0

i am Trying to access EJBCA Webservice from a client machine and i am getting these exceptions mentioned below : please tell me what are the possible reasonsand working solution of these Exception : javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://example.com:8442/ejbca/ejbcaws/ejbcaws?wsdl. It failed with: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Tariq Abbas
  • 121
  • 1
  • 13

1 Answers1

1

I guess you get the exception at the client, this means you don't have the ca certificate that issued the server certificate in the truststore of the client. If you did not modify your ejbca installation you should copy your AdminCA certificate into the truststore of your client.

If you got it on the server you need too issue a client certificate from your AdminCA, create a new Role under "Administrator Roles" and authorize the issued client certificates for the required cas and use this certificate in your client.

MatK
  • 96
  • 2
  • would it be working if i use ,on client side, the superadmin.p12 or the tomcat.jks and truststore.jks of server ,generated when ejbca is installed? do you have a pseudo code or a sample code snippet which would help me correcting the declaration,initialization and then calling webservice methods. thank you – Tariq Abbas Dec 10 '14 at 04:38
  • It will work as stated on the [documentation](http://ejbca.org/docs/adminguide.html#EJBCA Web Service Interface): The Web Services interface requries client certificate authentication from administrators, in the same way as the admin GUI does. If you have a client certificate the works on the admin GUI you should also be able to use it for the web service interface. But I would *not* use the superadmin. Just create a new client end entity thats get issued by your admin ca and issue a keystore. Then create the required Administration rules. – MatK Dec 10 '14 at 08:59
  • i am still getting bad_certificate exceptions after doing the recommended settings . – Tariq Abbas Dec 15 '14 at 10:18