Web service not accessible with Java over SSH tunnel

Question

I have two machines with Windows 7. I have Java 6 application which is calling certain external HTTPS web service. For the service to be reachable I had to create a SSH tunnel (via putty). However this solution works only on one machine since second machine gets "java.lang.RuntimeException: Unknown client side exception" when the application tries to connect to the web service. Interesting part is that I can access the service by URL in the browser on second machine.

UPDATE: Link to the stacktrace file: https://ufile.io/z1y8j

score 0 · Answer 1 · answered Mar 27 '18 at 13:10

You have two solutions to fix this problem:

The first one is to add the certification to the JVM. refer to this link:https://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html.

The second if you are using a java httpClient in order to invoke the secured web service so you should ignore this certificate so you should configure this by code. Refer to this example here i'm using RestTemplate of spring in order to invoke rest web services and ignoring the certification.
Example:

         @Bean
         public RestTemplate restTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException{
            TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;

            SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
            .loadTrustMaterial(null, (org.apache.http.ssl.TrustStrategy) acceptingTrustStrategy).build();

             SSLConnectionSocketFactory csf = new 
                      SSLConnectionSocketFactory(sslContext);

             CloseableHttpClient httpClient = 
               HttpClients.custom().setSSLSocketFactory(csf).build();

             HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();

            requestFactory.setHttpClient(httpClient);

            return new RestTemplate(requestFactory);
}

Required certificates are already added to cacerts. I would get different kind of error if this would be certification issue. My guess is that this is a Windows-network configuration issue with respect to Java (on my second machine since the first one is OK). I have peeked at host file, network connections and could not find differences... — user435421, Mar 27 '18 at 13:21
Can you put all the stack-trace in a comment please, this can help us to find a solution. — Fakhreddine Belgaied, Mar 27 '18 at 13:23

score 0 · Accepted Answer · answered May 10 '18 at 10:03

0

Problem was with local_policy.jar and US_export_policy.jar in jre/lib/security. Replaced them with different policy jars and all work fine now. ClientKeyExchange does not happen after ServerHelloDone

answered May 10 '18 at 10:03

user435421

859
2
13
31

Web service not accessible with Java over SSH tunnel

2 Answers2