On Mon, Nov 27, 2017 at 12:20 PM, Chalitha Waldeniyage <[email protected]> wrote:
> Adding Asela > > On Mon, Nov 27, 2017 at 11:26 AM, Chalitha Waldeniyage <[email protected]> > wrote: > >> Hi Harsha/Samitha, >> >> Yes i have created a self sign certificate as per [1] and imported all >> the nginx public keys there. I have verified that with above command as >> well. >> Here with I'm attaching the client trust.jks file which i'm using in the >> servers. >> Further key manager is fronted via nginx. >> >> On Sun, Nov 26, 2017 at 10:09 PM, Samitha Chathuranga <[email protected]> >> wrote: >> >>> Hi Chalitha, >>> >>> Are you pointing KM (from other nodes) through load balancer? I don't >>> think you have done so. And if you have changed the hostnames of the >>> servers, the default keystore/client-trustore won't work. Refer [1] >>> >>> To check which certificates are in a Java keystore, enter the below >>> command. >>> >>> keytool -list -v -keystore client-truststore.jks >>> >>> >>> [1] - https://github.com/wso2/puppet-apim/tree/master/wso2am_runti >>> me#keystore-and-client-truststore-related-configs >>> >>> >>> Regards, >>> Samitha >>> >>> On Sun, Nov 26, 2017 at 7:17 PM, Harsha Kumara <[email protected]> wrote: >>> >>>> Hi Chalitha, >>>> >>>> It seems KM certificate isn't imported to the trustee. Can you verify >>>> it? If so we will need to fix it. >>>> >>>> Thanks, >>>> Harsha >>>> >>>> On Sun, Nov 26, 2017 at 1:46 PM, Chalitha Waldeniyage < >>>> [email protected]> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I'm setting up an APIM cluster puppet patten 6 using APIM 2.1.0 puppet >>>>> scripts[1]. >>>>> When I try to generate keys for an application, pub/store nodes are >>>>> throwing the below error. (IS 5.3.0 used as the Keymanager) >>>>> Additionally in gateway Manager and worker also throwing the similar >>>>> errors in the startup. I have imported the nginx public cert to the each >>>>> node client-truststore.jks file as per instruction in >>>>> [2] . >>>>> Could you please looking to this? >>>>> >>>>> >>>>> *pub/store Node error:* >>>>> TID: [-1234] [] [2017-11-26 06:40:15,956] ERROR >>>>> {org.wso2.carbon.apimgt.impl.APIConsumerImpl} - Could not execute >>>>> Workflow {org.wso2.carbon.apimgt.impl.APIConsumerImpl} >>>>> >>>>> org.wso2.carbon.apimgt.impl.workflow.WorkflowException: Error occurred >>>>> when updating the status of the Application creation process >>>>> at >>>>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:82) >>>>> at >>>>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java:54) >>>>> at >>>>> org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration(APIConsumerImpl.java:2789) >>>>> at >>>>> org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestApprovalForApplicationRegistration(UserAwareAPIConsumer.java:36) >>>>> at >>>>> org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplicationKey(APIStoreHostObject.java:385) >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>> at >>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>>>> at >>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>> at java.lang.reflect.Method.invoke(Method.java:498) >>>>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) >>>>> at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386) >>>>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >>>>> at >>>>> org.jaggeryjs.rhino.store.modules.subscription.c3._c_anonymous_2(/store/modules/subscription/key.jag:39) >>>>> at >>>>> org.jaggeryjs.rhino.store.modules.subscription.c3.call(/store/modules/subscription/key.jag) >>>>> at >>>>> org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430) >>>>> at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269) >>>>> at >>>>> org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97) >>>>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) >>>>> at >>>>> org.jaggeryjs.rhino.store.modules.subscription.c0._c_anonymous_10(/store/modules/subscription/module.jag:35) >>>>> at >>>>> org.jaggeryjs.rhino.store.modules.subscription.c0.call(/store/modules/subscription/module.jag) >>>>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >>>>> at >>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_anonymous_1(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:240) >>>>> at >>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>>>> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) >>>>> at >>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_script_0(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:3) >>>>> at >>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>>>> at >>>>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) >>>>> at >>>>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) >>>>> at >>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>>>> at >>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.exec(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag) >>>>> at >>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) >>>>> at >>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) >>>>> at >>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588) >>>>> at >>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508) >>>>> at >>>>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747) >>>>> at >>>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) >>>>> at >>>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377) >>>>> at >>>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) >>>>> at >>>>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>> at >>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) >>>>> at >>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>>> at >>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >>>>> at >>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) >>>>> at >>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>>> at >>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>>> at >>>>> org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>> at >>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958) >>>>> at >>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>>> at >>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>>> at >>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452) >>>>> at >>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087) >>>>> at >>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) >>>>> at >>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756) >>>>> at >>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715) >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >>>>> at >>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >>>>> at >>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>> at java.lang.Thread.run(Thread.java:745) >>>>> Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error >>>>> occurred while executing SubscriberKeyMgtClient. >>>>> at >>>>> org.wso2.carbon.apimgt.impl.utils.APIUtil.handleException(APIUtil.java:1269) >>>>> at >>>>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:155) >>>>> at >>>>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:118) >>>>> at >>>>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:78) >>>>> ... 75 more >>>>> Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error while >>>>> creating tokens - sun.security.validator.ValidatorException: PKIX path >>>>> building failed: >>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>> find valid certification path to requested target >>>>> at >>>>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.handleException(AMDefaultKeyManagerImpl.java:639) >>>>> at >>>>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:389) >>>>> at >>>>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:151) >>>>> ... 77 more >>>>> Caused by: javax.net.ssl.SSLHandshakeException: >>>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>> find valid certification path to requested target >>>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >>>>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) >>>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) >>>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) >>>>> at >>>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) >>>>> at >>>>> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) >>>>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) >>>>> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) >>>>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) >>>>> at >>>>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) >>>>> at >>>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) >>>>> at >>>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) >>>>> at >>>>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533) >>>>> at >>>>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401) >>>>> at >>>>> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178) >>>>> at >>>>> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) >>>>> at >>>>> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131) >>>>> at >>>>> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610) >>>>> at >>>>> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445) >>>>> at >>>>> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) >>>>> at >>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) >>>>> at >>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) >>>>> at >>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57) >>>>> at >>>>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:363) >>>>> ... 78 more >>>>> Caused by: sun.security.validator.ValidatorException: PKIX path building >>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException: >>>>> unable to find valid certification path to requested target >>>>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) >>>>> at >>>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) >>>>> at sun.security.validator.Validator.validate(Validator.java:260) >>>>> at >>>>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) >>>>> at >>>>> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) >>>>> at >>>>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) >>>>> at >>>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) >>>>> ... 97 more >>>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >>>>> unable to find valid certification path to requested target >>>>> at >>>>> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) >>>>> at >>>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) >>>>> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) >>>>> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) >>>>> ... 103 more >>>>> >>>>> ... 103 more >>>>> TID: [-1234] [] [2017-11-26 06:40:15,992] ERROR >>>>> {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag} >>>>> - org.jaggeryjs.scriptengine.exceptions.ScriptException: Error while >>>>> obtaining the application access token for the application:Helloapp45 >>>>> {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag} >>>>> >>>>> *GatewayManager/Worker error* >>>>> >>>>> TID: [-1] [] [2017-11-26 06:40:24,183] WARN >>>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>>>> - Failed retrieving Blocking Conditions from remote endpoint: >>>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>> find valid certification path to requested target. Retrying after 15 >>>>> seconds... >>>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>>>> TID: [-1] [] [2017-11-26 06:40:39,187] WARN >>>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>>>> - Failed retrieving Blocking Conditions from remote endpoint: >>>>> sun.security.validator.ValidatorException: PKIX path building failed: >>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >>>>> find valid certification path to requested target. Retrying after 15 >>>>> seconds... >>>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever} >>>>> >>>>> >>>>> [1] https://github.com/wso2/puppet-apim >>>>> >>>>> [2] https://docs.wso2.com/display/AM210/Distributed+Deployment+o >>>>> f+the+Gateway >>>>> >>>>> >>>>> Thank you, >>>>> Chalitha. >>>>> >>>>> -- >>>>> *Chalitha Maheshwari* >>>>> Software Engineer-QA, >>>>> WSO2 Inc. >>>>> >>>>> *E-mail:* [email protected] >>>>> *Mobile: *+94710 411 112 <+94%2071%20041%201112> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Harsha Kumara >>>> Software Engineer, WSO2 Inc. >>>> Mobile: +94775505618 <+94%2077%20550%205618> >>>> Blog:harshcreationz.blogspot.com >>>> >>> >>> >>> >>> -- >>> Samitha Chathuranga >>> Software Engineer, WSO2 Inc. >>> lean.enterprise.middleware >>> Mobile: +94715123761 >>> >>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>> >> >> >> >> -- >> *Chalitha Maheshwari* >> Software Engineer-QA, >> WSO2 Inc. >> >> *E-mail:* [email protected] >> *Mobile: *+94710 411 112 <+94%2071%20041%201112> >> > > > > -- > *Chalitha Maheshwari* > Software Engineer-QA, > WSO2 Inc. > > *E-mail:* [email protected] > *Mobile: *+94710 411 112 <+94%2071%20041%201112> > -- *Chalitha Maheshwari* Software Engineer-QA, WSO2 Inc. *E-mail:* [email protected] *Mobile: *+94710 411 112
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
