Securing webservice , valid SSL key error !

Question

Hi !

I want to secure a webservice using Netbeans with mechansim : "Message Authentication over SSL" and I do everything that Netbeans documentation and Sun WSIT tutorial told to do. I also import the generated SSL key in client jre but when I run the client code, I still got this error :

Failed to access the WSDL at: https://localhost: 8443/SecureWebSe rvice?wsdl. It failed with: sun.security. validator. ValidatorExcepti on: PKIX path building failed: sun.security. provider. certpath. SunCertPathBuild erException: unable to find valid certification path to requested target.

can someone help me please ?

Answer 1

Looks as if the client isn't able to validate the whole certificate path. Is the client certificate self-signed? Might be that your certificate authority is unknown. If this is the problem, you may import your CA's public key using this script:

#!/bin/bash

# path to your cacerts file
CACERTS="/etc/java-6-sun/security/cacerts"
# sun's default password - change if necessary
CACERTSPASS="changeit" 

# change this
ALIAS="myAlias"
CERTPATH="/path/to/ca.der" 

if [ `keytool -list -keystore $CACERTS -storepass $CACERTSPASS | grep -c $ALIAS` -gt 0 ]; then 
    echo already installed
else 
    keytool -import -keystore $CACERTS -storepass $CACERTSPASS -alias $ALIAS -file $CERTPATH
fi

You may use the keytool commands on Windows machines as well.

Answer 2

tnx dear sfussenegger I do that but got that error again ! :(

Answer 3

you can try replacing the keytool command in sfussenegger's script to:

keytool -import -keystore $CACERTS -storepass $CACERTSPASS -alias $ALIAS -file $CERTPATH -trustcacerts

Then the script would import your self signed certificate into the root keystore as a trusted CA Certificate, which would provide a valid certification path to verify the identity of the server.