Hi Sabra, One more thing to pay attention. If the remote server is fronted by a Load Balancer (i.e NginX), then in your client app's truststore, you need to have the public certificate of the load balancer instead of the remote server's public certificate.
Regards, TharinduE On Sun, May 17, 2015 at 10:15 AM, Dulanja Liyanage <dula...@wso2.com> wrote: > Hi Sabra, > > You can also start your client app with the following JVM argument and > check which trust store is getting loaded, and also the certificate that's > sent from the server side. > > -Djavax.net.debug=SSL,handshake,trustmanager > > Hope it helps. > > Thanks, > Dulanja > > On Sun, May 17, 2015 at 9:54 AM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Sabra, >> >> I can see that for making the SSL call you are setting the truststore >> path and the password as system properties. >> >> >> >> >> *System.setProperty(TRUST_STORE_PROPERTY, (new >> File(TRUST_STORE_PATH).getAbsolutePath())); >> System.setProperty(TRUST_STORE_PASSWORD_PROPERTY, TRUST_STORE_PASSWORD);* >> This is not recommended because assume that you have another client >> application which sets those system properties. Then the truststore path >> and password are overwritten. So at runtime your client may be using a >> different truststore where you don't have the server's public certificate >> imported in that truststore. >> >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> >> Above exception happens when the server's public certificate is not found >> in the client app's truststore. >> >> One simple solution is in you client app, you can print the system >> properties for truststore where it makes the HTTPS call. Then you can >> verify whether it uses the correct truststore. If it uses the correct >> trustore, make sure that you export the server's public certificate and >> import to that truststore. >> >> A sample code is available in [1] where it makes an HTTPS call without >> setting the truststore as system properties. You can refer that. It is the >> recommended way as it doesn't use system properties. If you need more help, >> please let me know. >> >> [1] >> https://github.com/wso2-dev/carbon-platform-integration/blob/master/test-automation-framework/org.wso2.carbon.automation.test.utils/src/main/java/org/wso2/carbon/automation/test/utils/generic/MutualSSLClient.java >> >> Thanks, >> TharinduE >> >> On Sat, May 16, 2015 at 7:55 PM, Sabra Ossen <sabra...@gmail.com> wrote: >> >>> Hi, >>> >>> I have deployed a Data Service in WSO2 Cloud and I am trying to push >>> data to the data service. >>> >>> I have specified the code below which connects to the dataservice >>> deployed. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> *String epr = >>> "https://appserver.dev.cloud.wso2.com/services/t/sabra8339/dataservice1-default-SNAPSHOT >>> <https://appserver.dev.cloud.wso2.com/services/t/sabra8339/dataservice1-default-SNAPSHOT>"; >>> System.setProperty(TRUST_STORE_PROPERTY, (new >>> File(TRUST_STORE_PATH).getAbsolutePath())); >>> System.setProperty(TRUST_STORE_PASSWORD_PROPERTY, TRUST_STORE_PASSWORD); >>> ConfigurationContext ctx = ConfigurationContextFactory >>> .createConfigurationContextFromFileSystem("/home/sabra/repository", >>> null); WSO2MarketingDashboardDataServiceStub stub = new >>> WSO2MarketingDashboardDataServiceStub(ctx, epr); ServiceClient client = >>> stub._getServiceClient(); Options options = client.getOptions(); >>> client.engageModule(MODULE); options.setUserName(USERNAME); >>> options.setPassword(PASSWORD); >>> options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, >>> loadPolicy(POLICY_FILE_PATH));* >>> >>> But I get the following error when I execute the program. >>> >>> May 15, 2015 11:57:25 AM >>> org.apache.commons.httpclient.HttpMethodDirector executeWithRetry >>> *INFO: I/O exception (org.apache.axis2.AxisFault) caught when processing >>> request: Connection has been shutdown: >>> javax.net.ssl.**SSLHandshakeException: >>> sun.security.validator.**ValidatorException: PKIX path building failed: >>> sun.security.provider.**certpath.**SunCertPathBuilderException: unable >>> to find valid certification path to requested target* >>> May 15, 2015 11:57:25 AM >>> org.apache.commons.httpclient.HttpMethodDirector executeWithRetry >>> INFO: Retrying request >>> May 15, 2015 11:57:25 AM org.apache.axis2.transport.http.HTTPSender >>> sendViaPost >>> INFO: Unable to sendViaPost to url[ >>> https://appserver.dev.cloud.wso2.com/services/t/sabra8339/dataservice1-default-SNAPSHOT >>> ] >>> org.apache.axis2.AxisFault: Connection has been shutdown: >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target >>> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) >>> at >>> org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78) >>> at >>> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84) >>> at >>> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499) >>> at >>> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) >>> at >>> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) >>> at >>> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) >>> at >>> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) >>> at >>> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) >>> at >>> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:622) >>> at >>> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193) >>> at >>> org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75) >>> at >>> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) >>> at >>> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) >>> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) >>> at >>> org.apache.axis2.description.OutOnlyAxisOperationClient.executeImpl(OutOnlyAxisOperation.java:297) >>> at >>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) >>> at >>> org.wso2.dashboard.marketing.client.WSO2MarketingDashboardDataServiceStub.insertWebsiteVisitorsPerWeek(WSO2MarketingDashboardDataServiceStub.java:610) >>> at DataServiceConnector.publishData(DataServiceConnector.java:72) >>> at Application.main(Application.java:8) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> at java.lang.reflect.Method.invoke(Method.java:606) >>> at >>> com.intellij.rt.execution.application.AppMain.main(AppMain.java:134) >>> Caused by: com.ctc.wstx.exc.WstxIOException: Connection has been >>> shutdown: javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target >>> at >>> com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1687) >>> at com.ctc.wstx.sw.BaseStreamWriter.close(BaseStreamWriter.java:288) >>> at >>> org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46) >>> at >>> org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:188) >>> at >>> org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:844) >>> at >>> org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74) >>> ... 23 more >>> Caused by: javax.net.ssl.SSLException: Connection has been shutdown: >>> javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target >>> at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1496) >>> at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1508) >>> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:70) >>> at >>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) >>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) >>> at >>> org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191) >>> at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99) >>> at >>> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) >>> at >>> com.ctc.wstx.sw.BufferingXmlWriter.close(BufferingXmlWriter.java:194) >>> at >>> com.ctc.wstx.sw.BaseStreamWriter.finishDocument(BaseStreamWriter.java:1685) >>> ... 28 more >>> Caused by: javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target >>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) >>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) >>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) >>> at >>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) >>> at >>> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) >>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913) >>> at sun.security.ssl.Handshaker.process_record(Handshaker.java:849) >>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023) >>> at >>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) >>> at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709) >>> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) >>> at >>> java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) >>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) >>> at >>> org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191) >>> at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:99) >>> at >>> com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214) >>> at com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311) >>> at >>> org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50) >>> at >>> org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:198) >>> at >>> org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:842) >>> ... 24 more >>> Caused by: sun.security.validator.ValidatorException: PKIX path building >>> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable >>> to find valid certification path to requested target >>> at >>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) >>> at >>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) >>> at sun.security.validator.Validator.validate(Validator.java:260) >>> at >>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) >>> at >>> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) >>> at >>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) >>> at >>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428) >>> ... 40 more >>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >>> unable to find valid certification path to requested target >>> at >>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) >>> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) >>> at >>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) >>> ... 46 more >>> >>> I appreciate any help on this issue. >>> >>> Thanks. >>> Sabra Ossen. >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Tharindu Edirisinghe >> Software Engineer | WSO2 Inc >> Identity Server Team >> mobile : +94 775 181586 >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Thanks & Regards, > Dulanja Liyanage > WSO2 Inc. > M: +94776764717 > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Identity Server Team mobile : +94 775 181586
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
