Adding Asela On Mon, Nov 27, 2017 at 11:26 AM, Chalitha Waldeniyage <[email protected]> wrote:
> Hi Harsha/Samitha, > > Yes i have created a self sign certificate as per [1] and imported all the > nginx public keys there. I have verified that with above command as well. > Here with I'm attaching the client trust.jks file which i'm using in the > servers. > Further key manager is fronted via nginx. > > On Sun, Nov 26, 2017 at 10:09 PM, Samitha Chathuranga <[email protected]> > wrote: > >> Hi Chalitha, >> >> Are you pointing KM (from other nodes) through load balancer? I don't >> think you have done so. And if you have changed the hostnames of the >> servers, the default keystore/client-trustore won't work. Refer [1] >> >> To check which certificates are in a Java keystore, enter the below >> command. >> >> keytool -list -v -keystore client-truststore.jks >> >> >> [1] - https://github.com/wso2/puppet-apim/tree/master/wso2am_ >> runtime#keystore-and-client-truststore-related-configs >> >> >> Regards, >> Samitha >> >> On Sun, Nov 26, 2017 at 7:17 PM, Harsha Kumara <[email protected]> wrote: >> >>> Hi Chalitha, >>> >>> It seems KM certificate isn't imported to the trustee. Can you verify >>> it? If so we will need to fix it. >>> >>> Thanks, >>> Harsha >>> >>> On Sun, Nov 26, 2017 at 1:46 PM, Chalitha Waldeniyage <[email protected] >>> > wrote: >>> >>>> Hi All, >>>> >>>> I'm setting up an APIM cluster puppet patten 6 using APIM 2.1.0 puppet >>>> scripts[1]. >>>> When I try to generate keys for an application, pub/store nodes are >>>> throwing the below error. (IS 5.3.0 used as the Keymanager) >>>> Additionally in gateway Manager and worker also throwing the similar >>>> errors in the startup. I have imported the nginx public cert to the each >>>> node client-truststore.jks file as per instruction in >>>> [2] . >>>> Could you please looking to this? >>>> >>>> >>>> *pub/store Node error:* >>>> TID: [-1234] [] [2017-11-26 06:40:15,956] ERROR >>>> {org.wso2.carbon.apimgt.impl.APIConsumerImpl} - Could not execute >>>> Workflow {org.wso2.carbon.apimgt.impl.APIConsumerImpl} >>>> >>>> org.wso2.carbon.apimgt.impl.workflow.WorkflowException: Error occurred >>>> when updating the status of the Application creation process >>>> at >>>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:82) >>>> at >>>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java:54) >>>> at >>>> org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration(APIConsumerImpl.java:2789) >>>> at >>>> org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestApprovalForApplicationRegistration(UserAwareAPIConsumer.java:36) >>>> at >>>> org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplicationKey(APIStoreHostObject.java:385) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>> at java.lang.reflect.Method.invoke(Method.java:498) >>>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) >>>> at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386) >>>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >>>> at >>>> org.jaggeryjs.rhino.store.modules.subscription.c3._c_anonymous_2(/store/modules/subscription/key.jag:39) >>>> at >>>> org.jaggeryjs.rhino.store.modules.subscription.c3.call(/store/modules/subscription/key.jag) >>>> at >>>> org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430) >>>> at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269) >>>> at >>>> org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97) >>>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) >>>> at >>>> org.jaggeryjs.rhino.store.modules.subscription.c0._c_anonymous_10(/store/modules/subscription/module.jag:35) >>>> at >>>> org.jaggeryjs.rhino.store.modules.subscription.c0.call(/store/modules/subscription/module.jag) >>>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >>>> at >>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_anonymous_1(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:240) >>>> at >>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>>> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) >>>> at >>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_script_0(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:3) >>>> at >>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>>> at >>>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) >>>> at >>>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) >>>> at >>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>>> at >>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.exec(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>>> at >>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) >>>> at >>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) >>>> at >>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588) >>>> at >>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508) >>>> at >>>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) >>>> at >>>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) >>>> at >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>> at >>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >>>> at >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) >>>> at >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>> at >>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>> at >>>> org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>> at >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>> at >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>> at >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452) >>>> at >>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087) >>>> at >>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >>>> at >>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>> at java.lang.Thread.run(Thread.java:745) >>>> Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error >>>> occurred while executing SubscriberKeyMgtClient. >>>> at >>>> org.wso2.carbon.apimgt.impl.utils.APIUtil.handleException(APIUtil.java:1269) >>>> at >>>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:155) >>>> at >>>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:118) >>>> at >>>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:78) >>>> ... 75 more >>>> Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error while >>>> creating tokens - sun.security.validator.ValidatorException: PKIX path >>>> building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>>> valid certification path to requested target >>>> at >>>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.handleException(AMDefaultKeyManagerImpl.java:639) >>>> at >>>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:389) >>>> at >>>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:151) >>>> ... 77 more >>>> Caused by: javax.net.ssl.SSLHandshakeException: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>>> valid certification path to requested target >>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >>>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) >>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) >>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) >>>> at >>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) >>>> at >>>> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) >>>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) >>>> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) >>>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) >>>> at >>>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) >>>> at >>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) >>>> at >>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) >>>> at >>>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533) >>>> at >>>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401) >>>> at >>>> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178) >>>> at >>>> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) >>>> at >>>> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131) >>>> at >>>> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610) >>>> at >>>> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445) >>>> at >>>> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) >>>> at >>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) >>>> at >>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) >>>> at >>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) >>>> at >>>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:363) >>>> ... 78 more >>>> Caused by: sun.security.validator.ValidatorException: PKIX path building >>>> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable >>>> to find valid certification path to requested target >>>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) >>>> at >>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) >>>> at sun.security.validator.Validator.validate(Validator.java:260) >>>> at >>>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) >>>> at >>>> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) >>>> at >>>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) >>>> at >>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) >>>> ... 97 more >>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >>>> unable to find valid certification path to requested target >>>> at >>>> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) >>>> at >>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) >>>> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) >>>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) >>>> ... 103 more >>>> >>>> ... 103 more >>>> TID: [-1234] [] [2017-11-26 06:40:15,992] ERROR >>>> {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag} >>>> - org.jaggeryjs.scriptengine.exceptions.ScriptException: Error while >>>> obtaining the application access token for the application:Helloapp45 >>>> {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag} >>>> >>>> *GatewayManager/Worker error* >>>> >>>> TID: [-1] [] [2017-11-26 06:40:24,183] WARN >>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>>> - Failed retrieving Blocking Conditions from remote endpoint: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>>> valid certification path to requested target. Retrying after 15 seconds... >>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>>> TID: [-1] [] [2017-11-26 06:40:39,187] WARN >>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>>> - Failed retrieving Blocking Conditions from remote endpoint: >>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >>>> valid certification path to requested target. Retrying after 15 seconds... >>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>>> >>>> >>>> [1] https://github.com/wso2/puppet-apim >>>> >>>> [2] https://docs.wso2.com/display/AM210/Distributed+Deployment+o >>>> f+the+Gateway >>>> >>>> >>>> Thank you, >>>> Chalitha. >>>> >>>> -- >>>> *Chalitha Maheshwari* >>>> Software Engineer-QA, >>>> WSO2 Inc. >>>> >>>> *E-mail:* [email protected] >>>> *Mobile: *+94710 411 112 <+94%2071%20041%201112> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Harsha Kumara >>> Software Engineer, WSO2 Inc. >>> Mobile: +94775505618 <+94%2077%20550%205618> >>> Blog:harshcreationz.blogspot.com >>> >> >> >> >> -- >> Samitha Chathuranga >> Software Engineer, WSO2 Inc. >> lean.enterprise.middleware >> Mobile: +94715123761 >> >> [image: http://wso2.com/signature] <http://wso2.com/signature> >> > > > > -- > *Chalitha Maheshwari* > Software Engineer-QA, > WSO2 Inc. > > *E-mail:* [email protected] > *Mobile: *+94710 411 112 <+94%2071%20041%201112> > -- *Chalitha Maheshwari* Software Engineer-QA, WSO2 Inc. *E-mail:* [email protected] *Mobile: *+94710 411 112
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
