Thanks for the help. I have had partial success: I have two endpoints I have to access:
https://xxx.xxx.xxx.xxx:5000/v2.0 with a provider of openstack-nova to list servers, flavors, start stop instances etc. This now works perfectly. However, the other endpoint I have to access is: https://xxx.xxx.xxx.xxx:35357/v2.0 with a provider of openstack-keystone to list tenants etc. This endpoint attempts the connection a numer of times before failing with the following error: 2015-07-01 14:11:42,975 DEBUG [main] org.jclouds.http.internal.JavaUrlHttpComman dExecutorService - Sending request 637739138: POST https://xxx.xxx.xxx.xxx:35357/v2 .0/tokens HTTP/1.1 2015-07-01 14:11:42,975 DEBUG [main] jclouds.wire - >> "{"auth":{"passwordCrede ntials":{"username":"testuser","password":"Xxxxx"},"tenantName":"TENANT1 "}}" 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> POST https://10.108.6 .12:35357/v2.0/tokens HTTP/1.1 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> Accept: application/j son 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> Content-Type: applica tion/json 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> Content-Length: 106 2015-07-01 14:11:42,991 ERROR [main] org.jclouds.http.handlers.BackoffLimitedRet ryHandler - Cannot retry after server error, command has exceeded retry limit 5 : [method=org.jclouds.openstack.keystone.v2_0.AuthenticationApi.public abstract org.jclouds.openstack.keystone.v2_0.domain.Access org.jclouds.openstack.keystone .v2_0.AuthenticationApi.authenticateWithTenantNameAndCredentials(java.lang.Strin g,org.jclouds.openstack.keystone.v2_0.domain.PasswordCredentials)[TENANT1, Password Credentials{username=testuser, password=*****}], request=POST https://xxx.xxx.xxx.xxx :35357/v2.0/tokens HTTP/1.1] Exception in thread "main" org.jclouds.http.HttpResponseException: sun.security. validator.ValidatorException: PKIX path building failed: sun.security.provider.c ertpath.SunCertPathBuilderException: unable to find valid certification path to requested target connecting to POST https://xxx.xxx.xxx.xxx:35357/v2.0/tokens HTTP/1 .1 at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseH ttpCommandExecutorService.java:113) at org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.ja va:90) at org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav a:73) at org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav a:44) at org.jclouds.rest.internal.DelegatesToInvocationFunction.handle(Delega tesToInvocationFunction.java:156) at org.jclouds.rest.internal.DelegatesToInvocationFunction.invoke(Delega tesToInvocationFunction.java:123) at com.sun.proxy.$Proxy55.authenticateWithTenantNameAndCredentials(Unkno wn Source) at org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCre dentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:43) at org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCre dentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:31) at org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthentica tor.apply(BaseAuthenticator.java:79) at org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthentica tor.apply(BaseAuthenticator.java:36) at com.google.common.cache.CacheLoader$FunctionToCacheLoader.load(CacheL oader.java:148) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(L ocalCache.java:3524) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2 317) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache .java:2280) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195) at com.google.common.cache.LocalCache.get(LocalCache.java:3934) at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938) at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.j ava:4821) at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(Loc alCache.java:4827) at org.jclouds.openstack.keystone.v2_0.config.KeystoneAuthenticationModu le$2.get(KeystoneAuthenticationModule.java:234) at org.jclouds.openstack.keystone.v2_0.config.KeystoneAuthenticationModu le$2.get(KeystoneAuthenticationModule.java:231) at org.jclouds.openstack.keystone.v2_0.suppliers.LocationIdToURIFromAcce ssForTypeAndVersion.get(LocationIdToURIFromAccessForTypeAndVersion.java:94) at org.jclouds.openstack.keystone.v2_0.suppliers.LocationIdToURIFromAcce ssForTypeAndVersion.get(LocationIdToURIFromAccessForTypeAndVersion.java:54) at org.jclouds.util.Suppliers2$1.get(Suppliers2.java:35) at org.jclouds.util.Suppliers2$5.get(Suppliers2.java:110) at org.jclouds.util.Suppliers2$4.get(Suppliers2.java:86) at org.jclouds.rest.internal.RestAnnotationProcessor.getEndpointFor(Rest AnnotationProcessor.java:529) at org.jclouds.rest.internal.RestAnnotationProcessor.findEndpoint(RestAn notationProcessor.java:370) at org.jclouds.rest.internal.RestAnnotationProcessor.apply(RestAnnotatio nProcessor.java:192) at org.jclouds.rest.internal.RestAnnotationProcessor.apply(RestAnnotatio nProcessor.java:129) at org.jclouds.rest.internal.InvokeHttpMethod.toCommand(InvokeHttpMethod .java:188) at org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.ja va:84) at org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav a:73) at org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav a:44) at org.jclouds.reflect.FunctionalReflection$FunctionalInvocationHandler. handleInvocation(FunctionalReflection.java:117) at com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractIn vocationHandler.java:87) at com.sun.proxy.$Proxy83.list(Unknown Source) at com.fujitsu.fs.mh.genericharness.actions.ListTenantsAction.listTenant s(ListTenantsAction.java:140) at com.fujitsu.fs.mh.genericharness.actions.ListTenantsAction.execute(Li stTenantsAction.java:113) at com.fujitsu.fs.mh.genericharness.GenericHarnessProcess.executeProcess (GenericHarnessProcess.java:51) at com.fujitsu.fs.mh.genericharness.GenericHarness.start(GenericHarness. java:169) at com.fujitsu.fs.mh.genericharness.GenericHarness.main(GenericHarness.j ava:90) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath BuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.Handshaker.fatalSE(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source ) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown S ource) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unk nown Source) at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.writePayl oadToConnection(JavaUrlHttpCommandExecutorService.java:294) at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(J avaUrlHttpCommandExecutorService.java:170) at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(J avaUrlHttpCommandExecutorService.java:64) at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseH ttpCommandExecutorService.java:91) ... 42 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali d certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Sour ce) ... 59 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Sourc e) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 65 more Is this a certificate error or a user permission error (or something else entirely)? Thanks Mark. -----Original Message----- From: Ignasi Barrera [mailto:[email protected]] Sent: 29 June 2015 22:00 To: [email protected] Subject: Re: jClouds with https You can also provide a custom SSLContext supplier if you have the certificates and don't want to blindly trust them all. Take a look at this comment: https://issues.apache.org/jira/browse/JCLOUDS-816?focusedCommentId=14296666 On 29 June 2015 at 21:08, Rashid Rashidov <[email protected]> wrote: > Hi Mark, > > > > Here is the problem that I had with https endpoints: > > > > I am using jClouds 1.8.1 against OpenStack Juno. My nova endpoint URL > is setup on HTTPS and I don't have server certificate installed. > > > > The native OpenStack clients can not connect to the HTTPS endpoint. > However, the native client has an "--insecure" parameter which let's > me workaround the problem. Unfortunately, I was not able to find such > an option in jclouds. Do you know any workaround of this problem? > > > > And here is the solution provided by Ignasi Barrera: > > > > Try configuring the following properties when creating the context: > > > > Properties overrides = new Properties(); > > overrides.setProperty(Constants.PROPERTY_RELAX_HOSTNAME, "true"); > > overrides.setProperty(Constants.PROPERTY_TRUST_ALL_CERTS, "true"); > > > > I hope it helps. > > > > Regards, > > Rashid > > > > From: Higginbottom Mark [mailto:[email protected]] > Sent: Monday, June 29, 2015 6:01 PM > To: [email protected] > Subject: jClouds with https > > > > Hi All, > > > > How does jClouds cope with https endpoints. Do I have to set up > anything in the client to make a https connection? > > > > Does anyone have any example code to share? I am trying to connect to > an OpenStack endpoint. > > > > > > > > Thanks for your help. > > > > > > Mark Higginbottom > > > > > Unless otherwise stated, this email has been sent from Fujitsu > Services Limited, from Fujitsu (FTS) Limited, or from Fujitsu > Telecommunications Europe Limited, together "Fujitsu". > > This email is only for the use of its intended recipient. Its contents > are subject to a duty of confidence and may be privileged. Fujitsu > does not guarantee that this email has not been intercepted and > amended or that it is virus-free. > > Fujitsu Services Limited, registered in England No 96056, registered > office > 22 Baker Street, London W1U 3BW. > > Fujitsu (FTS) Limited, registered in England No 03808613, registered > office > 22 Baker Street, London W1U 3BW. > > PFU Imaging Solutions Europe Limited, registered in England No > 1578652, registered office Hayes Park Central, Hayes End Road, Hayes, > Middlesex, UB4 8FE. > > Fujitsu Telecommunications Europe Limited, registered in England No > 2548187, registered office Solihull Parkway, Birmingham Business Park, > Birmingham, > B37 7YU. Unless otherwise stated, this email has been sent from Fujitsu Services Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications Europe Limited, together "Fujitsu". This email is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu does not guarantee that this email has not been intercepted and amended or that it is virus-free. Fujitsu Services Limited, registered in England No 96056, registered office 22 Baker Street, London W1U 3BW. Fujitsu (FTS) Limited, registered in England No 03808613, registered office 22 Baker Street, London W1U 3BW. PFU Imaging Solutions Europe Limited, registered in England No 1578652, registered office Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4 8FE. Fujitsu Telecommunications Europe Limited, registered in England No 2548187, registered office Solihull Parkway, Birmingham Business Park, Birmingham, B37 7YU.
