Call Webservice over HTTPS

I am in an effort to publish a service on my Business Connector Server as a webservice. I tested the connectivity over HTTP and it worked fine. I am using Apache Axis for calling the Webservice. I used the wsdl to generate the client side java code.
To make it work on HTTPS , I set up the port on the BC Server, created the Certificates using OpenSSL and was able to launch the admin console using HTTPS.
Now, the call to the web service from my Axis generated java client does not seem to be working.
I get the following error…

{[url=“http://xml.apache.org/axis/”]http://xml.apache.org/axis/[/url]}stackTrace:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: CA certificate does not include basic constraints extension

I am not sure if the client side certificates are being passed.
What do i need to do on the client side to attach the certificates?

I have set the “Client Authentication” on the port to NONE.

Please Help.

Thanks
Pawan

Pawan,

Sounds like there may be some issue with your CA cert. Maybe your browser ignores these errors. I would take a look at how you are creating the CA cert that you used to sign your server cert.

Mark

Hi Mark,

I used the steps given by you in the post below.
[url=“wmusers.com”]wmusers.com

I used the nopasswordkey.der and cert.der in the BC Server.

When i view the certificate …this is what i see

“This CA Root Certificate is not trusted.To enable trust,install this certificate in the trusted root certification authorities store”…

Do i need to do this?
Please let me know if i am missing something.

Thanks
Pawan

Yes, in essence I think this means that the Certifying Authority (CA) that you created is not trusted by whatever tool you are using to view the cert. If you had purchased a cert from Entrust or Verisign it would not have this issue as those CA’s are already trusted by most tools.

To fix this issue you need to tell your tool (not sure what you are using) to trust this CA and, optionally, the cert of your IS box.

The steps to doing this vary by tool. For java, it usually involves copying the cert into a specific folder (sorry don’t remember which one off the top of my head). Axis may use this or have another approach. The javadocs for the JDK and for Axis should give you some help.

Mark