login button

General SSL engine problem

Submitted by j0na on March 17, 2008 - 01:49. Forums :

I try to acces to a https web service. I put the CA in trust.ks and in the java keystore but it trought a error. Someone help me?

Bookmark/Search this post with:
  • Delicious
  • Digg
  • Reddit
  • Newsvine
  • Facebook
  • Google
  • Yahoo
  • Technorati
‹ SSL & TrustStore Out of memory ›

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Hi, Could you please attach

Submitted by ruwan on March 17, 2008 - 08:39.

Hi,

Could you please attach the error message that you are getting so that we can help you

 

Thanks

Ruwan Linton

»

2008-03-18 10:08:56,042

Submitted by j0na on March 18, 2008 - 01:10.

2008-03-18 10:08:56,042 [192.168.7.22-boo] [I/O dispatcher 1] ERROR ClientHandler HTTP connection [192.168.7.86:8080]: General SSLEngine problem
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
at javax.net.ssl.SSLEngine.wrap(Unknown Source)
at org.apache.http.impl.nio.reactor.SSLIOSession.doHandshake(SSLIOSession.java:143)
at org.apache.http.impl.nio.reactor.SSLIOSession.isAppInputReady(SSLIOSession.java:249)
at org.apache.synapse.transport.nhttp.SSLClientIOEventDispatch.inputReady(SSLClientIOEventDispatch.java:116)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:98)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:195)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:180)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:142)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:70)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:31
8)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.apache.http.impl.nio.reactor.SSLIOSession.doHandshake(SSLIOSession.java:166)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to reques
ted target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 22 more
2008-03-18 10:08:56,042 [192.168.7.21] [I/O dispatcher 1] ERROR ClientHandler I/O error : General SSLEngine problem
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
at javax.net.ssl.SSLEngine.wrap(Unknown Source)
at org.apache.http.impl.nio.reactor.SSLIOSession.doHandshake(SSLIOSession.java:143)
at org.apache.http.impl.nio.reactor.SSLIOSession.isAppInputReady(SSLIOSession.java:249)
at org.apache.synapse.transport.nhttp.SSLClientIOEventDispatch.inputReady(SSLClientIOEventDispatch.java:116)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:98)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:195)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:180)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:142)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:70)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:31
8)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at org.apache.http.impl.nio.reactor.SSLIOSession.doHandshake(SSLIOSession.java:166)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to reques
ted target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 22 more

»

> ..pathBuilderException:

Submitted by asankha on March 18, 2008 - 01:50.

> ..pathBuilderException: unable to find valid certification path to requested target

Seems like your certs are not properly setup. Did you import the CA cert as a "trusted cert" ? Can you share the output of "keytool -v -list -keystore trust.jks" ?

And also share the certificate information of the https endpoint?.. send these to me privately if you do not want to disclose this publicly

asankha

»

I import de CA cert as a

Submitted by j0na on March 18, 2008 - 02:04.

I import de CA cert as a "trusted cert". When I do "keytool -v -list -keystore trust.jks" it seems a trustedCertEntry. I put de Ca cert in java cacert.. I put it in all de keystores :S

»

Hi, What is the version of

Submitted by ruwan on March 18, 2008 - 06:19.

Hi,

What is the version of the ESB that you are using?

Ruwan Linton

»

I use the last version of

Submitted by j0na on March 19, 2008 - 01:26.

I use the last version of the ESB 1.6

»

No, putting it on cacerts

Submitted by asankha on March 18, 2008 - 07:00.

No, putting it on cacerts will not do, as we only use the trust.jks configured in the axis2.xml

Can you replace your trust.jks in the ESB with a copy of the cacerts? do not change the location of the jks file either.. lets first get this to work

»

With reference to

Submitted by asankha on April 7, 2008 - 23:54.

With reference to http://wso2.org/forum/thread/3466#comment-5451

The root cause of this issue is that we have mistakenly bundled a copy of the trust.jks and identity.jks into the "wso2-esb-core-1.6.jar" JAR file located under webapp/WEB-INF/lib

Can you please open this JAR using a Zip tool and remove these two files. Then when you setup your trust.jks (and identity.jks) file located at ./webapp/WEB-INF/classes/conf/trust.jks properly, you should be able to proceed without any problems

asankha

»

Thanks!!

Submitted by j0na on April 8, 2008 - 01:04.

Thanks!!

»

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.