Why I can't connect Quarkus application to Keycloak with custom certificate? - ssl-certificate

As this issue My keycloak does not have a trusted certificate, so i put the property quarkus.oidc.tls.verification=none
Even so, it is unable to perform the request!!!
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I tried to add the custom CA Root certifate ca.crt when I build the image with:
gradle build -Dquarkus.container-image.build=true \
-Dquarkus.container-image.group=$CI_REGISTRY_IMAGE -x test \
-Dquarkus.native.additional-build-args=-J-Djavax.net.ssl.trustStore=/certs/ca.crt,-J-Djavax.net.ssl.trustStorePassword=changeit
but with no luck!
How can I solve?

Solved with quarkus.oidc-client.tls.verification=none
This option is related to the quarkus-oidc-client extension and it disables the verification of the authenticity of the server's SSL/TLS certificate as well.

Related

Jenkins doesn't connect to Internet (SSL trouble)

Error message: SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I been trying to configure the proxy correctly but some http servers respond with success, meanwhile all the https doesn't.
I installed all the necessary plugins manually for run a sample pipeline but the error in console output is just a nested page 404 by jenkins.
It's important to know that my OS have the cli internet connection blocked for security terms.
This is the last followable trouble that I have, but I'm a little bit confusing with the SSL cert, I tried to resolve it by this post but is not clear to me which SSL cert I have to download and if this could cause troubles with my PC restrictions.
One solution to resolve this issue is change the update url at management plugins > advanced setting > url update from this
https://updates.jenkins.io/update-center.json
to this
http://updates.jenkins.io/update-center.json
this solutions is not definitive and i won't recommend it.
Actually i solve this problem loading the plugins.jenkins.io cert to the javas's keystore using
.\keytool.exe -import -alias {alias} -keystore %JAVA%\lib\security\cacerts -file \path\to\your\cert
(Be sure than you are not overwritting anything and the password for -import param by default is changeit)

Error when trying to connect to Anypoint Platform from Studio 7. There was a problem with the SSL handshake

Error when trying to connect to Anypoint Platform from Studio 7. There was a problem with the SSL handshake, please check your certificate installation
There was a problem with the SSL handshake, please check your certificate installation.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am stuck on this issue since month, please help..
Assuming you are using AnypointStudio 7.6.0, it comes with AdoptOpenJDK8 bundled. If not, install AdoptOpen JDK. Next, create a JAVA_HOME environment variable to point to your OpenJDK install location.
Use a browser to access https://anypoint.mulesoft.com/ and check the Certificate details in the "Certificate Path" tab. So at this point, follow the method that you used to install i.e. import not only Company Root CA certificate but also add Company Issuing CA Intranet Server certificate (this is the child of the Company Root CA) details to the stand-alone JVM that you installed. This is important for your Studio to work properly.
See some more details here: https://help.mulesoft.com/s/article/How-to-resolve-certification-error-when-performing-update-in-Studio

Caused by: sun.security.validator.ValidatorException: PKIX path building failed:

I have Installed apache, Tomcat7 on a server, my requests are redirecting from apache to tomcat.
I have installed a SSL on apache. I am using goole api's for some authentication in my app.
But i am getting following error
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
Wht will be the solution to resolve this problem?
Thanks in advance..
The certificate of the target application is not trusted by the source application because the certificate or chain of certificates cannot be found in the source application's JVM truststore.
Make sure you have imported your certificates into the truststore.
Check to see that the correct truststore is in use.
refer here more info.

How can I choose a specific certificate when using SSL for ldap/Actyve directory connection?

I have a webservice(written in java) which is connecting to our active directory and I'm trying to make it use the SSL protocole for this connection so I've downloaded the certificate from the URL import it in my truststore and specify in my code to use SSL protocol security like this :
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.PROVIDER_URL, "ldap://MyHost:636");
My problem is that the connection doesn't work all the time and i get this error :
javax.naming.CommunicationException: simple bind failed: MyHost:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
My idea is that there is more than one certificate on this host and when I try to connect it's doesn't always use the right certificate (the one I have in my truststore)
So is there a way to specify in java which certificate to use ? by a name or alias or something else ?
Thanks for your time and help
First: Are you sure you added the right certificate to your truststore AND you are using the right truststore?
You can specify the truststore:
System.setProperty("javax.net.ssl.trustStore","clientTrustStore.key");
Second: Does you AD cert have any intermediate Certificate Authorities?
Third: See the link Obtain the CA Certificate from AD
They shows how to get the cert form AD in a couple of methods.
-jim

Unable to load web app

Unable to load web application and console says the following
InstallationHandlers.isRegistered() failed, reason:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
what does it means? Any Idea ?
Thanks,
Pramod
Check your SSL settings. Try to turn off SSL and see if it helps.
And, as error msg says, check all paths to keystores and all certificate aliases.
I don't use glassfish - I just look at error message. PKIX is format of file, that contains certificates. All certificates, depending of CA (certificate authority), belong to different paths. Example: certificate from Thawte belongs to Thawte certficiate paths, cert from Verisign belong to Verisign path. So there is something wrong with certificate you use: it does not belong to any registered path, I think. One of the most popular ways to use certificates is SSL, so I presume this is your case. SSL settings should be somewhere in glassfish - google it. Or, maybe, you can make your application use unencrypted connections.