No name matching in AKHQ - ssl

Getting No name matching error while connecting to kafka from AKHQ
2022-04-11 09:15:35,806 WARN inclient-2 c.a.i.AdminMetadataManager [AdminClient clientId=adminclient-2] Metadata update failed due to authentication error
org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: No name matching ppe.kafka.tnt.dev.euw.azure.tesco.org found
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:430)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:514)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:368)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:291)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543)
at org.apache.kafka.common.network.Selector.poll(Selector.java:481)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:551)
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1389)
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1320)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: No name matching test.server.host.name found
at java.base/sun.security.util.HostnameChecker.matchDNS(Unknown Source)
at java.base/sun.security.util.HostnameChecker.match(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 20 common frames omitted

This happens when the Kafka server's certificate does not match the hostname. We could set ssl.endpoint.identification.algorithm to an empty string to disable hostname verification.
The endpoint identification algorithm used by clients to validate
server host name. The default value is https. Clients including client
connections created by the broker for inter-broker communication
verify that the broker host name matches the host name in the broker’s
certificate. Disable server host name verification by setting
ssl.endpoint.identification.algorithm to an empty string
https://docs.confluent.io/platform/current/kafka/authentication_ssl.html#optional-settings

Related

Error While Connecting Pentaho Kette with PostgreSQL

Error connecting to database [test] :org.pentaho.di.core.exception.KettleDatabaseException:
Error occurred while trying to connect to the database
Error connecting to database: (using class org.postgresql.Driver)
The authentication type 10 is not supported. Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver.
org.pentaho.di.core.exception.KettleDatabaseException:
Error occurred while trying to connect to the database
Error connecting to database: (using class org.postgresql.Driver)
The authentication type 10 is not supported. Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver.
at org.pentaho.di.core.database.Database.normalConnect(Database.java:472)
at org.pentaho.di.core.database.Database.connect(Database.java:370)
at org.pentaho.di.core.database.Database.connect(Database.java:341)
at org.pentaho.di.core.database.Database.connect(Database.java:331)
at org.pentaho.di.core.database.DatabaseFactory.getConnectionTestReport(DatabaseFactory.java:83)
at org.pentaho.di.core.database.DatabaseFactory.getConnectionTestResults(DatabaseFactory.java:112)
at org.pentaho.di.core.database.DatabaseMeta.testConnectionSuccess(DatabaseMeta.java:2811)
at org.pentaho.di.ui.core.database.dialog.DatabaseDialog.test(DatabaseDialog.java:110)
at org.pentaho.di.ui.core.database.wizard.CreateDatabaseWizardPage2.test(CreateDatabaseWizardPage2.java:157)
at org.pentaho.di.ui.core.database.wizard.CreateDatabaseWizardPage2$3.widgetSelected(CreateDatabaseWizardPage2.java:147)
at org.eclipse.swt.widgets.TypedListener.handleEvent(Unknown Source)
at org.eclipse.swt.widgets.EventTable.sendEvent(Unknown Source)
at org.eclipse.swt.widgets.Display.sendEvent(Unknown Source)
at org.eclipse.swt.widgets.Widget.sendEvent(Unknown Source)
at org.eclipse.swt.widgets.Display.runDeferredEvents(Unknown Source)
at org.eclipse.swt.widgets.Display.readAndDispatch(Unknown Source)
at org.eclipse.jface.window.Window.runEventLoop(Window.java:820)
at org.eclipse.jface.window.Window.open(Window.java:796)
at org.pentaho.di.ui.core.database.wizard.CreateDatabaseWizard.createAndRunDatabaseWizard(CreateDatabaseWizard.java:131)
at org.pentaho.di.ui.spoon.Spoon.createDatabaseWizard(Spoon.java:7572)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.pentaho.ui.xul.impl.AbstractXulDomContainer.invoke(AbstractXulDomContainer.java:313)
at org.pentaho.ui.xul.impl.AbstractXulComponent.invoke(AbstractXulComponent.java:157)
at org.pentaho.ui.xul.impl.AbstractXulComponent.invoke(AbstractXulComponent.java:141)
at org.pentaho.ui.xul.jface.tags.JfaceMenuitem.access$100(JfaceMenuitem.java:43)
at org.pentaho.ui.xul.jface.tags.JfaceMenuitem$1.run(JfaceMenuitem.java:106)
at org.eclipse.jface.action.Action.runWithEvent(Action.java:498)
at org.eclipse.jface.action.ActionContributionItem.handleWidgetSelection(ActionContributionItem.java:545)
at org.eclipse.jface.action.ActionContributionItem.access$2(ActionContributionItem.java:490)
at org.eclipse.jface.action.ActionContributionItem$5.handleEvent(ActionContributionItem.java:402)
at org.eclipse.swt.widgets.EventTable.sendEvent(Unknown Source)
at org.eclipse.swt.widgets.Display.sendEvent(Unknown Source)
at org.eclipse.swt.widgets.Widget.sendEvent(Unknown Source)
at org.eclipse.swt.widgets.Display.runDeferredEvents(Unknown Source)
at org.eclipse.swt.widgets.Display.readAndDispatch(Unknown Source)
at org.pentaho.di.ui.spoon.Spoon.readAndDispatch(Spoon.java:1381)
at org.pentaho.di.ui.spoon.Spoon.waitForDispose(Spoon.java:7817)
at org.pentaho.di.ui.spoon.Spoon.start(Spoon.java:9179)
at org.pentaho.di.ui.spoon.Spoon.main(Spoon.java:707)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.pentaho.commons.launcher.Launcher.main(Launcher.java:92)
Caused by: org.pentaho.di.core.exception.KettleDatabaseException:
Error connecting to database: (using class org.postgresql.Driver)
The authentication type 10 is not supported. Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver.
at org.pentaho.di.core.database.Database.connectUsingClass(Database.java:583)
at org.pentaho.di.core.database.Database.normalConnect(Database.java:456)
... 46 more
Caused by: org.postgresql.util.PSQLException: The authentication type 10 is not supported. Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver.
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:614)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:222)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.(PgConnection.java:194)
at org.postgresql.Driver.makeConnection(Driver.java:450)
at org.postgresql.Driver.connect(Driver.java:252)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at org.pentaho.di.core.database.Database.connectUsingClass(Database.java:567)
... 47 more
Hostname: localhost
Port: 5432
Database name: test
Your password verifier is stored on the server in the "scram-sha-256" format, but your driver is too old to support that format. Upgrade the JDBC driver. Or less prefered, change password_encryption on the server to "md5" and then reset the password.

Unable to create a successful connection for data source in Weblogic server 12.2.1.3 console

I am getting the below error when I create a new data source in WebLogic Server 12.2.1.3.0 after I installed the server today.
I have already created and tested the same in Java 1.7 using WebLogic Server 12.1.3.0.0.
This is failing now that I have updated to Java 1.8 using WebLogic 12.2.1.3.0.
Error:
Messages
Message icon - Error Connection test failed.
Message icon - Error [FMWGEN][DB2 JDBC Driver]Error establishing socket to host and port: powud03a.apmoller.net:60004. Reason: Connection timed out: connect
weblogic.jdbc.db2base.ddcp.b(Unknown Source)
weblogic.jdbc.db2base.ddcp.a(Unknown Source)
weblogic.jdbc.db2base.ddco.b(Unknown Source)
weblogic.jdbc.db2base.ddco.a(Unknown Source)
weblogic.jdbc.db2.drda.ddf.(Unknown Source)
weblogic.jdbc.db2.DB2ImplConnection.k(Unknown Source)
weblogic.jdbc.db2.DB2ImplConnection.d(Unknown Source)
weblogic.jdbc.db2base.BaseConnection.b(Unknown Source)
weblogic.jdbc.db2base.BaseConnection.k(Unknown Source)
weblogic.jdbc.db2base.BaseConnection.b(Unknown Source)
weblogic.jdbc.db2base.BaseConnection.a(Unknown Source)
weblogic.jdbcx.db2base.ddx.a(Unknown Source)
weblogic.jdbcx.db2base.ddx.getXAConnection(Unknown Source)
weblogic.jdbc.common.internal.DataSourceUtil.testConnection0(DataSourceUtil.java:387)
weblogic.jdbc.common.internal.DataSourceUtil.access$000(DataSourceUtil.java:24)
weblogic.jdbc.common.internal.DataSourceUtil$1.run(DataSourceUtil.java:285)
java.security.AccessController.doPrivileged(Native Method)
weblogic.jdbc.common.internal.DataSourceUtil.testConnection(DataSourceUtil.java:282)
com.bea.console.utils.jdbc.JDBCUtils.testConnection(JDBCUtils.java:937)
com.bea.console.actions.jdbc.datasources.createjdbcdatasource.CreateJDBCDataSource.testConnectionConfiguration(CreateJDBCDataSource.java:524)
...

Call SSL endpoint from spring-boot app

I have a spring-boot intranet webapp which need not be ssl secured as it is used within company.
The app calls an external https endpoint. To call the https endpoint I used InstallCert.java to generate a new trust store and import the certificate needed to call the https url using the procedure shown here.
https://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/
Doing >java InstallCert hosturl generated jssecacerts trust store and imported the certificate
I have the following as my application.proeprties
server.port: 8080
server.contextPath=/mpservice
management.port: 9001
management.address: 127.0.0.1
logging.file=mpservice.log
logging.level.root=INFO
logging.level.org.springframework.web=DEBUG
server.ssl.key-store=C:/Users/cho4157/Downloads/InstallCert/jssecacerts
server.ssl.key-store-password=changeit
server.ssl.client-auth=need
server.ssl.trust-store=C:/Users/cho4157/Downloads/InstallCert/jssecacerts
server.ssl.trust-store-password=changeit
The tomcat server starts fine as the logs show below but When I hit the endpoints the browser says that localhost didn't send any data.
2016-08-01 19:18:20.968 INFO 16944 --- [main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 9001 (https)
2016-08-01 19:18:20.970 DEBUG 16944 --- [main] o.s.w.c.s.StandardServletEnvironment : Adding [server.ports] PropertySource with highest search precedence
2016-08-01 19:18:20.970 DEBUG 16944 --- [main] o.s.w.c.s.StandardServletEnvironment : Adding [server.ports] PropertySource with highest search precedence
2016-08-01 19:18:20.976 INFO 16944 --- [main] o.s.c.support.DefaultLifecycleProcessor : Starting beans in phase 0
2016-08-01 19:18:21.418 INFO 16944 --- [main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (https)
When I comment out server.ssl.* properties in application.properties everything works fine except posting to the https endpoint which throws the below exception as expected. Any suggestion is greatly appreciated.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:80)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:596)
... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 29 more
I also tried setting following system properties
static
{
System.setProperty("javax.net.ssl.trustStore","C:\\Users\\jojo\\Downloads\\InstallCert\\jssecacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStore", "C:\\Users\\jojo\\Downloads\\InstallCert\\jssecacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
}
even with the above piece of code I was getting javax.net.ssl.SSLHandshakeException:
I have been trying to get this configuration working for the past 2 days with little success. Please help.

Jenkins Job-DSL: How to accept URL over Https with own root-ca signed certificate?

I want to read a xml stream over HTTPS. The webserver has a certificate that was signed by our own-created inoffical CA.
I know I need to import the CA cert to make my Groovy Job DSL Script work.
Where do I need to import the ca cert or how can I define my own trustStore to make it work?
What I tried before:
Importing CA cert with keytool to C:\Program Files (x86)\Java\jre1.8.0_40\lib\security\cacert
Importing CA cert with keytool to C:\Program Files (x86)\jenkins\jre\lib\security\cacert
When I try the connection with groovyConsole after importing the CA cert to cacert trustStore everything work, but in Jenkins not.
So I tried to set a trustStore in my Job DSL script without success. Still recieving the cert chain error exception:
def addr = "https://example.com:8443/svn/"
def authString = "user:pass".getBytes().encodeBase64().toString()
def jobNamePrefix = "Job"
println("${WORKSPACE}\\epedev.keystore")
System.setProperty("javax.net.ssl.trustStore", "${WORKSPACE}\\epedev.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
def conn = addr.toURL().openConnection()
Console-Snippet:
Processing provided DSL script
C:\Jenkins\ps\seed\Seed PS Projects from SVN\workspace\epedev.keystore
FATAL: Unable to run script
java.io.IOException: Unable to run script
at javaposse.jobdsl.dsl.DslScriptLoader.runDslEngineForParent(DslScriptLoader.java:92)
at javaposse.jobdsl.dsl.DslScriptLoader.runDslEngine(DslScriptLoader.java:123)
at javaposse.jobdsl.plugin.ExecuteDslScripts.perform(ExecuteDslScripts.java:216)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
at hudson.model.Build$BuildExecution.build(Build.java:205)
at hudson.model.Build$BuildExecution.doRun(Build.java:162)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537)
at hudson.model.Run.execute(Run.java:1741)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:408)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)
at groovy.lang.MetaClassImpl$GetBeanMethodMetaProperty.getProperty(MetaClassImpl.java:3500)
at org.codehaus.groovy.runtime.callsite.GetEffectivePojoPropertySite.getProperty(GetEffectivePojoPropertySite.java:61)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGetProperty(AbstractCallSite.java:227)
at script.run(script:12)
at javaposse.jobdsl.dsl.DslScriptLoader.runDslEngineForParent(DslScriptLoader.java:80)
... 11 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 35 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 41 more
Started calculate disk usage of build
Finished Calculation of disk usage of build in 0 seconds
Started calculate disk usage of workspace
Finished Calculation of disk usage of workspace in 0 seconds
Finished: FAILURE
UPDATE:
I also started groovyConsole with Jenkins JRE. It's also working. So the cacerts keystore contains the working ca cert. But why does it not work in Jenkins script console or Job DSL Plugin. What's wrong here?
I got this working after I restarted the Jenkins windows service. Before that I always restartet Jenkins in the application itself. It seems like there is a difference between restarting the service and reboot Jenkins in the console.
After that the CA cert I imported to C:\Program Files (x86)\jenkins\jre\lib\security\cacert was found.

WSDL2Java certificate error

Using the WSDL2Java.bat included in Apache Axis2 to generate .java files from an online SOAP WSDL service, however I get an error about some certificate. I have no idea where this is coming from, it should work according to the instructions I was given.
Using AXIS2_HOME: C:\Users\****\Downloads\axis2-1.6.2-bin\axis2-1.6.2
Using JAVA_HOME: C:\Program Files\Java\jre7
Exception in thread "main" org.apache.axis2.wsdl.codegen.CodeGenerationException
: Error parsing WSDL
at org.apache.axis2.wsdl.codegen.CodeGenerationEngine.<init>(CodeGenerat
ionEngine.java:181)
at org.apache.axis2.wsdl.WSDL2Code.main(WSDL2Code.java:35)
at org.apache.axis2.wsdl.WSDL2Java.main(WSDL2Java.java:24)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator
Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath
BuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown So
urce)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unk
nown Source)
at org.apache.axis2.wsdl.codegen.CodeGenerationEngine.<init>(CodeGenerat
ionEngine.java:99)
... 2 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Sour
ce)
... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 22 more
Anyone got any hint on what the issue could be or where I should start looking?
Thanks
It seems you are trying to generate Java classes using a WSDL from an HTTPS URL. It fails when it is trying to validate the certificate.
Try to access the WSDL from your browser and it should give you a warning.
You can save the WSDL to your local directory and try to run WSDL2Java for that file.
However you might get similar errors when you access the web service via stub, if the endpoint is also an HTTPS URL.