Axis can't validate webservice certificate - https

I have to connect to webservice using https. Service have valid certificate issued by GeoTrust Global CA. Whole certification chain looks like this:
When I run app with
-Djavax.net.debug=all
parameter, and I sese Global CA on trusted list:
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 06:00:00 CEST 2002 until Sat May 21 06:00:00 CEST 2022
but still I'm receiving error:
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Why axis doesn't verify whole certification chain for webservice over https?

If someone had similar problem:
The problem was with server configuration - appears that server wasn't send whole certification chain(not sure how exactly it's configured), so certificate couldn't be validated. We have verified certificate on ssl checker sites, and reported problem to server administration. After administrators fixed server configuration everything works like a charm!

Related

When accessing Local Websties - NET::ERR_CERT_COMMON_NAME_INVALID

All my local sites are .test but for some reason when I access some of them i get NET::ERR_CERT_COMMON_NAME_INVALID.
What's weird is that the error message points to another local environment.
This server couldn't prove that it's *****c.test; its security
certificate is from ******ing.test. This may be caused by a
misconfiguration or an attacker intercepting your connection.
I'm not sure how to resolve this. I tried deleting the certificate but nothing happened.
********ing.test Issued by: Laravel Valet CA Self Signed CN Expires: Saturday, January 21, 2023 at 17:09:55 Eastern Standard Time
"****ing.test" certificate name does not match input
I'm hiding the URL's for privacy purposes.
Fixed it by updating my updating my valet from 2.18.9 to 3.2 and running valet secure.

AWS ACM Certificate Not Valid

I setup AWS classic load balancer with HTTPS Listener using ACM certificate as described in http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html but the browser rejects it.
Errors:
This root certificate is not trusted (ssl_error_bad_cert_domain)
The certificate is not trusted because it is self-signed.
The certificate is only valid for the following names: localhost,
localhost.localdomain, ip-10-0-0-157,
ip-10-0-0-157.us-west-2.compute.internal
(Error code: sec_error_unknown_issuer)
The generated certificate seems pointed to localhost.

Unable to call service from ESB

We are able to call web service from postman or custom request generator. However, while connecting using IBM Integration bus we are getting below exception. Can some one help with this error.
Exception below:
"Web Service request has detected a SOCKET error whilst invoking a web
service located at host &1, on port &2, on path &3."
"javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path
building failed: java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.; internal
cause is: java.security.cert.CertPathValidatorException: The
certificate issued by CN=VeriSign Universal Root Certification
Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only",
OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US is not trusted;
internal cause is: java.security.cert.CertPathValidatorException:
Certificate chaining error"
To resolve this problem, you should add the certificate into your trust store.
To setup the truststore on broker :
https://www.ibm.com/support/knowledgecenter/SSMKHH_9.0.0/com.ibm.etools.mft.doc/ac56640_.htm
To retrieve the certificate of the service you are calling, you can ask for it to your contact, or you can just go to the ?wsdl page and directly save the certificate from chrome
PS : If it works for other tools, it is simply because IIB refuse all the untrusted connexions by default, while some other tool allow it.

Attach to a IIS Worker Process using Fiddler get a RemoteCertificateChainErrors

When I run Fiddler to capture traffic between my server and client. I get the following warning message. How can I find out which certificate is causing the problem and how to fix the error?
Session #30: The remote server (server.mycompany.com) presented a certificate that did not validate, due to RemoteCertificateChainErrors.
0 - A certificate chain could not be built to a trusted root authority.
SUBJECT: CN=dev.server.mycompany.com, OU=Space, O=Company, L=NewYork, S=NY, C=US
ISSUER: CN=Space Test Authority, OU=Space, O=Company, L=NewYork, S=NY, C=US

Cannot connect to the real www.myshopify.com

Just had this error (in Chrome) connecting via https to a shop (API) on myshopify.com from a Windows Server 2003 machine.
Error:
The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information.
Error type: Malformed certificate
Subject: *.myshopify.com
Issuer: DigiCert SHA2 High Assurance Server CA
Public key hashes: sha1/GiBnh3VZhOT1k9C4KDX6w4q9Sec= sha256/6xDMTnv8xhmreRj/tDj7Ii0HVHaA5AFfQZemwKbGOds= sha1/3lKvjNsfmrn+WmfDhvr2iVh/yRs= sha256/k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws= sha1/gzF+YoVCU9bXeDGQ7JGQVumRueM= sha256/WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=
Seems that Shopify have changed their certificate.
Turns out that Shopify did change their SSL certificate to one that requires SHA-2. Windows Server 2003 doesn't support SHA-2.
There's a hotfix that sorted it: http://support.microsoft.com/kb/938397.

Resources