custom Identity and Custom Trust", "Custom Identity Keystore = H:\trust\ali_keytool.jks" , "Custom Identity Keystore Type=jks" ,
"Custom Identity Keystore Passphrase:ali120"
"Confirm Custom Identity Keystore Passphrase=ali120"
"Custom Trust Keystore=H:\trust\ali_keytool_trust.jks" , "Custom Trust Keystore Type=jks" ,
"Custom Trust Keystore Passphrase=ali120" , "Confirm Custom Trust Keystore Passphrase=ali120"
9. Then I go to SSL tab and I set "Identity and Trust Locations=Keystores" , "Private Key Alias=ali_alias" ,"Private Key Passphrase=ali120",
"Confirm Private Key Passphrase=ali120"
10. I go to the General tab and select "SSL Listen Port Enabled"
11. I user Firefox as WebBrowser so I configure my Browser I select Tools-->Options-->ViewCertificates --> Authorities tab
and I import the server certificate here is "myca.crt the openssl certificate"
in Downloading Certificate window I select
"Trust this CA to identify web sites"
"Trust this CA to identify email users"
"Trust this CA to identify software developers"
12. I restart Weblogic
13. I try to loging in weblogic like this "https://127.0.0.1:7002/console"
The webBroser show me this warning:
This Connection is Untrusted
You have asked Firefox to connect
securely to 127.0.0.1:7002, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.
Technical Details
I Understand the Risks
I don't know why the WebBrowser show me this warning while I imported the Server Certificate
I don't know that my problem is in configuring WebLogic or FireFox WebBrowser or Keystore
If you know please advice me
ThanksModerator Action:
You already aked this question a couple of weeks earlier:
My problem when I enable SSL in Weblogic and I don't have a trusted CA cert
This is a user-to-user forum.
There is no obligation that anyone respond. They will answer if they choose to.
If there is a business need for a resolution, use your service contract privileges and open a support ticket with Oracle Support.
http://www.oracle.com/us/support/contact-068555.html
This duplicate forum post is locked. -
Invoking Webservice over HTTPS
Hi all,
I'm using Weblogic 9.2 with default configuration of Keystore & SSL. The webservice client is generated using 'Clientgen' Ant task, I can invoke the webservice using http without problem, but when using https it's always rejected, basically I'm not sure what system properties to put for the client, here's my last desperate attempt:
System.setProperty("weblogic.webservice.verbose", "true");
System.setProperty("java.protocol.handler.pkgs", "weblogic.net");
System.setProperty("weblogic.security.SSL.trustedCAKeyStore", "config/DemoIdentity.jks");
System.setProperty("weblogic.security.SSL.ignoreHostnameVerification", "true");
System.setProperty("weblogic.security.SSL.TrustKeyStore", "DemoTrust");
System.setProperty("weblogic.webservice.client.ssl.strictcertchecking", "false");
System.setProperty("ssl.debug", "true");
PaymentGateway service = new PaymentGateway_Impl();
PaymentGatewayPort port = service.getPaymentGatewayPort();
Stub.class.cast(port)._setProperty(Stub.ENDPOINT_ADDRESS_PROPERTY, "https://192.168.56.3:7002/ws/PaymentGateway?WSDL");
Stub.class.cast(port)._setProperty(Stub.USERNAME_PROPERTY, "weblogic");
Stub.class.cast(port)._setProperty(Stub.PASSWORD_PROPERTY, "weblogic");
ISODocument isoDoc = new ISODocument();
isoDoc.setMti(new Integer(200));
port.balanceInquery(isoDoc);And here's the exception thrown in client:
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSL license found
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Not in server, Certicom SSL license found
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Ignoring not supported JCE Mac: SunJCE version 1.5 for algorithm HmacSHA1
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Will use default Mac for algorithm HmacSHA1
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Ignoring not supported JCE Mac: SunJCE version 1.5 for algorithm HmacMD5
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Will use default Mac for algorithm HmacMD5
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Ignoring not supported JCE KeyAgreement: SunJCE version 1.5 for algorithm DiffieHellman
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Will use default KeyAgreement for algorithm DiffieHellman
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Will use default KeyAgreement for algorithm ECDH
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm DESede/CBC/NoPadding
Apr 16, 2010 8:18:14 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm DES/CBC/NoPadding
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm AES/CBC/NoPadding
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm RC4
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm RSA
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Using JCE Cipher: SunJCE version 1.5 for algorithm RSA/ECB/NoPadding
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSL Session TTL :90000
<!-------------------- REQUEST FROM CLIENT ---------------->
URL : https://192.168.56.3:7002/ws/PaymentGateway?WSDL
Headers :
Authorization: [Basic d2VibG9naWM6d2VibG9naWM=]
SOAPAction: [""]
Content-Type: [text/xml]
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><env:Header></env:Header><env:Body env:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><m:balanceInquery xmlns:m="http://www.telkomsel.com/PaymentGateway"><iSODocument xmlns:n1="java:com.visitek.pgi.models" xsi:type="n1:ISODocument"><amount xsi:nil="true"></amount><audit_number href="#ID_2"></audit_number><bank_code xsi:type="xsd:string">000151</bank_code><currency_code href="#ID_2"></currency_code><data href="#ID_2"></data><encrypted_pin href="#ID_2"></encrypted_pin><expiration_date href="#ID_2"></expiration_date><institution_code href="#ID_2"></institution_code><institution_data xsi:type="xsd:string">62812006002616</institution_data><local_tracking_id xsi:type="xsd:string">080722163229082127.0.0.1:9595</local_tracking_id><mti xsi:type="xsd:int">200</mti><network_information_code xsi:type="xsd:short">0</network_information_code><original_data_element href="#ID_2"></original_data_element><pan_null_true xsi:type="xsd:string">yes</pan_null_true><pos_entry href="#ID_2"></pos_entry><primary_acc_number xsi:nil="true"></primary_acc_number><response_code href="#ID_2"></response_code><response_terminal_number href="#ID_2"></response_terminal_number><service_code xsi:type="xsd:int">6016</service_code><settlement_date href="#ID_2"></settlement_date><terminal_number href="#ID_2"></terminal_number><transaction_code xsi:type="xsd:int">380000</transaction_code><transaction_data href="#ID_2"></transaction_data><transaction_date href="#ID_2"></transaction_date><transaction_sequence href="#ID_2"></transaction_sequence><transaction_time href="#ID_2"></transaction_time><transaction_timestamp href="#ID_2"></transaction_timestamp></iSODocument></m:balanceInquery><xsd:string xsi:type="xsd:string" id="ID_2"></xsd:string></env:Body></env:Envelope>
<!-------------------- END REQUEST FROM CLIENT ------------>
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Trusted CA keystore: config/DemoIdentity.jks
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Filtering JSSE SSLSocket
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSLIOContextTable.addContext(ctx): 24864323
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSLSocket will NOT be Muxing
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: write SSL_20_RECORD
Apr 16, 2010 8:18:15 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: isMuxerActivated: false
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: 25567987 SSL3/TLS MAC
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: 25567987 received HANDSHAKE
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: HANDSHAKEMESSAGE: ServerHello
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: isMuxerActivated: false
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: 25567987 SSL3/TLS MAC
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: 25567987 received HANDSHAKE
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: HANDSHAKEMESSAGE: Certificate
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Cannot complete the certificate chain: No trusted cert found
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Validating certificate 0 in the chain: Serial number: -151503846264256045339669576782538934945
Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=paymentd
Not Valid Before:Wed Mar 12 15:39:27 GMT+07:00 2008
Not Valid After:Mon Mar 13 15:39:27 GMT+07:00 2023
Signature Algorithm:MD5withRSA
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: validationCallback: validateErr = 16
Apr 16, 2010 8:18:16 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: cert[0] = Serial number: -151503846264256045339669576782538934945
Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=paymentd
Not Valid Before:Wed Mar 12 15:39:27 GMT+07:00 2008
Not Valid After:Mon Mar 13 15:39:27 GMT+07:00 2023
Signature Algorithm:MD5withRSA
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Warning> <Security> <BEA-090542> <Certificate chain received from 192.168.56.3 - 192.168.56.3 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <Validation error = 16>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <Certificate chain is untrusted>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <SSLTrustValidator returns: 16>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:153)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:367)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:705)
at java.net.URLConnection.getContentType(URLConnection.java:479)
at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11ClientBinding.java:230)
at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientHandler.java:64)
at weblogic.webservice.core.HandlerChainImpl.handleResponse(HandlerChainImpl.java:238)
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:246)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:147)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
at com.visitek.pgi.client.PaymentGatewayPort_Stub.balanceInquery(PaymentGatewayPort_Stub.java:48)
at com.visitek.test.pg.TestPGWebservice.testWebserviceSSLInvocation(TestPGWebservice.java:70)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at junit.framework.TestCase.runTest(TestCase.java:164)
at junit.framework.TestCase.runBare(TestCase.java:130)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:120)
at junit.framework.TestSuite.runTest(TestSuite.java:230)
at junit.framework.TestSuite.run(TestSuite.java:225)
at org.eclipse.jdt.internal.junit.runner.junit3.JUnit3TestReference.run(JUnit3TestReference.java:130)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <write ALERT, offset = 0, length = 2>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <close(): 19097823>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read(offset=0, length=8192)>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read returns -1>
<!-------------------- RESPONSE TO CLIENT --------------->
URL : https://192.168.56.3:7002/ws/PaymentGateway?WSDL
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read(offset=0, length=8192)>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read returns -1>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read(offset=0, length=8192)>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Debug> <SecuritySSL> <000000> <19097823 read returns -1>
<Apr 16, 2010 8:18:16 PM GMT+07:00> <Info> <WebService> <BEA-220025> <Handler weblogic.webservice.core.handler.ClientHandler threw an exception from its handleResponse method. The exception was:
javax.xml.rpc.JAXRPCException: java.io.EOFException: Response contained no data.> I'm a total stranger to this HTTPS & SSL thing & I've googled around only to find partial answers. My plan is to use custom identity, but firstly I want to make sure that using the default works.
Any help would be greatly appreciated.
Regards,
SetyaWhy does it throw SSLKeyException: SSL handshake failure? I have printed the contents of DemoIdentity.jks and DemoTrust.jks files.Can you please find out what I need to do for it?
I added the following code ,but it did not help me to resolve this issue.
private static void callSSLService() {
System.setProperty("weblogic.webservice.verbose", "false");
System.setProperty("ssl.debug", "false");
// System.setProperty("weblogic.security.SSL.trustedCAKeyStore", "C:/bea/weblogic81/server/lib/DemoIdentity.jks");
System.setProperty("weblogic.security.SSL.trustedCAKeyStore", "C:/bea/weblogic81/server/lib/DemoTrust.jks");
System.setProperty("weblogic.security.SSL.ignoreHostnameVerification", "true");
System.setProperty("weblogic.webservice.client.ssl.strictcertchecking", "false");
SOAP Fault:javax.xml.rpc.soap.SOAPFaultException:
Exception during processing: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from servicemngr-ccc.tsl.xxxx.com - 142.xxx.xxx.xx was not trusted causing SSL handshake failure. (see Fault Detail for stacktrace)
Detail:
<detail><bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from servicemngr- com - 142.xxx.xxx.xx was not trusted causing SSL handshake failure.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:29)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:832)
at weblogic.webservice.binding.http11.Http11ClientBinding.receive(Http11ClientBinding.java:238)
at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientHandler.java:63)
at weblogic.webservice.core.HandlerChainImpl.handleResponse(HandlerChainImpl.java:237)
at weblogic.webservice.core.ClientDispatcher.receive(ClientDispatcher.java:243)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:144)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:471)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:303)
keytool -list -v -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
I executed keytool -list -v -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase, I got the following
C:\bea\weblogic81\server\lib>keytool -list -v -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: demoidentity
Creation date: 21-Jan-2011
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=L020658, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: -657037958f4825551ebcae3bc2a3349c
Valid from: Thu Jan 20 09:56:28 PST 2011 until: Wed Jan 21 09:56:28 PST 2026
Certificate fingerprints:
MD5: 89:30:08:A6:5F:4F:05:83:D2:1D:B4:B3:EB:B3:CF:F2
SHA1: 1D:E1:1F:93:30:64:CD:DC:C4:60:78:12:23:55:25:FF:FD:19:6A:2B
I executed keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase, I got the following
C:\bea\weblogic81\server\lib>keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
Keystore type: jks
Keystore provider: SUN
Your keystore contains 4 entries
Alias name: certgenca
Creation date: 22-Mar-2002
Entry type: trustedCertEntry
Owner: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CACERT, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: 33f10648fcde0deb4199921fd64537f4
Valid from: Thu Mar 21 12:12:27 PST 2002 until: Tue Mar 22 13:12:27 PDT 2022
Certificate fingerprints:
MD5: 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
SHA1: E2:CB:88:9D:C5:09:F9:0A:AA:0D:3C:F6:75:7B:5F:1D:2B:A1:F7:F0
Alias name: wlsdemocanew2
Creation date: 24-Jan-2003
Entry type: trustedCertEntry
Owner: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California,
C=US
Issuer: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California
, C=US
Serial number: 0
Valid from: Fri Nov 01 12:02:22 PST 2002 until: Mon Oct 16 13:02:22 PDT 2006
Certificate fingerprints:
MD5: 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
SHA1: 4E:FB:1D:2F:58:EA:D4:0C:FC:2A:86:91:2D:43:4F:C1:79:D0:A6:4E
Alias name: wlsdemocanew1
Creation date: 24-Jan-2003
Entry type: trustedCertEntry
Owner: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California
, C=US
Issuer: [email protected], CN=Demo Certificate Authority Constraints, OU=Security, O=BEA WebLogic, L=San Francisco, ST=Californi
a, C=US
Serial number: 0
Valid from: Fri Nov 01 12:02:11 PST 2002 until: Mon Oct 16 13:02:11 PDT 2006
Certificate fingerprints:
MD5: A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
SHA1: 84:13:A2:63:D6:74:75:3B:25:15:6F:62:8C:18:79:87:62:5B:9A:0C
Alias name: wlscertgencab
Creation date: 24-Jan-2003
Entry type: trustedCertEntry
Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: 234b5559d1fa0f3ff5c82bdfed032a87
Valid from: Thu Oct 24 08:54:45 PDT 2002 until: Tue Oct 25 08:54:45 PDT 2022
Certificate fingerprints:
MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
******************************************* -
I am trying to invoke FinancialUtilService using HTTP proxy client. I am getting below error while i am trying to invoke this service. Using FusionServiceTester i am able to invoke service and upload file to UCM. Using oracle.ucm.fa_client_11.1.1.jar also i am able to upload file to UCM without any issue. But using HTTP proxy client i am facing below error. Can anyone please help me. PFA code i am using to invoke this service.
javax.xml.ws.soap.SOAPFaultException: InvalidSecurity : error in processing the WS-Security security header
at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:299)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:273)
Process exited with exit code 0.
Message was edited by: Oliver Steinmeier
Removed attachmentHi Jani,
Thanks for your reply.
I am new to webservices and we are trying to do a POC on invoking FinancialUtilService using HTTP proxy client. I am following steps mentioned in attached pdf section "Invoking FinancialUtil Service using Web Service Proxy Client". I have imported certificate using below command.
keytool -import -trustcacerts -file D:\Retek\Certificate.cer -alias client -keystore D:\Retek\default-keystore.jks -storepass welcome1
Invoking
SecurityPolicyFeature[] securityFeature =
new SecurityPolicyFeature[] { new
SecurityPolicyFeature("oracle/wss11_saml_token_with_message_protection_client_policy")};
financialUtilService_Service = new FinancialUtilService_Service();
FinancialUtilService financialUtilService= financialUtilService_Service.getFinancialUtilServiceSoapHttpPort(securityFeature);
// Get the request context to set the outgoing addressing properties
WSBindingProvider wsbp = (WSBindingProvider)financialUtilService;
WSEndpointReference replyTo =
new WSEndpointReference("https://efops-rel91-patchtest-external-fin.us.oracle.com/finFunShared/FinancialUtilService", WS_ADDR_VER);
String uuid = "uuid:" + UUID.randomUUID();
wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "fin_user1");
wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY, "Welcome1");
wsbp.getRequestContext().put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS,"service");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "D:/Retek/default-keystore.jks");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "welcome1" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password" );
SEVERE: WSM-00057 The certificate, client, is not retrieved.
SEVERE: WSM-00137 The encryption certificate, client, is not retrieved due to exception oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved..
SEVERE: WSM-00161 Client encryption public certificate is not configured for Async web service client
SEVERE: WSM-00005 Error in sending the request.
SEVERE: WSM-07607 Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
SEVERE: WSM-07602 Failure in WS-Policy Execution due to exception.
SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=FinancialUtilService, policy=oracle/wss11_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates.
oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:173)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:545)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:608)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:335)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:282)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:915)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:436)
at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:393)
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:239)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:259)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
Caused by: oracle.wsm.security.SecurityException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:979)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.build(Wss11X509TokenProcessor.java:206)
at oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.sendRequest(Wss11SamlWithCertsScenarioExecutor.java:164)
... 30 more
Caused by: oracle.wsm.security.SecurityException: WSM-00057 : The certificate, client, is not retrieved.
at oracle.wsm.security.jps.WsmKeyStore.getJavaCertificate(WsmKeyStore.java:534)
at oracle.wsm.security.jps.WsmKeyStore.getCryptCert(WsmKeyStore.java:570)
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.insertClientEncCertToWSAddressingHeader(Wss11X509TokenProcessor.java:977)
... 32 more
SEVERE: WSMAgentHook: An Exception is thrown: WSM-00161 : Client encryption public certificate is not configured for Async web service client
File upload failed
javax.xml.ws.WebServiceException: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:98)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
at com.sun.xml.ws.client.Stub.process(Stub.java:259)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:152)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
at $Proxy43.uploadFileToUcm(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
at $Proxy44.uploadFileToUcm(Unknown Source)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.invokeUpload(FinancialUtilServiceSoapHttpPortClient.java:111)
at com.oracle.xmlns.apps.financials.commonmodules.shared.financialutilservice.FinancialUtilServiceSoapHttpPortClient.main(FinancialUtilServiceSoapHttpPortClient.java:86)
Caused by: javax.xml.rpc.JAXRPCException: oracle.wsm.common.sdk.WSMException: WSM-00161 : Client encryption public certificate is not configured for Async web service client
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleException(WSMAgentHook.java:395)
at oracle.wsm.agent.handler.wls.WSMAgentHook.handleRequest(WSMAgentHook.java:248)
at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:220)
... 19 more -
Untrusted server cert chain for HTTPS on tomcat
I have written 2 servlets
1)One for sending username and password over HTTPS
2)One for receiving the username and password and decrypting this
When I am executing the 1st servlet,i get the exception :
Error is client : javax.net.ssl.exception.:untrusted server cert chain
I hv already created a server certificate with the 'keytool' command so why am i getting this
error
Please can any body help me on
I am using TOMCAT as an HTTPS server!!!
What shud I do to get rid of the 'untrusted server set chain' exception?
Please help as I need to deploy this on my production server
ajay
[email protected]You get this error because your self-signed certificate is not trusted by the default installation of JDK/Tomcat. The simple way is probably to import the certificate you made with keytool into your store of trusted certificates. I don't exactly know how to do this.
The other way is to override how certificates are handled. This is done by implementing your own X509TrustManager like this:
SSLSocketFactory sslSF = null;
KeyManager[] km = null;
TrustManager[] tm = {new RelaxedX509TrustManager()};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, tm, new java.security.SecureRandom());
sslSF = sslContext.getSocketFactory();
URL url = new URL("https://myServer");
URLConnection uCon = url.openConnection();
( (javax.net.ssl.HttpsURLConnection) uCon).setSSLSocketFactory(sslSF);
And here is RelaxedX509TrustManager:
class RelaxedX509TrustManager implements X509TrustManager {
public boolean checkClientTrusted(java.security.cert.X509Certificate[] chain){
return true;
public boolean isServerTrusted(java.security.cert.X509Certificate[] chain){
return true;
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
There might be some compilation errors... -
Issue in free SSL cert installation on Weblogic using keytool and Keystore
Link which we used to follow below mentioned steps:-
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/ssl.html#1167001
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674
Steps:
1) To generate keystore and private key and digital cerficate:-
keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
2) To generate CSR
keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
4) Same certificate is put into same keystore using following command
keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
(intermediateCa.cer file is downloaded from verisign site)
keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
6) After this configuration we used weblogic admin module to configure Keystore and SSL.
7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
Private key alias: mykey2
PassKeyphrase: webconkeystorepassword
Location of keystore: location of webconkeystore.jks file on server
8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
9) After this we have restarted the server, but it is giving following error on console as shown below:
<Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias privateKey from the JKS keystore file /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks.>
<Alert> <Security> <BEA-090716> <Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer>
<Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer>
<Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer.>
<Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
Please let me know if I am missing anything
Please help me to checkout and resolve this issue.Thankx for ur interest and reply.
It says meyKey2 is type "keyEntry" not privateKeyEntry..but i hv followed steps which were mentioned.
To give you details , I have executed listing command and appended its output below:
Please find output of following command
keytool -list -v -keystore webconkeystore.jks -storepass webconkeystorepassword >> output.txt
contents of output.txt is
Keystore type: jks
Keystore provider: SUN
Your keystore contains 5 entries
Alias name: intermediateca
Creation date: Nov 3, 2009
Entry type: trustedCertEntry
Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
Certificate fingerprints:
MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
Alias name: rootca
Creation date: Nov 3, 2009
Entry type: trustedCertEntry
Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 168164a428ca12dfab12f19fb1b93554
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
Certificate fingerprints:
MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
Alias name: mykey2
Creation date: Nov 3, 2009
Entry type: keyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=linuxbox04, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=Tech, O=TechProcess, L=Mumbai, ST=Maharashtra, C=IN
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 232d382baddef6a3734984950d3505dc
Valid from: Tue Nov 03 05:30:00 IST 2009 until: Wed Nov 18 05:29:59 IST 2009
Certificate fingerprints:
MD5: F2:28:41:DB:58:F4:5B:F4:9E:14:A4:D1:C6:9A:54:FB
SHA1: 39:87:00:98:45:D3:30:C9:58:0D:A5:30:73:9B:10:19:B9:77:D0:F7
Certificate[2]:
Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
Certificate fingerprints:
MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
Certificate[3]:
Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 168164a428ca12dfab12f19fb1b93554
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
Certificate fingerprints:
MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
Alias name: mykey1
Creation date: Nov 3, 2009
Entry type: trustedCertEntry
Owner: CN=linuxbox04, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 353710f6c067ba67988004f2080eb4ac
Valid from: Tue Nov 03 05:30:00 IST 2009 until: Wed Nov 18 05:29:59 IST 2009
Certificate fingerprints:
MD5: 3C:C7:B1:DB:BB:A6:60:34:08:31:88:90:AE:EE:CB:7B
SHA1: 69:63:20:CB:BC:93:89:88:19:1F:37:C0:A3:EE:E5:50:5A:29:39:DA
Alias name: mykey
Creation date: Nov 3, 2009
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=linuxbox04, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
Issuer: CN=linuxbox04, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
Serial number: 4aefbcd1
Valid from: Tue Nov 03 10:47:05 IST 2009 until: Mon Feb 01 10:47:05 IST 2010
Certificate fingerprints:
MD5: 51:E7:52:7A:AA:1A:F6:E1:72:3C:BE:EF:D7:BF:92:85
SHA1: F3:7C:D2:18:2C:75:9D:A5:70:28:1F:3C:90:93:B9:E4:1F:57:3B:DC
Edited by: user1685139 on Nov 4, 2009 3:55 PM -
Signed Applet not loading on Mac OS X if using HTTPS protocol
Hi All,
I need to open a trusted applet on Mac OS 10.2. The applet works fine if using HTTP protocol. But if the protocol used is HTTPS the the applet does not loads and "javax.net.ssl.SSLException - untrusted server cert chain" exception comes on the console.
The error comes for both - Verisign and javakey - signed applet.
On seaching for possible solution on the net, i came across following link: http://www.macosxhints.com/article.php?story=20020525101202503&query=Workaround+for+secure+Java+applet+problems
It says that this is Mac's known bug and gives the workaround as:
1. Access the problematic site with Internet Explorer on Windows. Click on the padlock item and export the certificate to a file.
2. Copy the certificate to your Mac.
3. Use the command
sudo keytool -import -trustcacerts -keystore /Library/Java/Home/lib/security/cacerts -file mycert.cer
to import the certificate file to your keystore (substitute mycert.cer with the name of the file containing the certificate). The keystore is password protected - the default password is "changeit".
4. Restart your browser
But the client cannot be asked to do all this to run the applet.
Is this problem being solved by Mac in their java implementation or is there any other possible solution?
Thanx in advance.
Regards,
CharuI am experiencing the same problem - I notice it does not happen on OS9.2 using IE but appears a problem on all browsers on OSX
Apple gave me the following reply.....
Re: Bug ID# 3268633: cannot load applet class under https connection
Hello Andrew,
Thank you for bringing this problem to our attention. We have received feedback
from engineering on your
reported issue.
Please know that to get Java to recognize the certificate you will need to do
one of two things, depending
on which VM you are using. Since you want it to work with Internet Explorer, we
will assume Java 1.3.1.
In Java 1.3.1 you'll need to add the certificate to
/Library/Java/Home/lib/security/cacerts using
/usr/bin/keytool to import the certificate into the certificate database.
In Java 1.4.1 you should be able to just add the certificate to the keychain
using certtool. For more
details on how to do this, please refer to the information found at
<http://java.sun.com/j2se/1.4.1/docs/tooldocs/solaris/keytool.html>. After
doing so, if you should require
further help from Apple in resolving this issue, we recommend that you request
assistance from Developer
Technical Support. This must be done by filing a Technical Support Incident.
So I am supposed to tell every Mac user to do the above am I?!!! -
Problem in accessing webservice over https with auth cert enabled...Urgent
Hi All,
I am stuck in accessing webservices using ssl and auth certificate.
I am using jdk 6 and it is not any issue with the problem I am facing...
This is what I do...
I have a webservice deployed which is accessible over https.
On server, I run..
- to generate keystoye
keytool -genkey -alias tomcat-sv -dname "CN=<Server Machine Id>, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore
generate server certificate
keytool -export -alias tomcat-sv -storepass changeit -file server.cer -keystore server.keystore
On client, i run..
To generate client keystore-
keytool -genkey -alias tomcat-cl -dname "CN=<Client Machine Id>, OU=X, O=Y, L=Z, S=XY, C=YZ" -keyalg RSA -keypass changeit -storepass changeit -keystore client.keystore
To generate client certificate -
keytool -export -alias tomcat-cl -storepass changeit -file client.cer -keystore client.keystore
Thne I import server's certificate into client keystore and Client's certificate to server's keystore by
import server's cer to client keystore -
keytool -import -v -trustcacerts -alias tomcat -file "C:\java\jdk1.6.0_10\bin\server.cer" -keystore client.keystore -keypass changeit -storepass changeit
inport client's cer to server keystore -
keytool -import -v -trustcacerts -alias tomcat -file "C:\jdk1.6.0_06\bin\client.cer" -keystore server.keystore -keypass changeit -storepass changeit
when i try to call webservices through a java client (which is called by a python script), I get error as
*"Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed"*
*"faultString: java.net.SocketException: Software caused connection abort: recv failed"*
complete log is as following
C:\apache-tomcat-6.0.10\webapps\webservice>tradereport.py
Jun 23, 2008 3:05:59 PM currenex.share.log.CxLogger log
INFO: details=before SSL change
Jun 23, 2008 3:05:59 PM currenex.share.log.CxLogger log
INFO: details=after SSL change
log4j:WARN No appenders could be found for logger (org.apache.axis.i18n.ProjectResourceBundle).
log4j:WARN Please initialize the log4j system properly.
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1214213509 bytes = { 50, 7, 252, 244, 34, 192, 54, 190, 160, 197, 162, 65, 78, 3, 120, 182, 179, 199
, 160, 208, 223, 247, 41, 216, 188, 138, 228, 70 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_1
28_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_
DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA
_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WI
TH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 7873
*** ServerHello, TLSv1
RandomCookie: GMT: 1214213504 bytes = { 98, 89, 26, 148, 19, 15, 45, 155, 163, 196, 220, 193, 150, 127, 19, 44, 130, 16
5, 78, 243, 155, 34, 214, 123, 198, 89, 102, 15 }
Session ID: {72, 95, 110, 128, 129, 101, 2, 252, 120, 147, 235, 106, 51, 210, 236, 197, 28, 197, 154, 236, 116, 85, 185
, 177, 153, 9, 235, 160, 228, 124, 191, 206}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Anuj-Shukla, OU=X, O=Y, L=Z, ST=XY, C=YZ
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 1155910927093088021038703558200517321935975136532818479526927502986487608253029863427194046282623217778572406
007584457425344367852682875007488075549568987019062497769571000978532532156228707400592262495876461712276454493567147822
56749486566093981751121311864618619780132448329770352303648687445023336431685957
public exponent: 65537
Validity: [From: Mon Jun 23 14:17:18 GMT+05:30 2008,
To: Sun Sep 21 14:17:18 GMT+05:30 2008]
Issuer: CN=Anuj-Shukla, OU=X, O=Y, L=Z, ST=XY, C=YZ
SerialNumber: [ 485f6316]
Algorithm: [SHA1withRSA]
Signature:
0000: 48 05 F9 A9 89 C6 87 83 C4 02 C4 44 F4 7C A0 54 H..........D...T
0010: F6 9A 57 69 F0 DB 37 79 FD 8F 90 E9 8F 3E C2 DB ..Wi..7y.....>..
0020: 9F D7 CC 15 28 0A 73 80 0A DC D0 7F EC 1C EE BD ....(.s.........
0030: 23 EF E7 28 79 F3 7F C7 CC 7D A6 C6 F7 59 9A 17 #..(y........Y..
0040: 73 ED 8B FF 6A 76 7F F7 4F 97 48 DF 23 A6 4C 42 s...jv..O.H.#.LB
0050: B2 B4 5C 00 D0 77 88 12 F4 97 4E 66 7C EE F0 66 ..\..w....Nf...f
0060: E6 95 8C B1 58 BF C5 E8 B5 64 A3 D5 5E EA 07 02 ....X....d..^...
0070: FE 3D 63 7F F4 0B DC 86 66 B7 4B 4F 0C 1C 69 0F .=c.....f.KO..i.
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
<[email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte
Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA>
<CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE>
<CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US>
<CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE>
<CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by
ref. (limits liab.), O=Entrust.net>
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE>
<CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certificat
ion Authority - G2, O="VeriSign, Inc.", C=US>
<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. b
y ref. (limits liab.), O=Entrust.net, C=US>
<CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE>
<[email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consu
lting cc, L=Cape Town, ST=Western Cape, C=ZA>
<CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS i
ncorp. by ref. limits liab., O=Entrust.net, C=US>
<CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only"
, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<[email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCe
rt, Inc.", L=ValiCert Validation Network>
<CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE>
<CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE>
<OU=Equifax Secure Certificate Authority, O=Equifax, C=US>
<OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US>
<CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US>
<CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only"
, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certificat
ion Authority - G2, O="VeriSign, Inc.", C=US>
<CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certificat
ion Authority - G2, O="VeriSign, Inc.", C=US>
<OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US>
<CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2>
<CN=Anuj-Shukla, OU=X, O=Y, L=Z, ST=XY, C=YZ>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incor
p. by ref. (limits liab.), O=Entrust.net>
<OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
<[email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte C
onsulting, L=Cape Town, ST=Western Cape, C=ZA>
<[email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consu
lting, L=Cape Town, ST=Western Cape, C=ZA>
<CN=Client, OU=X, O=Y, L=Z, ST=XY, C=YZ>
<CN=GeoTrust Global CA, O=GeoTrust Inc., C=US>
<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=Sonera Class1 CA, O=Sonera, C=FI>
<OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US>
<CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
<CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake Cit
y, ST=UT, C=US>
<CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only"
, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<CN=America Online Root Certification Authority 1, O=America Online Inc., C=US>
<CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by
ref. (limits liab.), O=Entrust.net>
<CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
<CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US>
<CN=Sonera Class2 CA, O=Sonera, C=FI>
<CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE>
*** ServerHelloDone
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 E5 87 BC 2A E8 70 60 BA DE FA BB 42 2D 1E .....*.p`....B-.
0010: 3D 21 DB 52 A7 6C FC 55 9F 77 3A 97 B5 33 F7 33 =!.R.l.U.w:..3.3
0020: 2A FD 65 5A 78 CE 1F F4 63 29 15 D1 48 4C 46 7A *.eZx...c)..HLFz
CONNECTION KEYGEN:
Client Nonce:
0000: 48 5F 6E 85 32 07 FC F4 22 C0 36 BE A0 C5 A2 41 H_n.2...".6....A
0010: 4E 03 78 B6 B3 C7 A0 D0 DF F7 29 D8 BC 8A E4 46 N.x.......)....F
Server Nonce:
0000: 48 5F 6E 80 62 59 1A 94 13 0F 2D 9B A3 C4 DC C1 H_n.bY....-.....
0010: 96 7F 13 2C 82 A5 4E F3 9B 22 D6 7B C6 59 66 0F ...,..N.."...Yf.
Master Secret:
0000: 98 D5 9E C0 97 14 DB 9F 0E 3B 15 6B 1E F8 06 2C .........;.k...,
0010: 27 99 A4 69 B8 E4 16 03 BD 89 B9 D0 CB C5 C9 DF '..i............
0020: AE 4B 16 56 56 B2 02 F8 E0 71 1D D8 04 05 11 BF .K.VV....q......
Client MAC write Secret:
0000: 6F B7 22 74 D6 1E 44 16 C5 CB CE CE 8E 0F 46 E1 o."t..D.......F.
Server MAC write Secret:
0000: F8 DA 34 1A 53 55 E0 6D 50 25 3E 7F E5 69 91 51 ..4.SU.mP%>..i.Q
Client write key:
0000: F7 05 6E 10 62 0C AE 4A BC 96 E2 25 BA BC 46 BD ..n.b..J...%..F.
Server write key:
0000: E2 7D 11 FF 4A F3 C5 4F 94 9D 5C 57 71 5A 16 D1 ....J..O..\WqZ..
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 216, 54, 180, 236, 72, 70, 181, 20, 31, 128, 165, 12 }
main, WRITE: TLSv1 Handshake, length = 32
main, waiting for close_notify or alert: state 1
main, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
Jun 23, 2008 3:06:06 PM currenex.share.log.CxLogger log
INFO: details=Exception occured while calling Login service in callLoginWebService
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.net.SocketException: Software caused connection abort: recv failed
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(Unknown Source)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at currenex.webservice.share.definitions.AuthenticationBindingStub.login(AuthenticationBindingStub.java:362)
at currenex.webservice.clients.util.WebserviceTestUtil.callLoginLogoutWebService(WebserviceTestUtil.java:132)
at currenex.webservice.clients.util.TradeCreateTester.createWebLogin(TradeCreateTester.java:64)
{http://xml.apache.org/axis/}hostname:anuj
java.net.SocketException: Software caused connection abort: recv failed
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at currenex.webservice.share.definitions.AuthenticationBindingStub.login(AuthenticationBindingStub.java:362)
at currenex.webservice.clients.util.WebserviceTestUtil.callLoginLogoutWebService(WebserviceTestUtil.java:132)
at currenex.webservice.clients.util.TradeCreateTester.createWebLogin(TradeCreateTester.java:64)
Caused by: java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(Unknown Source)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
... 12 more
Jun 23, 2008 3:06:06 PM currenex.share.log.CxLogger log
INFO: details=Login response is null, login was not successful
Login was unsuccessful
*In apache's server.xml, My webservice is deployed as*
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75" enableLookups="true"
acceptCount="10" debug="0"
protocol="HTTP/1.1" SSLEnabled="true" secure="true"
maxThreads="150" scheme="https"
keystoreFile="lib/server.keystore"
keystorePass="changeit" clientAuth="true"
>
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
protocol="TLS"/>
</Connector>
Please note clientAuth="true" parameter,
when I set it to false, My test runs smoothly and no exception/issue is reported
Not to forget, my javaclient has following lines too..
//System.setProperty("javax.net.ssl.keyStore", "C:\\java\\jdk1.6.0_10\\jre\\lib\\security\\cacerts");
//System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
//System.setProperty("javax.net.ssl.trustStore", "C:\\java\\jdk1.6.0_10\\jre\\lib\\security\\cacerts");
//System.setProperty("java.protocol.handler.pkgs" , "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.trustStore","C:\\java\\jdk1.6.0_10\\bin\\client.keystore");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
//System.setProperty("com.sun.net.ssl.rsaPreMasterSecretFix" , "true");
//System.setProperty("javax.net.ssl.keyStore", "C:\\java\\jdk1.6.0_10\\bin\\server.keystore");
//System.setProperty("javax.net.ssl.keyStorePassword","changeit");
System.setProperty("javax.net.debug", "ssl");
s_log.info("after SSL change");
I tried all possible combinbations of these properties but nothing worked...
Please let me know if I am missing any required step.. here
Ask me if you want to know more details about my problem.
This is very urgent and critical.. Many thanks in advance.Hi ejp,
thanks for your reply. I did read your post in other thread that you pointed.
I had searched quite a lot on this issue and had idea that it might be due to firewall settings..
but sadly, I don't know the solution. Well, you have seen the entire code that I wrote and exception too, Could you suggest me a way out? or any specific firewall setting or a workaround?
Please let me know if you need any other info from my side regarding the code.
Thanks a Ton!
Anuj -
Is there a way to make a self-signed client certificate with keytool...
Is there a way to make a self-signed client certificate with keytool
that will install successfully into the personal store in IE?hi,
It is possible to make a self-signed client certificate with keytool and i am successfully using in my dummy application.
The first thing you need to do is create a keystore and generate the key pair. You could use a command such as the following:
keytool -genkey -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US"
-alias business -keypass kpi135 -keystore C:\working\mykeystore
-storepass ab987c -validity 180
(Please note: This must be typed as a single line. Multiple lines are used in the examples just for legibility purposes.)
This command creates the keystore named "mykeystore" in the "working" directory on the C drive (assuming it doesn't already exist), and assigns it the password "ab987c". It generates a public/private key pair for the entity whose "distinguished name" has a common name of "Mark Jones", organizational unit of "JavaSoft", organization of "Sun" and two-letter country code of "US". It uses the default "DSA" key generation algorithm to create the keys, both 1024 bits long.
It creates a self-signed certificate (using the default "SHA1withDSA" signature algorithm) that includes the public key and the distinguished name information. This certificate will be valid for 180 days, and is associated with the private key in a keystore entry referred to by the alias "business". The private key is assigned the password "kpi135".
Also please go through the http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
This would help u better.
bye,
Arun
Maybe you are looking for
-
Two Apple ID with the same email address.
Hello, I have 2 Apple ID's using the same email address. When I sign in with my Apple ID in the Apple Support Communities web he request me to "Choose your Apple Support Communities username.", So I write a user name and click continue - and this err
-
Need to insert data in 2 tables thro stored procedure
I need to create a stored procedure which will insert data in two tables. The procedure will get its inputs from an Oracle Developer Form which will be inserted into the tables. The 2 tables structure: 1.FEES_MASTER Name Null? Type FEES_ID NOT NULL N
-
BW Transformation formula using If in list statement
Hi there, I am trying to create some logic with a transformation formula and nested if statements. I believe that it does not like the IN context. Can someone tell me how to properly state in list as part of below formula? IF( SUBSTRING( PRDHA, 9,
-
In UCM, How to setup Security Group based conversion of PS files?
Hello, everyone. Some of my PS Format files need converted to PDF format, some do not. So, I created group 1 and group 2 in the security group. And installed gs8.54 and PDFc components. The present result (situation) is all the PS format files are co
-
Using multiple XML Connectors with a single trigger
I have an application, which I inherited, and it had used a HUGE XML file, and has not been performing properly. Mgmt accepts that the size of the XML is the problem and wants it split up, but have it still work as if it were a single file. The quest