I'm trying to access a web service using a secure client.
I generated two files:
nb19200.pkcs12
server.jks
I pasted the server keystore in tomcat and uploaded the pkcs12 to my browser, everything works well.
Now, in my client application, I tried the following:
First, export the server certificate, I used the following command:
keytool -exportcert -alias servercert -file servercert.cer -keystore server.jks -storepass **
And then import it onto a keystore with nothing in there:
keytool -importcert -keystore truststore.jks -alias servercert -file servercert.cer -v trustcacerts -noprompt -storepass ***
My code is the following:
System.setProperty("javax.net.ssl.trustStore","servertrust.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
//To be able to load the client configuration from axis2.xml
ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("client-repo", null);
SecureServiceStub stub = new SecureServiceStub(ctx,"https://localhost:8443/axis2/services/SecureService");
ServiceClient sc = stub._getServiceClient();
sc.engageModule("rampart");
//call the service etc.
Ok, with this configuration I get the following error:
Caused by: java.net.SocketException: Connection closed by remote host
If I comment the first two lines, the error I get is:
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
So what am I doing wrong?
I'm completely lost.
Update full code:
Stack trace:
Exception in thread "main" org.apache.axis2.AxisFault: Connection refused: connect
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at tutorial.rampart.client.SecureServiceStub.add(SecureServiceStub.java:191)
at tutorial.rampart.client.SecureServiceCGClient.main(SecureServiceCGClient.java:36)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:564)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)
I found the solution.
I was missing this:
Please make sure the service is listening on the port 8443. Check the URL
https://localhost:8443/axis2/services/SecureService
exist. You can try this URLhttps://localhost:8443/axis2/services/SecureService?wsdl
and see if you can get the WSDL of the service from that URLLook at the line where you define the keystore path:
But you mentioned that the file name is server.jks. So if that is the case that is why the code cannot find the proper cert file.
UPDATE:
When using ssl (https) the server searches for the right certificate accroding to the 'CN'. The CN must be equal to the name of the host. According to the URL you posted i see you are using localhost, so you have to make the CN equals to your machine name (You can see it by right click My computer->propeties).