Thursday, December 18, 2008

Running Axis WSDL2Java on HTTPS WSDL

If you are getting SSL related exception while using WSDL2Java on a HTTPS WSDL (URL with HTTPS protocol) like “javax.net.ssl.SSLHandshakeException: … unable to find valid certification path to requested target”, you have to add the certificate of the host in your URL to the java’s keystore.

The above exception might occur only when you use the WSDL url (eg. https://myhost.com:443/TestWS/Test.wsdl) to generate the java files using Axis WSDL2Java ant tasks. Easiest option would be to download the WSDL on to your local file system and using it to generate java files using WSDL2Java. However, to run the client in standalone mode, you still need to add the certificate to the JRE’s keystore.

Follow the steps given above to import the certificate onto the JRE's keystore. First, we need to export the certificate from the browser to a file.

If you are using IE, here is how you can do so:
  1. Access URL with https protocol (example: service WSDL location (Ex. https://foo.com/bar?wsdl) on the browser.
  2. Internet explorer will prompt a security alert. Select the "View Certificate" button.
  3. Navigate to the tab "Details". Select the "Copy to File.." button.
  4. Certificate Export Wizard will be displayed. Select "NEXT" button.
  5. The option "DER encoded binary X.509 (.CER) will be by default selected. Select "Next".
  6. Place the file where it suits you better.
  7. Select "Next". The "Completing Certificate Export Wizard" will be displayed. Select "Finish". The will be a pop-up saying "The export was successful".
If you are using Mozilla Firefox,
  1. Open the URL in the browser. Click on the lock icon on the bottom right hand side corner of statusbar of browser window.
  2. Click on view certificate. Go to ‘Details’ tab in opened dialog.
  3. Click on Export button to save the file.
  4. Place the file where it suits you better.

Following are the steps to import the certificate signature to JRE keystore:
  1. Move the certificate file to your %JAVA_HOME%/jre/lib/security folder.
  2. In ant you can use command ant –diagnostics to find out java installation folder by using java.home system property.
  3. Make a backup copy of file named “cacerts” (the keystore) which is under %JAVA_HOME%/jre/lib/security.
  4. Open a command prompt and change directory (cd) to %JAVA_HOME%/jre/lib/security.
  5. Run following command:
  6. keytool -importcert -trustcacerts -keystore cacerts -storepass changeit -alias "<aliasname>" –file <cert file>
  7. Type in ‘yes’. (prompt appears for untrusted certificates)
  8. Run following command to verify:
  9. keytool -keystore cacerts -storepass changeit -list -alias "<aliasname>"

After importing certificate to keystore, if you are getting the exception with message “CertificateException: No name matching
<host name> found” when you are running Axis WSDL2Java ant task, make sure that you give the same alias name as the common name (CN) of the certificate while adding the cert to keystore. Also make sure that you have the WSLD URLs host name maches certificate’s CN. In this case, Certificate CN, Alias and the hostname in WSDL should all match.
To know the CN of certificate, see details of certificate in browser or use keytool –list command given int step 9 above. The text in the first line before the first comma in the output of keytool –list command is the CN.

You can delete certificates added to keystore using keytool –deletecert command and add them back with alias as CN of certificate.
Sample command to delete certificate from keystore:
JAVA_HOME\jre\lib\security> keytool -delete -keystore cacerts -storepass changeit -alias "<aliasname>"

9 comments:

Anonymous said...

the command to import the certificate is :

keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias mycert -file certeduj.cer

praveendk said...

i am working on wsdl2java on https and followed the steps said in the article. getting following exception, doesnt make any sense to me..please let me know know if u have any idea.

Caused by: javax.wsdl.WSDLException: WSDLException (at /wsdl:definitions/wsdl:types/s:schema): faultCode=OTHER_ERROR: An err
or occurred trying to resolve schema referenced at 'https://165.176.38.13:5355/VSB_Public_Services/VSB_Public_Services.asmx?
schema=WebNGSSearchData', relative to 'file:/C:/projects/efile/WebContent/VSB_Public_Services.wsdl'.: java.io.IOException: H
TTPS hostname wrong: should be <165.176.38.13>

hallsarah204@gmail.com said...

In order to run the client in standalone mode, we still need to add the certificate to the JRE’s keystore. Thanks for sharing this report with us! Best regards and kindest wishes,
online editing service - edit-ing.services

George said...

Web services are client and server applications that communicate over the World Wide Web’s (WWW) HyperText Transfer Protocol (HTTP). Web services provide a standard means of inter operating between software applications running on a variety of platforms and frameworks. Web Design Services

drivetrain said...

Choose high quality and durable dennys driveshaft replacement parts for your Nissan. Replacement parts are available for your air intake system, body electrical, body mechanical and trim, body sheet metal, brakes, climate control, clutch, cooling system, diesel injection, drive belts, drive shafts and axle, engine electrical, engine parts, exhaust, fuel delivery, steering, suspension, tools and hardware, transmission. Replacement parts keep your Nissan running and looking great, these parts will surely make it more stylish, more fun to drive, more comfortable and convenient, and more high-tech. dennys driveshaft .

digital marketing malaysia said...

Nice information, valuable and excellent design, as share good stuff with good ideas and concepts, lots of great information and inspiration, both of which I need, thanks to offer such a helpful information here.



digital marketing malaysia

پنکک said...

برای خرید پنکک به برند، پیگمنت و رنگ آن توجه کنید.

Ramesh Sampangi said...

I visited first time here. Good blog, informative and knowledgeable content. Keep posting more blogs again soon.
Data Science Course Training in Hyderabad
Data Science Course Training Institute in Hyderabad with Placements

Techworld said...

Thanks for sharing this. r training online