Hi Asankha,
I've changed the HTTPS Transport sender and the following error message
disappeared: "PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target".
But now I'm receiving another one :o(:
"com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"'
(code 34) in DOCTYPE declaration; expected a space between public and system
identifiers".
The only modification I've done, is changing the trustStore parameter of the
HTTPS Transport Sender in the webapp\WEB-INF\classes\conf\axis2.xml file.
Based on the stacktrace I'm not able to determine which document causes this
error. The modified axis2.xml file does not contain a DOCTYPE declaration.
Stacktrace:
2008-03-05 17:20:01,567 [192.168.13.175-INFOR2] [I/O dispatcher 3] ERROR
ClientHandler Received an unexpected response - of content type : text/html;
charset=iso-8859-1 and status code : 404 with reason : Not Found
2008-03-05 17:20:01,582 [192.168.13.175-INFOR2] [HttpClientWorker-1] ERROR
ClientWorker Unexpected response received
org.apache.axiom.om.OMException:
com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"' (code
34) in DOCTYPE declaration; expected a space between public and system
identifiers
at [row,col {unknown-source}]: [1,50]
at
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:239)
at
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelope(StAXSOAPModelBuilder.java:161)
at
org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.<init>(StAXSOAPModelBuilder.java:110)
at
org.apache.axis2.builder.BuilderUtil.getSOAPBuilder(BuilderUtil.java:609)
at
org.apache.axis2.transport.TransportUtils.createDocumentElement(TransportUtils.java:178)
at
org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:111)
at
org.apache.synapse.transport.nhttp.ClientWorker.run(ClientWorker.java:160)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
at java.lang.Thread.run(Thread.java:595)
PS: I'm using ESB v1.6.
Regards, Stefan Lecho.
asankha wrote:
>
> Hi Stefan
>> In order to setup an SSL connection with the Axis2-based client, we've
>> added
>> the following: "System.setProperty("javax.net.ssl.trustStore",
>> "d:/path_to_file/name_of_keystore");
>> System.setProperty("javax.net.ssl.trustStorePassword", "secret");".
>>
>> In ESB, I've changed the value of the "truststore" parameter to use the
>> same
>> truststore used by the Axis2-based client. I've also created a Proxy that
>> points to the https webservice. When calling this Proxy, the following
>> error
>> is generated: "Caused by: sun.security.validator.ValidatorException: PKIX
>> path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find
>> valid certification path to requested target". The used truststore
>> contains
>> the SSL certificate of the site.
>>
> Which "truststore" parameter did you change? Since you are "calling" and
> external HTTPS service, you must edit the HTTPS Transport Sender
> configuration as follows, and not the Listener
>
> <transportSender name="https"
> class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
> <parameter name="non-blocking" locked="false">true</parameter>
> <parameter name="keystore" locked="false">
> <KeyStore>
> <Location>identity.jks</Location>
> <Type>JKS</Type>
> <Password>password</Password>
> <KeyPassword>password</KeyPassword>
> </KeyStore>
> </parameter>
> *<parameter name="truststore" locked="false">
> <TrustStore>
> <Location>trust.jks</Location>
> <Type>JKS</Type>
> <Password>password</Password>
> </TrustStore>
> </parameter>*
> <!--<parameter
> name="HostnameVerifier">DefaultAndLocalhost</parameter>
> supports Strict|AllowAll|DefaultAndLocalhost or the default
> if none specified -->
> </transportSender>
>
>> I'm aware that this question is more related to JKS and SSL
>> configuration,
>> but - although I found it out for the Axis2-based client - I'm unable to
>> configure it correctly for ESB.
>>
> I am confident that this works without any issues if the keystores are
> properly configured. Basically I would expect the truststore to contain
> the CA certificate of your external server as a "trusted certificate" in
> the keystore
>
> If you can also send me the output of "keytool -v -list -keystore
> trust.jks" for your JKS, that would be helpful (please remember to hide
> your password from the output generated before you post it here :-))
>
> asankha
>
> _______________________________________________
> Esb-java-user mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
>
>
--
View this message in context:
http://www.nabble.com/HTTPS-connection-tp15613822p15854285.html
Sent from the WSO2 ESB Users mailing list archive at Nabble.com.
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
