I'm trying to consume one HTTPS webservice in Adobe Flash Builder.
when I add the URL I get this error:
There was an error during service
introspection. WSDLException:
faultCode=OTHER_ERROR: Unable to
resolve imported document at
'https://172.21.17.235:9443/testehttpsWeb/sca/testeIOExport1/WEB-INF/wsdl/testehttps_testeIOExport1.wsdl'.:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification
path to requested target
How can I configure my client to consume the Webservice?
We will have to buy ice cream to the person that figured this out!
The solution was to import the certificate not to a JKS truststore, but to the cacarets file, in my case:
keytool -import -alias trusted1 -keystore "C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\jre\lib\security\cacerts" -file c:\somepath\mycert.cer
In this case there is no need to add the:
-Djavax.net.ssl.trustStore="c:\somepath\truststore.jks"
...line on FlashBuilder.ini
An imported note is that the DNS Server must be able to translate the Web Service path by name instead of by IP, because in the installed certificate the CN mentions the Web Service server name not it's IP
Regards
Flash Builder is built on top of Eclipse. Eclipse is written in Java, and this is probably the cause of your issue. Java itself doesn't trust any SSL (it doesn't support the root CAs out of the box, nor any certificates). You have to setup a truststore to use SSL with Java.
In eclipse, this means setting up a truststore and adding it's location to the eclipse.ini. To setup the truststore, first browse in your browser to the SSL site you are connecting to, and save the certificate (usually right/left click on the lock icon and follow the steps). The you need to use "keytool" from the Java JDK to create the truststore, such as:
keytool -import -alias trusted1 -keystore c:\somepath\truststore.jks -file c:\somepath\mycert.cer
Then find your eclipse.ini (usually in your Flex Builder or eclipse folder). Add this:
-Djavax.net.ssl.trustStore="c:\somepath\truststore.jks"
Related
When I run that command and try to install the certificates, I always get
Enter Password or Pin for "NSS Certificate DB":
But I haven't setup a password. How can this be fixed?
This command creates and install certificates in user home directory (~) under .symfony5/certs folder. Sample of path in Windows : C:\Users\John Doe\.symfony5\certs.
You can delete the contents of the certs directory and reload symfony server:ca:install to reinstall the certificate from scratch.
how to properly sign an .exe with a pfx certificate installed on machine.
I have a pfx certificate by the name "Services installed. I tried signing the exe with this command.
.\sn.exe -Rc "%Directory%\File.exe" "Services" >> "%LogPath%"
It gave no errors. But when I ran this exe file, it started throwing error for the internal project dll(ExtraFile.dll), which is referenced inside File.exe project.
This dll I am already signing before signing the File.exe file. So the signing steps are as follow.
.\sn.exe -Rc "%Directory%\ExtraFile.dll" "Services" >> "%LogPath%"
.\sn.exe -Rc "%Directory%\File.exe" "Services" >> "%LogPath%"
Please note that ExtraFile.dll is referenced under File.exe project.
Creating a cryptographic key pair using the Strong Name tool (Sn.exe) and assigning that key pair to the assembly using either a command-line compiler or the Assembly Linker (Al.exe). The Windows SDK provides both Sn.exe and Al.exe.
I am on Windows 10 18362.356.
After some system update, now it is impossible to access any TLS-enabled site with Java. Both standanlone JRE (jre1.8.0_221) and the JRE bundled in Android Studio 3.5.1 fails with:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
At first I thought that the cacerts file was faulty, but even after replacing them, the problem persists.
Wireshark shows that there is no problem with handshake and they are not blocked by firewall.
Screenshot of Wireshark
Manually add certs is not effective (and not possible as none of the sites work)
JAVA_HOME is pointing to the correct JRE directory.
Trying to publish go dependencies with jfrog rt go-publish go --self=false --deps=ALL and getting x509: certificate signed by unknown authority.
I copied a .pem file into ~/.jfrog/security/, didn't help. Not sure how to diagnose the problem.
I added the .crt file to the .jfrog/security folder and it worked.
I bought a wildcard ssl from Comodo and created the CSR with one of our IIS7 web servers, but now I have been tasked with installing it on a Tomcat server which is not using the Native APR instead running on Java (JSSE). I know I have to create a JKS file with my keystore using the keytool command, but doesn't that just force me to create a new CSR? How can I import the .pfx file into Tomcat with the keytool command?
This source may help you to import the .pfx file into Tomcat - http://mail-archives.apache.org/mod_mbox/tomcat-users/201203.mbox/%3C25624903.96.1332766032984.JavaMail.daniel#cleveland%3E