AnsweredAssumed Answered

Web Services API and SSL Alfresco

Question asked by nkhoang on Aug 4, 2008
Latest reply on Sep 16, 2009 by chapeaurouge
Hi all,

I have encountered some issues when I used Alfresco Web Service API to communicate with the ALfresco Repo running on SSL (https).

This is the way I configured my tomcat to run it on SSL.
<Connector port="8463" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
            keystoreFile="certificates/.keystore"
            keystorePass="changeit"
            truststoreFile="C:\Program Files\Java\jdk1.5.0_04\jre\lib\security\cacerts"
            />
What I'm doing here is to run the sample: FirstWebServiceClient.java (in Alfresco SDK samples) with Alfresco SSL.
After configuring the file: webserviceclient.properties (alfresco package) with the repository.location set to the right value:
https://localhost:8463/alfresco/api
and what I got is this:
Exception in thread "main" org.alfresco.webservice.util.WebServiceException: Error starting session.
   at org.alfresco.webservice.util.AuthenticationUtils.startSession(AuthenticationUtils.java:94)
   at org.alfresco.sample.FirstWebServiceClient.main(FirstWebServiceClient.java:54)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
   at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
   at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
   at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
   at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
   at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
   at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
   at org.apache.axis.client.Call.invoke(Call.java:2767)
   at org.apache.axis.client.Call.invoke(Call.java:2443)
   at org.apache.axis.client.Call.invoke(Call.java:2366)
   at org.apache.axis.client.Call.invoke(Call.java:1812)
   at org.alfresco.webservice.authentication.AuthenticationServiceSoapBindingStub.startSession(AuthenticationServiceSoapBindingStub.java:187)
   at org.alfresco.webservice.util.AuthenticationUtils.startSession(AuthenticationUtils.java:79)
   … 1 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
   at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
   at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
   at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
   at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
   at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
   at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
   at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
   at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
   at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
   at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
   … 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
   at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
   at sun.security.validator.Validator.validate(Unknown Source)
   at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
   at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
   at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
   … 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
   at java.security.cert.CertPathBuilder.build(Unknown Source)
   … 30 more

Have I done anything wrong ? DO I have to configure anything else ?.

Please Help.

Outcomes