-----Original Message----- From: M. Ranganathan [mailto:[email protected]] Sent: Tuesday, November 10, 2009 10:06 PM To: Chu, Xingjun (CAR:9D70) Cc: [email protected] Subject: Re: [sipX-dev] TLS handshake failure when invoking REST call
On Tue, Nov 10, 2009 at 9:58 PM, Xingjun Chu <[email protected]> wrote: > Hi, > > It used to be working but somehow it failed now anyway, not sure if due to > the lastest build/installation, > > In the openfire plug in I am working on function sendRequest invokes RESTFul > API to query the contact info via https. Here is what the exception looks > like. > > 2009.11.10 21:45:22 > [org.sipfoundry.openfire.plugin.userprofile.RestInterface.sendRequest(Re stInterface.java:103)] > IOException Connection refused > > 2009.11.10 21:45:59 > [org.sipfoundry.openfire.plugin.userprofile.RestInterface.sendRequest(Re stInterface.java:103)] > IOException sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > > In the plug in, the keystore/certstore are initiated when the plug in is > loaded. > > private void initTLS() > > { > > // Setup SSL > > String path = getConfDir(); > > String keyStore = path+"/ssl/ssl.keystore"; > > System.setProperty("javax.net.ssl.keyStore", keyStore); > > System.setProperty("javax.net.ssl.keyStorePassword", > "changeit"); > > String trustStore = path+"/ssl/authorities.jks"; > > System.setProperty("javax.net.ssl.trustStore", trustStore); > > System.setProperty("javax.net.ssl.trustStoreType", "JKS"); > > System.setProperty("javax.net.ssl.trustStorePassword", > "changeit"); > > } > > Any pointer is appreciated! > > Thanks > > Jason It appears that the trust store does not have the CA certificate. Did you try sipxecs-setup after you installed? It ought to initialize the trust store correctly. Ranga [Chu, Xingjun [CAR:9D10:EXCH]] I am not sure, I think it's using ede_build_devuser.sh to build from scratch. What's the command to run to import /initiate the trust store? Thanks > > _______________________________________________ > sipx-dev mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev > sipXecs IP PBX -- http://www.sipfoundry.org/ > -- M. Ranganathan _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
