It is a SSL validation error. could you share how you have configured jclouds to deal with SSL?
On 1 July 2015 at 15:59, Higginbottom Mark <[email protected]> wrote: > Thanks for the help. I have had partial success: > > I have two endpoints I have to access: > > https://xxx.xxx.xxx.xxx:5000/v2.0 with a provider of openstack-nova to list > servers, flavors, start stop instances etc. This now works perfectly. > > However, the other endpoint I have to access is: > > https://xxx.xxx.xxx.xxx:35357/v2.0 with a provider of openstack-keystone to > list tenants etc. This endpoint attempts the connection a numer of times > before failing with the following error: > > 2015-07-01 14:11:42,975 DEBUG [main] > org.jclouds.http.internal.JavaUrlHttpComman > dExecutorService - Sending request 637739138: POST > https://xxx.xxx.xxx.xxx:35357/v2 > .0/tokens HTTP/1.1 > 2015-07-01 14:11:42,975 DEBUG [main] jclouds.wire - >> > "{"auth":{"passwordCrede > ntials":{"username":"testuser","password":"Xxxxx"},"tenantName":"TENANT1 > "}}" > 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> POST > https://10.108.6 > .12:35357/v2.0/tokens HTTP/1.1 > 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> Accept: > application/j > son > 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> Content-Type: > applica > tion/json > 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> Content-Length: 106 > 2015-07-01 14:11:42,991 ERROR [main] > org.jclouds.http.handlers.BackoffLimitedRet > ryHandler - Cannot retry after server error, command has exceeded retry > limit 5 > : [method=org.jclouds.openstack.keystone.v2_0.AuthenticationApi.public > abstract > org.jclouds.openstack.keystone.v2_0.domain.Access > org.jclouds.openstack.keystone > .v2_0.AuthenticationApi.authenticateWithTenantNameAndCredentials(java.lang.Strin > g,org.jclouds.openstack.keystone.v2_0.domain.PasswordCredentials)[TENANT1, > Password > Credentials{username=testuser, password=*****}], request=POST > https://xxx.xxx.xxx.xxx > :35357/v2.0/tokens HTTP/1.1] > Exception in thread "main" org.jclouds.http.HttpResponseException: > sun.security. > validator.ValidatorException: PKIX path building failed: > sun.security.provider.c > ertpath.SunCertPathBuilderException: unable to find valid certification path > to > requested target connecting to POST https://xxx.xxx.xxx.xxx:35357/v2.0/tokens > HTTP/1 > .1 > at > org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseH > ttpCommandExecutorService.java:113) > at > org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.ja > va:90) > at > org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav > a:73) > at > org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav > a:44) > at > org.jclouds.rest.internal.DelegatesToInvocationFunction.handle(Delega > tesToInvocationFunction.java:156) > at > org.jclouds.rest.internal.DelegatesToInvocationFunction.invoke(Delega > tesToInvocationFunction.java:123) > at > com.sun.proxy.$Proxy55.authenticateWithTenantNameAndCredentials(Unkno > wn Source) > at > org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCre > dentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:43) > at > org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCre > dentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:31) > at > org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthentica > tor.apply(BaseAuthenticator.java:79) > at > org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthentica > tor.apply(BaseAuthenticator.java:36) > at > com.google.common.cache.CacheLoader$FunctionToCacheLoader.load(CacheL > oader.java:148) > at > com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(L > ocalCache.java:3524) > at > com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2 > 317) > at > com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache > .java:2280) > at > com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195) > at com.google.common.cache.LocalCache.get(LocalCache.java:3934) > at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938) > at > com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.j > ava:4821) > at > com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(Loc > alCache.java:4827) > at > org.jclouds.openstack.keystone.v2_0.config.KeystoneAuthenticationModu > le$2.get(KeystoneAuthenticationModule.java:234) > at > org.jclouds.openstack.keystone.v2_0.config.KeystoneAuthenticationModu > le$2.get(KeystoneAuthenticationModule.java:231) > at > org.jclouds.openstack.keystone.v2_0.suppliers.LocationIdToURIFromAcce > ssForTypeAndVersion.get(LocationIdToURIFromAccessForTypeAndVersion.java:94) > at > org.jclouds.openstack.keystone.v2_0.suppliers.LocationIdToURIFromAcce > ssForTypeAndVersion.get(LocationIdToURIFromAccessForTypeAndVersion.java:54) > at org.jclouds.util.Suppliers2$1.get(Suppliers2.java:35) > at org.jclouds.util.Suppliers2$5.get(Suppliers2.java:110) > at org.jclouds.util.Suppliers2$4.get(Suppliers2.java:86) > at > org.jclouds.rest.internal.RestAnnotationProcessor.getEndpointFor(Rest > AnnotationProcessor.java:529) > at > org.jclouds.rest.internal.RestAnnotationProcessor.findEndpoint(RestAn > notationProcessor.java:370) > at > org.jclouds.rest.internal.RestAnnotationProcessor.apply(RestAnnotatio > nProcessor.java:192) > at > org.jclouds.rest.internal.RestAnnotationProcessor.apply(RestAnnotatio > nProcessor.java:129) > at > org.jclouds.rest.internal.InvokeHttpMethod.toCommand(InvokeHttpMethod > .java:188) > at > org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.ja > va:84) > at > org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav > a:73) > at > org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav > a:44) > at > org.jclouds.reflect.FunctionalReflection$FunctionalInvocationHandler. > handleInvocation(FunctionalReflection.java:117) > at > com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractIn > vocationHandler.java:87) > at com.sun.proxy.$Proxy83.list(Unknown Source) > at > com.fujitsu.fs.mh.genericharness.actions.ListTenantsAction.listTenant > s(ListTenantsAction.java:140) > at > com.fujitsu.fs.mh.genericharness.actions.ListTenantsAction.execute(Li > stTenantsAction.java:113) > at > com.fujitsu.fs.mh.genericharness.GenericHarnessProcess.executeProcess > (GenericHarnessProcess.java:51) > at > com.fujitsu.fs.mh.genericharness.GenericHarness.start(GenericHarness. > java:169) > at > com.fujitsu.fs.mh.genericharness.GenericHarness.main(GenericHarness.j > ava:90) > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.Validator > Exception: PKIX path building failed: > sun.security.provider.certpath.SunCertPath > BuilderException: unable to find valid certification path to requested target > at sun.security.ssl.Alerts.getSSLException(Unknown Source) > at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) > at sun.security.ssl.Handshaker.fatalSE(Unknown Source) > at sun.security.ssl.Handshaker.fatalSE(Unknown Source) > at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) > at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) > at sun.security.ssl.Handshaker.processLoop(Unknown Source) > at sun.security.ssl.Handshaker.process_record(Unknown Source) > at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) > at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source > ) > at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) > at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect > (Unknown Source) > at > sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown > Source) > at > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown S > ource) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unk > nown Source) > at > org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.writePayl > oadToConnection(JavaUrlHttpCommandExecutorService.java:294) > at > org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(J > avaUrlHttpCommandExecutorService.java:170) > at > org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(J > avaUrlHttpCommandExecutorService.java:64) > at > org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseH > ttpCommandExecutorService.java:91) > ... 42 more > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > vali > d certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(Unknown Source) > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) > at sun.security.validator.Validator.validate(Unknown Source) > at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) > at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) > at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Sour > ce) > ... 59 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable > to > find valid certification path to requested target > at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown > Sourc > e) > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown > Source) > at java.security.cert.CertPathBuilder.build(Unknown Source) > ... 65 more > > > Is this a certificate error or a user permission error (or something else > entirely)? > > > Thanks > > Mark. > > > > -----Original Message----- > From: Ignasi Barrera [mailto:[email protected]] > Sent: 29 June 2015 22:00 > To: [email protected] > Subject: Re: jClouds with https > > You can also provide a custom SSLContext supplier if you have the > certificates and don't want to blindly trust them all. Take a look at this > comment: > https://issues.apache.org/jira/browse/JCLOUDS-816?focusedCommentId=14296666 > > On 29 June 2015 at 21:08, Rashid Rashidov <[email protected]> wrote: >> Hi Mark, >> >> >> >> Here is the problem that I had with https endpoints: >> >> >> >> I am using jClouds 1.8.1 against OpenStack Juno. My nova endpoint URL >> is setup on HTTPS and I don't have server certificate installed. >> >> >> >> The native OpenStack clients can not connect to the HTTPS endpoint. >> However, the native client has an "--insecure" parameter which let's >> me workaround the problem. Unfortunately, I was not able to find such >> an option in jclouds. Do you know any workaround of this problem? >> >> >> >> And here is the solution provided by Ignasi Barrera: >> >> >> >> Try configuring the following properties when creating the context: >> >> >> >> Properties overrides = new Properties(); >> >> overrides.setProperty(Constants.PROPERTY_RELAX_HOSTNAME, "true"); >> >> overrides.setProperty(Constants.PROPERTY_TRUST_ALL_CERTS, "true"); >> >> >> >> I hope it helps. >> >> >> >> Regards, >> >> Rashid >> >> >> >> From: Higginbottom Mark [mailto:[email protected]] >> Sent: Monday, June 29, 2015 6:01 PM >> To: [email protected] >> Subject: jClouds with https >> >> >> >> Hi All, >> >> >> >> How does jClouds cope with https endpoints. Do I have to set up >> anything in the client to make a https connection? >> >> >> >> Does anyone have any example code to share? I am trying to connect to >> an OpenStack endpoint. >> >> >> >> >> >> >> >> Thanks for your help. >> >> >> >> >> >> Mark Higginbottom >> >> >> >> >> Unless otherwise stated, this email has been sent from Fujitsu >> Services Limited, from Fujitsu (FTS) Limited, or from Fujitsu >> Telecommunications Europe Limited, together "Fujitsu". >> >> This email is only for the use of its intended recipient. Its contents >> are subject to a duty of confidence and may be privileged. Fujitsu >> does not guarantee that this email has not been intercepted and >> amended or that it is virus-free. >> >> Fujitsu Services Limited, registered in England No 96056, registered >> office >> 22 Baker Street, London W1U 3BW. >> >> Fujitsu (FTS) Limited, registered in England No 03808613, registered >> office >> 22 Baker Street, London W1U 3BW. >> >> PFU Imaging Solutions Europe Limited, registered in England No >> 1578652, registered office Hayes Park Central, Hayes End Road, Hayes, >> Middlesex, UB4 8FE. >> >> Fujitsu Telecommunications Europe Limited, registered in England No >> 2548187, registered office Solihull Parkway, Birmingham Business Park, >> Birmingham, >> B37 7YU. > > Unless otherwise stated, this email has been sent from Fujitsu Services > Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications > Europe Limited, together "Fujitsu". > > This email is only for the use of its intended recipient. Its contents are > subject to a duty of confidence and may be privileged. Fujitsu does not > guarantee that this email has not been intercepted and amended or that it is > virus-free. > > Fujitsu Services Limited, registered in England No 96056, registered office > 22 Baker Street, London W1U 3BW. > > Fujitsu (FTS) Limited, registered in England No 03808613, registered office > 22 Baker Street, London W1U 3BW. > > PFU Imaging Solutions Europe Limited, registered in England No 1578652, > registered office Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4 > 8FE. > > Fujitsu Telecommunications Europe Limited, registered in England No 2548187, > registered office Solihull Parkway, Birmingham Business Park, Birmingham, B37 > 7YU.
