And can you share a minimal part of your code so we can try to reproduce it?
On 1 July 2015 at 16:10, Higginbottom Mark <[email protected]> wrote: > //Accept all certificates > Properties props = new Properties(); > props.put(Constants.PROPERTY_TRUST_ALL_CERTS, "true"); > props.put(Constants.PROPERTY_RELAX_HOSTNAME, "true"); > > Iterable<Module> modules = ImmutableSet.<Module> of(new > SLF4JLoggingModule()); > LOG.debug("Available models=" + modules); > > return > ContextBuilder.newBuilder(this.getProvider()).endpoint(this.getEndpoint()) > > .credentials(route.getIdentity(),route.getCredential()).modules(modules).overrides(props).buildApi(KeystoneApi.class); > > -----Original Message----- > From: Ignasi Barrera [mailto:[email protected]] > Sent: 01 July 2015 15:02 > To: [email protected] > Subject: Re: jClouds with https > > It is a SSL validation error. could you share how you have configured jclouds > to deal with SSL? > > On 1 July 2015 at 15:59, Higginbottom Mark <[email protected]> > wrote: >> Thanks for the help. I have had partial success: >> >> I have two endpoints I have to access: >> >> https://xxx.xxx.xxx.xxx:5000/v2.0 with a provider of openstack-nova to list >> servers, flavors, start stop instances etc. This now works perfectly. >> >> However, the other endpoint I have to access is: >> >> https://xxx.xxx.xxx.xxx:35357/v2.0 with a provider of openstack-keystone to >> list tenants etc. This endpoint attempts the connection a numer of times >> before failing with the following error: >> >> 2015-07-01 14:11:42,975 DEBUG [main] >> org.jclouds.http.internal.JavaUrlHttpComman >> dExecutorService - Sending request 637739138: POST >> https://xxx.xxx.xxx.xxx:35357/v2 .0/tokens HTTP/1.1 >> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.wire - >> >> "{"auth":{"passwordCrede >> ntials":{"username":"testuser","password":"Xxxxx"},"tenantName":"TENAN >> T1 >> "}}" >> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> POST >> https://10.108.6 .12:35357/v2.0/tokens HTTP/1.1 >> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> Accept: >> application/j son >> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> >> Content-Type: applica tion/json >> 2015-07-01 14:11:42,975 DEBUG [main] jclouds.headers - >> >> Content-Length: 106 >> 2015-07-01 14:11:42,991 ERROR [main] >> org.jclouds.http.handlers.BackoffLimitedRet >> ryHandler - Cannot retry after server error, command has exceeded >> retry limit 5 >> : [method=org.jclouds.openstack.keystone.v2_0.AuthenticationApi.public >> abstract org.jclouds.openstack.keystone.v2_0.domain.Access >> org.jclouds.openstack.keystone >> .v2_0.AuthenticationApi.authenticateWithTenantNameAndCredentials(java. >> lang.Strin >> g,org.jclouds.openstack.keystone.v2_0.domain.PasswordCredentials)[TENA >> NT1, Password Credentials{username=testuser, password=*****}], >> request=POST https://xxx.xxx.xxx.xxx :35357/v2.0/tokens HTTP/1.1] >> Exception in thread "main" org.jclouds.http.HttpResponseException: >> sun.security. >> validator.ValidatorException: PKIX path building failed: >> sun.security.provider.c >> ertpath.SunCertPathBuilderException: unable to find valid >> certification path to requested target connecting to POST >> https://xxx.xxx.xxx.xxx:35357/v2.0/tokens HTTP/1 >> .1 >> at >> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseH >> ttpCommandExecutorService.java:113) >> at >> org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.ja >> va:90) >> at >> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav >> a:73) >> at >> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav >> a:44) >> at >> org.jclouds.rest.internal.DelegatesToInvocationFunction.handle(Delega >> tesToInvocationFunction.java:156) >> at >> org.jclouds.rest.internal.DelegatesToInvocationFunction.invoke(Delega >> tesToInvocationFunction.java:123) >> at >> com.sun.proxy.$Proxy55.authenticateWithTenantNameAndCredentials(Unkno >> wn Source) >> at >> org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCre >> dentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:43) >> at >> org.jclouds.openstack.keystone.v2_0.functions.AuthenticatePasswordCre >> dentials.authenticateWithTenantName(AuthenticatePasswordCredentials.java:31) >> at >> org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthentica >> tor.apply(BaseAuthenticator.java:79) >> at >> org.jclouds.openstack.keystone.v2_0.functions.internal.BaseAuthentica >> tor.apply(BaseAuthenticator.java:36) >> at >> com.google.common.cache.CacheLoader$FunctionToCacheLoader.load(CacheL >> oader.java:148) >> at >> com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(L >> ocalCache.java:3524) >> at >> com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2 >> 317) >> at >> com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache >> .java:2280) >> at >> com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195) >> at com.google.common.cache.LocalCache.get(LocalCache.java:3934) >> at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938) >> at >> com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.j >> ava:4821) >> at >> com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(Loc >> alCache.java:4827) >> at >> org.jclouds.openstack.keystone.v2_0.config.KeystoneAuthenticationModu >> le$2.get(KeystoneAuthenticationModule.java:234) >> at >> org.jclouds.openstack.keystone.v2_0.config.KeystoneAuthenticationModu >> le$2.get(KeystoneAuthenticationModule.java:231) >> at >> org.jclouds.openstack.keystone.v2_0.suppliers.LocationIdToURIFromAcce >> ssForTypeAndVersion.get(LocationIdToURIFromAccessForTypeAndVersion.java:94) >> at >> org.jclouds.openstack.keystone.v2_0.suppliers.LocationIdToURIFromAcce >> ssForTypeAndVersion.get(LocationIdToURIFromAccessForTypeAndVersion.java:54) >> at org.jclouds.util.Suppliers2$1.get(Suppliers2.java:35) >> at org.jclouds.util.Suppliers2$5.get(Suppliers2.java:110) >> at org.jclouds.util.Suppliers2$4.get(Suppliers2.java:86) >> at >> org.jclouds.rest.internal.RestAnnotationProcessor.getEndpointFor(Rest >> AnnotationProcessor.java:529) >> at >> org.jclouds.rest.internal.RestAnnotationProcessor.findEndpoint(RestAn >> notationProcessor.java:370) >> at >> org.jclouds.rest.internal.RestAnnotationProcessor.apply(RestAnnotatio >> nProcessor.java:192) >> at >> org.jclouds.rest.internal.RestAnnotationProcessor.apply(RestAnnotatio >> nProcessor.java:129) >> at >> org.jclouds.rest.internal.InvokeHttpMethod.toCommand(InvokeHttpMethod >> .java:188) >> at >> org.jclouds.rest.internal.InvokeHttpMethod.invoke(InvokeHttpMethod.ja >> va:84) >> at >> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav >> a:73) >> at >> org.jclouds.rest.internal.InvokeHttpMethod.apply(InvokeHttpMethod.jav >> a:44) >> at >> org.jclouds.reflect.FunctionalReflection$FunctionalInvocationHandler. >> handleInvocation(FunctionalReflection.java:117) >> at >> com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractIn >> vocationHandler.java:87) >> at com.sun.proxy.$Proxy83.list(Unknown Source) >> at >> com.fujitsu.fs.mh.genericharness.actions.ListTenantsAction.listTenant >> s(ListTenantsAction.java:140) >> at >> com.fujitsu.fs.mh.genericharness.actions.ListTenantsAction.execute(Li >> stTenantsAction.java:113) >> at >> com.fujitsu.fs.mh.genericharness.GenericHarnessProcess.executeProcess >> (GenericHarnessProcess.java:51) >> at >> com.fujitsu.fs.mh.genericharness.GenericHarness.start(GenericHarness. >> java:169) >> at >> com.fujitsu.fs.mh.genericharness.GenericHarness.main(GenericHarness.j >> ava:90) >> Caused by: javax.net.ssl.SSLHandshakeException: >> sun.security.validator.Validator >> Exception: PKIX path building failed: >> sun.security.provider.certpath.SunCertPath >> BuilderException: unable to find valid certification path to requested target >> at sun.security.ssl.Alerts.getSSLException(Unknown Source) >> at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) >> at sun.security.ssl.Handshaker.fatalSE(Unknown Source) >> at sun.security.ssl.Handshaker.fatalSE(Unknown Source) >> at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown >> Source) >> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) >> at sun.security.ssl.Handshaker.processLoop(Unknown Source) >> at sun.security.ssl.Handshaker.process_record(Unknown Source) >> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) >> at >> sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source >> ) >> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) >> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) >> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown >> Source) >> at >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect >> (Unknown Source) >> at >> sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown >> Source) >> at >> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown S >> ource) >> at >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unk >> nown Source) >> at >> org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.writePayl >> oadToConnection(JavaUrlHttpCommandExecutorService.java:294) >> at >> org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(J >> avaUrlHttpCommandExecutorService.java:170) >> at >> org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(J >> avaUrlHttpCommandExecutorService.java:64) >> at >> org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseH >> ttpCommandExecutorService.java:91) >> ... 42 more >> Caused by: sun.security.validator.ValidatorException: PKIX path building >> failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find vali d certification path to requested target >> at sun.security.validator.PKIXValidator.doBuild(Unknown Source) >> at sun.security.validator.PKIXValidator.engineValidate(Unknown >> Source) >> at sun.security.validator.Validator.validate(Unknown Source) >> at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) >> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) >> at >> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Sour >> ce) >> ... 59 more >> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target >> at >> sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Sourc >> e) >> at >> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown >> Source) >> at java.security.cert.CertPathBuilder.build(Unknown Source) >> ... 65 more >> >> >> Is this a certificate error or a user permission error (or something else >> entirely)? >> >> >> Thanks >> >> Mark. >> >> >> >> -----Original Message----- >> From: Ignasi Barrera [mailto:[email protected]] >> Sent: 29 June 2015 22:00 >> To: [email protected] >> Subject: Re: jClouds with https >> >> You can also provide a custom SSLContext supplier if you have the >> certificates and don't want to blindly trust them all. Take a look at this >> comment: >> https://issues.apache.org/jira/browse/JCLOUDS-816?focusedCommentId=142 >> 96666 >> >> On 29 June 2015 at 21:08, Rashid Rashidov <[email protected]> wrote: >>> Hi Mark, >>> >>> >>> >>> Here is the problem that I had with https endpoints: >>> >>> >>> >>> I am using jClouds 1.8.1 against OpenStack Juno. My nova endpoint URL >>> is setup on HTTPS and I don't have server certificate installed. >>> >>> >>> >>> The native OpenStack clients can not connect to the HTTPS endpoint. >>> However, the native client has an "--insecure" parameter which let's >>> me workaround the problem. Unfortunately, I was not able to find such >>> an option in jclouds. Do you know any workaround of this problem? >>> >>> >>> >>> And here is the solution provided by Ignasi Barrera: >>> >>> >>> >>> Try configuring the following properties when creating the context: >>> >>> >>> >>> Properties overrides = new Properties(); >>> >>> overrides.setProperty(Constants.PROPERTY_RELAX_HOSTNAME, "true"); >>> >>> overrides.setProperty(Constants.PROPERTY_TRUST_ALL_CERTS, "true"); >>> >>> >>> >>> I hope it helps. >>> >>> >>> >>> Regards, >>> >>> Rashid >>> >>> >>> >>> From: Higginbottom Mark [mailto:[email protected]] >>> Sent: Monday, June 29, 2015 6:01 PM >>> To: [email protected] >>> Subject: jClouds with https >>> >>> >>> >>> Hi All, >>> >>> >>> >>> How does jClouds cope with https endpoints. Do I have to set up >>> anything in the client to make a https connection? >>> >>> >>> >>> Does anyone have any example code to share? I am trying to connect to >>> an OpenStack endpoint. >>> >>> >>> >>> >>> >>> >>> >>> Thanks for your help. >>> >>> >>> >>> >>> >>> Mark Higginbottom >>> >>> >>> >>> >>> Unless otherwise stated, this email has been sent from Fujitsu >>> Services Limited, from Fujitsu (FTS) Limited, or from Fujitsu >>> Telecommunications Europe Limited, together "Fujitsu". >>> >>> This email is only for the use of its intended recipient. Its >>> contents are subject to a duty of confidence and may be privileged. >>> Fujitsu does not guarantee that this email has not been intercepted >>> and amended or that it is virus-free. >>> >>> Fujitsu Services Limited, registered in England No 96056, registered >>> office >>> 22 Baker Street, London W1U 3BW. >>> >>> Fujitsu (FTS) Limited, registered in England No 03808613, registered >>> office >>> 22 Baker Street, London W1U 3BW. >>> >>> PFU Imaging Solutions Europe Limited, registered in England No >>> 1578652, registered office Hayes Park Central, Hayes End Road, Hayes, >>> Middlesex, UB4 8FE. >>> >>> Fujitsu Telecommunications Europe Limited, registered in England No >>> 2548187, registered office Solihull Parkway, Birmingham Business >>> Park, Birmingham, >>> B37 7YU. >> >> Unless otherwise stated, this email has been sent from Fujitsu Services >> Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications >> Europe Limited, together "Fujitsu". >> >> This email is only for the use of its intended recipient. Its contents are >> subject to a duty of confidence and may be privileged. Fujitsu does not >> guarantee that this email has not been intercepted and amended or that it is >> virus-free. >> >> Fujitsu Services Limited, registered in England No 96056, registered office >> 22 Baker Street, London W1U 3BW. >> >> Fujitsu (FTS) Limited, registered in England No 03808613, registered office >> 22 Baker Street, London W1U 3BW. >> >> PFU Imaging Solutions Europe Limited, registered in England No 1578652, >> registered office Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4 >> 8FE. >> >> Fujitsu Telecommunications Europe Limited, registered in England No 2548187, >> registered office Solihull Parkway, Birmingham Business Park, Birmingham, >> B37 7YU. > > Unless otherwise stated, this email has been sent from Fujitsu Services > Limited, from Fujitsu (FTS) Limited, or from Fujitsu Telecommunications > Europe Limited, together "Fujitsu". > > This email is only for the use of its intended recipient. Its contents are > subject to a duty of confidence and may be privileged. Fujitsu does not > guarantee that this email has not been intercepted and amended or that it is > virus-free. > > Fujitsu Services Limited, registered in England No 96056, registered office > 22 Baker Street, London W1U 3BW. > > Fujitsu (FTS) Limited, registered in England No 03808613, registered office > 22 Baker Street, London W1U 3BW. > > PFU Imaging Solutions Europe Limited, registered in England No 1578652, > registered office Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4 > 8FE. > > Fujitsu Telecommunications Europe Limited, registered in England No 2548187, > registered office Solihull Parkway, Birmingham Business Park, Birmingham, B37 > 7YU.
