Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
15 replies Latest Post - ‏2010-06-13T20:08:37Z by irriduxibili
SystemAdmin
SystemAdmin
2262 Posts
ACCEPTED ANSWER

Pinned topic Problems accessing a HTTPS Webservice

‏2008-02-19T17:58:33Z |
I'm trying to invoke a webservice using a generated proxy in a java main.

System.setProperty("com.ibm.ssl.contextProvider", "IBMJSSE2");
System.setProperty("com.ibm.ssl.protocol", "SSLv3");
System.setProperty("com.ibm.ssl.trustStoreType", "JKS");
System.setProperty("com.ibm.ssl.trustStore", "C://myTrust.jks");
System.setProperty("com.ibm.ssl.trustStorePassword", "secret1");
System.setProperty("java.protocol.handler.pkgs", "com.ibm.ssl.internal.www.protocol");

System.setProperty("javax.net.debug", "ssl,handshake,data,trustmanager");

...

The error
Feb 19, 2008 11:44:28 AM com.ibm.ws.ssl.config.SSLConfigManager
INFO: ssl.disable.url.hostname.verification.CWPKI0027I
Feb 19, 2008 11:44:29 AM com.ibm.ws.webservices.engine.PivotHandlerWrapper invoke
WARNING: WSWS3734W: Warning: Exception caught from invocation to com.ibm.ws.webservices.engine.transport.http.HTTPSender:
WebServicesFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultString: WSWS3740E: Error: No SSL configuration is available for endpoint - https://psa.tz.net/qa/psaserver.asmx
faultActor: null
faultDetail:

WSWS3740E: Error: No SSL configuration is available for endpoint -

Please help.
Updated on 2010-06-13T20:08:37Z at 2010-06-13T20:08:37Z by irriduxibili
  • SystemAdmin
    SystemAdmin
    2262 Posts
    ACCEPTED ANSWER

    Re: Problems accessing a HTTPS Webservice

    ‏2008-02-20T17:49:24Z  in response to SystemAdmin
    Thanks to another post.
    I got around this problem by commenting all the sets of System.setProperty and added -

    System.setProperty("com.ibm.SSL.ConfigURL", "file:C:
    Program Files\\IBM\\SDP70\\runtimes\\base_v61_stub\\properties
    ssl.client.props");

    Edited the ssl.client.props and set the following option to true

    com.ibm.ssl.enableSignerExchangePrompt=true

    It works.
    • websphere6.1user
      websphere6.1user
      16 Posts
      ACCEPTED ANSWER

      Re: Problems accessing a HTTPS Webservice

      ‏2008-04-01T14:58:53Z  in response to SystemAdmin
      Hi,

      it is not working for me. my requirement is need to access the other web service and the client proxy for the webservice is generated by the was 6.1.
      • SystemAdmin
        SystemAdmin
        2262 Posts
        ACCEPTED ANSWER

        Re: Problems accessing a HTTPS Webservice

        ‏2008-04-02T03:50:58Z  in response to websphere6.1user
        I would suggest posting in the websphere security forum. They should be able to help you with the Websphere setup.
        • websphere6.1user
          websphere6.1user
          16 Posts
          ACCEPTED ANSWER

          Re: Problems accessing a HTTPS Webservice

          ‏2008-04-02T09:40:58Z  in response to SystemAdmin
          Hi,

          I need to access a web service from my application. my application is deployed in was 6.1. i got the certificate from the provider. i added the below snippet code before calling the web service.

          System.setProperty("javax.net.ssl.trustStore","c:\\Bank_Test_Merchant
          dexitrust");
          System.setProperty("javax.net.ssl.trustStorePassword", "xxx");
          System.setProperty("javax.net.ssl.keyStore","c:\\Bank_Test_Merchant
          Bank_Test_Merchant.pfx");
          System.setProperty("javax.net.ssl.keyStorePassword", "xxxx");
          //System.setProperty("java.protocol.handler.pkgs","com.ibm.net.ssl.internal.www.protocol");
          System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");

          i am getting the following error. when i am trying to run this.,

          Connection to the remote host xxx.xxx.xxx.xxx failed.Received the following error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

          the same application i am able to access using AXIS and tomcat. but the same is not working for me in WAS.

          this is difference i found for the two things. for Tomcat i included the certificate in cacerts by using keytool. the same i havent done for was. is it causing the problem. please help me i trying to solve this issue since 15 days.
          • SystemAdmin
            SystemAdmin
            2262 Posts
            ACCEPTED ANSWER

            Re: Problems accessing a HTTPS Webservice

            ‏2008-04-02T16:36:52Z  in response to websphere6.1user
            It appears that the signer of the cerificate is not in your trust file.
            Use the setting
            com.ibm.ssl.enableSignerExchangePrompt=true
            which will automatically add the signer to your cacerts file.
            I'm not sure how you'd set it if you are not using the ssl.client.props file.

            Use ikeyman to view your signer certificates.
            Another option is to use ikeyman and import your downloaded certificate, maybe the signer will be place automatically.

            Good luck. I know it is frustrating.
            • websphere6.1user
              websphere6.1user
              16 Posts
              ACCEPTED ANSWER

              Re: Problems accessing a HTTPS Webservice

              ‏2008-04-04T07:29:20Z  in response to SystemAdmin
              I imported the signer certificate using retrieve from port. and i saw that the trust.p12was modified after that change. i am not getting new error.
              WSWS3713E: Connection to the remote host XXX.XXX.XXX.XXX failed.Received the following error: java.io.IOException: Unable to verify MAC.
              at com.ibm.ws.webservices.engine.transport.http.HttpOutboundChannelConnection.connect(HttpOutboundChannelConnection.java:752)
              at com.ibm.ws.webservices.engine.transport.http.HttpsOutboundChannelConnection.connect(HttpsOutboundChannelConnection.java:210)
              at com.ibm.ws.webservices.engine.transport.channel.OutboundConnectionGroup.createConnection(OutboundConnectionGroup.java:133)
              at com.ibm.ws.webservices.engine.transport.channel.OutboundConnectionCache.findGroupAndGetConnection(OutboundConnectionCache.java:331)
              at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:510)
              at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
              at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
              at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
              at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:332)
              at com.ibm.ws.webservices.engine.client.Connection.invokeEngine(Connection.java:738)
              at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:659)
              at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:617)
              at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:452)
              at com.ibm.ws.webservices.engine.client.Stub$Invoke.invoke(Stub.java:908)
              at ae.comtrust.sdes.DateExchangeServiceIFBindingStub.exchangeMessage(DateExchangeServiceIFBindingStub.java:87)
              at ae.comtrust.sdes.DateExchangeServiceIFProxy.exchangeMessage(DateExchangeServiceIFProxy.java:64)
              at com.servion.nib.host.etisalat.ConnectEtisalatCheck.proccessEtisalatReq(ConnectEtisalatCheck.java:112)
              at com.servion.nib.host.etisalat.TestEtisalat.main(TestEtisalat.java:25)

              and these are the below properties are available in ther log before secure call..

              com.ibm.ssl.keyStorePassword = ******
              com.ibm.ssl.keyStoreScope = client
              com.ibm.ssl.daysBeforeExpireWarning = 60
              com.ibm.ssl.trustStoreFileBased = true
              com.ibm.ssl.keyStoreName = DefaultSystemProperties_key
              com.ibm.ssl.keyStoreUseForAcceleration = false
              com.ibm.ssl.trustStoreReadOnly = false
              com.ibm.ssl.contextProvider = IBMJSSE2
              com.ibm.ssl.keyStoreFileBased = true
              com.ibm.ssl.alias = DefaultSystemProperties
              com.ibm.ssl.keyManager = IbmX509
              com.ibm.ssl.keyStore = C:/Program Files/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/UAEDXBPDCEPAY01Node01Cell/nodes/UAEDXBPDCEPAY01Node01/key.p12
              com.ibm.ssl.trustStoreInitializeAtStartup = false
              com.ibm.ssl.keyStoreType = PKCS12
              com.ibm.ssl.clientAuthentication = false
              com.ibm.ssl.trustStoreProvider = IBMJCE
              com.ibm.ssl.keyStoreInitializeAtStartup = false
              com.ibm.ssl.trustStore = C:/Program Files/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/UAEDXBPDCEPAY01Node01Cell/nodes/UAEDXBPDCEPAY01Node01/trust.p12
              com.ibm.ssl.trustStorePassword = ******
              com.ibm.ssl.protocol = SSL_TLS
              com.ibm.ssl.trustManager = IbmX509
              com.ibm.ssl.tokenEnabled = false
              com.ibm.ssl.trustStoreName = DefaultSystemProperties_trust
              com.ibm.ssl.keyStoreCreateCMSStash = true
              com.ibm.ssl.trustStoreCreateCMSStash = true
              com.ibm.ssl.trustStoreUseForAcceleration = false
              com.ibm.ssl.keyStoreReadOnly = false
              com.ibm.ssl.securityLevel = HIGH
              com.ibm.ssl.trustStoreScope = client
              com.ibm.ssl.trustStoreType = PKCS12
              com.ibm.ssl.validationEnabled = false
              com.ibm.ssl.keyStoreProvider = IBMJCE
              com.ibm.ssl.configURLLoadedFrom = System Properties

              let me know any of the properties needs to be change.

              This is the code snippet what i am using to connect secure web service.

              System.setProperty("javax.net.ssl.trustStore","C:
              Program Files\\IBM\\WebSphere\\AppServer\\profiles\\AppSrv01\\config\\cells\\UAEDXBPDCEPAY01Node01Cell\\nodes\\UAEDXBPDCEPAY01Node01
              trust.p12");
              System.setProperty("javax.net.ssl.trustStorePassword", "123456");
              System.setProperty("javax.net.ssl.keyStore","C:
              Program Files\\IBM\\WebSphere\\AppServer\\profiles\\AppSrv01\\config\\cells\\UAEDXBPDCEPAY01Node01Cell\\nodes\\UAEDXBPDCEPAY01Node01
              key.p12");
              System.setProperty("javax.net.ssl.keyStorePassword", "123456");
              //System.setProperty("java.protocol.handler.pkgs","com.ibm.net.ssl.internal.www.protocol");
              System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
              System.setProperty("com.ibm.ssl.enableSignerExchangePrompt", "true");
              • websphere6.1user
                websphere6.1user
                16 Posts
                ACCEPTED ANSWER

                Re: Problems accessing a HTTPS Webservice

                ‏2008-04-23T15:01:29Z  in response to websphere6.1user
                hi,

                i have imported the certificate into trust.p12. after that i am trying to access the service. i am getting the below error. it seems that the certificate is not installed or properly or any thing else. please help me to solve this issue.

                .Received the following error: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
                at com.ibm.ws.webservices.engine.transport.http.HttpOutboundChannelConnection.connect(HttpOutboundChannelConnection.java:752)
                at com.ibm.ws.webservices.engine.transport.http.HttpsOutboundChannelConnection.connect(HttpsOutboundChannelConnection.java:210)
                at com.ibm.ws.webservices.engine.transport.channel.OutboundConnectionGroup.createConnection(OutboundConnectionGroup.java:133)
                at com.ibm.ws.webservices.engine.transport.channel.OutboundConnectionCache.findGroupAndGetConnection(OutboundConnectionCache.java:331)
                at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:510)
                at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
                at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
                at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:227)
                at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:332)
                at com.ibm.ws.webservices.engine.client.Connection.invokeEngine(Connection.java:738)
                at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:659)
                at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:617)
                at com.ibm.ws.webservices.engine.client.Connection.invoke(Connection.java:452)
                at com.ibm.ws.webservices.engine.client.Stub$Invoke.invoke(Stub.java:908)
                at ae.comtrust.sdes.DateExchangeServiceIFBindingStub.exchangeMessage(DateExchangeServiceIFBindingStub.java:87)
                at ae.comtrust.sdes.DateExchangeServiceIFProxy.exchangeMessage(DateExchangeServiceIFProxy.java:64)
                at com.servion.nib.host.etisalat.ConnectEtisalatCheck.proccessEtisalatReq(ConnectEtisalatCheck.java:111)
                at com.servion.nib.host.etisalat.TestEtisalat.main(TestEtisalat.java:25)
                • SystemAdmin
                  SystemAdmin
                  2262 Posts
                  ACCEPTED ANSWER

                  Re: Problems accessing a HTTPS Webservice

                  ‏2008-04-24T19:57:27Z  in response to websphere6.1user
                  Turn on JSSE tracing via Websphere, so that we can see the certificate(s) involved.
                  • websphere6.1user
                    websphere6.1user
                    16 Posts
                    ACCEPTED ANSWER

                    Re: Problems accessing a HTTPS Webservice

                    ‏2008-04-25T08:14:58Z  in response to SystemAdmin
                    hi,

                    i have enabled the JSSE trace. i am able to see the certificate detials in the trace. i am atatching the trace here. this is the certificate i installed using retreive port option in web admin.

                    4/25/08 12:08:14:687 GST 0000000a SystemOut O adding as trusted cert:
                    4/25/08 12:08:14:687 GST 0000000a SystemOut O Subject: CN=sdes.comtrust.ae, OU=eCompany, O=Etisalat, ST=AUH, L=AUH, C=AE
                    4/25/08 12:08:14:687 GST 0000000a SystemOut O Issuer: CN=Comtrust Server Certification Authority, OU=Etisalat eBusiness Services, O=Etisalat, C=AE
                    4/25/08 12:08:14:687 GST 0000000a SystemOut O Algorithm: RSA; Serial number: 0x93c
                    4/25/08 12:08:14:687 GST 0000000a SystemOut O Valid from Sun Jan 13 12:55:56 GST 2008 until Wed Jan 13 12:55:56 GST 2010

                    Attachments

                    • SystemAdmin
                      SystemAdmin
                      2262 Posts
                      ACCEPTED ANSWER

                      Re: Problems accessing a HTTPS Webservice

                      ‏2008-04-25T20:25:53Z  in response to websphere6.1user
                      Hi!

                      The JSSE trace is not complete. The failure is not shown in the trace provided. Also, please make sure the beginning of the trace is provided, which shows the JSSE build information.

                      Thanks.
                      • websphere6.1user
                        websphere6.1user
                        16 Posts
                        ACCEPTED ANSWER

                        Re: Problems accessing a HTTPS Webservice

                        ‏2008-04-28T05:34:50Z  in response to SystemAdmin
                        hi,

                        i have attached the full systemout.log for u reference

                        Attachments

                        • SystemAdmin
                          SystemAdmin
                          2262 Posts
                          ACCEPTED ANSWER

                          Re: Problems accessing a HTTPS Webservice

                          ‏2008-04-28T19:59:21Z  in response to websphere6.1user
                          I am sorry. The trace is not in the log. Did the trace wrap?
                          • SystemAdmin
                            SystemAdmin
                            2262 Posts
                            ACCEPTED ANSWER

                            Re: Problems accessing a HTTPS Webservice

                            ‏2008-04-28T19:59:56Z  in response to SystemAdmin
                            Actually, I meant to say that the exception is not in the log. Everything looks fine in the trace provided.
                            • websphere6.1user
                              websphere6.1user
                              16 Posts
                              ACCEPTED ANSWER

                              Re: Problems accessing a HTTPS Webservice

                              ‏2008-04-30T16:46:20Z  in response to SystemAdmin
                              hi,

                              i am able to communicate the same service form SUN JDK and tomcat and i am facing the problem in IBM WAS 6.1. i am using the below code snippet for ssl in my code

                              System.setProperty("javax.net.ssl.trustStore","c:
                              Bank_Test_Merchant
                              dexitrust");

                              System.setProperty("javax.net.ssl.trustStorePassword", "123456");

                              System.setProperty("javax.net.ssl.keyStore","c:
                              Bank_Test_Merchant
                              Bank_Test_Merchant.pfx");

                              System.setProperty("javax.net.ssl.keyStorePassword", "123456");

                              System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
                              but when i am using these certificates IBM WAS is throwing certificate length is too big. Later i came to know that IBM WAS is allows only .p12 format. can u let me know how to solve this issue.