Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
David Pereira
consume a web service, over ssl, in my portlet
January 17, 2013 9:24 AM
Answer

David Pereira

Rank: New Member

Posts: 11

Join Date: May 23, 2012

Recent Posts

hi, I need to consume a web service, over ssl, in my portlet. When I try to execute this action the sistem shows me this exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
i am stuck right now, can you help me?? thanks
Olaf Kock
RE: consume a web service, over ssl, in my portlet
January 20, 2013 10:31 AM
Answer

Olaf Kock

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1826

Join Date: September 23, 2008

Recent Posts

This is a classic issue for https: https has two aspects - first, it encrypts the communication. Second, it ensures that the server you're connecting to is indeed the one that you're expecting. This is ensured by a certificate that your client trusts. I.e. it's either "signed" by a trustworthy certificate agency (e.g. one that is built in to Java) or you have manually imported the certificate as trusted (for the host you're connecting to). As this has nothing to do with Liferay, you'll be best of to look for generic articles on this kind of setup.

You might get help from my old, somewhat related, blog post (it won't match 100%, but explains the basic steps for setting up trust)
David Pereira
RE: consume a web service, over ssl, in my portlet
January 21, 2013 9:25 AM
Answer

David Pereira

Rank: New Member

Posts: 11

Join Date: May 23, 2012

Recent Posts

thanks for your attention. I could consume the web services from a java project, setting the system properties

System.setProperty("https.protocols", "SSLv3");
System.setProperty("https.protocols", "TLSv1");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.keyStore",
"Cert.p12");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "psswd");
System.setProperty("javax.net.ssl.trustStore",
"jssecacerts");

but when I make my webservices client into liferay's proyect it doesn't work any more. I've inverted three days to find the solution, but anything seems to work. Your blog is very clear and helps me to understand, but I still have with the same problem.. any ideas??
thanks for you help, and sorry for my english.
Olaf Kock
RE: consume a web service, over ssl, in my portlet
January 25, 2013 2:39 AM
Answer

Olaf Kock

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1826

Join Date: September 23, 2008

Recent Posts

Hard to say with the bit of information about your system/setup.

I expect System.setProperty not to work well in webapplications in containers (without checking), but maybe you can be lucky there. Did you follow the "trust setup" from my blog post? AFAIK the "unsafe renegotiation" kind of neglects the whole purpose of https: You're encrypting the traffic, yes, but you don't know whom you're speaking to - you might also encrypt your traffic with an attacker.

You might want to monitor what's going over the network connection between the two machines. Also, make sure that you're actually using the hostname of the machine you're connecting to both in your URLs as in your certificate.
David Pereira
RE: consume a web service, over ssl, in my portlet
February 5, 2013 5:23 AM
Answer

David Pereira

Rank: New Member

Posts: 11

Join Date: May 23, 2012

Recent Posts

Thanks for your interest. I was able to consume the web services from a tomcat server without the liferay's libraries, so I think there is a conflict with some library, but I don't know wich one. I'm still investigating..
Olaf Kock
RE: consume a web service, over ssl, in my portlet
February 5, 2013 1:25 PM
Answer

Olaf Kock

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1826

Join Date: September 23, 2008

Recent Posts

from "a tomcat" or from the same tomcat that Liferay runs in? Be aware that you can configure tomcat to use a specific keystore, so if you did that to your "a tomcat" but not to the other one running Liferay, there you are. If they're running in just one tomcat, validate the server names used that you connect to - and make sure you don't use the IP addresses in one case.