Hi Chalitha, It seems KM certificate isn't imported to the trustee. Can you verify it? If so we will need to fix it.
Thanks, Harsha On Sun, Nov 26, 2017 at 1:46 PM, Chalitha Waldeniyage <[email protected]> wrote: > Hi All, > > I'm setting up an APIM cluster puppet patten 6 using APIM 2.1.0 puppet > scripts[1]. > When I try to generate keys for an application, pub/store nodes are > throwing the below error. (IS 5.3.0 used as the Keymanager) > Additionally in gateway Manager and worker also throwing the similar > errors in the startup. I have imported the nginx public cert to the each > node client-truststore.jks file as per instruction in > [2] . > Could you please looking to this? > > > *pub/store Node error:* > TID: [-1234] [] [2017-11-26 06:40:15,956] ERROR > {org.wso2.carbon.apimgt.impl.APIConsumerImpl} - Could not execute > Workflow {org.wso2.carbon.apimgt.impl.APIConsumerImpl} > > org.wso2.carbon.apimgt.impl.workflow.WorkflowException: Error occurred when > updating the status of the Application creation process > at > org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:82) > at > org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java:54) > at > org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration(APIConsumerImpl.java:2789) > at > org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestApprovalForApplicationRegistration(UserAwareAPIConsumer.java:36) > at > org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplicationKey(APIStoreHostObject.java:385) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) > at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386) > at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) > at > org.jaggeryjs.rhino.store.modules.subscription.c3._c_anonymous_2(/store/modules/subscription/key.jag:39) > at > org.jaggeryjs.rhino.store.modules.subscription.c3.call(/store/modules/subscription/key.jag) > at > org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430) > at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269) > at > org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97) > at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) > at > org.jaggeryjs.rhino.store.modules.subscription.c0._c_anonymous_10(/store/modules/subscription/module.jag:35) > at > org.jaggeryjs.rhino.store.modules.subscription.c0.call(/store/modules/subscription/module.jag) > at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) > at > org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_anonymous_1(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:240) > at > org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) > at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) > at > org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_script_0(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:3) > at > org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) > at > org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) > at > org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) > at > org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) > at > org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.exec(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) > at > org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) > at > org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) > at > org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588) > at > org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508) > at > org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747) > at > org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) > at > org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377) > at > org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) > at > org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) > at > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > at > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) > at > org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) > at > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) > at > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958) > at > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error occurred > while executing SubscriberKeyMgtClient. > at > org.wso2.carbon.apimgt.impl.utils.APIUtil.handleException(APIUtil.java:1269) > at > org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:155) > at > org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:118) > at > org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:78) > ... 75 more > Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error while > creating tokens - sun.security.validator.ValidatorException: PKIX path > building failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.handleException(AMDefaultKeyManagerImpl.java:639) > at > org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:389) > at > org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:151) > ... 77 more > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) > at > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533) > at > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401) > at > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178) > at > org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) > at > org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131) > at > org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610) > at > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445) > at > org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) > at > org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:363) > ... 78 more > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) > at sun.security.validator.Validator.validate(Validator.java:260) > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) > ... 97 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) > ... 103 more > > ... 103 more > TID: [-1234] [] [2017-11-26 06:40:15,992] ERROR > {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag} > - org.jaggeryjs.scriptengine.exceptions.ScriptException: Error while > obtaining the application access token for the application:Helloapp45 > {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag} > > *GatewayManager/Worker error* > > TID: [-1] [] [2017-11-26 06:40:24,183] WARN > {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} - > Failed retrieving Blocking Conditions from remote endpoint: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target. Retrying after 15 seconds... > {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} > TID: [-1] [] [2017-11-26 06:40:39,187] WARN > {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} - > Failed retrieving Blocking Conditions from remote endpoint: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target. Retrying after 15 seconds... > {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} > > > [1] https://github.com/wso2/puppet-apim > > [2] https://docs.wso2.com/display/AM210/Distributed+Deployment+ > of+the+Gateway > > > Thank you, > Chalitha. > > -- > *Chalitha Maheshwari* > Software Engineer-QA, > WSO2 Inc. > > *E-mail:* [email protected] > *Mobile: *+94710 411 112 <+94%2071%20041%201112> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Harsha Kumara Software Engineer, WSO2 Inc. Mobile: +94775505618 Blog:harshcreationz.blogspot.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
