Configuring Glassfish as a Web Services Client Using Mutual SSL

Question

Configuring Glassfish as a Web Services Client Using Mutual SSL

I am trying to request data from a web service for which a client certificate must be submitted by the client. The server uses SSL for all communications and uses a self-signed certificate. I gave Netbeans a WSDL service file and it generated client code using wsimport.

I have no problem when client code is written in a regular Java application; I installed the trust store in a file cacertscontaining the server certificate, installed the key store as a file provided by the server administrator in the JKS format, containing 2 keys - the client’s private key and the server’s public key, built the request object, and send the request.

The problem occurs when I port it to the corporate Java environment. Requirements dictate that the code must be Enterprise JavaBean inside the corporate archive running on the Glassfish application server. Glassfish seems to have its own security settings that override the JVM settings. When the EJB method contains a call to a Web service, SSL negotiation is not performed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. I don’t know how to set Glassfish security settings, like JVM settings, can anyone explain Glassfish security settings? The research I did only showed how to configure Glassfish as a web service server , and not as a web service client .

I have a .cer certificate file for a server that I added to the trust store using Java keytoolto add it cacertsto the default file . Would it be better to modify the file cacertswith InstallCertto enable a self-signed certificate by following the steps http://blog.johnryding.com/post/1548502059/acquire-an-ssl-certificate-for-your-java-programs-in-win ?

I have a trust store file, a keystore file, a .cer certificate file, and a .p12 browser certificate stored in $ JAVA_HOME / jre / lib / security and $ JAVA_HOME / lib / security.

I am using Netbeans 6.9.1 and Glassfish 3.1 Final. Below is the relevant piece of code copied from my EJB. An exception occurs on the last line.

System.setProperty("javax.net.ssl.trustStore", "C:\\jssecacerts"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); System.setProperty("javax.net.ssl.keyStore", "C:\\userCertificate.jks"); System.setProperty("javax.net.ssl.keyStorePassword", "password"); RequestObject request = new RequestObject; request.setQuery("some data"); request.setUsername("user"); request.setPassword("pass"); Service service = new Service(); Endpoint port = service.getWebServicePort(); Result result = port.specificWebServiceMethod(request);

+3

java-ee authentication ssl glassfish ejb

Jacques pritchard Jun 07 '11 at 5:48

source share

4

DccBr · Answer 1 · 2012-06-25T18:07:03+0000

, Jacques Pritchard, :

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I cacerts.jks, keystore.jks, :

/usr/java/jdk1.6.0_25/bin/keytool -import -trustcacerts -file root_ca.cer -alias rootca -keystore cacerts.jks

/usr/java/jdk1.6.0_25/bin/keytool -import -trustcacerts -file root_ca.cer -alias rootca -keystore keystore.jks

, rootca - , . .

Bruno · Answer 2 · 2011-06-07T13:17:58+0000

SSLContext . , Glassfish, .

, ( WS): SSL- Java

Dan · Answer 3 · 2011-07-12T21:04:33+0000

( Glassfish 3.0.1).

, .

. java keytool , , . , - . -

keytool -list -keystore MyKeyStore.jks

. pfx pem openssl. , pfx , java pem.

openssl pkcs12 -in MyPfxFile.pfx -out MyPemFile.pem

pem p12, java. , java, .

openssl pkcs12 -export -in MyPemFile.pem -out MyP12File.p12

, , p12 java. , java 6, java 5 keytool -importkeystore.

keytool -importkeystore -deststorepass MyPassword -destkeystore PathToMyKeystore/keystore.jks -srckeystore MyP12File.p12 -srcstoretype PKCS12 -srcstorepass MyPassword

, - keytool -list -keystore keystore.jks, , .

, , , . , - pkix - HTTP 403 Forbidden.

Sun Application Server 9.1_1, Oracle Glassfish 3.0.1. , - JSSE, ogs 3, Sun App Server jdk. jvm ogs 3 domain.xml , .

<jvm-options>-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol</jvm-options>

, - , jvm options, , , , , . , - , ?

, : http://onjava.com/pub/a/onjava/2001/05/03/java_security.html?page=4

( ogs 3), , InstallCert ( ) : PKIX -.

, - . :)

Njeru · Answer 4 · 2014-06-30T16:01:23+0000

.

Removed all certificates from my key tool.

Command example: keytool -list -v -keystore keystore.jks -alias mydomain

I converted the cert response from the server to bas64 DER and copied them into a single .PEM file, and I downloaded the .PEM into my keytool:

Command example: keytool -importcert -keystore keystore.jks -alias mydomain -file my.pem

Then I downloaded the keystore:

KeyStore myStore = KeyStore.getInstance("JKS");
InputStream keyInputx = new FileInputStream("C:\\myStore.jks");
myStore.load(keyInputx, "xxx".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyInputx.close();
/*Enumeration enumeration = myStore.aliases();
 while (enumeration.hasMoreElements()) {
     String alias = (String) enumeration.nextElement();
     System.out.println("alias name: " + alias);
     Certificate certificate = myStore.getCertificate(alias);
     System.out.println(certificate.toString());
 }*/
keyManagerFactory.init(myStore, "xxx".toCharArray());
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
SSLSocketFactory sockFact = context.getSocketFactory();

Lots of links around, so be happy to use.

Configuring Glassfish as a Web Services Client Using Mutual SSL

More articles: