Home/ Questions/Q 8850751
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T12:58:26+00:00

I am new to Https/SSL based configuration.I am trying to invoke a simple Calculator

  • 0

I am new to Https/SSL based configuration.I am trying to invoke a simple Calculator web service with Client Authentication enabled. Following is connector entry from my tomcat(1)’s server.xml

   <Connector clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
   enableLookups="true" disableUploadTimeout="true"
   acceptCount="100" maxThreads="200"
   scheme="https" secure="true" SSLEnabled="true"
   keystoreFile="C:\cert\server.jks"
   keystoreType="JKS" keystorePass="password"
   truststoreFile="C:\cert\server.jks"
   truststoreType="JKS" truststorePass="password"
   SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS"
   keyAlias="servercert"
/>

I am using a MyEclipse generated client for doing this(generated before SSL was enabled, and then wsdl url was changed to point to new HTTPS connection).WSDL url I am using is:

https://localhost:8443/MyService/CalculatorPort?wsdl

I am hosting this client in another tomcat(2). Here is the tomcat(2)’s server.xml entry:

<Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS"            
           keystoreFile="C:\Cert\servcert"
           keystorePass="password"
           keyAlias="servcert"
/>

But now when I invoke the web service it gives me following error

javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://localhost:8443/MyService/CalculatorPort?wsdl. It failed with: 
    Software caused connection abort: recv failed.
    com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:162)
    com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144)
    com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:263)
    com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:226)
    com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:174)
    com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)
    javax.xml.ws.Service.<init>(Service.java:56)
    com.myeclipseide.ws.CalculatorService.<init>(CalculatorService.java:54)
    org.apache.jsp.index_jsp._jspService(index_jsp.java:86)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:386)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

NOTE:

  1. It works fine when only server side SSL is enabled with client authentication disabled.
  2. I have imported the certificate of server as well as client in JDK’s cacert keystore as trusted certificates.
  3. If I import the certificate in browser, I am able to access the WSDL even with client authentication enabled. But it doesn’t work when I access it via client hosted in tomcat(2) with client authentication enabled.

It seems to me that client is not using the keystore which I have configured as a part of tomcat(2)’s server.xml. But I am not sure. Please help me out with this issue.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I figured out the solution to this problem. Basically tomcat(2) hosting the client was not using the Certificate which I intended. Solution is to pass following JVM variables during tomcat startup

    • javax.net.ssl.keyStore
    • javax.net.ssl.keyStorePassword

    Documentation for these can easily be found on google. They can be configured in catalina.bat/catalina.sh file as JAVA_OPTS

    • 0