SOAP client over SSL: sun.security.provider.certpath.SunCertPathBuilderException: Unable to find a valid certification path for the requested target
I am working with a remote SOAP service over HTTPS (HTTP over SSL) and I have created my client classes using the axis tool WSDL2java
. So I am using Axis2 client, I tried Axis too, there was no difference between them I have my own certificate in .pfx just for development. I first tried to make a request through SoapUI and I just add my certificate and password to SSLsettings:
And it works great.
After that, I tried to execute the request with my Axis client using Java code. Before submitting the request, I added:
System.setProperty("javax.net.ssl.keyStore", "C:\work\example.pfx");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "myPassw");
System.setProperty("javax.net.ssl.keyStoreProvider", "SunJSSE");
After that, I sent a request with my client:
SMTHExample_ServiceStub client =
new SMTHExample_ServiceStub("https://ipaddr:10443/anotherpartOfUrl");
Info2Resp gi2resp = client.getResp2(getSmth2);
And after that I got an exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Failed to create PKIX path: sun.security.provider.certpath.SunCertPathBuilderException: Unable to find a valid certification path for the requested target
After that, I tried to run my class using SoapUI jre, but it didn't help, I got exactly the same error.
I also tried various workarounds like org.apache.axis2.java.security.TrustAllTrustManager
to ignore the certificate and trust the server, but they didn't help either.
Launching the client showing -Djavax.net.debug=ssl,keymanager
in both cases:
keyStore is : C:\work\example.pfx
keyStore type is : PKCS12
keyStore provider is : SunJSSE
init keystore
init keymanager of type SunX509
...here going init...
trustStore is: path/to/jre/lib/security/cacerts/mine/or/SoapUI's
trustStore type is : jks
trustStore provider is :
init truststore
...here are added all trusted certs...
And I don't know if it matters, but after adding the certificates I saw in the log:
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
And in the end, as I understand it, during the handshake I ended up in the magazine
%% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
source to share
No one has answered this question yet
Check out similar questions: