SOAP SSL Cert problem

[3RiversTechAdmin]

Hey Everyone,

I'm working on some software to interface Zimbra and some other systems we run. I made a small test program and I get the following SSL related error . Do I need to modify com.zimbra.soap.SoapHttpTransport.invoke? Any suggestions would be great. The full stack trace and test program code is below:

Stack Trace:

Code:

java -jar ZimbraInterface.jar https://localhost/service/soap test test
Connecting to https://localhost/service/soap as test.... javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain
at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1520)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:182)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:176)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:975)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:511)
at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:449)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:817)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1029)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRe cord(SSLSocketImpl.java:621)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write (AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:123)
at org.apache.commons.httpclient.methods.StringReques tEntity.writeRequest(StringRequestEntity.java:150)
at org.apache.commons.httpclient.methods.EntityEnclos ingMethod.writeRequestBody(EntityEnclosingMethod.j ava:495)
at org.apache.commons.httpclient.HttpMethodBase.write Request(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.execu te(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.e xecuteWithRetry(HttpMethodDirector.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.e xecuteMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMe thod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMe thod(HttpClient.java:324)
at com.zimbra.soap.SoapHttpTransport.invoke(SoapHttpT ransport.java:192)
at com.zimbra.soap.SoapTransport.invoke(SoapTransport .java:231)
at com.zimbra.cs.client.soap.LmcSoapRequest.invoke(Lm cSoapRequest.java:148)
at com.zimbra.cs.client.soap.Test.main(Test.java:57)
Caused by: java.security.cert.CertificateException: Untrusted Server Certificate Chain
at com.sun.net.ssl.X509TrustManagerJavaxWrapper.check ServerTrusted(SSLSecurity.java:600)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:967)
... 21 more

Program Code:

Code:

package com.zimbra.cs.client.soap;

import java.io.IOException;
import java.io.File;
import java.util.*;

import com.zimbra.common.service.ServiceException;
import com.zimbra.cs.client.*;
import com.zimbra.soap.SoapFaultException;
import com.zimbra.cs.index.MailboxIndex;
import com.zimbra.cs.service.mail.ItemAction;
import com.zimbra.cs.util.Zimbra;

public class Test
{
    public static void main(String args[])
    {
        Zimbra.toolSetup();
        if (args.length != 3)
        {
            System.out.println("Usage: Tester <serverURL> <username> <password>");
            System.out.println("where:");
            System.out.println("<serverURL> is the full URL to the SOAP service");
            System.out.println("<username> is the name of the user to log in as");
            System.out.println("<password> is that user's password");
            System.exit(0);
        }
        String serverURL = args[0];
        try
        {
            // ping
            System.out.print("Connecting to " + serverURL + " as " + args[1] + ".... ");
            LmcPingRequest pr = new LmcPingRequest();
            LmcPingResponse pResp = (LmcPingResponse)pr.invoke(serverURL);
            System.out.println("OK");
            
/*            // auth
            System.out.print("connected\nAuthenticating... ");
            LmcAuthRequest auth = new LmcAuthRequest();
            auth.setUsername(args[1]);
            auth.setPassword(args[2]);
            LmcAuthResponse authResp = (LmcAuthResponse)auth.invoke(serverURL);
            LmcSession session = authResp.getSession();
            System.out.println("OK");
/*            
            //get info
            String prefs[] = new String[] { "zimbraPrefMailSignatureEnabled", "zimbraPrefSaveToSent" };
            LmcGetPrefsRequest prefReq = new LmcGetPrefsRequest();
            prefReq.setSession(session);
            prefReq.setPrefsToGet(prefs);
            LmcGetPrefsResponse prefResponse = (LmcGetPrefsResponse)prefReq.invoke(serverURL);
            HashMap prefMap =prefResponse.getPrefsMap();
            Set <String> s = prefMap.entrySet();
            String[] prefStrs = s.toArray(new String[0]);            
            Arrays.sort(prefStrs);
            for(int i = 0; i < prefStrs.length; i++)
                System.out.println(prefStrs[i]);            
            */
        }
        catch (Exception e)
        {
            e.printStackTrace();
        } 
    }
}

[mmorse]

Saw your thread from last week as well (I might merge them in a sec)
When I see the 'untrusted cert chain' I usually think it's time that I regenerate all the certs SSL Certificate Problems - Zimbra :: Wiki
-can't hurt to give it a shot