Topic
  • 23 replies
  • Latest Post - ‏2014-04-01T20:42:39Z by JediProgrammer
SystemAdmin
SystemAdmin
1009 Posts

Pinned topic Consuming web service

‏2007-02-23T14:36:45Z |
I have created one web service using RAD7 and deployed it to WAS6.1. When I try to consume/test it:

System.setProperty("javax.net.ssl.trustStore", "jks/my.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "p");
System.setProperty("javax.net.ssl.keyStore", "jks/my.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "p");

System.setProperty("java.protocol.handler.pkgs",
"com.ibm.net.ssl.internal.www.protocol");
Security.addProvider(new com.ibm.jsse.IBMJSSEProvider());

Form f = new Form();
//...fill the form...

MyProxy my = new MyProxy();
//my.setEndpoint(endpoint);
String[] result = my.doSomething(f);

I got this error:

23.2.2007 15:09:05 com.ibm.ws.ssl.config.SSLConfigManager
INFO: ssl.disable.url.hostname.verification.CWPKI0027I
23.2.2007 15:09:06 com.ibm.ws.ssl.config.WSKeyStore
RESNO: ssl.keystore.load.error.CWPKI0033E
  • WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender:
WebServicesFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultString: WSWS3713E: Connection to the remote host jserver failed.Received the following error: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
faultActor: null
faultDetail:

WSWS3713E: Connection to the remote host jserver failed.Received the following error: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
at com.ibm.ws.webservices.engine.transport.http.HttpOutboundChannelConnection.connect(HttpOutboundChannelConnection.java:752)
at com.ibm.ws.webservices.engine.transport.http.HttpsOutboundChannelConnection.connect(HttpsOutboundChannelConnection.java:21

What does the above error mean? :(
Updated on 2011-10-28T13:34:30Z at 2011-10-28T13:34:30Z by santy2410
  • BobEyres
    BobEyres
    1 Post

    Re: Consuming web service

    ‏2007-04-19T19:23:31Z  
    Hi, did you ever get this problemresolved? I have exactly the same problem right now.... Bob
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Consuming web service

    ‏2007-05-08T11:34:44Z  
    • BobEyres
    • ‏2007-04-19T19:23:31Z
    Hi, did you ever get this problemresolved? I have exactly the same problem right now.... Bob
    Try changing

    System.setProperty("javax.net.ssl.trustStore", "jks/my.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "p");
    System.setProperty("javax.net.ssl.keyStore", "jks/my.jks");
    System.setProperty("javax.net.ssl.keyStorePassword", "p");

    For

    System.setProperty("com.ibm.ssl.trustStore", "jks/my.jks");
    System.setProperty("com.ibm.ssl.trustStorePassword", "p");
    System.setProperty("com.ibm.ssl.keyStore", "jks/my.jks");
    System.setProperty("com.ibm.ssl.keyStorePassword", "p");

    This will make the error

    23.2.2007 15:09:06 com.ibm.ws.ssl.config.WSKeyStore
    RESNO: ssl.keystore.load.error.CWPKI0033E

    disappear.

    About the other errors you got, I am still trying to solve them myself.

  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Consuming web service

    ‏2007-05-14T10:35:09Z  
    Try changing

    System.setProperty("javax.net.ssl.trustStore", "jks/my.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "p");
    System.setProperty("javax.net.ssl.keyStore", "jks/my.jks");
    System.setProperty("javax.net.ssl.keyStorePassword", "p");

    For

    System.setProperty("com.ibm.ssl.trustStore", "jks/my.jks");
    System.setProperty("com.ibm.ssl.trustStorePassword", "p");
    System.setProperty("com.ibm.ssl.keyStore", "jks/my.jks");
    System.setProperty("com.ibm.ssl.keyStorePassword", "p");

    This will make the error

    23.2.2007 15:09:06 com.ibm.ws.ssl.config.WSKeyStore
    RESNO: ssl.keystore.load.error.CWPKI0033E

    disappear.

    About the other errors you got, I am still trying to solve them myself.

    Even I am getting all these errors.

    What other properties need to be set? I am getting the following error.

    java.security.PrivilegedActionException: WSWS3740E: Error: No SSL configuration is available for endpoint - https://myurl/api

    Should we set something like com.ibm.SSL.ConfigURL also? If so what would be this URL? A pointer to a config file?

    Thanks in advance.

    Venkat
  • mmehra@us.ibm.com
    mmehra@us.ibm.com
    1 Post

    Re: Consuming web service

    ‏2007-05-15T15:16:39Z  
    Even I am getting all these errors.

    What other properties need to be set? I am getting the following error.

    java.security.PrivilegedActionException: WSWS3740E: Error: No SSL configuration is available for endpoint - https://myurl/api

    Should we set something like com.ibm.SSL.ConfigURL also? If so what would be this URL? A pointer to a config file?

    Thanks in advance.

    Venkat
    Hi All:

    I am seeing the same error. Anyone knows what needs to be done. I am running an eclipse 3.2.1 client application against 6.1.0.7 WAS.

    Here is the complete error:

    May 15, 2007 10:02:00 AM com.ibm.ws.ssl.config.SSLConfigManager
    INFO: ssl.disable.url.hostname.verification.CWPKI0027I
    May 15, 2007 10:02:00 AM com.ibm.ws.webservices.engine.PivotHandlerWrapper invoke
    WARNING: WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender:
    WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.34.119.200:9443/TestWS/services/Service
    faultActor: null
    faultDetail:

    WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.34.119.200:9443/TestWS/services/Service
    at com.ibm.ws.webservices.engine.transport.security.ConfigSSLProvider.getConfig(ConfigSSLProvider.java:257)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender$2.run(HTTPSender.java:973)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.setupEffectiveSSLConfiguration(HTTPSender.java:970)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:483)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:336)
    at com.ibm.ws.webservices.engine.client.Connection.invokeEngine(Connection.java:738)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:659)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:617)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:452)
    at com.ibm.ws.webservices.engine.client.Stub$Invoke.invoke(Stub.java:928)
    at com.ibm.rational.styx.ws.ServiceSoapBindingStub.sayHello(ServiceSoapBindingStub.java:94)
    at com.ibm.rational.styx.ws.client.Client.main(Client.java:39)
    WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.34.119.200:9443/TestWS/services/Service
    faultActor: null
    faultDetail:

    WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.34.119.200:9443/TestWS/services/Service
    at com.ibm.ws.webservices.engine.transport.security.ConfigSSLProvider.getConfig(ConfigSSLProvider.java:257)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender$2.run(HTTPSender.java:973)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.setupEffectiveSSLConfiguration(HTTPSender.java:970)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:483)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:336)
    at com.ibm.ws.webservices.engine.client.Connection.invokeEngine(Connection.java:738)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:659)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:617)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:452)
    at com.ibm.ws.webservices.engine.client.Stub$Invoke.invoke(Stub.java:928)
    at com.ibm.rational.styx.ws.ServiceSoapBindingStub.sayHello(ServiceSoapBindingStub.java:94)
    at com.ibm.rational.styx.ws.client.Client.main(Client.java:39)
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Consuming web service

    ‏2007-08-21T17:20:24Z  
    I am experiecning same problem when I try to consume a webservice. Getting following error after the setendpoint and before the operation().

    Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender
    Can someone tell me how to resolve this.

    Thanks
    Jaya
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Consuming web service

    ‏2007-09-28T08:08:47Z  
    i am also facing with the same problem. please find the details as below.

    I have deployed certification file on the WAS 6.1.
    We have deployed the keystore and truststore file on the WAS 6.1 server.
    We have also deploy our certification file on the WAS 6.1

    When we are accessing the URL. i am getting following error.

    9/28/07 11:20:27:239 IST 00000038 WSKeyStore E CWPKI0033E: The keystore located at "/usr/IBM/WebSphere6.1/AppServer/java/jre/lib/security/cacerts" failed to load due to the following error: DerInputStream.getLength(): lengthTag=109, too big..

    same as mentioned eariler.

    Please note that we have deploy all the above mentioned file on WAS 6.0.1 and it is working file.
  • archwho
    archwho
    1 Post

    Re: Consuming web service

    ‏2007-10-04T16:36:26Z  
    i am also facing with the same problem. please find the details as below.

    I have deployed certification file on the WAS 6.1.
    We have deployed the keystore and truststore file on the WAS 6.1 server.
    We have also deploy our certification file on the WAS 6.1

    When we are accessing the URL. i am getting following error.

    9/28/07 11:20:27:239 IST 00000038 WSKeyStore E CWPKI0033E: The keystore located at "/usr/IBM/WebSphere6.1/AppServer/java/jre/lib/security/cacerts" failed to load due to the following error: DerInputStream.getLength(): lengthTag=109, too big..

    same as mentioned eariler.

    Please note that we have deploy all the above mentioned file on WAS 6.0.1 and it is working file.
    This is fixed in fixpack WAS 6.1.0.11 as per: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg1PK46816
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Consuming web service

    ‏2007-10-20T02:33:00Z  
    • archwho
    • ‏2007-10-04T16:36:26Z
    This is fixed in fixpack WAS 6.1.0.11 as per: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg1PK46816
    I had WAS 6.1.0.11 and deployed my web service server. I had applied only WAS App server fix pack not Web service fix pack of 6.1.0.11. I am using the following test client that is giving an error.

    public static void main(String[] args) throws Exception {
    try {
    System.setProperty("com.ibm.ssl.trustStore", "C:\\PROJECT\\WS_SLL_TESTING\\ClientTrustStore\\ClientTrustStore.jks");
    System.setProperty("com.ibm.ssl.trustStorePassword", "sslwebsv");
    System.setProperty("com.ibm.ssl.keyStore", "C:\\PROJECT\\WS_SLL_TESTING\\ClientKeyStore\\ClientKeyStore.jks");
    System.setProperty("com.ibm.ssl.keyStorePassword", "sslwebsv");
    System.setProperty("java.protocol.handler.pkgs", "com.ibm.net.ssl.internal.www.protocol");
    Security.addProvider(new com.ibm.jsse.IBMJSSEProvider());

    RefDataUpdateLocator locator = new RefDataUpdateLocator();
    RefDataUpdateSoap proxy = locator.getRefDataUpdateSoap(new URL("https://localhost:9443/myAppURL"));

    System.out.println("----------");
    proxy.myMethod(myArgs); //PROBLEM COMES HERE
    } catch (Exception e) {
    e.printStackTrace();
    }
    }

    The above problem results the following error.

    WARNING: WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender:
    WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: WSWS3740E: Error: No SSL configuration is available for endpoint - https://localhost:9443/myAppURL
    faultActor: null
    faultDetail:

    WSWS3740E: Error: No SSL configuration is available for endpoint - https://localhost:9443/myAppURL
    at com.ibm.ws.webservices.engine.transport.security.ConfigSSLProvider.getConfig(ConfigSSLProvider.java:257)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender$2.run(HTTPSender.java:973)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.setupEffectiveSSLConfiguration(HTTPSender.java:970)

    FYI:
    If I put the URL directly in the web browser, first I see There is a problem with this website's security certificate and then if I click continue I see "Hi there, this is a Web service!". ALSO the above program works fine with http and 9080.
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Consuming web service

    ‏2008-02-19T13:26:20Z  
    I had WAS 6.1.0.11 and deployed my web service server. I had applied only WAS App server fix pack not Web service fix pack of 6.1.0.11. I am using the following test client that is giving an error.

    public static void main(String[] args) throws Exception {
    try {
    System.setProperty("com.ibm.ssl.trustStore", "C:\\PROJECT\\WS_SLL_TESTING\\ClientTrustStore\\ClientTrustStore.jks");
    System.setProperty("com.ibm.ssl.trustStorePassword", "sslwebsv");
    System.setProperty("com.ibm.ssl.keyStore", "C:\\PROJECT\\WS_SLL_TESTING\\ClientKeyStore\\ClientKeyStore.jks");
    System.setProperty("com.ibm.ssl.keyStorePassword", "sslwebsv");
    System.setProperty("java.protocol.handler.pkgs", "com.ibm.net.ssl.internal.www.protocol");
    Security.addProvider(new com.ibm.jsse.IBMJSSEProvider());

    RefDataUpdateLocator locator = new RefDataUpdateLocator();
    RefDataUpdateSoap proxy = locator.getRefDataUpdateSoap(new URL("https://localhost:9443/myAppURL"));

    System.out.println("----------");
    proxy.myMethod(myArgs); //PROBLEM COMES HERE
    } catch (Exception e) {
    e.printStackTrace();
    }
    }

    The above problem results the following error.

    WARNING: WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender:
    WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: WSWS3740E: Error: No SSL configuration is available for endpoint - https://localhost:9443/myAppURL
    faultActor: null
    faultDetail:

    WSWS3740E: Error: No SSL configuration is available for endpoint - https://localhost:9443/myAppURL
    at com.ibm.ws.webservices.engine.transport.security.ConfigSSLProvider.getConfig(ConfigSSLProvider.java:257)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender$2.run(HTTPSender.java:973)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.setupEffectiveSSLConfiguration(HTTPSender.java:970)

    FYI:
    If I put the URL directly in the web browser, first I see There is a problem with this website's security certificate and then if I click continue I see "Hi there, this is a Web service!". ALSO the above program works fine with http and 9080.
    I got around this problem by adding -Dcom.ibm.SSL.ConfigURL=file:C:\ssl.client.props to the command line of my web service client. I got ssl.client.props from the runtimes\base_v61_stub\properties\ of RAD.
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Consuming web service

    ‏2008-02-22T00:00:44Z  
    You may check out the three-part tutorial for RAD 7/WAS 6.1:
    http://www.ibm.com/developerworks/webservices/edu/ws-dw-ws-radsecurity1.html
    http://www.ibm.com/developerworks/webservices/edu/ws-dw-ws-radsecurity2.html
    http://www.ibm.com/developerworks/webservices/edu/ws-dw-ws-radsecurity3.html
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Tried everything in this thread, still no luck

    ‏2008-04-29T23:47:21Z  
    I got around this problem by adding -Dcom.ibm.SSL.ConfigURL=file:C:\ssl.client.props to the command line of my web service client. I got ssl.client.props from the runtimes\base_v61_stub\properties\ of RAD.
    I have tried everything in this thread and still no luck.

    Specifying the properties in a configuration file wtih
    -Dcom.ibm.SSL.ConfigURL=file:C:\ssl.client.props

    and on the command line

    -Djavax.net.ssl.keyStore=C:\workspace\Phase1\ConfigurationManagement\cert\keystore.ibm
    -Djavax.net.ssl.trustStore=C:\workspace\Phase1\ConfigurationManagement\cert\publicstore.jks
    -Djavax.net.ssl.trustStorePassword=xxxx
    -Djavax.net.ssl.keyStoreType=JKS
    -Djavax.net.ssl.trustStoreType=JKS
    -Djavax.net.ssl.trustStoreProvider=IBMJCE
    -Djavax.net.ssl.keyStoreProvider=IBMJCE
    -Djavax.net.debug=ssl

    Yes, my keystore name matches the file that was created with the keytool and the password matches. I am using RAD 7.x to create the client, WAS 6.x and the IBM J9 VM. The non-SSL version of my client works great. The SSL version, not so great.

    WSWS3740E: Error: No SSL configuration is available for endpoint - https://fake/url/for/security/reasons
    at com.ibm.ws.webservices.engine.transport.security.ConfigSSLProvider.getConfig(ConfigSSLProvider.java:257)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender$2.run(HTTPSender.java:973)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.setupEffectiveSSLConfiguration(HTTPSender.java:970)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:483)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:332)

    Bah! I wish I could get the source and debug into it, I can't help but feel I'm making a very obvious mistake but don't have enough information to tell what is going on.

    --
    Dan G.
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Got it

    ‏2008-04-30T23:55:30Z  
    I have tried everything in this thread and still no luck.

    Specifying the properties in a configuration file wtih
    -Dcom.ibm.SSL.ConfigURL=file:C:\ssl.client.props

    and on the command line

    -Djavax.net.ssl.keyStore=C:\workspace\Phase1\ConfigurationManagement\cert\keystore.ibm
    -Djavax.net.ssl.trustStore=C:\workspace\Phase1\ConfigurationManagement\cert\publicstore.jks
    -Djavax.net.ssl.trustStorePassword=xxxx
    -Djavax.net.ssl.keyStoreType=JKS
    -Djavax.net.ssl.trustStoreType=JKS
    -Djavax.net.ssl.trustStoreProvider=IBMJCE
    -Djavax.net.ssl.keyStoreProvider=IBMJCE
    -Djavax.net.debug=ssl

    Yes, my keystore name matches the file that was created with the keytool and the password matches. I am using RAD 7.x to create the client, WAS 6.x and the IBM J9 VM. The non-SSL version of my client works great. The SSL version, not so great.

    WSWS3740E: Error: No SSL configuration is available for endpoint - https://fake/url/for/security/reasons
    at com.ibm.ws.webservices.engine.transport.security.ConfigSSLProvider.getConfig(ConfigSSLProvider.java:257)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender$2.run(HTTPSender.java:973)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.setupEffectiveSSLConfiguration(HTTPSender.java:970)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:483)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:332)

    Bah! I wish I could get the source and debug into it, I can't help but feel I'm making a very obvious mistake but don't have enough information to tell what is going on.

    --
    Dan G.
    I was setting the JVM arguments in the wrong place.

    Here is the minimal list of JVM arguments that worked for me:

    -Djavax.net.ssl.trustStore=C:\keystore.ibm
    -Djavax.net.ssl.trustStorePassword=xxxxxx
    -Djavax.net.ssl.trustStoreType=JKS

    For debugging try adding:

    -Djavax.net.debug=ssl

    I consider the following article to be the best documentation on IBM's site regarding SSL and WAS:

    Link:IBM WAS SSL Article
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Got it

    ‏2008-06-06T21:22:02Z  
    I was setting the JVM arguments in the wrong place.

    Here is the minimal list of JVM arguments that worked for me:

    -Djavax.net.ssl.trustStore=C:\keystore.ibm
    -Djavax.net.ssl.trustStorePassword=xxxxxx
    -Djavax.net.ssl.trustStoreType=JKS

    For debugging try adding:

    -Djavax.net.debug=ssl

    I consider the following article to be the best documentation on IBM's site regarding SSL and WAS:

    Link:IBM WAS SSL Article
    Hi ,

    I got it fixed and I m able to invoke web service ,
    with following lines of code
    System.setProperty("javax.net.ssl.keyStore","c:\\temp\.keystore");
    System.setProperty("javax.net.ssl.keyStorePassword","changeit");
    System.setProperty("javax.net.ssl.keyStoreType","jks");

    Thanks for all your help,
    I appreciate it.

    Regards,
    Jeevan
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Got it

    ‏2009-06-10T11:44:29Z  
    Hi ,

    I got it fixed and I m able to invoke web service ,
    with following lines of code
    System.setProperty("javax.net.ssl.keyStore","c:\\temp\.keystore");
    System.setProperty("javax.net.ssl.keyStorePassword","changeit");
    System.setProperty("javax.net.ssl.keyStoreType","jks");

    Thanks for all your help,
    I appreciate it.

    Regards,
    Jeevan
    PivotHandlerW W org.apache.commons.logging.impl.Jdk14Logger warn WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender: WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: WSWS3713E: Connection to the remote host 20.198.72.43 failed.Received the following error: Connection refused: no further information
    faultActor: null
    faultDetail:

    WSWS3713E: Connection to the remote host 20.198.72.43 failed.Received the following error: Connection refused: no further information

    I read somewhere that by setting
    System.setProperty("javax.net.ssl.keyStore","c:\\temp\.keystore");
    System.setProperty("javax.net.ssl.keyStorePassword","changeit");
    System.setProperty("javax.net.ssl.keyStoreType","jks");

    properties the 'com.ibm.ws.webservices.engine.transport.http.HTTPSender' error was resolved. Please let me know the exact steps
  • Phoenix
    Phoenix
    1 Post

    Re: Got it

    ‏2009-12-07T08:03:38Z  
    PivotHandlerW W org.apache.commons.logging.impl.Jdk14Logger warn WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender: WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: WSWS3713E: Connection to the remote host 20.198.72.43 failed.Received the following error: Connection refused: no further information
    faultActor: null
    faultDetail:

    WSWS3713E: Connection to the remote host 20.198.72.43 failed.Received the following error: Connection refused: no further information

    I read somewhere that by setting
    System.setProperty("javax.net.ssl.keyStore","c:\\temp\.keystore");
    System.setProperty("javax.net.ssl.keyStorePassword","changeit");
    System.setProperty("javax.net.ssl.keyStoreType","jks");

    properties the 'com.ibm.ws.webservices.engine.transport.http.HTTPSender' error was resolved. Please let me know the exact steps
    OMG, I meet the same problem. It makes me crazy... Here is the errors, Help! Help!

    Dec 7, 2009 3:50:39 PM com.ibm.ws.webservices.engine.PivotHandlerWrapper invoke
    WARNING: WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender:
    Throwable occurred: WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.186.110.76/sdk/vimService
    faultActor: null
    faultDetail:

    WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.186.110.76/sdk/vimService
    at com.ibm.ws.webservices.engine.transport.security.ConfigSSLProvider.getConfig(ConfigSSLProvider.java:257)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender$2.run(HTTPSender.java:992)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.setupEffectiveSSLConfiguration(HTTPSender.java:989)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:494)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:336)
    at com.ibm.ws.webservices.engine.client.Connection.invokeEngine(Connection.java:860)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:711)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:662)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:484)
    at com.ibm.ws.webservices.engine.client.Stub$Invoke.invoke(Stub.java:947)
    at vim25.VimBindingStub.retrieveServiceContent(VimBindingStub.java:24747)
  • SystemAdmin
    SystemAdmin
    1009 Posts

    JKS vs PKCS

    ‏2009-12-08T11:59:01Z  
    • Phoenix
    • ‏2009-12-07T08:03:38Z
    OMG, I meet the same problem. It makes me crazy... Here is the errors, Help! Help!

    Dec 7, 2009 3:50:39 PM com.ibm.ws.webservices.engine.PivotHandlerWrapper invoke
    WARNING: WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender:
    Throwable occurred: WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.186.110.76/sdk/vimService
    faultActor: null
    faultDetail:

    WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.186.110.76/sdk/vimService
    at com.ibm.ws.webservices.engine.transport.security.ConfigSSLProvider.getConfig(ConfigSSLProvider.java:257)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender$2.run(HTTPSender.java:992)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.setupEffectiveSSLConfiguration(HTTPSender.java:989)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:494)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:336)
    at com.ibm.ws.webservices.engine.client.Connection.invokeEngine(Connection.java:860)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:711)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:662)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:484)
    at com.ibm.ws.webservices.engine.client.Stub$Invoke.invoke(Stub.java:947)
    at vim25.VimBindingStub.retrieveServiceContent(VimBindingStub.java:24747)
    In case it helps, I found that WAS7.0 seems to asume that the SSL Trust Store type is PKCS12 (rather than JKS).
    If you are setting the SSL Trust Store anywhere, then please try creating it as a PKCS12 type - it's almost the same as creating a JKS file if using gsk7cmd or similar.

    I tried setting custom properties (such as the javax.net.ssl.trustStoreType) to JKS, but it didn't seem to work, only creating the trust store as PKCS solved the problems I had.
  • aulia
    aulia
    2 Posts

    Re: Got it

    ‏2010-06-08T19:33:47Z  
    • Phoenix
    • ‏2009-12-07T08:03:38Z
    OMG, I meet the same problem. It makes me crazy... Here is the errors, Help! Help!

    Dec 7, 2009 3:50:39 PM com.ibm.ws.webservices.engine.PivotHandlerWrapper invoke
    WARNING: WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender:
    Throwable occurred: WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.186.110.76/sdk/vimService
    faultActor: null
    faultDetail:

    WSWS3740E: Error: No SSL configuration is available for endpoint - https://9.186.110.76/sdk/vimService
    at com.ibm.ws.webservices.engine.transport.security.ConfigSSLProvider.getConfig(ConfigSSLProvider.java:257)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender$2.run(HTTPSender.java:992)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.setupEffectiveSSLConfiguration(HTTPSender.java:989)
    at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:494)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
    at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:336)
    at com.ibm.ws.webservices.engine.client.Connection.invokeEngine(Connection.java:860)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:711)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:662)
    at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:484)
    at com.ibm.ws.webservices.engine.client.Stub$Invoke.invoke(Stub.java:947)
    at vim25.VimBindingStub.retrieveServiceContent(VimBindingStub.java:24747)
    same problem here.... anyone please, any ideas????

    SOA Tutorial
  • Charlie808
    Charlie808
    2 Posts

    Re: Got it

    ‏2010-06-23T16:10:06Z  
    • aulia
    • ‏2010-06-08T19:33:47Z
    same problem here.... anyone please, any ideas????

    SOA Tutorial
    WOW no one has figured this out yet? Has anyone from IBM tried to fix it? I am having the same problem with the web services too. I have been looking all over the internet for something that would give me a clue as to how to fix the error. My brain is going to explode, the frustrations of developing...Let me know when someone figures it out.
  • abhisekjana
    abhisekjana
    1 Post

    Re: Consuming web service hosted over SSL

    ‏2010-08-18T20:18:36Z  
    Hi ,
    I was trying the same thing.I had a webservice deployed over SSL. I was able to easily invoke that from a web app (in WAS 6.1 you can import the cert, its a 10 sec task to setup the cert in WAS 6.1 and does not require any additional line of code http://Let me know if anyone needs any help on that.)

    Then I had to call the same webservice from a standalone Java program. I had the server certificate file, so if you dont have it first get that. I got it as "server.cer" file.

    Then created a trust Store for my client using the ikeyman.bat provided by IBM, added the server.cer to the trust Store. After that used following code to call the service. (IBM docs says that the thin client does not work with Sun JDK but I have tested and it worked fine, may be they have released a patch)

    System.setProperty("com.ibm.ssl.performURLHostNameVerification", "true");

    System.setProperty("javax.net.ssl.trustStore","C:\\temp\\clienttrust.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "1234");
    System.setProperty("javax.net.ssl.trustStoreType","jks");
    System.setProperty("java.protocol.handler.pkgs","com.ibm.net.ssl.internal.www.protocol"); // You dont really need this. Try without this also.

    You dont need to setup a key store.

    Let me know whether this works for you.
  • Pankajnu
    Pankajnu
    1 Post

    Re: Consuming web service

    ‏2011-02-01T19:13:02Z  
    I faced almost all of the problems mentioned in this thread in my standalone client. I took inputs from the thread and errors kept on disappearing. This is what I have finally (which works) -

    System.setProperty("javax.net.ssl.trustStore", "C:/Program Files/IBM/SDP70/runtimes/base_v61/profiles/AppSrv01/etc/DummyServerTrustFile.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "WebAs");
    System.setProperty("javax.net.ssl.trustStoreType","jks");
    System.setProperty("javax.net.ssl.keyStore", "C:/Program Files/IBM/SDP70/runtimes/base_v61/profiles/AppSrv01/etc/DummyServerKeyFile.jks");
    System.setProperty("javax.net.ssl.keyStorePassword", "WebAs");
    System.setProperty("javax.net.ssl.keyStoreType","jks");

    System.setProperty("java.protocol.handler.pkgs", "com.ibm.net.ssl.internal.www.protocol");
    Security.addProvider(new com.ibm.jsse.IBMJSSEProvider());

    System.setProperty("com.ibm.ssl.performURLHostNameVerification", "true");

    //Setting Type to jks really helps (somebody mentioned for RAD7/WAS6.1 default is not jks)
  • SystemAdmin
    SystemAdmin
    1009 Posts

    Re: Consuming web service

    ‏2011-09-06T20:13:07Z  
    • Pankajnu
    • ‏2011-02-01T19:13:02Z
    I faced almost all of the problems mentioned in this thread in my standalone client. I took inputs from the thread and errors kept on disappearing. This is what I have finally (which works) -

    System.setProperty("javax.net.ssl.trustStore", "C:/Program Files/IBM/SDP70/runtimes/base_v61/profiles/AppSrv01/etc/DummyServerTrustFile.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "WebAs");
    System.setProperty("javax.net.ssl.trustStoreType","jks");
    System.setProperty("javax.net.ssl.keyStore", "C:/Program Files/IBM/SDP70/runtimes/base_v61/profiles/AppSrv01/etc/DummyServerKeyFile.jks");
    System.setProperty("javax.net.ssl.keyStorePassword", "WebAs");
    System.setProperty("javax.net.ssl.keyStoreType","jks");

    System.setProperty("java.protocol.handler.pkgs", "com.ibm.net.ssl.internal.www.protocol");
    Security.addProvider(new com.ibm.jsse.IBMJSSEProvider());

    System.setProperty("com.ibm.ssl.performURLHostNameVerification", "true");

    //Setting Type to jks really helps (somebody mentioned for RAD7/WAS6.1 default is not jks)
    This was a great help for me, thank you. I am now trying to hit WebSphere on a Linux server from my client. How would I set the properties for the trust and key store for the linux Server? I am getting malformedURL - no protocol. I know where the files are on the machine - just not sure how to point to them from my client.
  • santy2410
    santy2410
    1 Post

    Re: Consuming web service

    ‏2011-10-28T13:34:30Z  
    • Pankajnu
    • ‏2011-02-01T19:13:02Z
    I faced almost all of the problems mentioned in this thread in my standalone client. I took inputs from the thread and errors kept on disappearing. This is what I have finally (which works) -

    System.setProperty("javax.net.ssl.trustStore", "C:/Program Files/IBM/SDP70/runtimes/base_v61/profiles/AppSrv01/etc/DummyServerTrustFile.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "WebAs");
    System.setProperty("javax.net.ssl.trustStoreType","jks");
    System.setProperty("javax.net.ssl.keyStore", "C:/Program Files/IBM/SDP70/runtimes/base_v61/profiles/AppSrv01/etc/DummyServerKeyFile.jks");
    System.setProperty("javax.net.ssl.keyStorePassword", "WebAs");
    System.setProperty("javax.net.ssl.keyStoreType","jks");

    System.setProperty("java.protocol.handler.pkgs", "com.ibm.net.ssl.internal.www.protocol");
    Security.addProvider(new com.ibm.jsse.IBMJSSEProvider());

    System.setProperty("com.ibm.ssl.performURLHostNameVerification", "true");

    //Setting Type to jks really helps (somebody mentioned for RAD7/WAS6.1 default is not jks)
    I have developed client using Myeclipse 9.1. It works fine without ssl. For ssl I tried all options available on this thread. Still getting the same error WSWS3740E: Error: No SSL configuration is available for endpoint. Iam using WAS 7.0. Developed jax-rpc based web service. Can anyone suggest what needs to be done
  • JediProgrammer
    JediProgrammer
    1 Post

    Re: Got it

    ‏2014-04-01T20:42:39Z  
    I was setting the JVM arguments in the wrong place.

    Here is the minimal list of JVM arguments that worked for me:

    -Djavax.net.ssl.trustStore=C:\keystore.ibm
    -Djavax.net.ssl.trustStorePassword=xxxxxx
    -Djavax.net.ssl.trustStoreType=JKS

    For debugging try adding:

    -Djavax.net.debug=ssl

    I consider the following article to be the best documentation on IBM's site regarding SSL and WAS:

    Link:IBM WAS SSL Article

    I got it to work after reading the article as mentioned in the post that I am replying to. 

    "IBM WebSphere Developer Technical Journal: Using the Java Secure Socket Extension in WebSphere Application Server"

    http://www.ibm.com/developerworks/websphere/techjournal/0502_benantar/0502_benantar.html

    It really makes it easy to understanding what your looking at on this post.