sun.security.validator.ValidatorException: No trusted certificate found - Weblogic

This is a discussion on sun.security.validator.ValidatorException: No trusted certificate found - Weblogic ; Hi, I m implementing the Secure Web Service in WEBLOGIC 9.2. I created the Cert= ificates using Keytool and referred default weblogic's KEYSTORE for testing= purposes. But I m getting the below exception java.rmi.RemoteException: SOAPFaultException - FaultCode [{ http://schemas.x= mlsoap.org/soap/envelope/}Server] ...

+ Reply to Thread
Results 1 to 2 of 2

sun.security.validator.ValidatorException: No trusted certificate found

  1. Default sun.security.validator.ValidatorException: No trusted certificate found

    Hi,

    I m implementing the Secure Web Service in WEBLOGIC 9.2. I created the Cert=
    ificates using Keytool and referred default weblogic's KEYSTORE for testing=
    purposes. But I m getting the below exception

    java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://schemas.x=
    mlsoap.org/soap/envelope/}Server] FaultString [Failed to send message using=
    connection:
    SoapClientConnection@20639876 <transport=3DHTTPSClientTransport@8688056 <ur=
    l=3Dh
    ttps://10.1.92.167:7002/OrderManagement/OrderManagementService>)>)sun.secur=
    ity.validator.ValidatorException: No trusted certificate found] FaultActor =
    [null] Detail [<detail><bea_fault:stacktrace bea_fault=3D"http://www.bea.co=
    m/servers/wls70/webservice/fault/1.0.0">javax.net.ssl.SSLHandshakeException=
    : sun.security.validator.ValidatorException: No trusted certificate found a=
    t om.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(=
    Unkno
    wn Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unk=
    nown
    Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Sour=
    ce)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown S=
    ource
    )
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown So=
    urce)

    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandsha=
    ke(Un
    known Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknow=
    n Sou
    rce)
    at sun.net.http://www.protocol.https.HttpsClien...onnect(Unknown Sour=
    ce)
    at sun.net.http://www.protocol.https.AbstractDe...Connection.co=
    nnect
    (Unknown Source)
    at sun.net.http://www.protocol.http.HttpURLConn...utStream(Unkn=
    own S
    ource)
    at sun.net.http://www.protocol.https.HttpsURLCo...etOutputStrea=
    m(Unk
    nown Source)
    at weblogic.wsee.connection.transport.http.HTTPClientTransport.send=
    (HTTP
    ClientTransport.java:161)
    at weblogic.wsee.connection.soap.SoapConnection.send(SoapConnection=
    ..java
    :55)
    at weblogic.wsee.connection.soap.SoapClientConnection.send(SoapClie=
    ntCon
    nection.java:89)
    at weblogic.wsee.ws.dispatch.client.ConnectionHandler.handleRequest=
    (Conn
    ectionHandler.java:89)
    at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerItera=
    tor.j
    ava:127)
    at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerItera=
    tor.j
    ava:100)
    at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(Clien=
    tDisp
    atcher.java:101)
    at weblogic.wsee.ws.WsStub.invoke(WsStub.java:89)
    at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:335)
    at com.level3.networx.client.OrderManagementPortType_Stub.sayHello(=
    Order
    ManagementPortType_Stub.java:130)
    at TestKick.main(TestKick.java:105)
    Caused by: sun.security.validator.ValidatorException: No trusted certificat=
    e fou
    nd
    at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown=
    Sour
    ce)
    at sun.security.validator.SimpleValidator.engineValidate(Unknown So=
    urce)

    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTru=
    sted(
    Unknown Source)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTru=
    sted(
    Unknown Source)
    ... 22 more
    Caused by: sun.security.validator.ValidatorException: No trusted certificat=
    e fou
    nd
    at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown=
    Sour
    ce)
    at sun.security.validator.SimpleValidator.engineValidate(Unknown So=
    urce)

    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTru=
    sted(
    Unknown Source)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTru=
    sted(
    Unknown Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(=
    Unkno
    wn Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unk=
    nown
    Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Sour=
    ce)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown S=
    ource
    )
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown So=
    urce)

    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandsha=
    ke(Un
    known Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknow=
    n Sou
    rce)
    at sun.net.http://www.protocol.https.HttpsClien...onnect(Unknown Sour=
    ce)
    at sun.net.http://www.protocol.https.AbstractDe...Connection.co=
    nnect
    (Unknown Source)
    at sun.net.http://www.protocol.http.HttpURLConn...utStream(Unkn=
    own S
    ource)
    at sun.net.http://www.protocol.https.HttpsURLCo...etOutputStrea=
    m(Unk
    nown Source)
    at weblogic.wsee.connection.transport.http.HTTPClientTransport.send=
    (HTTP
    ClientTransport.java:161)
    at weblogic.wsee.connection.soap.SoapConnection.send(SoapConnection=
    ..java
    :55)
    at weblogic.wsee.connection.soap.SoapClientConnection.send(SoapClie=
    ntCon
    nection.java:89)
    at weblogic.wsee.ws.dispatch.client.ConnectionHandler.handleRequest=
    (Conn
    ectionHandler.java:89)
    at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerItera=
    tor.j
    ava:127)
    at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerItera=
    tor.j
    ava:100)
    at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(Clien=
    tDisp
    atcher.java:101)
    at weblogic.wsee.ws.WsStub.invoke(WsStub.java:89)
    at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:335)
    at com.level3.networx.client.OrderManagementPortType_Stub.sayHello(=
    Order
    ManagementPortType_Stub.java:130)
    at TestKick.main(TestKick.java:105)
    </bea_fault:stacktrace></detail>]; nested exception is:
    javax.xml.rpc.soap.SOAPFaultException: Failed to send message using=
    conn
    ectionSoapClientConnection@20639876 <transport=3D(HTTPSClientTransport@86=
    88056 <
    url=3Dhttps://10.1.92.167:7002/OrderManagement/OrderManagementService>)>)su=
    n.secur
    ity.validator.ValidatorException: No trusted certificate found

  2. Default Re: sun.security.validator.ValidatorException: No trusted certificatefound

    For one-way SSL (where only the server has a cert), you need to ensure that=
    your client trusts the server's cert. If you made your own server cert, yo=
    u have a couple choices:

    1) Have the server cert signed by a CA (such as Verisign) that your client =
    already trusts.

    2) Similar to #1, but if you have a corporate CA you can get the cert signe=
    d by them and then make sure your client trusts the corporate CA.

    3) Add the server cert to the trusted certs on your client

    If you take step 2 or 3, add the cert to a trust store and then have your c=
    lient use it. I would use keytool to create a trust store with the server c=
    ert. Then, have your client use it by specifying the javax.net.ssl.trustSto=
    re system property. Alternatively, you could add the cert to the cacerts ke=
    ystore in <JRE>/lib/security on the client.

    --
    Mike
    Weblogic/J2EE Security Blog: http://monduke.com

+ Reply to Thread