I have written a Jersey REST web service, deployed on Glassfish and secured using a CLIENT-CERT realm. Now I would like to call it from an application deployed on the same Glassfish server (or possibly another).
I can successfully call the service over SSL from a standalone Java class. However when I call it from code deployed on the same server I get a null certificate chain error, i.e. the client does not supply a certificate when requested to do so by the server.
javax.net.ssl.SSLHandshakeException: null cert chain
If I use the Glassfish keystore and truststore with the standalone class by setting
-Djavax.net.ssl.trustStore="C:\glassfish3\glassfish\domains\domain1\config\cacerts.jks"
-Djavax.net.ssl.trustStorePassword=changeit
-Djavax.net.ssl.keyStore="C:\glassfish3\glassfish\domains\domain1\config\keystore.jks"
-Djavax.net.ssl.keyStorePassword=changeit
then it still works, but not from within Glassfish itself.
Related
I am trying to do a https rest API call with a SSL certificate(PFX file) which have a password. I tested the connection from my desktop with SOAP UI and it is working fine.
I have a web application which is running on tomcat and I need my tomcat to send this certificate for all the http/https call which it will make.
I am not a tomcat person so i am stuck with this now.
I can find in online about how to set up a keystore & server.xml so that my web app can use Client Authentication against things connecting to it, not for when it needs to connect out to some other server(outgoing call).
my tomcat version is : 9.0.22
connector settings on my server.xml file
I need to create a Java based XML web service client which is deployed in IBM WAS server which calls web service hosted by external system. Here 2 way ssl authentication mechanism should be there.
Configuration team has already set up the below things in quality environment of client and web service appservers:
At WAS server in which my web service client exists:
server certificate in the trustStore
client certificate is available in the keystore
At App server in which actual WebService exists:
server certificate in the keyStore
client certificate is available in the trust store
Coding:
we Auto generated classes using WSDL file provided by WS provider.
called the WS method normally like there is no 2 way ssl authentication mechanism in place.
problem: we are getting a connection exception when calling web service method from WS Client.Seems we have trouble with the 2 way ssl mechanism.
Full StackTrace Image as requested:
Assumptions:
we assumed that the entire handshake process of 2 way SSL process happens automatically when the web service call is done normally from the client.
Queries:
Is our assumption correct that entire handshake process happens
automatically here especially client sending its certificate ?
Do we need to specify at code level in java any details of path of
trust Store or KeyStore before calling the web service method to enable client to send its certificate ?
If Yes for Qn 2 do we need to set below properties in code as mentioned in some reference links
before calling WS method in client:
System.setProperty("javax.net.ssl.keyStore", "path/to/your/key");
System.setProperty("javax.net.ssl.keyStorePassword", "your-keystore- password");
System.setProperty("javax.net.ssl.trustStore","path/to/your/trust/keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "your-truststore-password");
Any suggestions/advice are highly welcome as we are stuck with this since few days.Its the first time we are working on web services which need 2 way SSL.
I have the following scenario:
Web application (currently running in Eclipse)
Apache httpd proxy
5 backend servers (tomcat) all listening on HTTPS
I have valid certificates for all backend servers and also have the cert chain imported in the keystore. Can anyone explain to me or give me a sample config for the proxy? I am getting different errors when trying to establish trust between the proxy and backend servers like (downstream server wanted client certificate but none are configured).
I have the following:
Web service hosted on trusted enterprise domain intranet (hosted in IIS)
Java console application used to test connection to web service
Java web application hosted in Tomcat (running on localhost)
I can successfully send and receive data to and from the web service via a console application. However, when I use the exact same code and libraries in a web application hosted in Tomcat, I am receiving an SSL certificate error stating:
suncertpathbuilderexception: unable to find valid certification path to requested target
Any reason why it would work via console but not via Tomcat on localhost. For what it's worth, it doesn't work on my dev (non-localhost) box either when hosted in Tomcat. Maybe I am targeting a different JRE when launching Tomcat which doesn't have the trusted certificate?
The certificate is signed by my company's trusted enterprise authority, so I guess it's a sort of enterprise-wide self-signed certificate. The certificate authority is registered in Windows trusted certificate authorities when I check in the Management Console Certificate Snap-In. I suspect that doesn't matter though.
Am I going to have to use keytool to generate a certificate to add to the trust store on every server that will be hosting this Tomcat application?
It is possible that your Tomcat installation uses another JVM. You need to check your installation. Check where JAVA_HOME and JRE_HOME point to.
The JVM does not use the Windows trusted certificate authorities.
You will have to use keytool to import your company's trusted enterprise authorities certificate on each server, but you will NOT need to generate any certificates.
I'm developing a simple web services using Java EE Servlets.
My clients are a simple java apps (no browsers), so I need to secure my communication using TLS (or SSL v3). About Application server, I'm using Glassfish v3.
For example, I need to transfer some data from client to server within a HTTP Post Request into a secure connection.
There are some external libraries, server configurations or tutorial that can I use?
On the server side you must somehow expose your servlets via HTTPS. If you are using tomcat, check out SSL Configuration HOW-TO. If you have an Apache web server in front, see: Apache SSL/TLS Encryption.
On the client side ssl and https support is built into JDK, just call any https://... address using URLConnection. However remember that the certificate your server uses must be trusted - either confirmed by some authority or added manually on the client. Self-signed certificates by default won't be accepted.