Certificate error using AXL Service

Version 1
    This document was generated from CDN thread

    Created by: Komalkumar Tagdiwala on 17-01-2013 07:20:18 PM
    I am new to AXL development and followed all the steps outlined on http://developer.cisco.com/web/axl-developer/axl-java-sample-application to build the sample application. I also double-checked to ensure that the AXL Service is activated and appropriate user groups, roles and permissions added. I exported the SSL certificate from the AXL url https://mycucmhost:8443/axl/ and added it to my keystore using the keytool command. I then confirmed using keytool -list command to ensure that the certifcate shows up in the keystore. However, when I attempt to run the AXL Demo application, I keep getting the certificate error shown below: Jan 17, 2013 5:14:13 PM com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser parseWSDL WARNING: [failed to localize] wsdl.import.should.be.wsdl(file:/C:/eclipse_current/workspace/cucm-poc/schema/current/AXLSoap.xsd) Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source)     at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)     at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)     at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)     at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)     at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)     at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)     at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)     at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)     at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)     at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)     at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)     at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)     at $Proxy33.getPhone(Unknown Source)     at com.cisco.axl.demo.Demo.getPhone(Demo.java:158)     at com.cisco.axl.demo.Demo.getPhoneInfo(Demo.java:126)     at com.cisco.axl.demo.Demo.main(Demo.java:102) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)     at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)     at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)     ... 17 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at sun.security.validator.PKIXValidator.doBuild(Unknown Source)     at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)     at sun.security.validator.Validator.validate(Unknown Source)     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)     ... 29 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)     at java.security.cert.CertPathBuilder.build(Unknown Source)     ... 35 more What might I be missing or doing wrong?

    Subject: RE: Certificate error using AXL Service
    Replied by: Komalkumar Tagdiwala on 23-01-2013 10:47:20 PM
    I ended up deleting the jssecacerts and using the InstallCert utility (researched on the Internet).

    While this problem has been resolved, I am now running into 401 (Unauthorized) error with the certificate. It is sad to see that the instructions on developer.cisco.com do not provide enough instructions to deal with such a common problems.
    Komalkumar Tagdiwala:
    I am new to AXL development and followed all the steps outlined on http://developer.cisco.com/web/axl-developer/axl-java-sample-application to build the sample application. I also double-checked to ensure that the AXL Service is activated and appropriate user groups, roles and permissions added. I exported the SSL certificate from the AXL url https://mycucmhost:8443/axl/ and added it to my keystore using the keytool command. I then confirmed using keytool -list command to ensure that the certifcate shows up in the keystore. However, when I attempt to run the AXL Demo application, I keep getting the certificate error shown below: Jan 17, 2013 5:14:13 PM com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser parseWSDL WARNING: [failed to localize] wsdl.import.should.be.wsdl(file:/C:/eclipse_current/workspace/cucm-poc/schema/current/AXLSoap.xsd) Exception in thread "main" com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source)     at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source)     at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source)     at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source)     at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)     at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)     at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)     at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)     at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)     at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown Source)     at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)     at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown Source)     at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown Source)     at $Proxy33.getPhone(Unknown Source)     at com.cisco.axl.demo.Demo.getPhone(Demo.java:158)     at com.cisco.axl.demo.Demo.getPhoneInfo(Demo.java:126)     at com.cisco.axl.demo.Demo.main(Demo.java:102) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)     at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)     at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)     ... 17 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at sun.security.validator.PKIXValidator.doBuild(Unknown Source)     at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)     at sun.security.validator.Validator.validate(Unknown Source)     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)     ... 29 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target     at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)     at java.security.cert.CertPathBuilder.build(Unknown Source)     ... 35 more What might I be missing or doing wrong?