Clever Geek Handbook

SOAP client over SSL: sun.security.provider.certpath.SunCertPathBuilderException: Unable to find a valid certification path for the requested target

I am working with a remote SOAP service over HTTPS (HTTP over SSL) and I have created my client classes using the axis tool WSDL2java

. So I am using Axis2 client, I tried Axis too, there was no difference between them I have my own certificate in .pfx just for development. I first tried to make a request through SoapUI and I just add my certificate and password to SSLsettings:

And it works great.

After that, I tried to execute the request with my Axis client using Java code. Before submitting the request, I added:

System.setProperty("javax.net.ssl.keyStore", "C:\work\example.pfx");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "myPassw");
System.setProperty("javax.net.ssl.keyStoreProvider", "SunJSSE");

After that, I sent a request with my client:

SMTHExample_ServiceStub client = 
new SMTHExample_ServiceStub("https://ipaddr:10443/anotherpartOfUrl");
Info2Resp gi2resp = client.getResp2(getSmth2);

And after that I got an exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Failed to create PKIX path: sun.security.provider.certpath.SunCertPathBuilderException: Unable to find a valid certification path for the requested target

After that, I tried to run my class using SoapUI jre, but it didn't help, I got exactly the same error.

I also tried various workarounds like org.apache.axis2.java.security.TrustAllTrustManager

to ignore the certificate and trust the server, but they didn't help either.

Launching the client showing -Djavax.net.debug=ssl,keymanager

in both cases:

keyStore is : C:\work\example.pfx
keyStore type is : PKCS12
keyStore provider is : SunJSSE
init keystore
init keymanager of type SunX509
...here going init... 
trustStore is: path/to/jre/lib/security/cacerts/mine/or/SoapUI's
trustStore type is : jks
trustStore provider is : 
init truststore
...here are added all trusted certs...

And I don't know if it matters, but after adding the certificates I saw in the log:

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256

And in the end, as I understand it, during the handshake I ended up in the magazine

%% Invalidated:  [Session-1, SSL_RSA_WITH_RC4_128_SHA]
main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+3


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles