I have a dev environment with IBM Websphere Liberty 8.5.5; in front of this application server there is an IBM HTTP Server (External CA SSL certificate configured for IBM HTTP).
I'm able to access the IBM HTTP from internet but with /mfpconsole it throws an exception (see below).
[11/28/16 21:02:44:464 SGT] 00000024 com.ibm.mfp.admin.ui.servlet.ServiceProxy E FWLSE3301E: Problem with SSL certificates. Possible fixes: Put the application server's certificate into the truststore. Or define the JNDI property mfp.admin.ui.cors.strictssl to false (not in production environments).
[11/28/16 21:02:44:464 SGT] 00000024 com.ibm.mfp.admin.ui.servlet.ServiceProxy E Exception java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while redirecting request to :443/mfpadmin/management-apis/2.0/runtimes?fullInfo=true
[11/28/16 21:02:49:759 SGT] 000000c9 com.ibm.ws.ssl.core.WSX509TrustManager E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN= was sent from the target host. The signer might need to be added to local trust store .p12, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[11/28/16 21:02:49:759 SGT] 000000c9 com.ibm.mfp.admin.ui.servlet.ServiceProxy E Received status 500 for GET https://url:443/mfpadmin/management-apis/2.0/runtimes?fullInfo=true
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I added the CA cert in Liberty truststore and it resolved the issue.Thanks
Related
Currently, when my helidon application invoke a request to another server using https protocol, it will cause an exception about certification:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
How can I disable this validation? Do the config "server.ssl.trustAll" or "server.trust-all" solve my issue?
The ssl validation should be resovled
Hello I need a simple method to ask soapUI to ignore SSL validation when I call an https sevice.
Acuatlly my error is unable to find valid certification path when I import tha wadl.
org.apache.xmlbeans.XmlException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Maybe somethong to set on the SoapUI-5.2.0.vmoptions...?
This is my actual file:
-Xms128m
-Xmx1000m
-Dsoapui.properties=soapui.properties
-Dsoapui.home=D:\Programmi\soapUI\SoapUI-5.2.0/bin
-Dsoapui.ext.libraries=D:\Programmi\soapUI\SoapUI-5.2.0/bin/ext
-Dsoapui.ext.listeners=D:\Programmi\soapUI\SoapUI-5.2.0/bin/listeners
-Dsoapui.ext.actions=D:\Programmi\soapUI\SoapUI-5.2.0/bin/actions
-Dwsi.dir=D:\Programmi\soapUI\SoapUI-5.2.0/wsi-test-tools
-Djava.library.path=D:\Programmi\soapUI\SoapUI-5.2.0/bin
-Djava.util.Arrays.useLegacyMergeSort=true
-splash:SoapUI-Spashscreen.png
-Dsun.security.ssl.allowUnsafeRenegotiation=true
I'm trying to connect my Java application to a IMAP server mail on 993, in a test environment.
I'm trying to ignore the certificate validation ,using a recommendation from previous answers to a similar question, as follows:
imapProps.put("mail.imaps.ssl.checkserveridentity", "false");
imapProps.put("mail.imaps.ssl.trust", "*");
but it doesn't seem to work, I'am still getting an exception.
Cannot process current mailbox => sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:727)
So my question is, is it actually possible to use IMAPS protocol to connect to a mail server,without having to check or validate the certificate ?
If it is, choosing to ignore the certificate validation wouldn't it be a 2 sides decision then? JavaApp and the mailServer ?
You need to use the same protocol name in both the properties and in the getStore method call. So, since you're setting the imaps properties, you should be using Store s = session.getStore("imaps");
I have this small ejb bean that sends emails, I use JavaMail Session on the Glassfish. On the settings of Admin Glassfish under Java Mail Session I use Google credentials to send/receive emails. With google account I can receive and send emails but when I try with personal email of my dedicated server for example my#dommainname.com then then the Glassfish is not sending/receiving any emails.
I have suspicion that I don't fill correct information on Glassfish under JavaMail Session. On the tab "Advanced" under JavaMail Session there are 4 fields required some information about my mail server:
Store Protocol: imap
Store Protocol Class:com.sun.mail.imap.IMAPStore
Transport Protocol: smtp
Transport Protocol Class:com.sun.mail.smtp.SMTPTransport
Why is it when I use google gmail account it works perfectly but is not sending any emails nor receiving when I use email of my own domainname? The application hangs with loading and I get this error:
type Exception report
messageInternal Server Error
descriptionThe server encountered an internal error that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Could not convert socket to TLS
root cause
javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
root cause
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
root cause
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
root cause
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am frequently getting below exceptions. Please advise what to do..
javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path validation failed: java.security.cert.CertPathValidatorException: Fail to verify issuer; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1564)
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1551)
at com.sun.mail.smtp.SMTPTransport.ehlo(SMTPTransport.java:935)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:426)
at javax.mail.Service.connect(Service.java:288)
at javax.mail.Service.connect(Service.java:169)
Very generic error, Possibly some certificates are missing(java.security.cert.CertPathValidatorException: Certificate chaining error) in the trust store.
Please include more info about what you are doing.
Probably your smtp server is using chained certificates and you imported only last one in chain. You will have to add as signers to the trust store all certificates in the path. Check this post Certificate chaining error in Websphere, it provides some additional info how to add certs to truststore.