Tribune

Home » Liferay Portal » English » 3. Development

Vista Combinata Vista Piatta Vista ad Albero
Discussioni [ Precedente | Successivo ]
toggle
David Pereira
consume a web service, over ssl, in my portlet
17 gennaio 2013 9.24
Risposta

David Pereira

Punteggio: New Member

Messaggi: 11

Data di Iscrizione: 23 maggio 2012

Messaggi recenti

hi, I need to consume a web service, over ssl, in my portlet. When I try to execute this action the sistem shows me this exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
i am stuck right now, can you help me?? thanks
Olaf Kock
RE: consume a web service, over ssl, in my portlet
20 gennaio 2013 10.31
Risposta

Olaf Kock

LIFERAY STAFF

Punteggio: Liferay Legend

Messaggi: 2012

Data di Iscrizione: 23 settembre 2008

Messaggi recenti

This is a classic issue for https: https has two aspects - first, it encrypts the communication. Second, it ensures that the server you're connecting to is indeed the one that you're expecting. This is ensured by a certificate that your client trusts. I.e. it's either "signed" by a trustworthy certificate agency (e.g. one that is built in to Java) or you have manually imported the certificate as trusted (for the host you're connecting to). As this has nothing to do with Liferay, you'll be best of to look for generic articles on this kind of setup.

You might get help from my old, somewhat related, blog post (it won't match 100%, but explains the basic steps for setting up trust)
David Pereira
RE: consume a web service, over ssl, in my portlet
21 gennaio 2013 9.25
Risposta

David Pereira

Punteggio: New Member

Messaggi: 11

Data di Iscrizione: 23 maggio 2012

Messaggi recenti

thanks for your attention. I could consume the web services from a java project, setting the system properties

System.setProperty("https.protocols", "SSLv3");
System.setProperty("https.protocols", "TLSv1");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.keyStore",
"Cert.p12");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", "psswd");
System.setProperty("javax.net.ssl.trustStore",
"jssecacerts");

but when I make my webservices client into liferay's proyect it doesn't work any more. I've inverted three days to find the solution, but anything seems to work. Your blog is very clear and helps me to understand, but I still have with the same problem.. any ideas??
thanks for you help, and sorry for my english.
Olaf Kock
RE: consume a web service, over ssl, in my portlet
25 gennaio 2013 2.39
Risposta

Olaf Kock

LIFERAY STAFF

Punteggio: Liferay Legend

Messaggi: 2012

Data di Iscrizione: 23 settembre 2008

Messaggi recenti

Hard to say with the bit of information about your system/setup.

I expect System.setProperty not to work well in webapplications in containers (without checking), but maybe you can be lucky there. Did you follow the "trust setup" from my blog post? AFAIK the "unsafe renegotiation" kind of neglects the whole purpose of https: You're encrypting the traffic, yes, but you don't know whom you're speaking to - you might also encrypt your traffic with an attacker.

You might want to monitor what's going over the network connection between the two machines. Also, make sure that you're actually using the hostname of the machine you're connecting to both in your URLs as in your certificate.
David Pereira
RE: consume a web service, over ssl, in my portlet
5 febbraio 2013 5.23
Risposta

David Pereira

Punteggio: New Member

Messaggi: 11

Data di Iscrizione: 23 maggio 2012

Messaggi recenti

Thanks for your interest. I was able to consume the web services from a tomcat server without the liferay's libraries, so I think there is a conflict with some library, but I don't know wich one. I'm still investigating..
Olaf Kock
RE: consume a web service, over ssl, in my portlet
5 febbraio 2013 13.25
Risposta

Olaf Kock

LIFERAY STAFF

Punteggio: Liferay Legend

Messaggi: 2012

Data di Iscrizione: 23 settembre 2008

Messaggi recenti

from "a tomcat" or from the same tomcat that Liferay runs in? Be aware that you can configure tomcat to use a specific keystore, so if you did that to your "a tomcat" but not to the other one running Liferay, there you are. If they're running in just one tomcat, validate the server names used that you connect to - and make sure you don't use the IP addresses in one case.