Web服务调用EJB创建SSL异常

Question

I have a JAX-WS webservice which makes calls to a remote EJB on the same server. Everything runs on Glassfish 3.1.1, and the apps are deployed EARs – one for the webservice, another for the EJB. This works fine locally, but when deploying to a test server, I get typical exceptions about untrusted (self-signed) SSL certificates. Here's a relevant excerpt:

Caused by: com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:132)

The exception occurs exactly on the line in the webservice where the EJB call is being made. It puzzles me because I wouldn't expect anything to do with HTTPS at that point.

The most promising angle so far is that this has to do with transaction coordination, as described here , which is supposed to use HTTPS by default. However, setting com.sun.xml.ws.tx.preferredScheme=http has no effect on the problem.

Any suggestion is much appreciated.

Answer 1

This is because the client does not know which truststore it should use - so therefore it does not trust the service and the SSL handshake fails. Run the 'client' with the following VMargs:

-Djavax.net.ssl.trustStore=${truststore.location}
-Djavax.net.ssl.trustStorePassword=${ssl.password}

If you use NetBeans it can be set at project properties.