Hi Luigi, Have you installed unlimited strength security policy files for Java? Seems you haven't
Ruwan On Wed, Sep 15, 2010 at 7:12 PM, Doronzo, Luigi <luigi.doro...@experian.com>wrote: > > > Hi all, > > I use a Synapse installation to connect with an external interface and > since they changed their certificates synapse fails to start. > > Here it is the axis2.xml and the synapse.xml file > > > > <definitions xmlns="http://ws.apache.org/ns/synapse"> > > > > <proxy name="KpsProxy" statistics="enable" transports="http" > startOnLoad="true"> > > <target> > > <inSequence> > > <send> > > <endpoint> > > <address uri=" > https://kps.nvi.gov.tr/Mernis.KPS.Web.SI/kps.asmx"> > > <enableAddressing version="submission"/> > > <enableSec policy="policy.kps"/> > > </address> > > </endpoint> > > </send> > > </inSequence> > > <outSequence> > > <header name="wsse:Security" action="remove" xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "/> > > <send/> > > </outSequence> > > </target> > > <publishWSDL uri=" > https://kps.nvi.gov.tr/Mernis.KPS.Web.SI/kps.asmx" /> > > </proxy> > > > > <localEntry key="policy.kps" src="file:repository\conf\policy"/> > > > > </definitions> > > > > <!-- ================================================= --> > > <!-- Transport Outs --> > > <!-- ================================================= --> > > > > <transportSender name="http" > class="org.apache.synapse.transport.nhttp.HttpCoreNIOSender"> > > <parameter name="non-blocking" locked="false">true</parameter> > > <!-- If following is set to 'true', optional action part of the > Content-Type will not be added to the SOAP 1.2 messages --> > > <!-- <parameter name="OmitSOAP12Action">true</parameter> --> > > </transportSender> > > <transportSender name="https" > class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender"> > > <parameter name="non-blocking" locked="false">true</parameter> > > <parameter name="keystore" locked="false"> > > <KeyStore> > > <Location>identity.jks</Location> > > <Type>JKS</Type> > > <Password>password</Password> > > <KeyPassword>password</KeyPassword> > > </KeyStore> > > </parameter> > > <parameter name="truststore" locked="false"> > > <TrustStore> > > <Location>trust.jks</Location> > > <Type>JKS</Type> > > <Password>password</Password> > > </TrustStore> > > </parameter> > > <!--<parameter > name="HostnameVerifier">DefaultAndLocalhost</parameter> > > supports Strict|AllowAll|DefaultAndLocalhost or the default if > none specified --> > > </transportSender> > > > > Please bear in mind if i put the .asmx in internet explorer i’m still able > to open it > > > > Here it is the relevant extract of the wrapper.log: > > > > --> Wrapper Started as Service > > Launching a JVM... > > Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org > > Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. > > > > 2010-09-14 12:11:06,399 [-] [WrapperSimpleAppMain] INFO ServerManager > Using the Axis2 Repository C:\synapse-1.2-SNAPSHOT\repository > > 2010-09-14 12:11:07,040 [-] [WrapperSimpleAppMain] INFO > SynapseInitializationModule Initializing Synapse at : Tue Sep 14 12:11:07 > EEST 2010 > > 2010-09-14 12:11:07,040 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > INFO SynapseInitializationModule Loading mediator extensions... > > 2010-09-14 12:11:07,040 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > INFO SynapseInitializationModule Initializing the Synapse configuration ... > > 2010-09-14 12:11:07,056 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > INFO XMLConfigurationBuilder Generating the Synapse configuration model by > parsing the XML configuration > > 2010-09-14 12:11:07,149 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > INFO SynapseConfigurationBuilder Loaded Synapse configuration from : > repository/conf/synapse.xml > > 2010-09-14 12:11:07,149 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > INFO SynapseInitializationModule Deploying the Synapse service.. > > 2010-09-14 12:11:07,181 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > INFO SynapseInitializationModule Synapse server name : ddmorginweb > > 2010-09-14 12:11:07,181 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > INFO SynapseInitializationModule Deploying Proxy services... > > 2010-09-14 12:11:07,181 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > INFO ProxyService Building Axis service for Proxy service : KpsProxy > > 2010-09-14 12:11:07,556 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > ERROR ProxyService Error reading from wsdl URI > > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) > > at > sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown > Source) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown > Source) > > at > org.apache.synapse.config.SynapseConfigUtils.getOMElementFromURL(SynapseConfigUtils.java:245) > > at > org.apache.synapse.core.axis2.ProxyService.buildAxisService(ProxyService.java:243) > > at > org.apache.synapse.core.axis2.SynapseInitializationModule.init(SynapseInitializationModule.java:141) > > at > org.apache.axis2.context.ConfigurationContextFactory.initModules(ConfigurationContextFactory.java:226) > > at > org.apache.axis2.context.ConfigurationContextFactory.init(ConfigurationContextFactory.java:204) > > at > org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:80) > > at > org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContextFromFileSystem(ConfigurationContextFactory.java:184) > > at > org.apache.synapse.ServerManager.start(ServerManager.java:92) > > at > org.apache.synapse.SynapseServer.main(SynapseServer.java:50) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown > Source) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > > at java.lang.reflect.Method.invoke(Unknown Source) > > at > org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240) > > at java.lang.Thread.run(Unknown Source) > > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > > at sun.security.validator.PKIXValidator.doBuild(Unknown > Source) > > at > sun.security.validator.PKIXValidator.engineValidate(Unknown Source) > > at sun.security.validator.Validator.validate(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source) > > .. 27 more > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown > Source) > > at java.security.cert.CertPathBuilder.build(Unknown Source) > > .. 33 more > > 2010-09-14 12:11:07,556 [10.130.30.202-ddmorginweb] [WrapperSimpleAppMain] > FATAL ServerManager Startup failed... > > org.apache.synapse.SynapseException: Error reading from wsdl URI > > at > org.apache.synapse.core.axis2.ProxyService.handleException(ProxyService.java:609) > > at > org.apache.synapse.core.axis2.ProxyService.buildAxisService(ProxyService.java:251) > > at > org.apache.synapse.core.axis2.SynapseInitializationModule.init(SynapseInitializationModule.java:141) > > at > org.apache.axis2.context.ConfigurationContextFactory.initModules(ConfigurationContextFactory.java:226) > > at > org.apache.axis2.context.ConfigurationContextFactory.init(ConfigurationContextFactory.java:204) > > at > org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:80) > > at > org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContextFromFileSystem(ConfigurationContextFactory.java:184) > > at > org.apache.synapse.ServerManager.start(ServerManager.java:92) > > at > org.apache.synapse.SynapseServer.main(SynapseServer.java:50) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown > Source) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown > Source) > > at java.lang.reflect.Method.invoke(Unknown Source) > > at > org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240) > > at java.lang.Thread.run(Unknown Source) > > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown > Source) > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) > > at > sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown > Source) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown > Source) > > at > org.apache.synapse.config.SynapseConfigUtils.getOMElementFromURL(SynapseConfigUtils.java:245) > > at > org.apache.synapse.core.axis2.ProxyService.buildAxisService(ProxyService.java:243) > > .. 13 more > > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > > at sun.security.validator.PKIXValidator.doBuild(Unknown > Source) > > at > sun.security.validator.PKIXValidator.engineValidate(Unknown Source) > > at sun.security.validator.Validator.validate(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source) > > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source) > > .. 27 more > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown > Source) > > at java.security.cert.CertPathBuilder.build(Unknown Source) > > .. 33 more > > 2010-09-14 12:11:07,712 [10.130.30.202-ddmorginweb] [Thread-4] INFO > SynapseServer Shutting down Apache Synapse .. > > 2010-09-14 12:11:07,712 [10.130.30.202-ddmorginweb] [Thread-4] INFO > SynapseServer Shutdown complete > > 2010-09-14 12:11:07,712 [10.130.30.202-ddmorginweb] [Thread-4] INFO > SynapseServer Halting JVM > > <-- Wrapper Stopped > > > > > > I changed the trust.jks and the identity.jks to take in charge the new > certificates but nothing happens on synapse side. > > For both of the operations i used a statement like this: > > > > keytool -v -import -file > "C:\synapse-1.2-SNAPSHOT\repository\certs\Chain.cer" -keystore > "C:\synapse-1.2-SNAPSHOT\lib\trust.jks" -alias "Chain" -trustcacerts > > keytool -v -import -file > "C:\synapse-1.2-SNAPSHOT\repository\certs\Chain.cer" -keystore > "C:\synapse-1.2-SNAPSHOT\lib\identity.jks" -alias "Chain" –trustcacerts > > > > can you kindly help me understanding what’s wrong? > > > > best regards > > Luigi > > > > *Luigi Doronzo* > > > > > This e-mail has come from Experian, the only business to have been twice > named the UK's 'Business of the Year’ > > > =================================================================================== > Information in this e-mail and any attachments is confidential, and may not > be copied or used by anyone other than the addressee, nor disclosed to any > third party without our permission. There is no intention to create any > legally binding contract or other binding commitment through the use of this > electronic communication unless it is issued in accordance with the Experian > Limited standard terms and conditions of purchase or other express written > agreement between Experian Limited and the recipient. > Although Experian has taken reasonable steps to ensure that this > communication and any attachments are free from computer virus, you are > advised to take your own steps to ensure that they are actually virus free. > Companies Act information: > Registered name: Experian Limited > Registered office: Landmark House, Experian Way, NG2 Business Park, > Nottingham, NG80 1ZZ, United Kingdom > Place of registration: England and Wales > Registered number: 653331 > > > > -- Ruwan Linton Software Architect & Product Manager, WSO2 ESB; http://wso2.org/esb WSO2 Inc.; http://wso2.org Lean . Enterprise . Middleware phone: +1 408 754 7388 ext 51789 email: ru...@wso2.com; cell: +94 77 341 3097 blog: http://blog.ruwan.org linkedin: http://www.linkedin.com/in/ruwanlinton google: http://www.google.com/profiles/ruwan.linton tweet: http://twitter.com/ruwanlinton