Hi Harsha/Samitha, Yes i have created a self sign certificate as per [1] and imported all the nginx public keys there. I have verified that with above command as well. Here with I'm attaching the client trust.jks file which i'm using in the servers. Further key manager is fronted via nginx.
On Sun, Nov 26, 2017 at 10:09 PM, Samitha Chathuranga <[email protected]> wrote: > Hi Chalitha, > > Are you pointing KM (from other nodes) through load balancer? I don't > think you have done so. And if you have changed the hostnames of the > servers, the default keystore/client-trustore won't work. Refer [1] > > To check which certificates are in a Java keystore, enter the below > command. > > keytool -list -v -keystore client-truststore.jks > > > [1] - https://github.com/wso2/puppet-apim/tree/master/ > wso2am_runtime#keystore-and-client-truststore-related-configs > > > Regards, > Samitha > > On Sun, Nov 26, 2017 at 7:17 PM, Harsha Kumara <[email protected]> wrote: > >> Hi Chalitha, >> >> It seems KM certificate isn't imported to the trustee. Can you verify it? >> If so we will need to fix it. >> >> Thanks, >> Harsha >> >> On Sun, Nov 26, 2017 at 1:46 PM, Chalitha Waldeniyage <[email protected]> >> wrote: >> >>> Hi All, >>> >>> I'm setting up an APIM cluster puppet patten 6 using APIM 2.1.0 puppet >>> scripts[1]. >>> When I try to generate keys for an application, pub/store nodes are >>> throwing the below error. (IS 5.3.0 used as the Keymanager) >>> Additionally in gateway Manager and worker also throwing the similar >>> errors in the startup. I have imported the nginx public cert to the each >>> node client-truststore.jks file as per instruction in >>> [2] . >>> Could you please looking to this? >>> >>> >>> *pub/store Node error:* >>> TID: [-1234] [] [2017-11-26 06:40:15,956] ERROR >>> {org.wso2.carbon.apimgt.impl.APIConsumerImpl} - Could not execute >>> Workflow {org.wso2.carbon.apimgt.impl.APIConsumerImpl} >>> >>> org.wso2.carbon.apimgt.impl.workflow.WorkflowException: Error occurred when >>> updating the status of the Application creation process >>> at >>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:82) >>> at >>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java:54) >>> at >>> org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration(APIConsumerImpl.java:2789) >>> at >>> org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestApprovalForApplicationRegistration(UserAwareAPIConsumer.java:36) >>> at >>> org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplicationKey(APIStoreHostObject.java:385) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> at java.lang.reflect.Method.invoke(Method.java:498) >>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) >>> at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386) >>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >>> at >>> org.jaggeryjs.rhino.store.modules.subscription.c3._c_anonymous_2(/store/modules/subscription/key.jag:39) >>> at >>> org.jaggeryjs.rhino.store.modules.subscription.c3.call(/store/modules/subscription/key.jag) >>> at >>> org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430) >>> at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269) >>> at >>> org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97) >>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) >>> at >>> org.jaggeryjs.rhino.store.modules.subscription.c0._c_anonymous_10(/store/modules/subscription/module.jag:35) >>> at >>> org.jaggeryjs.rhino.store.modules.subscription.c0.call(/store/modules/subscription/module.jag) >>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >>> at >>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_anonymous_1(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:240) >>> at >>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) >>> at >>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_script_0(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:3) >>> at >>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>> at >>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) >>> at >>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) >>> at >>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>> at >>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.exec(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>> at >>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) >>> at >>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) >>> at >>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588) >>> at >>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508) >>> at >>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>> at >>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747) >>> at >>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) >>> at >>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377) >>> at >>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) >>> at >>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>> at >>> org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>> at >>> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>> at >>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>> at >>> org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) >>> at >>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>> at >>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958) >>> at >>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>> at >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452) >>> at >>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087) >>> at >>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) >>> at >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756) >>> at >>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >>> at >>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>> at java.lang.Thread.run(Thread.java:745) >>> Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error >>> occurred while executing SubscriberKeyMgtClient. >>> at >>> org.wso2.carbon.apimgt.impl.utils.APIUtil.handleException(APIUtil.java:1269) >>> at >>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:155) >>> at >>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:118) >>> at >>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:78) >>> ... 75 more >>> Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error while >>> creating tokens - sun.security.validator.ValidatorException: PKIX path >>> building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target >>> at >>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.handleException(AMDefaultKeyManagerImpl.java:639) >>> at >>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:389) >>> at >>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:151) >>> ... 77 more >>> Caused by: javax.net.ssl.SSLHandshakeException: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target >>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) >>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) >>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) >>> at >>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) >>> at >>> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) >>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) >>> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) >>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) >>> at >>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) >>> at >>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) >>> at >>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) >>> at >>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533) >>> at >>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401) >>> at >>> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178) >>> at >>> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) >>> at >>> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131) >>> at >>> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610) >>> at >>> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445) >>> at >>> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) >>> at >>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) >>> at >>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) >>> at >>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) >>> at >>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:363) >>> ... 78 more >>> Caused by: sun.security.validator.ValidatorException: PKIX path building >>> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable >>> to find valid certification path to requested target >>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) >>> at >>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) >>> at sun.security.validator.Validator.validate(Validator.java:260) >>> at >>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) >>> at >>> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) >>> at >>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) >>> at >>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) >>> ... 97 more >>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >>> unable to find valid certification path to requested target >>> at >>> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) >>> at >>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) >>> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) >>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) >>> ... 103 more >>> >>> ... 103 more >>> TID: [-1234] [] [2017-11-26 06:40:15,992] ERROR >>> {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag} >>> - org.jaggeryjs.scriptengine.exceptions.ScriptException: Error while >>> obtaining the application access token for the application:Helloapp45 >>> {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag} >>> >>> *GatewayManager/Worker error* >>> >>> TID: [-1] [] [2017-11-26 06:40:24,183] WARN >>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>> - Failed retrieving Blocking Conditions from remote endpoint: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target. Retrying after 15 seconds... >>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>> TID: [-1] [] [2017-11-26 06:40:39,187] WARN >>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>> - Failed retrieving Blocking Conditions from remote endpoint: >>> sun.security.validator.ValidatorException: PKIX path building failed: >>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>> valid certification path to requested target. Retrying after 15 seconds... >>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>> >>> >>> [1] https://github.com/wso2/puppet-apim >>> >>> [2] https://docs.wso2.com/display/AM210/Distributed+Deployment+o >>> f+the+Gateway >>> >>> >>> Thank you, >>> Chalitha. >>> >>> -- >>> *Chalitha Maheshwari* >>> Software Engineer-QA, >>> WSO2 Inc. >>> >>> *E-mail:* [email protected] >>> *Mobile: *+94710 411 112 <+94%2071%20041%201112> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Harsha Kumara >> Software Engineer, WSO2 Inc. >> Mobile: +94775505618 <+94%2077%20550%205618> >> Blog:harshcreationz.blogspot.com >> > > > > -- > Samitha Chathuranga > Software Engineer, WSO2 Inc. > lean.enterprise.middleware > Mobile: +94715123761 > > [image: http://wso2.com/signature] <http://wso2.com/signature> > -- *Chalitha Maheshwari* Software Engineer-QA, WSO2 Inc. *E-mail:* [email protected] *Mobile: *+94710 411 112
client-truststore.jks
Description: application/java-keystore
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
