Because self signed certificates are not signed by what is known as a Trusted Certificate Authority like Verisign, Java will reject any connection to it .The Java SE comes with a set of Trusted Certificate Authorities which is in $JAVA_HOMEjrelibsecuritycacerts file and you have to add yourself to this if you want it to work with your self signed certificate, otherwise, you will get an exception like the one below.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
This is normally when you come to test in a non production environment. To get around the problem you can create your own cacerts file and use this file every time you run in a test environment pointing to anything other than a production environment. Once the code is run in production there will be no need for this as you will be using a certificates signed by one of the Trusted Authorities which will be in the $JAVA_HOME\jre\lib\security\cacerts file.
I’m an assuming you already have exported your SSL certificate to a file using a web browser and imported it into your keystore, the next step is to create your own cacerts file.
Here is the command (assuming you saved your certificate file in the root of your c drive and called mycertificate.crt
C\:>keytool -import -alias yourhostnameintestenvironment -file C\:mycertificate.crt -trustcacerts -keystore c:mycacerts
This should create you a mycacerts file in the root of your c drive
When running your java program you will now need to tell java to use this file rather then the $JAVA_HOME\jre\lib\security\cacerts file which is does by default. Add the following system property
-Djavax.net.ssl.trustStore=c:\mycacerts
So you should have something like this
java -Djavax.net.ssl.trustStore=c:\mycacerts JavaMainProgram
If you are running in an IDE like eclipse then you will need to add it to the run profile for that class or server you are running your application under.
This should solve your problem for accessing SOAP via SSL in a non production environment