5 Replies Latest reply: Sep 5, 2012 8:20 AM by EJP RSS

    Trouble connecting with SSL

      I'm trying to connect to a server that is using ssl and I need to use custom jks and cacerts.
      My program is running from a weblogic 10.3.6 server as a JAX-WS web service.

      I have tried this before and got it to work using:

      System.getProperties().put("javax.net.ssl.keyStore", "C:\\Oracle\\WebService\\sf.jks" );
      System.getProperties().put("javax.net.ssl.keyStorePassword", "changeit");
      System.getProperties().put("javax.net.ssl.trustStore", "C:\\Oracle\\WebService\\cacerts");
      System.getProperties().put("javax.net.ssl.trustStorePassword", "changeit");

      When I run the program I get the following in the Logs

      <Aug 27, 2012 11:54:34 AM EDT> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file C:\Oracle\WEBLOG~1.3\WLSERV~1.3\server\lib\DemoIdentity.jks.>
      <Aug 27, 2012 11:54:34 AM EDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\WEBLOG~1.3\WLSERV~1.3\server\lib\DemoTrust.jks.>
      <Aug 27, 2012 11:54:34 AM EDT> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\WEBLOG~1.3\JDK160~2\jre\lib\security\cacerts.>

      it looks like it is looking at the wrong certificate files. Why is it looking there? How can I change it? Remember I do not need weblogic running in SSL I just need it to connect to another server that is running SSL.

      I went to the boot.properties of the server domain and added the keystore and truststore to there. However I mentioned that they were not in the config.xml so it will ignore them and reject all ssl connections.

      I'm doing lots of things wrong - hopefully someone can help guide me.
        • 1. Re: Trouble connecting with SSL
          go to the weblogic console, select your server instance, select keystores and specify custom identity and custom trust. then you will be able to specify your own keystores to be used.
          • 2. Re: Trouble connecting with SSL
            Now weblogic uses the correct keystore/truststore but it will still not authenticate.
            I went ahead and turned on ssl debug using System.setProperty("javax.net.debug", "ssl");

            This means it matched up my certificates correct?
            Found trusted certificate:
              Version: V3
              Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
              Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
              Key:  Sun RSA public key, 2048 bits
              modulus: 19420289231323388569960227299938029487260953720447310437792509462236918786001726710037662040142546936643383523519471181931421354900828966157275086870489113167601020396250837724824834670587761094193107304459368809454342396480252964212551519641362201854059195462030735724247518710841251607054761952024256025328317574319396559696366648486603251729681574618309047101766856598247950985466506275175603891651337749124013354590800286313362688501148167815365426651008525147157735317938872953557529181087878342294862718402867302038415452886538771327296068032686022231714018850424451972237766086616343007466085093679916429749574
              public exponent: 65537
              Validity: [From: Sun Feb 07 19:00:00 EST 2010,
                           To: Fri Feb 07 18:59:59 EST 2020]
              Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
              SerialNumber: [    641be820 ce020813 f32d4d2d 94d67e67]
            I do not understand why this connects fine when not loaded into a web service. But as soon as I make the calls from within the webservice authentication fails going through the proxy.
            • 3. Re: Trouble connecting with SSL
              Please post the stack trace. 'Will not authenticate' is too vague to be useful.
              • 4. Re: Trouble connecting with SSL
                I will also try to explain the issue better:

                I have a project we will call Proxy, this project connects to a remote webservice over SSL, sends a SOAP query and then gets a SOAP response back. Proxy connects to the webservice and receives the correct response from the webservice.
                Then I went ahead and created a new JAX-WS webservice we will call ContactWS.
                This ContactWS project gets called and creates a query that will run through the Proxy project.
                The Proxy project has been packed into a JAR and added as a library to the ContactWS project.

                ContactWS gets loaded to a Web Logic 10.3.3 server and can receive requests.
                When I send data to ContactWS to query through Proxy the trouble begins.

                When Proxy logs into the remote webservice to query data, the login process fails. This is the same Proxy project that connects and query's data perfectly fine when not running from ContactWS.

                I thought that ContactWS was not using my trustStore and keyStore properly - but I am fairly sure it does ( not 100% )

                I set the trustStore and keyStore locations and password using System.setProperty(..., ...); in the Proxy project.

                The error I get is from the company's endpoint that funnels all traffic to the remote webservice. It is a "Policy Falsified, Authentication Required" SOAP response.

                I also tried taking another approach to the problem by exporting the Proxy project as an executable jar and then I used Process Builder to launch the jar with command line arguments to run the query. This worked fine but is not really an acceptable solution.

                javax.xml.ws.soap.SOAPFaultException: Policy Falsified
                     at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
                     at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:130)
                     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
                     at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
                     at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:135)
                     at $Proxy123.login(Unknown Source)
                     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at weblogic.wsee.jaxws.spi.ClientInstance$ClientInstanceInvocationHandler.invoke(ClientInstance.java:363)
                     at $Proxy124.login(Unknown Source)
                     at com.company.sforce.SalesforceClient.<init>(SalesforceClient.java:161)
                     at myservicemethods.ServiceMethodsService_ServiceMethodsImpl.sendQuery(ServiceMethodsService_ServiceMethodsImpl.java:50)
                     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:92)
                     at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:74)
                     at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:151)
                     at com.sun.xml.ws.server.sei.EndpointMethodHandlerImpl.invoke(EndpointMethodHandlerImpl.java:265)
                     at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:100)
                     at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)
                     at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)
                     at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)
                     at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)
                     at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:373)
                     at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:524)
                     at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:255)
                     at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140)
                     at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:208)
                     at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:310)
                     at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:223)
                     at weblogic.wsee.jaxws.JAXWSServlet.doPost(JAXWSServlet.java:124)
                     at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
                     at weblogic.wsee.jaxws.JAXWSServlet.service(JAXWSServlet.java:79)
                     at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
                     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
                     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
                     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
                     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
                     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3686)
                     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
                     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
                     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
                     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
                     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
                     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
                     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
                     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
                Edited by: 948165 on Sep 5, 2012 5:12 AM
                • 5. Re: Trouble connecting with SSL
                  You received and parsed a SOAP response, so there is certainly nothing wrong with your SSL. It's working perfectly.