Downloaded the FedEx web service for smartpost shipment and tried to run their sample file and calling the processShipment service using command line (Java). I am getting the error as
org.apache.axis2.AxisFault: WSWS7130E: No Secure Sockets Layer (SSL)
configuration is available for the ..............
Can someone please help how to do SSL configuration for executing this using command line.
Appreciate your help in advance.
Have you been given a client certificate and truststore to use when connecting to the service?
Typically you can configure SSL for client authentication if you have a keystore and a truststore, configuring them at runtime using the following properties
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.keyStoreType
javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword
javax.net.ssl.trustStoreType
These can be passed in at runtime as follows:
java -cp myjar.jar com.test.Main -Djavax.net.ssl.keyStore=keystore.jks -Djavax.net.ssl.keyStorePassword=letmein -Djavax.net.....
Related
I read almost all resources, tried everything I could get my hands on which would seem to be duplicate on this website but have no luck to make it work.
The following works when running in IntelliJ on a windows machine but failed when running as a JAR compiled with Maven on Ubuntu. It would seem to me as if it cannot find the file.
8443 is free, there are no firewall.
I tried the long path as well but not working (server.ssl.keystore=file:/home/###/Documents/keystoref.p12
)
server.ssl.key-alias=tomcat
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=###
server.ssl.key-store=classpath:keystoref.p12
server.port=8443
server.ssl.enabled=true
***************************
APPLICATION FAILED TO START
***************************
Description:
The Tomcat connector configured to listen on port 8443 failed to start. The port may already be in use or the connector may be misconfigured.
Action:
Verify the connector's configuration, identify and stop any process that's listening on port 8443, or configure this application to listen on another port.
I am also unsure what private key to use. Should I use the private key which helps to generate the CSR which I had to convert into p12
Generating CSR
Or should I use the p12 generated from the mix of my private key and the 'certificate.crt' I received in email as per this previous answer. I would think the private key is linked to the certificate anyway so that should make no difference?
openssl pkcs12 -export -in <mycert.crt> -inkey <mykey.key> -out keystore.p12 -name <alias>
Similar issue
You mentioned that you tried
server.ssl.keystore=file:/home/###/Documents/keystoref.p12
Did you try using:
server.ssl.key-store=file:/home/###/Documents/keystoref.p12 ?
I was not able to locate the issue with this problem. I started a fresh project and built on it and never encountered this issue again, so on my end this issue is being closed. Also the first key used to generate the CSR works just fine.
Update
The issue came from the spring version on pom.xml for whatever reason, once changed from
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.9.RELEASE</version>
to version 2.3.1.RELEASE it worked fine.
I am new in JAVA, Consuming web service(.wsdl) in Web Service Client project. I import the client certificate in java cacerts store in jrd. My code is as follows:
System.setProperty("javax.net.ssl.trustStore","[PATH]/cacerts.jks");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
ServicesProxy service = new ServicesProxy();
ServiceRequest request = new ServiceRequest(1498);
ServiceResponse response = service.getDetails(request);
I'm failed to handshake, I am getting the following exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
I have no clue why there is an exception. Any help will be appreciated.
You probably have to add the key chain in the certificate (PEM format).
CA Root -> Intermediate Cert -> Cert.
Or the certificate cannot be found in the keystore, do you use the correct alias etc.
And I do not recognize the SOAP JAX-WS implementation you use.
Not a solution to your problem, but maybe it helps to find it:
You can start your client with the VM parameter -Djavax.net.debug=all which will give you a lot of information about the SSL connection.
Check here for details about the output:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
Use -Djavax.net.ssl.trustStore property directly instead.
One more thing the server you use in that also u need to place the jks for handshake.
For example server is JBoss then bin
I guess your cacert is not correct or the path is unaccessible. I followed the instructions given here
Use SSL Poke to verify connectivity
Download SSLPoke.class
Execute the class as follows, changing the URL and port:
$JAVA_HOME/bin/java SSLPoke yoururl 443
A successful connection would look like this:
$JAVA_HOME/bin/java SSLPoke yoururl 443
Successfully connected
Try to use a different truststore to connect
$JAVA_HOME/bin/java -Djavax.net.ssl.trustStore=[PATH]/cacerts.jks SSLPoke yoururl 443
If it fails the truststore does not contain the proper certificates.
How to solve it
The solution is extracted from here
Fetch the certificate again from the server:
openssl s_client -connect yoururl:443
You need openssl. Save the output to a file called public.crt. This is how your file should look like:
-----BEGIN CERTIFICATE-----
< Bunch of lines of your certificate >
-----END CERTIFICATE-----
Import the certificate:
$JAVA_HOME/bin/keytool -import -alias -keystore $JAVA_HOME/jre/lib/security/cacerts -file public.crt
Enter the password if prompted (the default is changeit)
Recommendation
In the same post it is not recommended to use a configured trustStore different than the JVM cacert because then java could not access other root certificates.
This is a quite common error while dealing with soap services over SSL, I've had it a few times.
Your certificate may not be correctly installed in your truststore.
You can use openssl to check and install the correct certificate in the truststore, as explained here
Hi Looks like certificates are not imported correctly or path used in code not pointing to correct keystore.
I hope following steps in below article will help you.
http://magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html
I have a standalone Tomcat application with CRaSH shell library embedded.
I can successfully connect to the application via telnet but I am struggling with ssh.
Here is my crash.properties config :
# Key authentication
crash.auth=key
crash.auth.key.path=/usr/share/tomcat8/conf/id_rsa.pem
# SSH configuration
crash.ssh.port=2000
I have generated a ssh keypair via ssh-keygen, then I created a pem file via openssl rsa -in id_rsa -outform pem -pubout > id_rsa.pem command.
Whatever the ssh key used, I have the error when I try to connect via ssh -i /usr/share/tomcat8/conf/id_rsa -p 2000 myserver.example.com command :
Permission denied (publickey).
I have tried the solution described here but without success. I have also tried to put the id_rsa.pem key in my war /WEB-INF/sshd folder. Same result.
Any clue ?
After debugging, I notice that org.crsh.auth.KeyAuthenticationPlugin was comparing the authorized key and the key given at login, and they were identical but the method authenticate was always returning false (bad authentication). After fixing the bug, I realized that it was already declared here and a pull request was available the same way.
I followed a guide to enable https in Spring Boot. The application was beforehand working on https://localhost:8080
I've created a keystore.jks which is in the same directory as my application.properties, which now looks like:
# Define a custom port instead of the default 8080
server.port = 8444
# Tell Spring Security (if used) to require requests over HTTPS
security.require-ssl=true
# The format used for the keystore
server.ssl.key-store-type:PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=keystore.p12
# The password used to generate the certificate
server.ssl.key-store-password=<somepassword>
# The alias mapped to the certificate
server.ssl.key-alias=tomcat
Now, if I run the main method to start the spring boot app, it throws:
Description:
The Tomcat connector configured to listen on port 8444 failed to start. The port may already be in use or the connector may be misconfigured.
Action:
Verify the connector's configuration, identify and stop any process that's listening on port 8444, or configure this application to listen on another port.
The port isn't in use, so it must be misconfiguration?
I'm unsure of what to change. It's a simple SPA app, Spring just serves an index.html and has a single REST endpoint. How should tomcat/spring be configured to accept https in this case, and start up without errors?
I too had the same problem and was able to fix it. My problem was generating the keystore.p12 file.
If you have a certificate file and private key file, you can generatekeystore.p12 file using following command.
openssl pkcs12 -export -in <mycert.crt> -inkey <mykey.key> -out keystore.p12 -name <alias>
You will be prompted for a password,there you can enter a password you like.
Once the keystore file is generated copy it to the directory where your .jar file exist.
Following is a working example configuration.
server.port=8443
security.require-ssl=true
server.ssl.key-store-type=PKCS12
server.ssl.key-store=file:keystore.p12
server.ssl.key-store-password=<password>
server.ssl.key-alias=<alias>
Note the key store file path file:keystore.p12 if it is going to reside in the same directory as the executable .jar file.
I solved the same issue by using the following configuration
# Define a custom port instead of the default 8080
server.port=8443
# Tell Spring Security (if used) to require requests over HTTPS
security.require-ssl=true
# The format used for the keystore
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=src/main/resources/keystore.p12
# The password used to generate the certificate
server.ssl.key-store-password=root0
I removed alias name and it worked perfectly.
"You probably won't need a key alias, since there will only be one key entry" referred from
TOMCAT SSL Error: Alias name does not identify a key entry
From Spring Boot 2.0 and higher, you can ignore this property.
security.require-ssl=true
To enable SSL, use the below configuration in your application.properties
The format used for the keystore
server.ssl.key-store-type=JKS
The path to the keystore containing the certificate
server.ssl.key-store=classpath:somecert.jks
The password used to generate the certificate
server.ssl.key-store-password=password
The alias mapped to the certificate
server.ssl.key-alias=alias_name
Note : server.ssl.key-store refers to the keystore location. Use
classpath prefix, if it is present in src/main/resources. Otherwise use,
file:/some/location.
I had the same issue as well but in my case the file path (in application.properties) for keystore file was incorrect on Linux and causing this error message.
I had same problem. for me server.ssl.key-alias was set to a wrong key. So, it sounds that some server mis-configurations in application.properties can cause this error message to appear.
I generated Keystore in Java home path. Set up the Connector in tomcat server.xml for the port 8443.
MySQL is not getting connected.
Added the following logic in java mysql connection class
String url = "jdbc:mysql://127.0.0.1:3306/xxxx"
"?verifyServerCertificate=false"+
"&useSSL=true"+
"&requireSSL=true";
System.setProperty("javax.net.ssl.keyStore", "path");
System.setProperty("javax.net.ssl.keyStorePassword", "pwd");
I think your key store config have some problem. Please check this link. Also, please attach error report.