views:

379

answers:

2

I have PKCS#12 keystore that I've sucessfully imported in my browser for accessing a server that needs 2-way SSL authentication. Works perfectly reaching any https URL there.

However, I'm unable to access an URL in the same server, and from the same host when using Axis 1.4. The given Axis faultString is:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

My javax.net.ssl.{keyStore,keyStorePassword,keyStoreType} properties seem to be set up fine.

How can I solve this?

A: 

Finally, importing the certificates into my own truststore, using Andreas Sterbenz's InstallCert, and setting the trustStore properties as indicated by http://stackoverflow.com/questions/875467/java-client-certificates-over-https-ssl/882479#882479 did the trick!

Camilo Díaz
A: 

I came across a simpler answer if all want is for your client to be able to call the SSL web service and ignore SSL certificate errors. (Of course you would NOT do this in production! But it sure is handy for testing.)

Just put this statement before you invoke any web services:

System.setProperty("axis.socketSecureFactory", "org.apache.axis.components.net.SunFakeTrustSocketFactory");

I found this at the Axis wiki.

Mark