Troubleshooting: Web services
Problem: Web services return a fault code and fault string in SOAP body (example 1)
You get an error similar to the following example:
<soapenv:Envelope
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server.generalException</faultcode>
<faultstring>com.ibm.wsspi.channel.framework.exception.ChannelException:
com.ibm.wsspi.channel.framework.exception.ChannelException:
Invalid trust file name of null</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
Solution:
The Web services client has not specified any trust store, so you have to configure the Web services client to reference the key database file. Add the following lines to the Web services client code:
System.setProperty("javax.net.ssl.trustStore"," filename"); System.setProperty("javax.net.ssl.trustStorePassword"," password"); System.setProperty("javax.net.ssl.keyStore"," filename"); System.setProperty("javax.net.ssl.keyStorePassword"," password");Where:
- filename is the filename of key database file, for example C:/key.jks.
- password is the password of the key database file.
Alternatively, you can add those properties as command line arguments, for example -Djavax.net.ssl.trustStore=
filename
Problem: Web services return a fault code and fault string in SOAP body (example 2)
You get an error similar to the following example:
<soapenv:Envelope
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"t;
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server.generalException</faultcode>
<faultstring>com.ibm.wsspi.channel.framework.exception.ChannelException:
com.ibm.wsspi.channel.framework.exception.ChannelException:
No key store specified and no hardware crypto
defined</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
Solution:
The Web services client has not specified any trust store, so you have to configure the Web services client to reference the key database file. Add the following lines to the Web services client code:
System.setProperty("javax.net.ssl.trustStore", " filename"); System.setProperty("javax.net.ssl.trustStorePassword", " password"); System.setProperty("javax.net.ssl.keyStore", " filename"); System.setProperty("javax.net.ssl.keyStorePassword", " password");where:
- filename is the filename of the key database file, for example C:/key.jks.
- password is the password of the key database file. Alternatively, you can add those properties as command line arguments, for example -Djavax.net.ssl.trustStore= filename
Problem: Web services return a fault code and fault string in SOAP body (example 3).
You get an error similar to the following example:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header/>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server.generalException</faultcode>
<faultstring>WSWS3713E: Connection to the remote host
localhost failed.Received the following error: Handshake terminated
SSL engine:
CLOSED</faultstring>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
Solution:
The trust store referenced by the Web services client does not have the server certificate as a signer certificate. Perform the following steps:
- Extract the self-signed certificate and add it to a new key database file.
- Using the key management utility, open keyfile.kdb, select the self-signed certificate, and click Extract Certificate to extract the certificate to a file.
- Using the key management utility, select Key Database File > New to create a new key database file. Note: The key database type should be "JKS". Type the name and password for the database file.
- Select Signer Certificates, and click Add to add the self-signed certificate to the key/trust store file. Type the certificate label.
- Close the key management utility to save the changes.