Hi all,
I use a Synapse installation to connect with an external interface and since they changed their certificates synapse fails to start. Here it is the axis2.xml and the synapse.xml file <definitions xmlns="http://ws.apache.org/ns/synapse";> <proxy name="KpsProxy" statistics="enable" transports="http" startOnLoad="true"> <target> <inSequence> <send> <endpoint> <address uri="https://kps.nvi.gov.tr/Mernis.KPS.Web.SI/kps.asmx";> <enableAddressing version="submission"/> <enableSec policy="policy.kps"/> </address> </endpoint> </send> </inSequence> <outSequence> <header name="wsse:Security" action="remove" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex t-1.0.xsd"/> <send/> </outSequence> </target> <publishWSDL uri="https://kps.nvi.gov.tr/Mernis.KPS.Web.SI/kps.asmx"; /> </proxy> <localEntry key="policy.kps" src="file:repository\conf\policy"/> </definitions> <!-- ================================================= --> <!-- Transport Outs --> <!-- ================================================= --> <transportSender name="http" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSender"> <parameter name="non-blocking" locked="false">true</parameter> <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages --> <!-- <parameter name="OmitSOAP12Action">true</parameter> --> </transportSender> <transportSender name="https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender"> <parameter name="non-blocking" locked="false">true</parameter> <parameter name="keystore" locked="false"> <KeyStore> <Location>identity.jks</Location> <Type>JKS</Type> <Password>password</Password> <KeyPassword>password</KeyPassword> </KeyStore> </parameter> <parameter name="truststore" locked="false"> <TrustStore> <Location>trust.jks</Location> <Type>JKS</Type> <Password>password</Password> </TrustStore> </parameter> <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter> supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified --> </transportSender> Please bear in mind if i put the .asmx in internet explorer i'm still able to open it Here it is the relevant extract of the wrapper.log: --> Wrapper Started as Service Launching a JVM... Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. 2010-09-14 12:11:06,399 [-] [WrapperSimpleAppMain] INFO ServerManager Using the Axis2 Repository C:\synapse-1.2-SNAPSHOT\repository 2010-09-14 12:11:07,040 [-] [WrapperSimpleAppMain] INFO SynapseInitializationModule Initializing Synapse at : Tue Sep 14 12:11:07 EEST 2010 2010-09-14 12:11:07,040 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] INFO SynapseInitializationModule Loading mediator extensions... 2010-09-14 12:11:07,040 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] INFO SynapseInitializationModule Initializing the Synapse configuration ... 2010-09-14 12:11:07,056 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] INFO XMLConfigurationBuilder Generating the Synapse configuration model by parsing the XML configuration 2010-09-14 12:11:07,149 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] INFO SynapseConfigurationBuilder Loaded Synapse configuration from : repository/conf/synapse.xml 2010-09-14 12:11:07,149 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] INFO SynapseInitializationModule Deploying the Synapse service.. 2010-09-14 12:11:07,181 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] INFO SynapseInitializationModule Synapse server name : ddmorginweb 2010-09-14 12:11:07,181 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] INFO SynapseInitializationModule Deploying Proxy services... 2010-09-14 12:11:07,181 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] INFO ProxyService Building Axis service for Proxy service : KpsProxy 2010-09-14 12:11:07,556 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] ERROR ProxyService Error reading from wsdl URI javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unkno wn Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un known Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at org.apache.synapse.config.SynapseConfigUtils.getOMElementFromURL(Synapse ConfigUtils.java:245) at org.apache.synapse.core.axis2.ProxyService.buildAxisService(ProxyService java:243) at org.apache.synapse.core.axis2.SynapseInitializationModule.init(SynapseIn itializationModule.java:141) at org.apache.axis2.context.ConfigurationContextFactory.initModules(Configu rationContextFactory.java:226) at org.apache.axis2.context.ConfigurationContextFactory.init(ConfigurationC ontextFactory.java:204) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration Context(ConfigurationContextFactory.java:80) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration ContextFromFileSystem(ConfigurationContextFactory.java:184) at org.apache.synapse.ServerManager.start(ServerManager.java:92) at org.apache.synapse.SynapseServer.main(SynapseServer.java:50) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:24 0) at java.lang.Thread.run(Unknown Source) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk nown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk nown Source) ... 27 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 33 more 2010-09-14 12:11:07,556 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] FATAL ServerManager Startup failed... org.apache.synapse.SynapseException: Error reading from wsdl URI at org.apache.synapse.core.axis2.ProxyService.handleException(ProxyService. java:609) at org.apache.synapse.core.axis2.ProxyService.buildAxisService(ProxyService java:251) at org.apache.synapse.core.axis2.SynapseInitializationModule.init(SynapseIn itializationModule.java:141) at org.apache.axis2.context.ConfigurationContextFactory.initModules(Configu rationContextFactory.java:226) at org.apache.axis2.context.ConfigurationContextFactory.init(ConfigurationC ontextFactory.java:204) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration Context(ConfigurationContextFactory.java:80) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration ContextFromFileSystem(ConfigurationContextFactory.java:184) at org.apache.synapse.ServerManager.start(ServerManager.java:92) at org.apache.synapse.SynapseServer.main(SynapseServer.java:50) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:24 0) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unkno wn Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un known Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at org.apache.synapse.config.SynapseConfigUtils.getOMElementFromURL(Synapse ConfigUtils.java:245) at org.apache.synapse.core.axis2.ProxyService.buildAxisService(ProxyService java:243) ... 13 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk nown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk nown Source) ... 27 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 33 more 2010-09-14 12:11:07,712 [10.130.30.202-ddmorginweb] [Thread-4] INFO SynapseServer Shutting down Apache Synapse ... 2010-09-14 12:11:07,712 [10.130.30.202-ddmorginweb] [Thread-4] INFO SynapseServer Shutdown complete 2010-09-14 12:11:07,712 [10.130.30.202-ddmorginweb] [Thread-4] INFO SynapseServer Halting JVM <-- Wrapper Stopped I changed the trust.jks and the identity.jks to take in charge the new certificates but nothing happens on synapse side. For both of the operations i used a statement like this: keytool -v -import -file "C:\synapse-1.2-SNAPSHOT\repository\certs\Chain.cer" -keystore "C:\synapse-1.2-SNAPSHOT\lib\trust.jks" -alias "Chain" -trustcacerts keytool -v -import -file "C:\synapse-1.2-SNAPSHOT\repository\certs\Chain.cer" -keystore "C:\synapse-1.2-SNAPSHOT\lib\identity.jks" -alias "Chain" -trustcacerts can you kindly help me understanding what's wrong? best regards Luigi Luigi Doronzo This e-mail has come from Experian, the only business to have been twice named the UK's 'Business of the Year' =================================================================================== Information in this e-mail and any attachments is confidential, and may not be copied or used by anyone other than the addressee, nor disclosed to any third party without our permission. There is no intention to create any legally binding contract or other binding commitment through the use of this electronic communication unless it is issued in accordance with the Experian Limited standard terms and conditions of purchase or other express written agreement between Experian Limited and the recipient. Although Experian has taken reasonable steps to ensure that this communication and any attachments are free from computer virus, you are advised to take your own steps to ensure that they are actually virus free. Companies Act information: Registered name: Experian Limited Registered office: Landmark House, Experian Way, NG2 Business Park, Nottingham, NG80 1ZZ, United Kingdom Place of registration: England and Wales Registered number: 653331
