フォーラム

ホーム » Liferay Portal » English » 3. Development

構造的に表示 平面上に表示 ツリー上に表示
スレッド [ 前へ | 次へ ]
toggle
David Pereira
consume a web service, over ssl, in my portlet
2013/01/17 9:24
答え

David Pereira

ランク: New Member

投稿: 11

参加年月日: 2012/05/23

最近の投稿

hi, I need to consume a web service, over ssl, in my portlet. When I try to execute this action the sistem shows me this exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
i am stuck right now, can you help me?? thanks
Olaf Kock
RE: consume a web service, over ssl, in my portlet
2013/01/20 10:31
答え

Olaf Kock

LIFERAY STAFF

ランク: Liferay Legend

投稿: 3823

参加年月日: 2008/09/23

最近の投稿

This is a classic issue for https: https has two aspects - first, it encrypts the communication. Second, it ensures that the server you're connecting to is indeed the one that you're expecting. This is ensured by a certificate that your client trusts. I.e. it's either "signed" by a trustworthy certificate agency (e.g. one that is built in to Java) or you have manually imported the certificate as trusted (for the host you're connecting to). As this has nothing to do with Liferay, you'll be best of to look for generic articles on this kind of setup.

You might get help from my old, somewhat related, blog post (it won't match 100%, but explains the basic steps for setting up trust)
David Pereira
RE: consume a web service, over ssl, in my portlet
2013/01/21 9:25
答え

David Pereira

ランク: New Member

投稿: 11

参加年月日: 2012/05/23

最近の投稿

thanks for your attention. I could consume the web services from a java project, setting the system properties

System.setProperty("https.protocols", "SSLv3");
System.setProperty("https.protocols", "TLSv1");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.keyStore",
"Cert.p12");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "psswd");
System.setProperty("javax.net.ssl.trustStore",
"jssecacerts");

but when I make my webservices client into liferay's proyect it doesn't work any more. I've inverted three days to find the solution, but anything seems to work. Your blog is very clear and helps me to understand, but I still have with the same problem.. any ideas??
thanks for you help, and sorry for my english.
Olaf Kock
RE: consume a web service, over ssl, in my portlet
2013/01/25 2:39
答え

Olaf Kock

LIFERAY STAFF

ランク: Liferay Legend

投稿: 3823

参加年月日: 2008/09/23

最近の投稿

Hard to say with the bit of information about your system/setup.

I expect System.setProperty not to work well in webapplications in containers (without checking), but maybe you can be lucky there. Did you follow the "trust setup" from my blog post? AFAIK the "unsafe renegotiation" kind of neglects the whole purpose of https: You're encrypting the traffic, yes, but you don't know whom you're speaking to - you might also encrypt your traffic with an attacker.

You might want to monitor what's going over the network connection between the two machines. Also, make sure that you're actually using the hostname of the machine you're connecting to both in your URLs as in your certificate.
David Pereira
RE: consume a web service, over ssl, in my portlet
2013/02/05 5:23
答え

David Pereira

ランク: New Member

投稿: 11

参加年月日: 2012/05/23

最近の投稿

Thanks for your interest. I was able to consume the web services from a tomcat server without the liferay's libraries, so I think there is a conflict with some library, but I don't know wich one. I'm still investigating..
Olaf Kock
RE: consume a web service, over ssl, in my portlet
2013/02/05 13:25
答え

Olaf Kock

LIFERAY STAFF

ランク: Liferay Legend

投稿: 3823

参加年月日: 2008/09/23

最近の投稿

from "a tomcat" or from the same tomcat that Liferay runs in? Be aware that you can configure tomcat to use a specific keystore, so if you did that to your "a tomcat" but not to the other one running Liferay, there you are. If they're running in just one tomcat, validate the server names used that you connect to - and make sure you don't use the IP addresses in one case.