Hi Tad thanks for your answer
I added again the rootcert.pem to the cacert file using the keytool- command (see above). In addition I checked the certificates: d...@dave:~/testlab/wave$ openssl verify -CAfile rootcert.pem dave.org.crt dave.org.crt: OK d...@dave:~/testlab/wave$ So, both certificates seems to be ok from my point of view. Nevertheless, the error messages at the screen are the same, so the above describe problem still exists... Any further ideas to solve the problem? On 5 Jan., 20:11, Tad Glines <[email protected]> wrote: > The key part of the error is "Caused by: > java.security.cert.CertPathValidatorException: Path does not chain > with any of the trust anchors". This means either dave.org.crt wasn't > signed by rootcert.pem, or rootcert.pem isn't in the cacerts file. > > You can use "openssl verify -CAfile rootcert.pem dave.org.crt" to > verify that dave.org.crt was signed by rootcert.pem. > You may also want to compare the fingerprints of rootcert.pem and the > version in cacerts to make sure they still match. > > Because the stack trace is truncated it's not possible to determine if > there is some other issue that is causing the cert validation to fail. > > -Tad > > On Wed, Jan 5, 2011 at 9:26 AM, jowi <[email protected]> wrote: > > Hello Tad > > > Thanks for your answer. > > I do not use startssl certificates. > > Because I only want to use/test a wave federation scenario in my > > private network, I created (using OpenSSL) my own root CA-certificate > > which validates my wave server certificates (e.g. dave.org.crt). So, > > the "certificate_files" parameter in the server.federation.config file > > looks than: > > > certificate_files=dave.org.crt,rootcert.pem > > > In a previous revision (approximately 2 month ago) this method worked > > well. > > In addition, I install the root certificate in the Java keystore > > executing the following command: > > > sudo keytool -importcert -storetype jks -keystore /etc/java/security/ > > cacerts -file rootcert.pem > > > I don’t know if this is really needed, but I found a recommendation > > somewhere in the internet that this should be done (unfortunately, the > > specification about installing of certificates in wave is a little bit > > short for my opinion...) > > > Johannes > > > On 5 Jan., 17:28, Tad Glines <[email protected]> wrote: > >> You get this error when there is a configuration or certificate issue. > > >> Check to make sure that "certificate_files" contains the complete > >> trust chain. If you used startssl then you need to include > >> sub.class1.server.ca.pem and ca.pem in the list. > > >> -Tad > > >> On Wed, Jan 5, 2011 at 6:57 AM, jowi <[email protected]> wrote: > >> > Hello everybody > > >> > when I execute run-server.sh I always get the following error message > >> > (see detailed screen output below): > > >> > Failed to add our own signer info to the certificate store > > >> > What does it mean, and how can I solve the problem? > >> > Any ideas? > >> > (I use Ubuntu 10.04, openjdk and the last revision of WiaB. ) > > >> > ------------------------ error screen output -------------- > > >> > d...@dave:~/testlab/wave$ ./run-server.sh > >> > 05.01.2011 14:24:32 > >> > org.waveprotocol.box.server.waveserver.WaveServerImpl <init> > >> > INFO: Wave Server configured to host local domains: [dave.org] > >> > 05.01.2011 14:24:32 > >> > org.waveprotocol.box.server.waveserver.WaveServerImpl <init> > >> > SCHWERWIEGEND: Failed to add our own signer info to the certificate > >> > store > >> > org.waveprotocol.wave.crypto.SignatureException: Certificate > >> > validation failure > >> > at > >> > org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java: > >> > 103) > >> > at > >> > org.waveprotocol.wave.crypto.CachedCertPathValidator.validate(CachedCertPathValidator.java: > >> > 65) > >> > at > >> > org.waveprotocol.wave.crypto.WaveSignatureVerifier.verifySignerInfo(WaveSignatureVerifier.java: > >> > 129) > >> > at > >> > org.waveprotocol.box.server.waveserver.CertificateManagerImpl.storeSignerInfo(CertificateManagerImpl.java: > >> > 199) > >> > at > >> > org.waveprotocol.box.server.waveserver.WaveServerImpl.<init>(WaveServerImpl.java: > >> > 363) > >> > at org.waveprotocol.box.server.waveserver.WaveServerImpl$ > >> > $FastClassByGuice$$3065e839.newInstance(<generated>) > >> > at > >> > com.google.inject.internal.cglib.reflect.FastConstructor.newInstance(FastConstructor.java: > >> > 40) > >> > at com.google.inject.internal.DefaultConstructionProxyFactory > >> > $1.newInstance(DefaultConstructionProxyFactory.java:59) > >> > at > >> > com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java: > >> > 84) > >> > at com.google.inject.internal.ConstructorBindingImpl > >> > $Factory.get(ConstructorBindingImpl.java:200) > >> > at com.google.inject.internal.ProviderToInternalFactoryAdapter > >> > $1.call(ProviderToInternalFactoryAdapter.java:43) > >> > at > >> > com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java: > >> > 878) > >> > at > >> > com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java: > >> > 40) > >> > at com.google.inject.Scopes$1$1.get(Scopes.java:64) > >> > at > >> > com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java: > >> > 40) > >> > at > >> > com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53) > >> > at com.google.inject.internal.ProviderToInternalFactoryAdapter > >> > $1.call(ProviderToInternalFactoryAdapter.java:43) > >> > at > >> > com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java: > >> > 878) > >> > at > >> > com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java: > >> > 40) > >> > at com.google.inject.Scopes$1$1.get(Scopes.java:64) > >> > at > >> > com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java: > >> > 40) > >> > at > >> > com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java: > >> > 38) > >> > at > >> > com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java: > >> > 62) > >> > at > >> > com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java: > >> > 83) > >> > at com.google.inject.internal.ConstructorBindingImpl > >> > $Factory.get(ConstructorBindingImpl.java:200) > >> > at > >> > com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java: > >> > 825) > >> > at > >> > com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java: > >> > 871) > >> > at > >> > com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java: > >> > 821) > >> > at > >> > com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java: > >> > 860) > >> > at org.waveprotocol.box.server.ServerMain.run(ServerMain.java:130) > >> > at org.waveprotocol.box.server.ServerMain.main(ServerMain.java:76) > >> > Caused by: java.security.cert.CertPathValidatorException: Path does > >> > not chain with any of the trust anchors > >> > at > >> > sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java: > >> > 204) > >> > at > >> > java.security.cert.CertPathValidator.validate(CertPathValidator.java: > >> > 267) > >> > at > >> > org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java: > >> > 101) > >> > ... 30 more > >> > 05.01.2011 14:24:33 com.google.gson.ParameterizedTypeHandlerMap > >> > register > >> > WARNUNG: Overriding the existing type handler for class > >> > com.google.wave.api.Element > >> > 05.01.2011 14:24:33 com.google.gson.ParameterizedTypeHandlerMap > >> > register > >> > WARNUNG: Overriding the existing type handler for class > >> > com.google.wave.api.Element > >> > 05.01.2011 14:24:33 com.google.gson.ParameterizedTypeHandlerMap > >> > register > >> > WARNUNG: Overriding the existing type handler for class > >> > com.google.wave.api.Attachment > >> > 05.01.2011 14:24:33 com.google.gson.ParameterizedTypeHandlerMap > >> > register > >> > WARNUNG: Overriding the existing type handler for class > >> > com.google.wave.api.Attachment > >> > 05.01.2011 14:24:33 > >> > org.waveprotocol.wave.federation.xmpp.ComponentPacketTransport > >> > initialize > >> > INFO: Initializing with JID: wave.dave.org > >> > 05.01.2011 14:24:33 > >> > org.waveprotocol.wave.federation.xmpp.ComponentPacketTransport start > >> > INFO: Connected to XMPP server with JID: wave.dave.org > >> > 05.01.2011 14:24:33 org.waveprotocol.box.server.ServerMain run > >> > INFO: Starting server > >> > 2011-01-05 14:24:33.649:INFO::jetty-0.3 > >> > 2011-01-05 > >> > 14:24:33.884:INFO:org.eclipse.jetty.servlets.org.eclipse.jetty.servlets.ProxyServlet > >> > $Transparent-14666567:org.eclipse.jetty.servlets.ProxyServlet > >> > $Transparent-14666567 @ /gadgets tohttp://gmodules.com:80/gadgets > >> > 2011-01-05 14:24:33.926:INFO::Started > >> > [email protected]:9898 > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups "Wave Protocol" group. > >> > To post to this group, send email to [email protected]. > >> > To unsubscribe from this group, send email to > >> > [email protected]. > >> > For more options, visit this group > >> > athttp://groups.google.com/group/wave-protocol?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Wave Protocol" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/wave-protocol?hl=en. -- You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en.
