Hi Cyril, The exception message "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" indicates that SSL handshake failed due to not being able to find the certificate. Did you download and specify the self-signed certificate with your request?
Please note that you can download the certificate and java trust store with the certificate from broker Web Management Console tab for AutoGeneratedSelfSigned. Kind Regards, Alex On Thu, 28 Mar 2019 at 15:33, Cyril Micoud <[email protected]> wrote: > Hi Keith, > > Thanks a lot for your response. > > I restart my configuration from scratch to be sure and did it like that > 1. create an AutoGeneratedSelfSigned keystore > 2. create 2 new port AMQPS (port 5671) and HTTPS (port 8089, because my > HTTP port is 8090 and I would like to keep the same thing as AMQP port) > > After restart my broker httpManagement access via HTTPS url works fine > (except normal warning when access from chrome due to autosigned). > But now the HTTP access give me an HTTP 417! > However, HTTP port is always defined... I don't understand why!? > > And when I try to use REST api via HTTPS, I got an Exception : > > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) > at > org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) > at > org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) > at > org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) > at > org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) > at > org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) > at > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) > at > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) > at > org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) > at > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) > at > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) > at > com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:138) > ... 27 more > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) > at sun.security.validator.Validator.validate(Validator.java:262) > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) > ... 48 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) > at > java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) > ... 54 more > > I just would like to know if it is normal or not (due to autosigned for > example) or if I must add some configuration to my httpclient? > > Thank a lot by advance, > Best regards, > > Cyril > > > > Cyril MICOUD > Software Development Engineer > σLink Team > > > Office: +33 (0)4 76 33 59 88 > email: [email protected] > Skype: cyril.micoud_vitech > > > > Vi TECHNOLOGY > Rue de Rochepleine - 38120 SAINT EGREVE - France > Further information at www.vitechnology.com > > You are hereby formally notified that all information contained in tis > communication and any attachments shall be deemed strictly confidential and > privileged unless explicitly stated otherwise. Please note that your use of > confidential information may be governed, and restricted, by a > non-disclosure agreement. The information contained in this communication > and any attachments is disclosed for the sole use of the intended > recipient(s). If you are not the intended recipient, you are hereby > formally notified that any unauthorized review, use, disclosure or > distribution of this message is prohibited. Please notify the sender > immediately by replying to this message and destroy all copies of this > message and any attachments. Mycronic is neither liable for the proper and > complete transmission of the information contained in this communication, > nor for any delay in its receipt. Please note that email correspondence > generally includes processing of personal data. For information on > Mycronic’s processing of your personal data, please see our Privacy Policy: > http://www.mycronic.com/fr/about-us/privacy-policy/ > > -----Message d'origine----- > De : Keith W <[email protected]> > Envoyé : jeudi 28 mars 2019 10:19 > À : [email protected] > Objet : Re: [Broker-J] How to configure HTTPS > > Cyril > > What exactly are you seeing? Are you seeing error messages when you try > and connect a browser? > > To set up TLS for the Broker, you create a keystore containing your key > material, then assign this to the port(s) you desire. You need to cause > the Broker to restart after changing an existing port. This can be done > through the console or you can bounce the whole process. You don’t need a > trust store on the Broker unless you want to use client certs. The > Broker reports the ports it listens to and the transports assign as it > comes up. Check the qpid.log. > > The broker’s documentation covers the concepts (see the sections on ports > and key stores), but unfortunately does provide a step by step recipe. > > Hope this helps > > Keith. > > > > On Wed, 27 Mar 2019 at 17:27, Cyril Micoud <[email protected]> > wrote: > > > Hi all, > > > > > > > > I would like to enable HTTPS on my broker, but I don’t know how!? > > > > I have add new dedicated port, authentication provider, key store and > > trust store but without any success! > > > > > > > > One of you can help me or give me the best way to configure my > > Broker-J 7.1.1? > > > > > > > > Thank you by advance, > > > > Best regards, > > > > > > > > Cyril > > > > > > > > > > > > *Cyril MICOUD* > > > > Software Development Engineer > > > > σLink Team > > > > > > > > > > > > Office: +33 (0)4 76 33 59 88 > > > > email: [email protected] > > > > Skype: cyril.micoud_vitech > > > > > > > > [image: cid:[email protected]] > > > > > > > > *Vi TECHNOLOGY* > > > > Rue de Rochepleine - 38120 SAINT EGREVE - France > > > > Further information at www.vitechnology.com > > > > > > > > You are hereby formally notified that all information contained in tis > > communication and any attachments shall be deemed strictly > > confidential and privileged unless explicitly stated otherwise. Please > > note that your use of confidential information may be governed, and > > restricted, by a non-disclosure agreement. The information contained > > in this communication and any attachments is disclosed for the sole > > use of the intended recipient(s). If you are not the intended > > recipient, you are hereby formally notified that any unauthorized > > review, use, disclosure or distribution of this message is prohibited. > > Please notify the sender immediately by replying to this message and > > destroy all copies of this message and any attachments. Mycronic is > > neither liable for the proper and complete transmission of the > > information contained in this communication, nor for any delay in its > > receipt. Please note that email correspondence generally includes > > processing of personal data. For information on Mycronic’s processing of > your personal data, please see our Privacy Policy: > > http://www.mycronic.com/fr/about-us/privacy-policy/ > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
