Published on WSO2 Oxygen Tank (http://wso2.org)

SSL & TrustStore

By alexandre_garino
Created 2008-04-07 07:25

Hi all,

I created a proxy service with ESB 1.6 from a web service available through https only.

If I consume the web service through the proxy the ESB outputs this exception:

2008-04-07 17:59:57,078 [10.130.30.202-xxxx] [I/O dispatcher 3] ERROR ClientHandler HTTP connection [xxx.xxx.xxx.xx/x.x.x.x:443]: General SSLEngine problem
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
 at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
 at javax.net.ssl.SSLEngine.wrap(Unknown Source)
 at org.apache.http.impl.nio.reactor.SSLIOSession.doHandshake(SSLIOSession.java:143)
 at org.apache.http.impl.nio.reactor.SSLIOSession.isAppInputReady(SSLIOSession.java:249)
 at org.apache.synapse.transport.nhttp.SSLClientIOEventDispatch.inputReady(SSLClientIOEventDispatch.java:116)
 at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:98)
 at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:195)
 at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:180)
 at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:142)
 at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:70)
 at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:318)
 at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source)
 at org.apache.http.impl.nio.reactor.SSLIOSession.doHandshake(SSLIOSession.java:166)
 ... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
 at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
 at sun.security.validator.Validator.validate(Unknown Source)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
 at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
 ... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
 at java.security.cert.CertPathBuilder.build(Unknown Source)
 ... 21 more
2008-04-07 17:59:57,093 [10.130.30.202-xxxx] [I/O dispatcher 3] ERROR ClientHandler I/O error : General SSLEngine problem
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
 at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)
 at javax.net.ssl.SSLEngine.wrap(Unknown Source)
 at org.apache.http.impl.nio.reactor.SSLIOSession.doHandshake(SSLIOSession.java:143)
 at org.apache.http.impl.nio.reactor.SSLIOSession.isAppInputReady(SSLIOSession.java:249)
 at org.apache.synapse.transport.nhttp.SSLClientIOEventDispatch.inputReady(SSLClientIOEventDispatch.java:116)
 at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:98)
 at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:195)
 at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:180)
 at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:142)
 at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:70)
 at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:318)
 at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
 at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
 at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
 at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source)
 at org.apache.http.impl.nio.reactor.SSLIOSession.doHandshake(SSLIOSession.java:166)
 ... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
 at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
 at sun.security.validator.Validator.validate(Unknown Source)
 at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
 at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
 ... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
 at java.security.cert.CertPathBuilder.build(Unknown Source)
 ... 21 more

I guess this exception occurs because the certification path can't be built.

All certifcates have been imported in the default cacert of both public and private jre. I implemented a simple client with HttpComponent 3.1 to be sure that there are no similiar messages if I retrieve the wsdl through https.

Maybe the cause of this issue is the same to this one: http://wso2.org/forum/thread/3377 [1]

Any help would be greatly appreciated,

Regards,
Alexandre

Source URL:
http://wso2.org/forum/thread/3466

Links:
[1] http://wso2.org/forum/thread/3377