locked
SSLHandshakeException- adCenter Production Environment RRS feed

  • Question

  • Hi,
    We are experiencing mentioned below "SSLHandshakeException" since long time.
    We are running the code on production environment.
    Java Version: jdk1.5 and operating system Windows XP
     
    Exception:
    --------------

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    AxisFault
     faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
     faultSubcode:
     faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
     faultActor:
     faultNode:
     faultDetail:
     {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
     at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
     at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:131)
     at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:370)
     at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:88)
     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
     at org.apache.axis.client.AxisClient.invoke(AxisClient.java:147)
     at org.apache.axis.client.Call.invokeEngine(Call.java:2719)
     at org.apache.axis.client.Call.invoke(Call.java:2702)
     at org.apache.axis.client.Call.invoke(Call.java:2378)
     at org.apache.axis.client.Call.invoke(Call.java:2301)
     at org.apache.axis.client.Call.invoke(Call.java:1758)
     at com.microsoft.adcenter.syncapis.ReportingSoapStub.requestBIReport(ReportingSoapStub.java:303)
     at services.msn.KeywordPerformanceReportService.fetchReport(KeywordPerformanceReportService.java:56)
     at scheduler.msn.KeywordPerformanceReportTask.doKeywordRelatedWork(KeywordPerformanceReportTask.java:201)
     at scheduler.msn.KeywordPerformanceReportTask.run(KeywordPerformanceReportTask.java:55)
     at scheduler.msn.KeywordPerformanceReportTask.execute(KeywordPerformanceReportTask.java:177)
     at org.quartz.core.JobRunShell.run(JobRunShell.java:191)
     at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:516)
    Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:187)
     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:130)
     at sun.security.validator.Validator.validate(Validator.java:203)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
     at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
     ... 26 more
    Caused by: java.security.cert.CertPathValidatorException: signature check failed
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
     at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:316)
     at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:206)
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:182)
     ... 31 more
    Caused by: java.security.SignatureException: Signature does not match.
     at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:446)
     at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:133)
     at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:112)
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
     ... 35 more

    Anyone experienced this exception before. We are using Java v 1.5 with OS: Windows XP? Can anyone help us to solve the problem.

    Friday, October 13, 2006 11:05 AM

Answers

  • Hi Guys,

     

    The issue which I had posted above has been resolved at our end. I thought to post the solution here, so if other guys facing the same issue might get help.

     

    Environment:

    We are working on the production environment.

    MSN API Version: V3

    Compiler: jdk1.5

     

    Solution:

    Here is the solution,

     

    Step-1 (Exporting Certificate):

    1- Browse this URL https://adcenterapi.microsoft.com/v3/Reporting in the IE (Internet Explorer)

    2- In your IE double click on the lock icon which you will find in the IE pane on the right corner along side of the Zone icon

    3- You will get a Certificate page - > Click on “Details” tab

    4- Click the “Copy to File” button

    5- A Wizard will appear - > Click the “Next” button

    6- Chose default "DER encoded binary X.509(.CER)

    7- Save the file with name "msft_ssa.cer"

     

    Above is how you can generate and save any of the certificate while working on the problems like mentioned below (same problem we faced with the Yahoo API)

     

    Step-2: (Importing Certificate using Java compiler)

     

    1- Use this command as mentioned in the MSN adcenter technical documentation.

     

    keytool -import -alias MSFT_SSA -file msft_ssa.cer -keystore %JavaHome%\jre\lib\security\cacerts

     

    2- Run the code again, mentioned below exception shouldn't be thrown.

     

    The above has resolved our problem.

     

    Fahad Hanif

    Systems Analyst

    www.ThinkPartnership.com

    Friday, October 13, 2006 12:21 PM

All replies

  • Hi Guys,

     

    The issue which I had posted above has been resolved at our end. I thought to post the solution here, so if other guys facing the same issue might get help.

     

    Environment:

    We are working on the production environment.

    MSN API Version: V3

    Compiler: jdk1.5

     

    Solution:

    Here is the solution,

     

    Step-1 (Exporting Certificate):

    1- Browse this URL https://adcenterapi.microsoft.com/v3/Reporting in the IE (Internet Explorer)

    2- In your IE double click on the lock icon which you will find in the IE pane on the right corner along side of the Zone icon

    3- You will get a Certificate page - > Click on “Details” tab

    4- Click the “Copy to File” button

    5- A Wizard will appear - > Click the “Next” button

    6- Chose default "DER encoded binary X.509(.CER)

    7- Save the file with name "msft_ssa.cer"

     

    Above is how you can generate and save any of the certificate while working on the problems like mentioned below (same problem we faced with the Yahoo API)

     

    Step-2: (Importing Certificate using Java compiler)

     

    1- Use this command as mentioned in the MSN adcenter technical documentation.

     

    keytool -import -alias MSFT_SSA -file msft_ssa.cer -keystore %JavaHome%\jre\lib\security\cacerts

     

    2- Run the code again, mentioned below exception shouldn't be thrown.

     

    The above has resolved our problem.

     

    Fahad Hanif

    Systems Analyst

    www.ThinkPartnership.com

    Friday, October 13, 2006 12:21 PM
  • Glad it worked out for you!

    Shai

    Saturday, October 14, 2006 3:24 AM
  • Thanks !

    Really it worked out ....

    Monday, January 22, 2007 9:06 AM