Use keystore file to run client for a SOAP WS

Question

I was given a SOAP WS to work with. They gave me the wsdl file from which I was able to create client stub (I've used wsdl2java utility within cxf).

With that wsdl I was also give a .keystore file and the thing is I do know know how to add it to my keytool (is this is even the right way of putting it?).

I've built a junit test that I run to test my client but I constantly get

HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Where can I find an easy guide on what to do with this .keystore file?

Thanks

Answer 1

The error means that the server certificate could not be found in your truststore. Check the contents of the .keystore file to see whether it contains the server certificate (listed as trustedEntry in your truststore). If yes, set the following system properties (either using -D JVM parameter or System.setProperty()).

javax.net.ssl.trustStore=<<your .keystore>>
javax.net.ssl.trustStorePassword=<<keystore password>>

If these properties are not set, the default ones will be picked up from your the default location.[$JAVA_HOME/lib/security/jssecacerts, $JAVA_HOME/lib/security/cacerts]

To view the contents of keystore file, use

keytool -list -v -keystore file.keystore -storepass mypassword

To debug the ssl handshake process and view the certificates, set the VM parameter -Djavax.net.debug=all

If the web service requires 2 way SSL, the client needs to send its identity (picked up from your keystore). In this case, your .keystore will contain a privateKeyEntry which will be sent to the server during handshake process. To configure this, set the JVMM properties javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword to point to your keystore.