How to fix SSLHandshakeException

Introduction

I have received this message when accessing a web service as a client in this URL

The WSDL document could not be parsed.The following error occured while parsing the WSDL location - WSDLException: faultCode=PARSER_ERROR: Failed to read wsdl file at: "https:/xxx?WSDL", caused by: javax.net.ssl.SSLHandshakeException. : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In StackOverflow is the solution 

The CA-ROOT certificate must be included in the cacert file in java-home/lib/security/cacerts


Getting the CAcert certificate

Use Firefox and click in the padlock


Click in this symbol


Get more info


Show certificate


Click on the URL to download de CA certificate



and the CA certificate is downloaded as ACCOMP.crt in this case.


Importing the certificate into the java keystore

Now the certificate can be imported using this command

JAVA_HOME/bin/keytool -import -alias CA-FNMT -file ACCOMP.crt -keystore $JAVA_HOME/jre/lib/security/cacerts

where CA-FNMT is the alias I give to the certificate and ACCOMP.crt is the certificate I have downloaded.


This process can be done using the tool KeyStore Explorer. Open the cacerts keystore and import the downladed certificate


Now the error has disappeared. (Take care that you must trust this CA certificate!)




Comments

Post a Comment

Popular posts from this blog

ORVE WS (Dynamic) (4) Jackson XML mapper

0. Introduction I love Jackson parser as it is easy to use and can be used to with some data formats such as CSV ,  JSON , YAML and XML . Just define a wrapper and a class for marshalling/unmarshalling. Although JAXB is a standard, in the Java ecosystem exists many solutions. And my decision is to use Jackson. 1. Defining MAVEN dependencies To use Jackson XML it is required this dependency in Maven. Note that  ${jackson.version} represents a variable that contains preferably the latest Jackson version. 1 2 3 4 5 <dependency> <groupId> com.fasterxml.jackson.dataformat </groupId> <artifactId> jackson-dataformat-xml </artifactId> <version> ${jackson.version} </version> </dependency> But if you want to use CSV, JSON or YAML in the project, it is as easy as including these dependencies 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 <!-- Jackson for CSV --> <dependency&
Read more

ENI (1) ENI Document OR the Spanish Electronic Administration Mafia

Image
0.Introduction. Getting the "xsd" schemas 1. Obtaining the afirma.xsd 2. Managing the "xsd" schemas. Changing  schemalocation  property from the  xsd  tag 3. Generating classes from xsd schema 4. Modifying the classes to solve operational problems 0. Old version 1. Generating the classes 0.Introduction. Getting the "xsd" schemas To obtain the correct URLs of the schemas: 1.For the document: https://administracionelectronica.gob.es/ENI/XSD/v1.0/documento-e in this URL it is shown these schemas (click on the link and download the schemas): http://administracionelectronica.gob.es/ENI/XSD/v1.0/documento-e/documentoEni.xsd http://administracionelectronica.gob.es/ENI/XSD/v1.0/documento-e/metadatos/metadatosDocumentoEni.xsd http://administracionelectronica.gob.es/ENI/XSD/v1.0/documento-e/contenido/contenidoDocumentoEni.xsd http://administracionelectronica.gob.es/ENI/XSD/v1.0/firma/firmasEni.xsd 2. For the file (expediente) https://administracionelectronica.gob.es
Read more

Creating a WS Client consumer

Image
Creating the client consumer I was expected to develop a client consumer of a WS. So I began to google out and find Apache CXF project. Here are the main steps: 1. Get the URL of the WDSL in my case was an intranet     http://xxx.xxx.xxx.xxx:8080/gexflow/ws/Registro_v2.0?wsdl     where xxx.xxx.xxx.xxx is the IP address (for instance 110.12.3.1) 2. Download Apache CXF. 3. Extract into a folder 3.1. Verify that you have set the variable JAVA_HOME to the folder where the java is installed, now you can use java >9. For instance, you can type in the terminal:     export JAVA_HOME=/usr/java/jdk-13.0.2 //in java version >13 doesn't work  using apache cxf 3.3.6 version, but java 17 works in csf version 3.5.4 3.2. Verify that the " bin" directory of the apache-cxf-xxxxx directory is available in the path.  For instance, you can type in the terminal:      export PATH=$PATH:/home/ximo/MyPrograms/apache-cxf-3.3.6/bin 4. Open a terminal, go into the genera
Read more