Foren

Home » Liferay Portal » English » 3. Development

Kombinierte Ansicht Flache Ansicht Baumansicht
Threads [ Zurück | Nächste ]
toggle
David Pereira
consume a web service, over ssl, in my portlet
17. Januar 2013 09:24
Antwort

David Pereira

Rang: New Member

Nachrichten: 11

Eintrittsdatum: 23. Mai 2012

Neue Beiträge

hi, I need to consume a web service, over ssl, in my portlet. When I try to execute this action the sistem shows me this exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
i am stuck right now, can you help me?? thanks
Olaf Kock
RE: consume a web service, over ssl, in my portlet
20. Januar 2013 10:31
Antwort

Olaf Kock

LIFERAY STAFF

Rang: Liferay Legend

Nachrichten: 3560

Eintrittsdatum: 23. September 2008

Neue Beiträge

This is a classic issue for https: https has two aspects - first, it encrypts the communication. Second, it ensures that the server you're connecting to is indeed the one that you're expecting. This is ensured by a certificate that your client trusts. I.e. it's either "signed" by a trustworthy certificate agency (e.g. one that is built in to Java) or you have manually imported the certificate as trusted (for the host you're connecting to). As this has nothing to do with Liferay, you'll be best of to look for generic articles on this kind of setup.

You might get help from my old, somewhat related, blog post (it won't match 100%, but explains the basic steps for setting up trust)
David Pereira
RE: consume a web service, over ssl, in my portlet
21. Januar 2013 09:25
Antwort

David Pereira

Rang: New Member

Nachrichten: 11

Eintrittsdatum: 23. Mai 2012

Neue Beiträge

thanks for your attention. I could consume the web services from a java project, setting the system properties

System.setProperty("https.protocols", "SSLv3");
System.setProperty("https.protocols", "TLSv1");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.keyStore",
"Cert.p12");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "psswd");
System.setProperty("javax.net.ssl.trustStore",
"jssecacerts");

but when I make my webservices client into liferay's proyect it doesn't work any more. I've inverted three days to find the solution, but anything seems to work. Your blog is very clear and helps me to understand, but I still have with the same problem.. any ideas??
thanks for you help, and sorry for my english.
Olaf Kock
RE: consume a web service, over ssl, in my portlet
25. Januar 2013 02:39
Antwort

Olaf Kock

LIFERAY STAFF

Rang: Liferay Legend

Nachrichten: 3560

Eintrittsdatum: 23. September 2008

Neue Beiträge

Hard to say with the bit of information about your system/setup.

I expect System.setProperty not to work well in webapplications in containers (without checking), but maybe you can be lucky there. Did you follow the "trust setup" from my blog post? AFAIK the "unsafe renegotiation" kind of neglects the whole purpose of https: You're encrypting the traffic, yes, but you don't know whom you're speaking to - you might also encrypt your traffic with an attacker.

You might want to monitor what's going over the network connection between the two machines. Also, make sure that you're actually using the hostname of the machine you're connecting to both in your URLs as in your certificate.
David Pereira
RE: consume a web service, over ssl, in my portlet
5. Februar 2013 05:23
Antwort

David Pereira

Rang: New Member

Nachrichten: 11

Eintrittsdatum: 23. Mai 2012

Neue Beiträge

Thanks for your interest. I was able to consume the web services from a tomcat server without the liferay's libraries, so I think there is a conflict with some library, but I don't know wich one. I'm still investigating..
Olaf Kock
RE: consume a web service, over ssl, in my portlet
5. Februar 2013 13:25
Antwort

Olaf Kock

LIFERAY STAFF

Rang: Liferay Legend

Nachrichten: 3560

Eintrittsdatum: 23. September 2008

Neue Beiträge

from "a tomcat" or from the same tomcat that Liferay runs in? Be aware that you can configure tomcat to use a specific keystore, so if you did that to your "a tomcat" but not to the other one running Liferay, there you are. If they're running in just one tomcat, validate the server names used that you connect to - and make sure you don't use the IP addresses in one case.