Hi, were you able to have it working? I would like to do the same. Thank you, Bertrand
On Wednesday, November 27, 2013 at 1:47:41 PM UTC+1, Naveen Desu wrote: > > Hi, > > I am building a Java RESTful Client to connect & access Puppet Master > services. While attempting this, I am unable to get SSLHandshake through. > Can you pls let me know where I am going wrong: > > Puppet Master: puppetmaster.domain.com > Java Client: javaclient.domain.com > > Obtained required signed certificates from puppetmaster.domain.com using: > a. Run command "*puppet cert --generate javaclient.domain.com > <http://javaclient.domain.com>*" > > b. Obtained > Signed Certificate from {ssldir}/certs/javaclient.domain.com.pem & > renamed it to javaclient.domain.com-cert.pem > Private key from {ssldir}/private_keys/javaclient.domain.com.pem & > renamed it to javaclient.domain.com-key.pem > > c. Created PKCS12 keystore using "*openssl pkcs12 -export -name > myservercert > -in javaclient.domain.com-cert.pem -inkey javaclient.domain.com-key.pem -out > javaclient.domain.com.p12* > " > > d. Convert PKCS12 keystore into a JKS keystore using "*keytool > -importkeystore > -destkeystore javaclient.domain.com.jks -srckeystore > javaclient.domain.com.p12 -srcstoretype > pkcs12 -alias myservercert*" > > Now the keystore *javaclient.domain.com.jks* is used in the java > application using the snippet > > KeyStore trustStore = KeyStore.getInstance("JKS"); > trustStore.load(new FileInputStream({javaclient.domain.com.jks > path}), "{Password}".toCharArray()); > TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); > tmf.init(trustStore); > > ctx = SSLContext.getInstance("SSL"); > ctx.init(null, tmf.getTrustManagers(), null); > ClientConfig config = new DefaultClientConfig(); // Jersey API > config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new > HTTPSProperties(hostnameVerifier, ctx)); > > The Java client fails to run with exception "No trusted certficate found" > com.sun.jersey.api.client.ClientHandlerException: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > at > com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:151) > at com.sun.jersey.api.client.Client.handle(Client.java:648) > at com.sun.jersey.api.client.WebResource.handle(WebResource.java:680) > at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) > at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:507) > at test.JerseyRestAPI.executeRestAPI(JerseyRestAPI.java:105) > at test.JerseyRestAPI.main(JerseyRestAPI.java:37) > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300) > at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) > at > com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:249) > at > com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149) > > Can you suggest where I am going wrong - in creating Signed certificate on > Puppet Master (or) creation of Keystore from the obtained certificate & > private-key? > > Thanks, > Naveen. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fe227190-47c6-4d4d-aae4-b66cf9204303%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
