I want to secure a webservice using Netbeans开发者_Go百科 with mechansim : "Message Authentication over SSL" and I do everything that Netbeans documentation and Sun WSIT tutorial told to do. I also import the generated SSL key in client jre but when I run the client code, I still got this error :
Failed to access the WSDL at:
https://localhost:8443/SecureWebService?wsdl
. It failed with: sun.security.validator.ValidatorExcepti on: PKIX pathbuilding failed: un.security.provider.certpath. SunCertPathBuilderException: unable to find validcertification path to requested target.
can someone help me please ?
Looks as if the client isn't able to validate the whole certificate path. Is the client certificate self-signed? Might be that your certificate authority is unknown. If this is the problem, you may import your CA's public key using this script:
#!/bin/bash
# path to your cacerts file
CACERTS="/etc/java-6-sun/security/cacerts"
# sun's default password - change if necessary
CACERTSPASS="changeit"
# change this
ALIAS="myAlias"
CERTPATH="/path/to/ca.der"
if [ `keytool -list -keystore $CACERTS -storepass $CACERTSPASS | grep -c $ALIAS` -gt 0 ]; then
echo already installed
else
keytool -import -keystore $CACERTS -storepass $CACERTSPASS -alias $ALIAS -file $CERTPATH
fi
You may use the keytool commands on Windows machines as well.
you can try replacing the keytool command in sfussenegger's script to:
keytool -import -keystore $CACERTS -storepass $CACERTSPASS -alias $ALIAS -file $CERTPATH -trustcacerts
Then the script would import your self signed certificate into the root keystore as a trusted CA Certificate, which would provide a valid certification path to verify the identity of the server.
精彩评论