Hi,
I am having some keystore problems when setting up an HA system on rev: 14970.
The initial setup ("bin/sipxecs-setup") goes fine, but after that, every time
sipXconfig on the primary tries to execute a XML-RPC call to the redundant
server, it comes across this error :
"2009-03-24T21:52:01.506000Z":7:JAVA:INFO:bcmsl2167.ca.nortel.com:P1-15:00000000:XmlRpcClientInterceptor:"XML/RPC
ProcMgmtRpc.getStateAll with [bcmsl2167.ca.nortel.com] on
https://bcmdesk6122.ca.nortel.com:8092/RPC2";
"2009-03-24T21:52:01.530000Z":8:JAVA:ERR:bcmsl2167.ca.nortel.com:P1-15:00000000:XmlRpcClientInterceptor:"Exception
in XML/RPC call"
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
.
.
I tried cleaning out build environment and starting from scratch, but no luck.
Is everyone else seeing this? I spoke with Raymond, and he said it was
happening in his environment as well..
So, to workaround this, you can use this program --
http://blogs.sun.com/andreas/entry/no_more_unable_to_find -- to add the
distributed servers certificates to your "etc/sipxpbx/ssl/authorities.jks"
keystore. And then the XML-RPC calls start to work normally.
Arjun
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
