Here is what you should do if you are exposing your SOA or any other service securely and on invocation getting the below error.
Error-
javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Cause-
The reason for the error is that the certificates are not part of the trust store or when a server changed their HTTPS SSL certificate, the older version of Java did not recognize the root certificate authority (CA).
Solution-
1. Access the HTTPS service in the browser. Click on the HTTPS certificate chain (there is lock icon in the Internet Explorer, or the domain name left of the URL in Firefox) and navigate the certificate hierarchy
2. Export the certificates, generally Root, Secure and your certificate.crt to a tmp directory
3. To verify the root certificates, determine where the cacerts file is located. By default it is in jre/lib/security/cacerts under your JDK home
4. Navigate to directory and execute the below command:
You will be prompted for password, Enter password and check if the certificates are present inside the file.
5. Assuming that the certificates are called; exampleroot.crt, examplesecure.crt and example.crt type the command below:
6. You will be prompted for password, Enter password. and Respond 'yes' to trust this key.
7. Repeat for remaining certificates.
8. Restart your JVM and test.
Now you will be able to access/invoke HTTPS URL.
Note: If you are using custom trust store, make sure that the key-store is part of the startup parameter of your server.
Helpful? Please Comment.
Happy Learning!!
Error-
javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Cause-
The reason for the error is that the certificates are not part of the trust store or when a server changed their HTTPS SSL certificate, the older version of Java did not recognize the root certificate authority (CA).
Solution-
1. Access the HTTPS service in the browser. Click on the HTTPS certificate chain (there is lock icon in the Internet Explorer, or the domain name left of the URL in Firefox) and navigate the certificate hierarchy
2. Export the certificates, generally Root, Secure and your certificate.crt to a tmp directory
3. To verify the root certificates, determine where the cacerts file is located. By default it is in jre/lib/security/cacerts under your JDK home
4. Navigate to directory and execute the below command:
keytool -list -v keystore ./cacertsYou will be prompted for password, Enter password and check if the certificates are present inside the file.
5. Assuming that the certificates are called; exampleroot.crt, examplesecure.crt and example.crt type the command below:
keytool -keystore ./cacerts -import -alias exampleroot -file /tmp/exampleroot.crt6. You will be prompted for password, Enter password. and Respond 'yes' to trust this key.
7. Repeat for remaining certificates.
8. Restart your JVM and test.
Now you will be able to access/invoke HTTPS URL.
Note: If you are using custom trust store, make sure that the key-store is part of the startup parameter of your server.
Helpful? Please Comment.
Happy Learning!!
No comments:
Post a Comment