Axis2/Rampart Client Self-Signed Certificates

Question

I'm trying to access a web service using a secure client.

I generated two files:

nb19200.pkcs12

server.jks

I pasted the server keystore in tomcat and uploaded the pkcs12 to my browser, everything works well.

Now, in my client application, I tried the following:

First, export the server certificate, I used the following command:

keytool -exportcert -alias servercert -file servercert.cer -keystore server.jks -storepass **

And then import it onto a keystore with nothing in there:

keytool -importcert -keystore truststore.jks -alias servercert -file servercert.cer -v trustcacerts -noprompt -storepass ***

My code is the following:

    System.setProperty("javax.net.ssl.trustStore","servertrust.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");

    //To be able to load the client configuration from axis2.xml
    ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("client-repo", null);

    SecureServiceStub stub = new SecureServiceStub(ctx,"https://localhost:8443/axis2/services/SecureService");

    ServiceClient sc = stub._getServiceClient();

    sc.engageModule("rampart");

    //call the service etc.

Ok, with this configuration I get the following error:

Caused by: java.net.SocketException: Connection closed by remote host

If I comment the first two lines, the error I get is:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

So what am I doing wrong?

I'm completely lost.

Update full code:

http://pastebin.com/8xTYK3tY

Stack trace:

Exception in thread "main" org.apache.axis2.AxisFault: Connection refused: connect
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at tutorial.rampart.client.SecureServiceStub.add(SecureServiceStub.java:191)
at tutorial.rampart.client.SecureServiceCGClient.main(SecureServiceCGClient.java:36)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:564)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)

Answer 1

I found the solution.

I was missing this:

System.setProperty("javax.net.ssl.keyStore","keys/client.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");

Answer 2

Look at the line where you define the keystore path:

System.setProperty("javax.net.ssl.trustStore","servertrust.jks");

But you mentioned that the file name is server.jks. So if that is the case that is why the code cannot find the proper cert file.

UPDATE:

When using ssl (https) the server searches for the right certificate accroding to the 'CN'. The CN must be equal to the name of the host. According to the URL you posted i see you are using localhost, so you have to make the CN equals to your machine name (You can see it by right click My computer->propeties).

Answer 3

Please make sure the service is listening on the port 8443. Check the URL https://localhost:8443/axis2/services/SecureService exist. You can try this URL https://localhost:8443/axis2/services/SecureService?wsdl and see if you can get the WSDL of the service from that URL