A
Andrey
Hello,
We are having trouble sending webservices requests from our client
application to an existing server over SSL. We recently upgraded our
WAS to 6.0.x, but the webservice provider's server is still running
5.1.x. Ever since we upgraded, we haven't been able to invoke the
webservice.
Initially, we got this SOAP response from the server:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://
www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server.generalException</faultcode>
<faultstring><![CDATA[WSWS3713E: Connection to the remote host
host.host.com failed.Received the following error: Handshake
terminated SSL engine: CLOSED]]>
</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
We opened a ticket with IBM, and they told us that secure webservices
calls don't work between WAS 6 and WAS 5.1. However, from reading
documentation, I understand that this only applies if you use WS-I
protocol. We don't use that, we simply use the SOAPConnection API, and
send it over SSL. So from my understanding, this should work even
between 6.0 and 5.1, after all SSL is a standard, it should work
between any two app servers. Has anybody experienced a similar
problem?
We decided to also try a different approach to get around this
problem. We changed the code to send the SOAP message over a simple
HTTP Post to the webservice endpoint (using Apache HttpClient). This
works for unsecured endpoints (HTTP) but does not work for HTTPS
endpoints. When we tried this on an HTTPS endpoint, we got this
exception:
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java:53)
at com.ibm.jsse2.by.a(by.java:346)
at com.ibm.jsse2.by.a(by.java:412)
at com.ibm.jsse2.w.a(w.java:80)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Inlined Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.f.write(f.java(Compiled Code))
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:
86)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:144)
at
org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:
150)
at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:
495)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:
1973)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:
993)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:
397)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:
170)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:
396)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:
324)
at
com.usps.fast.web.security.AbstractBaseExternalAuthenticationDAO.callSoapEndpoint(AbstractBaseExternalAuthenticationDAO.java:
369)
at
com.usps.fast.web.security.AbstractBaseExternalAuthenticationDAO.sendSOAPCall(AbstractBaseExternalAuthenticationDAO.java:
278)
... 39 more
Caused by: java.security.cert.CertificateException: Certificate not
Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:8)
at com.ibm.jsse2.w.a(w.java:2)
It sounds like the certificate is not installed correctly, but our
middleware people assure us that it is. Could it be anything else? Is
there some new configuration in WAS 6 that needs to be fixed?
Thanks for any suggestions!
We are having trouble sending webservices requests from our client
application to an existing server over SSL. We recently upgraded our
WAS to 6.0.x, but the webservice provider's server is still running
5.1.x. Ever since we upgraded, we haven't been able to invoke the
webservice.
Initially, we got this SOAP response from the server:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://
www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server.generalException</faultcode>
<faultstring><![CDATA[WSWS3713E: Connection to the remote host
host.host.com failed.Received the following error: Handshake
terminated SSL engine: CLOSED]]>
</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
We opened a ticket with IBM, and they told us that secure webservices
calls don't work between WAS 6 and WAS 5.1. However, from reading
documentation, I understand that this only applies if you use WS-I
protocol. We don't use that, we simply use the SOAPConnection API, and
send it over SSL. So from my understanding, this should work even
between 6.0 and 5.1, after all SSL is a standard, it should work
between any two app servers. Has anybody experienced a similar
problem?
We decided to also try a different approach to get around this
problem. We changed the code to send the SOAP message over a simple
HTTP Post to the webservice endpoint (using Apache HttpClient). This
works for unsecured endpoints (HTTP) but does not work for HTTPS
endpoints. When we tried this on an HTTPS endpoint, we got this
exception:
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java:53)
at com.ibm.jsse2.by.a(by.java:346)
at com.ibm.jsse2.by.a(by.java:412)
at com.ibm.jsse2.w.a(w.java:80)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Inlined Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.f.write(f.java(Compiled Code))
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:
86)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:144)
at
org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:
150)
at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:
495)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:
1973)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:
993)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:
397)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:
170)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:
396)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:
324)
at
com.usps.fast.web.security.AbstractBaseExternalAuthenticationDAO.callSoapEndpoint(AbstractBaseExternalAuthenticationDAO.java:
369)
at
com.usps.fast.web.security.AbstractBaseExternalAuthenticationDAO.sendSOAPCall(AbstractBaseExternalAuthenticationDAO.java:
278)
... 39 more
Caused by: java.security.cert.CertificateException: Certificate not
Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:8)
at com.ibm.jsse2.w.a(w.java:2)
It sounds like the certificate is not installed correctly, but our
middleware people assure us that it is. Could it be anything else? Is
there some new configuration in WAS 6 that needs to be fixed?
Thanks for any suggestions!