Hi Sabra, You can also start your client app with the following JVM argument and check which trust store is getting loaded, and also the certificate that's sent from the server side.
-Djavax.net.debug=SSL,handshake,trustmanager Hope it helps. Thanks, Dulanja On Sun, May 17, 2015 at 9:54 AM, Tharindu Edirisinghe <tharin...@wso2.com> wrote: > Hi Sabra, > > I can see that for making the SSL call you are setting the truststore path > and the password as system properties. > > > > > *System.setProperty(TRUST_STORE_PROPERTY, (new > File(TRUST_STORE_PATH).getAbsolutePath())); > System.setProperty(TRUST_STORE_PASSWORD_PROPERTY, TRUST_STORE_PASSWORD);* > This is not recommended because assume that you have another client > application which sets those system properties. Then the truststore path > and password are overwritten. So at runtime your client may be using a > different truststore where you don't have the server's public certificate > imported in that truststore. > > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > Above exception happens when the server's public certificate is not found > in the client app's truststore. > > One simple solution is in you client app, you can print the system > properties for truststore where it makes the HTTPS call. Then you can > verify whether it uses the correct truststore. If it uses the correct > trustore, make sure that you export the server's public certificate and > import to that truststore. > > A sample code is available in [1] where it makes an HTTPS call without > setting the truststore as system properties. You can refer that. It is the > recommended way as it doesn't use system properties. If you need more help, > please let me know. > > [1] > https://github.com/wso2-dev/carbon-platform-integration/blob/master/test-automation-framework/org.wso2.carbon.automation.test.utils/src/main/java/org/wso2/carbon/automation/test/utils/generic/MutualSSLClient.java > > Thanks, > TharinduE > > On Sat, May 16, 2015 at 7:55 PM, Sabra Ossen <sabra...@gmail.com> wrote: > >> Hi, >> >> I have deployed a Data Service in WSO2 Cloud and I am trying to push data >> to the data service. >> >> I have specified the code below which connects to the dataservice >> deployed. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> *String epr = >> "https://appserver.dev.cloud.wso2.com/services/t/sabra8339/dataservice1-default-SNAPSHOT >> <https://appserver.dev.cloud.wso2.com/services/t/sabra8339/dataservice1-default-SNAPSHOT>"; >> System.setProperty(TRUST_STORE_PROPERTY, (new >> File(TRUST_STORE_PATH).getAbsolutePath())); >> System.setProperty(TRUST_STORE_PASSWORD_PROPERTY, TRUST_STORE_PASSWORD); >> ConfigurationContext ctx = ConfigurationContextFactory >> .createConfigurationContextFromFileSystem("/home/sabra/repository", >> null); WSO2MarketingDashboardDataServiceStub stub = new >> WSO2MarketingDashboardDataServiceStub(ctx, epr); ServiceClient client = >> stub._getServiceClient(); Options options = client.getOptions(); >> client.engageModule(MODULE); options.setUserName(USERNAME); >> options.setPassword(PASSWORD); >> options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, >> loadPolicy(POLICY_FILE_PATH));* >> >> But I get the following error when I execute the program. >> >> May 15, 2015 11:57:25 AM org.apache.commons.httpclient.HttpMethodDirector >> executeWithRetry >> *INFO: I/O exception (org.apache.axis2.AxisFault) caught when processing >> request: Connection has been shutdown: javax.net.ssl.**SSLHandshakeException: >> sun.security.validator.**ValidatorException: PKIX path building failed: >> sun.security.provider.**certpath.**SunCertPathBuilderException: unable >> to find valid certification path to requested target* >> May 15, 2015 11:57:25 AM org.apache.commons.httpclient.HttpMethodDirector >> executeWithRetry >> INFO: Retrying request >> May 15, 2015 11:57:25 AM org.apache.axis2.transport.http.HTTPSender >> sendViaPost >> INFO: Unable to sendViaPost to url[ >> https://appserver.dev.cloud.wso2.com/services/t/sabra8339/dataservice1-default-SNAPSHOT >> ] >> org.apache.axis2.AxisFault: Connection has been shutdown: >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) >> at >> org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78) >> at >> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84) >> at >> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499) >> at >> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) >> at >> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) >> at >> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) >> at >> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) >> at >> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) >> at >> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:622) >> at >> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193) >> at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75) >> at >> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) >> at >> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) >> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) >> at >> org.apache.axis2.description.OutOnlyAxisOperationClient.executeImpl(OutOnlyAxisOperation.java:297) >> at >> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) >> at >> org.wso2.dashboard.marketing.client.WSO2MarketingDashboardDataServiceStub.insertWebsiteVisitorsPerWeek(WSO2MarketingDashboardDataServiceStub.java:610) >> at DataServiceConnector.publishData(DataServiceConnector.java:72) >> at Application.main(Application.java:8) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at >> com.intellij.rt.execution.application.AppMain.main(AppMain.java:134) >> Caused by: com.ctc.wstx.exc.WstxIOException: Connection has been >> shutdown: javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> at >> com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1687) >> at com.ctc.wstx.sw.BaseStreamWriter.close(BaseStreamWriter.java:288) >> at >> org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46) >> at >> org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:188) >> at >> org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:844) >> at >> org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74) >> ... 23 more >> Caused by: javax.net.ssl.SSLException: Connection has been shutdown: >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1496) >> at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1508) >> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:70) >> at >> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) >> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) >> at >> org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191) >> at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99) >> at >> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) >> at >> com.ctc.wstx.sw.BufferingXmlWriter.close(BufferingXmlWriter.java:194) >> at >> com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1685) >> ... 28 more >> Caused by: javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) >> at >> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) >> at >> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) >> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913) >> at sun.security.ssl.Handshaker.process_record(Handshaker.java:849) >> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023) >> at >> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) >> at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709) >> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) >> at >> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) >> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) >> at >> org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191) >> at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99) >> at >> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) >> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311) >> at >> org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50) >> at >> org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:198) >> at >> org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:842) >> ... 24 more >> Caused by: sun.security.validator.ValidatorException: PKIX path building >> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable >> to find valid certification path to requested target >> at >> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) >> at >> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) >> at sun.security.validator.Validator.validate(Validator.java:260) >> at >> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) >> at >> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) >> at >> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) >> at >> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428) >> ... 40 more >> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target >> at >> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) >> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) >> at >> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) >> ... 46 more >> >> I appreciate any help on this issue. >> >> Thanks. >> Sabra Ossen. >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > Tharindu Edirisinghe > Software Engineer | WSO2 Inc > Identity Server Team > mobile : +94 775 181586 > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Thanks & Regards, Dulanja Liyanage WSO2 Inc. M: +94776764717
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
