6 Replies Latest reply on Mar 10, 2017 8:23 AM by Carl Wilson

    Unable to consume HTTPS wsdl

    Rajyalakshmi Jampani
      Share This:

      Hi All,

       

      We are trying to consume the third party web service which start with https and facing the bellow error in developer studio,

       

      ERROR: URI not found https://<WSDL URL>

      Additional Details:

      sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      com.bmc.arsys.ws.util.ARWSException: URI not found https://<WSDL URL>

       

       

      Below are the steps we followed:

       

      1. Imported CA Root certificate in our AR System's java keystore (/remedy-app/Java/jdk1.6.0_37/jre/lib/security/cacerts); Added the following comment in armonitor file; Restarted the server.

       

      /remedy-app/Java/jdk1.6.0_37/jre/bin/java -Djavax.net.ssl.trustStore=/remedy-app/Java/jdk1.6.0_37/jre/lib/security/cacerts-Djavax.net.ssl.trustStorePassword=<password>; -Djavax.net.ssl.trustStoreType=JKS -Xmx512m -classpath /remedy-app/ARSystem/pluginsvr:/remedy-app/ARSystem/pluginsvr/arpluginsvr7604_build002.jar com.bmc.arsys.pluginsvr.ARPluginServerMain -x remedy-ebu-dev-app1-i /remedy-app/ARSystem -m

       

      Output: Still same error.

       

      2. Imported CA Root certificate in local machine's Java keystore for developer studio purpose.

       

      Output: This time a different error.

       

      ERROR: null

      Additional Details:

      java.lang.NullPointerException

       

      Please let us know whether adding certificate in local machine is needed or not. Also, please let us know further steps to be taken.

       

      Thanks in advance.

        • 1. Re: Unable to consume HTTPS wsdl

          Hi

           

          Yes, you definitely need to do some things both on the ARServer and on your client. Your ARServer must have the certificate imported to its keystore (so that the communication works at runtime) and your Dev Studio as well (so that you can read the remote WSDL and do your field mappings).

           

          So it looks like, in principle, you did what's required.

           

          Which steps exactly did you perform on the PC on which Dev Studio is installed? You wrote that you imported the cert into the local Java keystore. Did you do anything else additionally?

           

          What I had to do on my system is this:

          Exit DevStudio.

          Go to the folder where the "devstudio.exe" is located.

          There is a file called "devstudio.ini" in the same folder.

          Edit this file in notepad.

          At the end, add this (but adapt it to your location/filename, of course):

           

          -Djavax.net.ssl.trustStore=D:\certs\truststore.jks

           

          Note that you need to do this on EVERY client on which you want to be able to edit the webservice-call in DevStudio.

           

          Hope this helps

          1 of 1 people found this helpful
          • 2. Re: Unable to consume HTTPS wsdl
            Rajyalakshmi Jampani

            Hi Jerome,

             

            Thanks for your update.

             

            I have modified my devstudio.ini file with below comments,

             

            -Djavax.net.ssl.trustStore=C:\Program Files\Java\jre7\lib\security\cacerts\truststore.jks

             

            Now we are not receiving NullPointerException but ERROR: URI not found https://<WSDL URL> still continues.

             

            So we are suspecting that something might have went wrong while importing certificates into ARServer.

             

            Hence please validate the below implemented steps and guide us where we went wrong,

             

            Step 1:

            Placed root certificate into ARServer,

            /tmp/ITSM_Webservice/AkanaRootCertificate.cer

             

             

            Step 2:

            Identified JRE path in our unix ARServer: /remedy-app/Java/jdk1.6.0_37/jre/

             

            Step 3:

            Executed below commend:

            ./keytool –import –v –alias uswv1vdsd001.intl.vsnl.co.in -file /tmp/ITSM_Webservice/AkanaRootCertificate.cer –keystore /remedy-app/Java/jdk1.6.0_37/jre/lib/security/cacerts

             

            Step 4:

             

            Added the below comment in armonitor file (which is placed in /etc/arsystem/remedy-ebu-dev-app1),

            /remedy-app/Java/jdk1.6.0_37/jre/bin/java -Djavax.net.ssl.trustStore=/remedy-app/Java/jdk1.6.0_37/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit; -Djavax.net.ssl.trustStoreType=JKS -Xmx512m -classpath /remedy-app/ARSystem/pluginsvr:/remedy-app/ARSystem/pluginsvr/arpluginsvr7604_build002.jar com.bmc.arsys.pluginsvr.ARPluginServerMain -x remedy-ebu-dev-app1-i /remedy-app/ARSystem

             

            Step 5:

            Restarted the ARServer

             

            Output Response in Dev Studio while loading WSDL,

             

            ERROR: URI not found https://<WSDL URL>

            Additional Details:

            java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

             

            We have also made sure read/write permission is available to remedy user for cacerts file.

             

            Kindly let us know if some modifications/something additional has to be done.

            • 3. Re: Unable to consume HTTPS wsdl

              Let's focus on DevStudio first:

              Can you try to place the truststore.jks in a folder where there is no space in the folder-name? Either that or put double-quotes around the path-name/file-name.

              I just want to make sure the space between "Program" and "Files" is not the cause of this issue.

               

              Are you able to open the Webservice-URL in a web-browser on the machine where DevStudio is running? (I assume the answer is yes, but I just want to make sure)

              • 4. Re: Unable to consume HTTPS wsdl
                Andreas Mitterdorfer

                For debugging it might be easier to use sslPoke (Test of java SSL / keystore / cert setup. Check the commet #1 for howto. · GitHub ) for https connection testing instead of reconfiguring plugin/restarting ar server.

                Just make sure to call it with the complete java path to make sure your're testing the correct java installation.

                Parameter -Djavax.net.debug=all during testing might also prove useful.

                 

                Can you check the tipps in java - Error - trustAnchors parameter must be non-empty - Stack Overflow regarding this error?

                • 5. Re: Unable to consume HTTPS wsdl
                  Rajyalakshmi Jampani

                  Hi Jerome,

                   

                  Yes... We have used double-quotes to import the certificates. and below are comment used for the same,

                   

                  keytool -importcert -v -alias uswv1vdsd001.intl.vsnl.co.in -file C:\Users\599221\Desktop\ITSM_Webservice\AkanaRootCertificate.cer -keystore "C:\Program Files\Java\jre7\lib\security\cacerts"

                   

                  added -Djavax.net.ssl.trustStore= C:\Program Files\Java\jre7\lib\security\cacerts comments in devstudio.ini file

                   

                  Also we are able to open the Webservice-URL in a web-browser on the machine where DevStudio is running.

                   

                  If i run SSLChecker tool (ftp://ftp.bmc.com/outgoing/sslchecker/ ), am able receive the below positive response in both ARServer and local machine,

                   

                     Response Code: 200

                   

                     Response Message: OK

                   

                  But still am facing the following error in Dev Studio,

                   

                  ERROR: URI not found https://uswv1vdsd001.intl.vsnl.co.in:443/ITSMTicketAPI/v2?wsdl

                  Additional Details:

                  java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

                  com.bmc.arsys.ws.util.ARWSException: URI not found https://uswv1vdsd001.intl.vsnl.co.in:443/ITSMTicketAPI/v2?wsdl

                  • 6. Re: Unable to consume HTTPS wsdl
                    Carl Wilson

                    Hi,

                    as Jerome has mentioned, you need to import the certificate into the keystore that is associated with ARS and Developer Studio.  Generally these are the same, but can be different. 

                    The Developer Studio .ini file give the path to the version of Java it is running, same with the armonitor file.  The default keystore is as you have found, the "cacerts" file under the "..\lib\security" for the JVM.

                     

                    Best way to do the certificate import is to navigate to the site / WSDL and export the certificate from the browser to a file.  If you have a certificate chain consisting of Root, Intermediate and end certificate, you only need the end certificate.

                     

                    You can then import the certificate using the following syntax:

                     

                    keytool.exe -import -trustcacerts -alias {alias} -file {cert file} -keystore {path to keystore}

                     

                    You do not need to add anything to the configurations as you are using the default keystore as used by the JVM.

                     

                    Check that the certificate you are importing is indeed the end certificate and not the Root in a certificate chain.

                     

                    Cheers

                    Carl

                    1 of 1 people found this helpful