Soap SSL issue

Post any questions you have about using the Verj.io Studio, including client and server-side programming with Javascript or FPL, and integration with databases, web services etc.

Moderators: Jon, Steve, Ian, Dave

neilnewman
Ebase User
Posts: 201
Joined: Fri Dec 20, 2013 1:29 pm
Location: Dartford Borough Council
Contact:

Soap SSL issue

#1

Postby neilnewman » Tue May 21, 2019 12:49 pm

We are trying to create a new soap resource that connects to https://udtapi-municipal-test.whitespac ... rvice.asmx, however we get the following message when we test the Web Service:
SSLHandshakeException invoking https://udtapi-municipal-test.whitespac ... rvice.asmx: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

After a bit of Googling I exported the SSL cert from the site we are trying to talk to and imported it into the systems JRE cacerts file on our Ebase server, however we are still getting the same error.
Any ideas please, I don't know what to do next!

Thanks in advance
Neil
0 x

Steve
Moderator
Moderator
Posts: 414
Joined: Fri Sep 07, 2007 3:44 pm
Location: Sandy, UK
Contact:

Re: Soap SSL issue

#2

Postby Steve » Tue May 21, 2019 1:52 pm

Hi,

Firstly you will need to import the certificate into

<Ebase-Install-Dir>/jre/lib/security/cacerts

You may need to import both the COMODO and Sertigo certificates into cacerts file.

This should be enough.

If not, you can add the system property:

-Djavax.net.debug=all

To the startup of the Ebase server. This will give you all the debug information regarding the SSL communication in the catalina.out log file within

<Ebase-Install-Dir>/UfsServer/tomcat/logs

If you are using the Test Server to test the web service you will need to add the system property to the Test Server startup:

File--> Preferences --> Test Server

Add to the Java arguments.

Which version of Ebase are you using?

Kind regards

Steve Upton
0 x

neilnewman
Ebase User
Posts: 201
Joined: Fri Dec 20, 2013 1:29 pm
Location: Dartford Borough Council
Contact:

Re: Soap SSL issue

#3

Postby neilnewman » Tue May 21, 2019 3:04 pm

Hi steve,
Many thanks for the reply, we are currently using Ebase 5.4.0, but plan to upgrade in the near future.
I thought I had imported the cert into the cacerts file, but I will go through the process again.

Many Thanks
Neil
0 x

neilnewman
Ebase User
Posts: 201
Joined: Fri Dec 20, 2013 1:29 pm
Location: Dartford Borough Council
Contact:

Re: Soap SSL issue

#4

Postby neilnewman » Wed May 22, 2019 9:23 am

Hi Steve,
After reading through your advise and double checking a few things it is now working, however the Tomcat instance is currently started as a service using:
D:\Ebase\dbc-ebase-test\UfsServer\tomcat\bin\tomcat8.exe //RS//DBC_Ebase_TEST

I have a startup script that contains the following:
set JRE_HOME=%~dsp0..\jre
set CATALINA_HOME=%~dsp0\tomcat
set BASEDIR=%~dsp0\tomcat

set JAVA_OPTS=-Xmx512m -Djava.net.preferIPv4Stack=true -Dderby.system.home=%~dsp0/DB -Dhttp.nonProxyHosts="localhost|127.0.0.1" -Djavax.net.ssl.trustStore=D:\Ebase\dbc-ebase-test\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit

cd tomcat\bin
startup
cd ..\..


This startup script allows me to specify the cacerts file, how would I replicate this, when I call the startup via services.

Many thanks
Neil
0 x

Steve
Moderator
Moderator
Posts: 414
Joined: Fri Sep 07, 2007 3:44 pm
Location: Sandy, UK
Contact:

Re: Soap SSL issue

#5

Postby Steve » Wed May 22, 2019 11:04 am

Hi Neil,

It's great that you have this working.

My issue with the startup script is that you are explicitly setting the location of the cacerts and this is not making any sense to me.

-Djavax.net.ssl.trustStore=D:\Ebase\dbc-ebase-test\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit

If the Java Instance is using the the JRE from D:\Ebase\dbc-ebase-test\jre\ then you should not need to set this as this is the default location of the cacerts

To configure the service to add the -D properties you need to open the tomcat service dialog:

D:\Ebase\dbc-ebase-test\UfsServer\tomcat\bin\tomcat8w.exe

The file you need to open might be different. The tomcat8w.exe should be the same name as the service name. e.g If the service is called Verj.io.5.5.1 then you need to copy the file tomca8w.exe and name it Verj.io.5.5.1w.exe

Double click this file and add the -D settings to the Java --> Java Options textfield.

Note that you should check the Java that the service is using. This is shown just above and it should say something like:

D:\Ebase\dbc-ebase-test\jre\bin\server\jvm.dll

Kind regards

Steve Upton
0 x

neilnewman
Ebase User
Posts: 201
Joined: Fri Dec 20, 2013 1:29 pm
Location: Dartford Borough Council
Contact:

Re: Soap SSL issue

#6

Postby neilnewman » Thu May 23, 2019 8:48 am

Hi Steve,
Thanks for looking at this, I have just discovered that we point off to another location for our cacerts file, I have now added the new certs to this file and all is working fine.

Many thanks for all your help
Neil
0 x


Who is online

Users browsing this forum: No registered users and 5 guests