java - HTTP transport error: javax.net.ssl.SSLHandshakeException -


i have java client on glassfish has consume soap web service third party can't around error:

"error":    {       "code": "clienttransportexception",       "description": "http transport error: javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target" }

i have third party certificates in jvm keystore , cacert still no luck.

this (summarised) ssl messaging:

info:   using sslengineimpl. info:   allow unsafe renegotiation: false allow legacy hello messages: true initial handshake: true secure renegotiation: false info:   http-listener-2(5), read: tlsv1 handshake, length = 181 info:   *** clienthello, tlsv1 info:   randomcookie: ... info:   *** info:   %% resuming [session-5, tls_ecdhe_rsa_with_aes_128_cbc_sha] info:   *** serverhello, tlsv1 info:   randomcookie: info:   bytes = { info:   10 info:   , ... info:   , info:   218 info:   } info:   session id: info:   cipher suite: tls_ecdhe_rsa_with_aes_128_cbc_sha info:   compression method: 0 info:   extension renegotiation_info, renegotiated_connection: <empty> info:   *** info:   cipher suite:  tls_ecdhe_rsa_with_aes_128_cbc_sha info:   connection keygen: info:   client nonce: info:   0000: info:   55 info:   / info:   http-listener-2(5), write: tlsv1 handshake, length = 81 info:   http-listener-2(5), write: tlsv1 change cipher spec, length = 1 info:   *** finished info:   verify_data:  { info:   95 info:   , ... info:   , info:   7 info:   } info:   *** info:   http-listener-2(5), write: tlsv1 handshake, length = 48 info:   http-listener-2(2), read: tlsv1 change cipher spec, length = 1 info:   http-listener-2(2), read: tlsv1 handshake, length = 48 info:   *** finished info:   verify_data:  { info:   241 info:   , ... info:   , info:   206 info:   } info:   *** info:   finalizer, called close() info:   finalizer, called closeinternal(true) info:   allow unsafe renegotiation: false allow legacy hello messages: true initial handshake: true secure renegotiation: false info:   http-listener-2(2), setsotimeout(0) called info:   %% no cached client session info:   *** clienthello, tlsv1.2 info:   randomcookie: info:   gmt: 1431349301 info:   bytes = { info:   98 info:   , ... info:   extension server_name, server_name: [type=host_name (0), value=*****] info:   *** info:   http-listener-2(2), write: tlsv1.2 handshake, length = 244 info:   http-listener-2(2), read: tlsv1.2 handshake, length = 81 info:   *** serverhello, tlsv1.2 info:   randomcookie: info:   gmt: 305071236 info:   bytes = { info:   16 info:   , ... info:   , info:   157 info:   } info:   session id: info:   cipher suite: ssl_rsa_with_rc4_128_sha info:   compression method: 0 info:   extension renegotiation_info, renegotiated_connection: <empty> info:   *** info:   %% initialized:  [session-7, ssl_rsa_with_rc4_128_sha] info:   ** ssl_rsa_with_rc4_128_sha info:   http-listener-2(2), read: tlsv1.2 handshake, length = 2084 info:   *** certificate chain <b>info:   chain [0] = [</b> [ version: v3 subject: cn=*****, ou=*****, o=*****, l=*****, st=*****, c=***** signature algorithm: sha1withrsa, oid = 1.2.840.113549.1.1.5 key:  sun rsa public key, 2048 bits modulus: ***** public exponent: ***** validity: [from: tue apr 30 11:50:28 bst 2013,            to: mon dec 25 10:50:28 gmt 2017] issuer: emailaddress=*****, cn=*****, ou=*****k, o=*****, l=*****,     st=*****, c=***** serialnumber: [*****] certificate extensions: 2 [1]: objectid: 2.5.29.19 criticality=false basicconstraints:[ ca:false pathlen: undefined ] [2]: objectid: 2.5.29.15 criticality=false keyusage [ digitalsignature non_repudiation key_encipherment ] ] algorithm: [sha1withrsa] signature: 0000: 52 52 a2 33 8f 48 81 85   f9 cd 8e a8 90 1b d0 01  rr.3.h.......... 0010: 3e 09 ff ec f5 23 e0 6f   77 2b 5e 20 b2 bc ff ce  >....#.ow+^ .... ... 00d0: 26 70 a9 5c 6d 80 9e 72   b0 f0 75 1d f3 e4 93 41  &p.\m..r..u....a 00e0: 6e 11 43 cb 6e 6d 1e c3   bb c7 a2 6f 65 a6 b6 58  n.c.nm.....oe..x 00f0: 53 98 4d ca 0a ec 18 6a   d4 80 19 43 ad 7d f7  s.m....j....c... ] **info:   chain [1] = [** [ version: v3 subject: emailaddress=*****, cn=*****, ou=*****, o=*****, l=*****,  st=*****, c=***** signature algorithm: sha1withrsa, oid = ***** key:  sun rsa public key, 2048 bits modulus: ***** public exponent: ***** validity: [from: thu may 06 11:35:16 bst 2010,            to: sun may 03 11:35:16 bst 2020] issuer: emailaddress=*****, cn=*****, ou=*****, o=*****, l=*****,      st=*****, c=***** serialnumber: [*****] certificate extensions: 3 [1]: objectid: 2.5.29.35 criticality=false authoritykeyidentifier [ keyidentifier [ 0000: a0 c0 66 47 f2 e2 d7 6f   44 6f 3c e9 44 77 32 1b  ..fg...odo<.dw2. 0010: 00 3a b3 b6                                        .:.. ] ] [2]: objectid: 2.5.29.19 criticality=false basicconstraints:[ ca:true pathlen:2147483647 ] [3]: objectid: 2.5.29.14 criticality=false subjectkeyidentifier [ keyidentifier [ 0000: a0 c0 66 47 f2 e2 d7 6f   44 6f 3c e9 44 77 32 1b  ..fg...odo<.dw2. 0010: 00 3a b3 b6                                        .:.. algorithm: [sha1withrsa] signature: 0000: c0 fc 52 0f 9f 43 a4 64   b4 f2 61 79 50 37 90 28  ..r..c.d..ayp7.( 0010: 0b f7 ed 2e c8 28 01 66   25 ad dc e6 9d 3e 30 ed  .....(.f%....>0. ... 00e0: a6 19 a7 71 7a 55 4f   54 fa 4e de de bf fd 29  ...qzu.ot.n....) 00f0: 12 29 d0 48 b8 ba bb cc   57 11 24 7a a4 f5 0b 03  .).h....w.$z.... ] info:   *** **info:   %% invalidated:  [session-7, ssl_rsa_with_rc4_128_sha]** info:   http-listener-2(2) info:   , send tlsv1.2 alert: info:   fatal, **info:   description = certificate_unknown** info:   http-listener-2(2), write: tlsv1.2 alert, length = 2 info:   http-listener-2(2), called closesocket() **info:   http-listener-2(2), handling exception:  javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target** info:   http-listener-2(2), called close() info:   http-listener-2(2), called closeinternal(true) info:   http-listener-2(2), write: tlsv1 application data, length = 637 info:   http-listener-2(2), write: tlsv1 application data, length = 1 info:   http-listener-2(2), write: tlsv1 application data, length = 4

am doing wrong?

finally got working. had explicitly tell glassfish cacerts used certificates being available in /jdk/jr, /jre , glassfish domain config cacerts...

asadmin> create-jvm-options -djavax.net.ssl.truststore="/program files/java/jre7/lib/security/cacerts"

Comments

Post a Comment

Popular posts from this blog

android - MPAndroidChart - How to add Annotations or images to the chart -

i working latest mpandroidchart library , looking way add annotations or images clickable. example: once data reaches value event occurs want able display user - there multiple events can occur annotations (not sure if right word) or image added @ point in chart. any pointers welcome. check documentation of yaxis . focus on setspacetop(...) , setaxismaxvalue(...) methods. for background: bar-shadow , disable calling: barchart.setdrawbarshadow(false) or change color: bardataset.setbarshadowcolor(int color)
Read more

javascript - Add class to another page attribute using URL id - Jquery -

i have attached id url. ex: when click link 1 , has #tab-2 id , takes me landing page. in landing page have find element has #tab-2 id have add class .active . i tried no luck. please 1 correct code. thanks js fiddle link html <div class="menu"> <ul> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-2">link 1</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-44">link 2</a></li> <li><a href="http://jsfiddle.net/gscyoa0j/1/#tab-74">link 3</a></li> </ul> </div> landing page <div class="tab"> <ul> <li><a id="tab-2" class="active" >link 1 content</a></li> <li><a id="tab-44" >link 2 content</a></li> <li><a id="tab-74" >link 3 content</a></l...
Read more

firefox - Where is 'webgl.osmesalib' parameter? -

i'm trying webgl running on firefox (v37.0.2) via software acceleration mesa. tried following steps have been stated in article: http://www.binarytides.com/enable-webgl-firefox-ubuntu/ however, unable find parameter named ' webgl.osmesalib ' in about:config section? has been removed (or renamed)? if yes, how should instruct firefox use mesa's software acceleration webgl? looks support osmesa removed in favour llvmpipe.
Read more