Hi Zoran
Your advice was perfect. I imported the offending certificate and then started
my camel instance with
-Djavax.net.ssl.trustStore=src/main/resources/SSLCerts/cacerts
Problem solved 😊
Thank you!
-----Original Message-----
From: Zoran Regvart <zo...@regvart.com>
Sent: Wednesday, 07 August 2019 13:38
To: users@camel.apache.org
Subject: Re: http4 and x509HostnameVerifier
Hi Riaan,
I would take a different approach: to provide the additional trust anchor
certificates in a Java keystore file, privided by a ConfigMap, and on startup
check if the additional keystore file exists and either use that instead of the
system keystore file or merge the two and configure Camel with the resulting
keystore.
zoran
On Wed, Aug 7, 2019 at 11:29 AM Riaan Annandale <ria...@mundane.co.za> wrote:
>
> Hi guys
>
> I'm trying to speak to a staging environment that uses self-signed certs.
> This means that when I try connect I get:
> PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target As I run my camel app in a
> container on openshift (more or less kubernetes) it's not trivial (I base
> this on feel, not facts) to add the cert to my container. I'd like to use
> something like the org.apache.http.conn.ssl.NoopHostnameVerifier() so that in
> staging I can just ignore the cert. But it doesn't look like it's actually
> using that method.
>
> Implementation looks as follows:
> main.bind("NoopForSelfsignedCerts", new
> org.apache.http.conn.ssl.NoopHostnameVerifier());
>
> and the https bit:
>
> .recipientList().simple("https4://" + System.getenv("someHost") +
> "/someURI/$simple{in.header.someId}?bridgeEndpoint=true&throwException
> OnFailure=false&x509HostnameVerifier= NoopForSelfsignedCerts ");
>
> It still gives the same error
>
> Any thoughts/ suggestions?
>
> Thanks
> Riaan
--
Zoran Regvart
