In this post, we will see how to invoke web services hosted over SSL (HTTPS) using JAVA.
If web services you are trying to call are not hosted over SSL, then you can refer to this post to generate web service client and invoke the web services : JAX-WS Web Service Client for Java
If your web services are hosted over SSL, and if you try to directly invoke those web services using java client, soapui, eclipse web service explorer or any other tool, then you might get following error.
To fix this issue, you have to get SSL certificate the web service is using and have to import that certificate into your local JRE keystore.
Below is step by step guide how to do this.
1) Get certificate used by web service.
Enter web service url in firefox's address bar. it will display the security warning and option to trust the certificate.
Click on.
I understand the risk --> View --> Details tab --> Export.
save the certificate file on your local. (.crt or .cer).
3) Go to JRE directory of this javaw.
> cd c:\Program Files\Java\jdk1.6.0_26\jre\lib\security
take a backup of the file. "c:\Program Files\Java\jdk1.6.0_26\jre\lib\security\cacerts"
make sure that you have write permission on this file.
To add permission follow below steps
right click on the file . go to security tab --> edit --> add --> add your username --> check names --> ok --> check all access rights in permission box --> ok
4) Import certificate using below command.
keytool -import -keystore <full_path_to_cacerts> -alias <any_name_to_identify_your_cert> -file <full_path_to_cert_file>
For example:
> cd C:\Program Files\Java\jdk1.6.0_26\jre\bin
> keytool -import -keystore "C:\Program Files\Java\jdk1.6.0_26\jre\lib\security\cacerts" -alias ws.testservice.com -file "E:\abc\xyz\ws.testservice.com.crt"
If web services you are trying to call are not hosted over SSL, then you can refer to this post to generate web service client and invoke the web services : JAX-WS Web Service Client for Java
If your web services are hosted over SSL, and if you try to directly invoke those web services using java client, soapui, eclipse web service explorer or any other tool, then you might get following error.
IWAB0379E Unable to open https://abc.xyz.com:8443/TestService/test1?wsdl.
IWAB0135E An unexpected error has occurred.
WSDLException
WSDLException: faultCode=OTHER_ERROR: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
To fix this issue, you have to get SSL certificate the web service is using and have to import that certificate into your local JRE keystore.
Below is step by step guide how to do this.
1) Get certificate used by web service.
Enter web service url in firefox's address bar. it will display the security warning and option to trust the certificate.
Click on.
I understand the risk --> View --> Details tab --> Export.
save the certificate file on your local. (.crt or .cer).
2) Find the JDK path on your local machine.
If you are using eclipse web service explorer or java program in eclipse to execute the web service then you can find the JDK used by your eclipse as below.
Open eclipse. go to Help menu --> About --> Installation details --> Configuration tab --> find javaw.exe path in the configuration.
lets say javaw.exe path is : "c:\Program Files\Java\jdk1.6.0_26\bin\javaw.exe"
3) Go to JRE directory of this javaw.
> cd c:\Program Files\Java\jdk1.6.0_26\jre\lib\security
take a backup of the file. "c:\Program Files\Java\jdk1.6.0_26\jre\lib\security\cacerts"
make sure that you have write permission on this file.
To add permission follow below steps
right click on the file . go to security tab --> edit --> add --> add your username --> check names --> ok --> check all access rights in permission box --> ok
4) Import certificate using below command.
keytool -import -keystore <full_path_to_cacerts> -alias <any_name_to_identify_your_cert> -file <full_path_to_cert_file>
For example:
> cd C:\Program Files\Java\jdk1.6.0_26\jre\bin
> keytool -import -keystore "C:\Program Files\Java\jdk1.6.0_26\jre\lib\security\cacerts" -alias ws.testservice.com -file "E:\abc\xyz\ws.testservice.com.crt"
this will ask for the password. enter "changeit".
after this it will ask for confirmation : enter "yes".
finally it should display the message like this : "Certificate was added to keystore".
there should not be any error at end.
5) check the timestamp of the cacerts file. it should be updated to the current timestamp.
verify the added certificate using the below command.
keytool -list -keystore "C:\Program Files\Java\jdk1.6.0_26\jre\lib\security\cacerts"
There must be an entry for your certificate alias added above.
6) restart eclipse and test the web service.
after this it will ask for confirmation : enter "yes".
finally it should display the message like this : "Certificate was added to keystore".
there should not be any error at end.
5) check the timestamp of the cacerts file. it should be updated to the current timestamp.
verify the added certificate using the below command.
keytool -list -keystore "C:\Program Files\Java\jdk1.6.0_26\jre\lib\security\cacerts"
There must be an entry for your certificate alias added above.
6) restart eclipse and test the web service.
No comments:
Post a Comment