Bidvertiser

Friday, November 15, 2013

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed - Axis2

I was recently working on writing some client code which makes multiple webservices calls.  The stubs for both my client were generated using Axis2.  I had to make requests to 2 different services, where one of the service was serving a dummy SSL certificate and the other one was serving a valid SSL certificate.

I landed up getting the following exception,
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)

Here are the steps I took to overcome this error,

Bypass SSL security check
I googled and got several links on how to bypass the SSL security check in Java.  Most of them were suggesting to use XTrustProvider.install() to turn off SSL check.  After implementing this solution the error went away if I invoked only the service which was serving a dummy SSL certificate. When I tried  using both the services I again got caught with the same exception,  though I tried ignoring the SSL check in the 2nd service.  Axis2 actually for some reason "reuses" or caches the security certificate and the SSL socket factory is singleton. So use this class only if you are using a single service.

XTrustProvider.java
Loading the certificate to the "trust store"
Use the following InstallCert.java to generate your certificate and tell your SSL socket factory to use this trust store like this.  Note:  Add this line before the call to your first service,  else you will end up in the same exception.
InstallCert.java

No comments:

Post a Comment