I am trying to set up Cloud SQL in my project and hence to make it work I installed custom SSL certificates. However, now I cannot connect to PubSub and get this error
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am not sure how to get Cloud SQL to work along with PubSub. Any tips are welcome. Haven't been able to find anything on the internet yet
Related
Added the following to the embedded MI's toml:
[[service_catalog]]
apim_host = "https://localhost:9443"
enable = true
username = "xxxxxxxx"
password = "xxxxxxxx"
Made sure the metadata and swagger files are present. Then clicked Export Project Artifacts and Run. But I don't see any Publish to Service Catalog checkbox that's supposed to be there according to this doc.
The first time I tried, I got the following error (implying it's trying to publish?):
ERROR {ServiceCatalogUtils} - Error occurred while reading the response from service catalog javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:331)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352)
at org.wso2.micro.integrator.initializer.utils.ServiceCatalogUtils.getAllServices(ServiceCatalogUtils.java:209)
at org.wso2.micro.integrator.initializer.serviceCatalog.ServiceCatalogExecutor.run(ServiceCatalogExecutor.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:380)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:285)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670)
... 20 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:375)
... 26 more
Caused by: java.security.SignatureException: Signature does not match.
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:457)
at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 31 more
So I imported the APIM certificate into the embedded MI's trust store. The error disappeared but I don't see Successfully updated the service catalog either. And when I check in the Services tab of the APIM, my service is not there.
Am I missing any steps? Or doing anything wrong?
Using the wso2 identity server in my on production site I try to access to "dashboard jaggery apps" for manage own user account (change password, etc). But when I try to login in there (using SAML2 in the https production domain) shows the following error,
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
We write the keystore path in the auth_config.json inside repository/deployment/server/jaggeryapps/dashboard/authentication, but it does not work.
We have other application using the same fingerprint and/or x.509 hash correctly (with SAML2), but this app we can't configure.
here the complete error http://pastebin.com/tgJenydM
Any suggestions? Thanks.
update:
When I use the backend IP the error is not raised, but when I change to the domain name yes. (This error really make me crazy)
Did you change the default keystore of WSO2IS server ? If, Could you pleas let us know whether you import your new certificate in to the trust store file (client-truststore.jks) of WSO2IS server. If it is not, This can be the issue. Please export the certificate from Keystore and import it in to the trust store of the server. You can use jave keytool command to do it.
When you are working on dashboard (not in localhost), there are some few configuration you need to do . You can find them from here
I have generated client stub using wsdl2java.
I am able to call webservices of HTTP server.
But I have HTTPS server with self signed certificate.
When I called same service for HTTPS server, its throwing exception :
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
How to modify client stub to accept all certificates?
You have one of two options:
Trust the cert. One possible approach is this: http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/
Alternatively, choose to ignore the error and keep going. See this stackoverflow q: How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
Google is your friend...
Whenever i click on GetPhotos, playground (oauth2.jsp) gives me this error:
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
It worked for me with IS-4.1.0, Tomcat-7.0.41, and the WAR file downloaded from:
https://svn.wso2.org/repos/wso2/scratch/Identity-Server-4.5.0/M6/samples/playground.war
See:
http://sureshatt.blogspot.com.es/2013/08/openid-connect-with-wso2-identity.html
It seems there are different Playground app versions out there, some are buggy or outdated.
Also you must make sure you enter the exact strings as OAuth2 Playground parameters (id, secret,...). It happened to me that even copy-pasting them within Firefox it didn't work, so make sure you trim those strings yourself.
Maybe the webapp you are running does not trust the keys from the identity server. See steps 9-10 on http://docs.wso2.org/display/IS450/WSO2+Identity+Server+as+an+OpenID+Provider
I am testing a web service hosted on https. I use jaxws for the connection.
This retrieves the wsdl first but that's where the error occurs. I saved the certificate in IE on my local machine and created a keystore from it, as described in JAX-WS-https-client and changed JVM arguments so that the keystore loads.
This did achieve that the url used to retrieve the wsdl contained protocol https instead of http, so things started to look better. But now I get the following error:
SystemException: PropagatedException: WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at 'https://www.eway.com.au/gateway/rebill/test/manageRebill_test.asmx?wsdl'.: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Does this mean that the certificate was copied to filesystem incorrectly?
Is something else wrong? What to do?
I should note that when exporting a certificate from IE, the option is given to export the private key or not. When not exporting the private key, then it can be saved as .cer file which is necessary for creating the keystore. On the other hand, when I try to export the private key, the file extension is .pfx and this cannot be converted to a keystore.
My bad - I had Fiddler running and thus used a certificate issued by Fiddler.
When I added the real certificate to the keystore, the webservice call was OK.