1

i have installed ejbca with jboss on a ubuntu server. The version of jboss is 5.1.0.GA, while the version of ejbca is 4_0_10. Now i would use ejbca function in my java project (eclipse) so I implemented the following code:

CryptoProviderTools.installBCProvider();    
        String urlstr = "https://EJBCA.cloud:8443/ejbca/ejbcaws/ejbcaws?wsdl";
        System.setProperty("javax.net.ssl.trustStore","C:\\Users\\PcEclipse.jks");
        System.setProperty("javax.net.ssl.trustStorePassword","Prova");
        System.setProperty("javax.net.ssl.keyStore","C:\\Users\\PcEclipse.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "Prova");
        QName qname = new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService");
        EjbcaWSService service = null;
        try {
            service = new EjbcaWSService(new URL(urlstr),qname);
        } catch (MalformedURLException e) {
            // TODO Auto-generated catch block
            System.out.println("errore nell'url");
        }
        EjbcaWS ejbcaraws = service.getEjbcaWSPort();

but i have the exception

    Exception in thread "main" javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://EJBCA.cloud:8443/ejbca/ejbcaws/ejbcaws?wsdl. It failed with: 
        Got java.security.cert.CertificateException: No name matching EJBCA.cloud found while opening stream from https://EJBCA.cloud:8443/ejbca/ejbcaws/ejbcaws?wsdl.

The keystore is generated with ejbca web ui creating a new endentity ed create a keystore in jks extension. This is a problem of keystore?How i can create the correct keystore/truststore? Thanks

I have generated a new keystore and truststore but now the error is:

Caused by: java.security.UnrecoverableKeyException: Password must not be null
luca
  • 3,248
  • 10
  • 66
  • 145
  • What is the name of the server in the certificate? I'm guessing not "EJBCA.cloud"? – nablex Sep 03 '14 at 13:50
  • i have use this step/setting: Administration-Add end entity: username: EJBCA.cloud password: Prova unstructuredName, Domain name (FQDN): EJBCA.cloud dnQualifier, DN Qualifier: EJBCA.cloud CN common name: EJBCA.cloud Certificate profile: ENDUSER Token: JKS file CA: ADMINCA1 After in publicweb-Create keystore i have used EJBCA.cloud e password Prova and i have generated jks with key length 1024 and certificate profile ENDUSER – luca Sep 03 '14 at 14:19
  • Use keystore from p12/truststore.jks and p12/tomcat.jks ,and try again. – shraddha bhardwaj Feb 25 '16 at 10:54

1 Answers1

0

I was experiencing the same issue as you. In my case the cert CN did seem to match the server domain name so I couldn't work out why it wasn't working.

I've not yet found an solution however I was able to confirm I wasn't going insane using the following code snippet which allowed me to compare the server and cert hostname values. It will also allow you to ignore the host validation by returning true.

But note that the validation is no longer taking place and this is a security control that is now being bypassed.

I can't take credit for the code snippet, albeit simple I found it online but can't recall the source.

        HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
        System.out.println("Warning: URL Host: " + urlHostName + " vs. "
            + session.getPeerHost());
        return true;
        }
        };

        HttpsURLConnection.setDefaultHostnameVerifier(hv);
ste
  • 401
  • 3
  • 5