I am working to set up DSE 5 on AWS. I have a separate OpsCenter 6.0.0 node. I have three cluster nodes, a, b and c.
Each server, OpsCenter plus 3 nodes, is an Ubuntu 14.04 server with Oracle JDK1.8.0_92 installed.
On the OpsCenter node, I installed and started OpsCenter Ok.
I created a cluster Ok, but then when I went back to OpsCenter to manage that cluster, the agents were not communicating. I tried to install agents automatically, and that failed.
I went into /usr/share/opscenter, ran bin/setup.py, and copied the /usr/share/opccenter/ssl folder and files to the nodes in /var/lib/datastax-agent/ssl/
On my cluster nodes, in the agent.log, I get the following:
ERROR [StompConnection receiver] 2016-07-18 18:04:24,747 Jul 18, 2016
6:04:24 PM org.jgroups.client.StompConnection connect
INFO: Connected to 52.0.16.77:61620
ERROR [StompConnection receiver] 2016-07-18 18:04:24,747 Jul 18, 2016
6:04:24 PM org.jgroups.client.StompConnection run
SEVERE: JGRP000112: Connection closed unexpectedly:
javax.net.ssl.SSLException: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1541)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:95)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)
at java.io.FilterInputStream.read(FilterInputStream.java:83)
at org.jgroups.util.Util.readLine(Util.java:2825)
at org.jgroups.protocols.STOMP.readFrame(STOMP.java:240)
at org.jgroups.client.StompConnection.run(StompConnection.java:274)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
Clearly, the /var/lib/datastax-agent/ssl/agentKeyStore did not get built correctly by setup.py.
I retraced all of those steps and got no errors.
Any ideas?
Related
I have Talend Big Data application which is I want to run a job. It contains "tREST" component that supposed to fetch REST API endpoint. All is fine when I'm using Postman, I get all the results that I want.
But when I executed the job, it gives me this error.
Starting job test_api at 14:28 08/03/2022.
[statistics] connecting to socket on port 3641
[statistics] connected
Exception in component tREST_1 (test_api)
com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: PKIX
path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.j ava:155)
at com.sun.jersey.api.client.Client.handle(Client.java:652)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
at ace.test_api_0_1.test_api.tREST_1Process(test_api.java:983)
at ace.test_api_0_1.test_api.runJobInTOS(test_api.java:1674)
at ace.test_api_0_1.test_api.main(test_api.java:1436)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target`
I already run the troubleshoot as mentioned in this thread https://stackoverflow.com/a/12524960
but I believe I only save the certification as in global, not in the right path. Question is how can I store it in Talend or java path?
I'm new in ejbca and i have to install it on a virtual machine for job
Ubuntu 20.04
ejbca_7_4_3_2
wildfly-18.0.0.Final
mariadb-server version: 10.3.32-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04
openjdk version "1.8.0_312"
Apache Ant(TM) version 1.10.7 compiled on October 24 2019
After a few try's(and a lot of virtual machines cloned and deleted), i finally get the "build successfully" message with the commands ant runinstall and ant deploy-keystore
But when i try to use the URL https://localhost:8443/ejbca/ (the certificate SuperAdmin.p12 is installed) my browser(firefox 96.0 64bits) give the message
An error occurred during a connection to localhost:8443. Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
i have this errors on my log file, the first one related with ant -q clean deployear
and the last, appear every time i try to access via URL https://localhost:8443/ejbca/
ERROR [org.jboss.as.jsf] (MSC service thread 1-1) WFLYJSF0002: Could not load JSF managed bean class: org.ejbca.ui.web.admin.peerconnector.PeerConnectorMBean
ERROR [io.undertow.request] (default I/O-2) Closing SSLConduit after exception on handshake: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)
at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:727)
at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:693)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1072)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
ERROR [io.undertow.request] (default I/O-2) Closing SSLConduit after exception
Sounds like a TLS configuration issue. You will find the TLS configuration you did when configuring WildFly in the commands you ran like:
/opt/wildfly/bin/jboss-cli.sh --connect '/subsystem=elytron/server-ssl-context=httpspriv:add(key-manager=httpsKM,protocols=["TLSv1.2"],use-cipher-suites-order=false,cipher-suite-filter="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",trust-manager=httpsTM,need-client-auth=true)'
The result is somewhere in standalone.xml in WildFly, and you can modify it directly in WildFly. For example if you have EC keys in the server certificate while using the above RSA algorithm selection.
In server.log you should also see when WildFly starts up if there are any error in parsing the values, or keystores.
Make sure that you server and client certificates have keys and algorithms that match the TLS algorithm settings, otherwise WildFly will remove those algortihms.
I am not able to remotly connect to my springboot microservice from hawtio.
If i am disabling ssl then i am able to see camel routes in hawtio console.
hawtio console
Error in response:
Request URL: http://localhost:8090/hawtio/proxy/https/lxapptaldev003/4150/jolokia/
Request Method: POST
Status Code: 500 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Add this JVM parameter:
-Dhawtio.proxyDisableCertificateValidation=true
Credit:
Google-Groups
I have this small ejb bean that sends emails, I use JavaMail Session on the Glassfish. On the settings of Admin Glassfish under Java Mail Session I use Google credentials to send/receive emails. With google account I can receive and send emails but when I try with personal email of my dedicated server for example my#dommainname.com then then the Glassfish is not sending/receiving any emails.
I have suspicion that I don't fill correct information on Glassfish under JavaMail Session. On the tab "Advanced" under JavaMail Session there are 4 fields required some information about my mail server:
Store Protocol: imap
Store Protocol Class:com.sun.mail.imap.IMAPStore
Transport Protocol: smtp
Transport Protocol Class:com.sun.mail.smtp.SMTPTransport
Why is it when I use google gmail account it works perfectly but is not sending any emails nor receiving when I use email of my own domainname? The application hangs with loading and I get this error:
type Exception report
messageInternal Server Error
descriptionThe server encountered an internal error that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Could not convert socket to TLS
root cause
javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
root cause
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
root cause
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
root cause
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have a dev environment with IBM Websphere Liberty 8.5.5; in front of this application server there is an IBM HTTP Server (External CA SSL certificate configured for IBM HTTP).
I'm able to access the IBM HTTP from internet but with /mfpconsole it throws an exception (see below).
[11/28/16 21:02:44:464 SGT] 00000024 com.ibm.mfp.admin.ui.servlet.ServiceProxy E FWLSE3301E: Problem with SSL certificates. Possible fixes: Put the application server's certificate into the truststore. Or define the JNDI property mfp.admin.ui.cors.strictssl to false (not in production environments).
[11/28/16 21:02:44:464 SGT] 00000024 com.ibm.mfp.admin.ui.servlet.ServiceProxy E Exception java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while redirecting request to :443/mfpadmin/management-apis/2.0/runtimes?fullInfo=true
[11/28/16 21:02:49:759 SGT] 000000c9 com.ibm.ws.ssl.core.WSX509TrustManager E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN= was sent from the target host. The signer might need to be added to local trust store .p12, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[11/28/16 21:02:49:759 SGT] 000000c9 com.ibm.mfp.admin.ui.servlet.ServiceProxy E Received status 500 for GET https://url:443/mfpadmin/management-apis/2.0/runtimes?fullInfo=true
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I added the CA cert in Liberty truststore and it resolved the issue.Thanks