AppletTalk.com Java discussions newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  Problem sending secure web services request from WAS 6 to WA          AppletTalk.com Forum Index -> Security and Java View previous topic :: View next topic   Author Message Andrey Guest Posted: Wed Jan 31, 2007 8:26 pm    Post subject: Problem sending secure web services request from WAS 6 to WA Hello, We are having trouble sending webservices requests from our client application to an existing server over SSL. We recently upgraded our WAS to 6.0.x, but the webservice provider's server is still running 5.1.x. Ever since we upgraded, we haven't been able to invoke the webservice. Initially, we got this SOAP response from the server: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/ envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http:// www.w3.org/2001/XMLSchema-instance"> <soapenv:Header/> <soapenv:Body> <soapenv:Fault> <faultcode>soapenv:Server.generalException</faultcode> <faultstring><![CDATA[WSWS3713E: Connection to the remote host host.host.com failed.Received the following error: Handshake terminated SSL engine: CLOSED]]> </faultstring> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> We opened a ticket with IBM, and they told us that secure webservices calls don't work between WAS 6 and WAS 5.1. However, from reading documentation, I understand that this only applies if you use WS-I protocol. We don't use that, we simply use the SOAPConnection API, and send it over SSL. So from my understanding, this should work even between 6.0 and 5.1, after all SSL is a standard, it should work between any two app servers. Has anybody experienced a similar problem? We decided to also try a different approach to get around this problem. We changed the code to send the SOAP message over a simple HTTP Post to the webservice endpoint (using Apache HttpClient). This works for unsecured endpoints (HTTP) but does not work for HTTPS endpoints. When we tried this on an HTTPS endpoint, we got this exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted at com.ibm.jsse2.bx.a(bx.java:53) at com.ibm.jsse2.by.a(by.java:346) at com.ibm.jsse2.by.a(by.java:412) at com.ibm.jsse2.w.a(w.java:80) at com.ibm.jsse2.w.a(w.java(Compiled Code)) at com.ibm.jsse2.v.a(v.java(Compiled Code)) at com.ibm.jsse2.by.a(by.java(Compiled Code)) at com.ibm.jsse2.by.l(by.java(Inlined Compiled Code)) at com.ibm.jsse2.by.a(by.java(Compiled Code)) at com.ibm.jsse2.f.write(f.java(Compiled Code)) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java: 86) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:144) at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java: 150) at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java: 495) at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java: 1973) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java: 993) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java: 397) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java: 170) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java: 396) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java: 324) at com.usps.fast.web.security.AbstractBaseExternalAuthenticationDAO.callSoapEndpoint(AbstractBaseExternalAuthenticationDAO.java: 369) at com.usps.fast.web.security.AbstractBaseExternalAuthenticationDAO.sendSOAPCall(AbstractBaseExternalAuthenticationDAO.java: 278) ... 39 more Caused by: java.security.cert.CertificateException: Certificate not Trusted at com.ibm.jsse.bi.a(Unknown Source) at com.ibm.jsse.bi.checkServerTrusted(Unknown Source) at com.ibm.jsse2.ba.checkServerTrusted(ba.java: at com.ibm.jsse2.w.a(w.java:2) It sounds like the certificate is not installed correctly, but our middleware people assure us that it is. Could it be anything else? Is there some new configuration in WAS 6 that needs to be fixed? Thanks for any suggestions! Back to top Guest Posted: Thu Feb 01, 2007 11:44 pm    Post subject: Re: Problem sending secure web services request from WAS 6 t On 31 Jan 2007, "Andrey" <andrey81inmd (AT) yahoo (DOT) com> wrote: Quote: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted there's your problem. Your server cert is not signed by a Certificate Authority (or chain of authorities) that is trusted by the client. So your client is refusing to connect. If you need a further explanation, post back. Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         AppletTalk.com Forum Index -> Security and Java All times are GMT Page 1 of 1   Jump to: Select a forum Java Newsgroups----------------Java DiscussionsWeb-based java games comp.lang.java 3D Graphics API's for Java Java: Support and criticism Java System Announcements comp.lang.java.api JavaBeans Java and CORBA Java and Databases comp.lang.java.developer Java GUI Toolkits Java Help comp.lang.java.javascript JVM, native methods and hardware comp.lang.java.misc Java Language Programming Security and Java comp.lang.java.setup Java Software Tools comp.lang.java.tech ibm.software.java.linux  Non-English Java Newsgroups----------------Java Language (German)Language Java (Français)Java (Italian)  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.