留言板

consume a web service, over ssl, in my portlet

thumbnail
David Pereira,修改在11 年前。

consume a web service, over ssl, in my portlet

New Member 帖子: 11 加入日期: 12-5-23 最近的帖子
hi, I need to consume a web service, over ssl, in my portlet. When I try to execute this action the sistem shows me this exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
i am stuck right now, can you help me?? thanks
thumbnail
Olaf Kock,修改在11 年前。

RE: consume a web service, over ssl, in my portlet

Liferay Legend 帖子: 6396 加入日期: 08-9-23 最近的帖子
This is a classic issue for https: https has two aspects - first, it encrypts the communication. Second, it ensures that the server you're connecting to is indeed the one that you're expecting. This is ensured by a certificate that your client trusts. I.e. it's either "signed" by a trustworthy certificate agency (e.g. one that is built in to Java) or you have manually imported the certificate as trusted (for the host you're connecting to). As this has nothing to do with Liferay, you'll be best of to look for generic articles on this kind of setup.

You might get help from my old, somewhat related, blog post (it won't match 100%, but explains the basic steps for setting up trust)
thumbnail
David Pereira,修改在11 年前。

RE: consume a web service, over ssl, in my portlet

New Member 帖子: 11 加入日期: 12-5-23 最近的帖子
thanks for your attention. I could consume the web services from a java project, setting the system properties

System.setProperty("https.protocols", "SSLv3");
System.setProperty("https.protocols", "TLSv1");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.keyStore",
"Cert.p12");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "psswd");
System.setProperty("javax.net.ssl.trustStore",
"jssecacerts");

but when I make my webservices client into liferay's proyect it doesn't work any more. I've inverted three days to find the solution, but anything seems to work. Your blog is very clear and helps me to understand, but I still have with the same problem.. any ideas??
thanks for you help, and sorry for my english.
thumbnail
Olaf Kock,修改在11 年前。

RE: consume a web service, over ssl, in my portlet

Liferay Legend 帖子: 6396 加入日期: 08-9-23 最近的帖子
Hard to say with the bit of information about your system/setup.

I expect System.setProperty not to work well in webapplications in containers (without checking), but maybe you can be lucky there. Did you follow the "trust setup" from my blog post? AFAIK the "unsafe renegotiation" kind of neglects the whole purpose of https: You're encrypting the traffic, yes, but you don't know whom you're speaking to - you might also encrypt your traffic with an attacker.

You might want to monitor what's going over the network connection between the two machines. Also, make sure that you're actually using the hostname of the machine you're connecting to both in your URLs as in your certificate.
thumbnail
David Pereira,修改在11 年前。

RE: consume a web service, over ssl, in my portlet

New Member 帖子: 11 加入日期: 12-5-23 最近的帖子
Thanks for your interest. I was able to consume the web services from a tomcat server without the liferay's libraries, so I think there is a conflict with some library, but I don't know wich one. I'm still investigating..
thumbnail
Olaf Kock,修改在11 年前。

RE: consume a web service, over ssl, in my portlet

Liferay Legend 帖子: 6396 加入日期: 08-9-23 最近的帖子
from "a tomcat" or from the same tomcat that Liferay runs in? Be aware that you can configure tomcat to use a specific keystore, so if you did that to your "a tomcat" but not to the other one running Liferay, there you are. If they're running in just one tomcat, validate the server names used that you connect to - and make sure you don't use the IP addresses in one case.