Hi Nirmal, Thanks for that. So I tried various things, incl. linking the various java security parameter files in the Oracle JDK to the ubuntu-provided JRE, and ensuring that the certificate is installed in the truststore (it shows up when I list the certs with the keytool).
I also tried adding the certificate to the client-truststore.jks (using the InstallCert program), keytool -list shows all the certificates in the chain are in that file, but I still get the same error. I read the blogpost you mentioned but that seems to have more to do with securing communications between Stratos clients and the Stratos server, rather than the Stratos server and API endpoints. Any idea what I might be doing wrong? Best regards, Michiel On 12 Dec 2014, at 02:16, Nirmal Fernando <nirmal070...@gmail.com> wrote: > Sorry, Michiel, I missed to add the path.. it's repository/resources/security/ > > I remember when we test VCloud support few years back, we used to import the > certs of the VCloud vendor too. Good read: > http://hasini-gunasinghe.blogspot.com/2011/12/installing-new-keystore-into-wso2.html > > On Fri, Dec 12, 2014 at 1:22 AM, Michiel Blokzijl (mblokzij) > <mblok...@cisco.com> wrote: > Hi Nirmal, > > I tried using the InstallCert java program that’s attached to this page, > references from the wiki link I posted below. I ran it using the same java > binary that I use to run Stratos, but that didn’t seem to make a difference. > > I’m now trying to overwrite the cacerts of the Oracle JRE I use with the ones > shipped with Ubuntu, to see if that fixes it.. > > Does Stratos have its’ own client-truststore? If so, where can I find it? (I > didn’t spot the argument used to pass in a custom one) > > Thanks! > > Michiel > > On 11 Dec 2014, at 19:47, Nirmal Fernando <nirmal070...@gmail.com> wrote: > >> Hi Michiel, >> >> Could you please try the same after importing the cert of your Openstack >> server, into the client-truststore of Stratos server? >> >> On Fri, Dec 12, 2014 at 1:09 AM, Michiel Blokzijl (mblokzij) >> <mblok...@cisco.com> wrote: >> Hi, >> >> I’m hitting the following issue in Stratos: >> >> TID: [0] [STRATOS] [2014-12-11 17:25:24,018] ERROR >> {org.apache.stratos.cloud.controller.validate.OpenstackNovaPartitionValidator} >> - Invalid Partition Detected : RegionOne-AZ-1-Core. Cause: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target connecting to POST >> https://us-internal-1.cloud.cisco.com:5000/v2.0/tokens HTTP/1.1 >> {org.apache.stratos.cloud.controller.validate.OpenstackNovaPartitionValidator} >> >> Has anyone tested Stratos against Rackspace or another OpenStack API >> endpoint that has proper SSL certificates, rather than self-signed ones? >> >> I tried the suggestions from >> https://confluence.atlassian.com/display/JIRAKB/Unable+to+Connect+to+SSL+Services+due+to+PKIX+Path+Building+Failed+sun.security.provider.certpath.SunCertPathBuilderException, >> but they didn’t help. >> >> Cheers, >> >> Michiel >> >> >> >> -- >> Best Regards, >> Nirmal >> >> Nirmal Fernando. >> PPMC Member & Committer of Apache Stratos, >> Senior Software Engineer, WSO2 Inc. >> >> Blog: http://nirmalfdo.blogspot.com/ > > > > > -- > Best Regards, > Nirmal > > Nirmal Fernando. > PPMC Member & Committer of Apache Stratos, > Senior Software Engineer, WSO2 Inc. > > Blog: http://nirmalfdo.blogspot.com/
signature.asc
Description: Message signed with OpenPGP using GPGMail