Hi Samitha,
Yes, those are required parameters. I didn't change anything there.
What i have done is to forced the Nginx to send key manager certificates
since SNI information is not present*. *
That can be done by putting the default keyword highlited in the
configuration
*. *
server {
listen 443 *default;*
server_name is.dev.wso2.org;
ssl on;
ssl_certificate /etc/nginx/ssl/keymgt.crt;
ssl_certificate_key /etc/nginx/ssl/keymgt.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_redirect https://ssl.wso2.is.com
https://is.dev.wso2.org;
proxy_pass https://ssl.wso2.is.com;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
On Tue, Nov 28, 2017 at 11:11 AM, Samitha Chathuranga <[email protected]>
wrote:
> Hi Chalitha,
>
> Out of curiosity; what were the values given earlier by you for them
> instead of the below lines,
>
> ssl_certificate /etc/nginx/ssl/keymgt.crt;
> ssl_certificate_key /etc/nginx/ssl/keymgt.key;
>
> Were they the default ones as mentioned in the docs [1] as below?
>
> ssl_certificate /etc/nginx/ssl/mgt.crt;
> ssl_certificate_key /etc/nginx/ssl/mgt.key;
>
>
> AFAIK we should configure *ssl_certificate* and *ssl_certificate_key*
> derivatives if we are configuring for https requests (port 443). It is
> mentioned int the docs [1] .
>
> [1] - https://docs.wso2.com/display/AM210/Distributed+Deployment+o
> f+the+Gateway
>
> Regards,
> Samitha
>
> On Mon, Nov 27, 2017 at 11:03 PM, Chalitha Waldeniyage <[email protected]>
> wrote:
>
>> Hi All,
>>
>> Thank you Yasassri and all for the tips to figure out the issue.
>>
>> However we have debugged this issue a little further. The reason for this
>> issue is, although we have imported the correct certificates to
>> client-trustore when SSL handshake takes place, server was sending a wrong
>> certificate to the client.
>> Nginx server has mulitiple SSL certificates configured for the same port
>> (443) which was using for other servers. Therefore nginx sending a wrong
>> certificate.
>> AFAIK this can happen if the client doesn't send SNI information to the
>> server, So either the client is communicating with SSL 1.0 (which doesn't
>> support SNI) or the client is sending wrong SNI information to the server.
>> (I actually couldn't verify this)
>>
>> As a Temporary solution, I have forced Nginx to send key manager
>> certificates if SNI information is not present. The Nginx configs are as
>> follows.
>>
>> server {
>> listen 443 default;
>> server_name is.dev.wso2.org;
>> ssl on;
>> ssl_certificate /etc/nginx/ssl/keymgt.crt;
>> ssl_certificate_key /etc/nginx/ssl/keymgt.key;
>> location / {
>> proxy_set_header X-Forwarded-Host $host;
>> proxy_set_header X-Forwarded-Server $host;
>> proxy_set_header X-Forwarded-For
>> $proxy_add_x_forwarded_for;
>> proxy_set_header Host $http_host;
>> proxy_read_timeout 5m;
>> proxy_send_timeout 5m;
>> proxy_redirect https://ssl.wso2.is.com
>> https://is.dev.wso2.org;
>> proxy_pass https://ssl.wso2.is.com;
>>
>> proxy_http_version 1.1;
>> proxy_set_header Upgrade $http_upgrade;
>> proxy_set_header Connection "upgrade";
>> }
>>
>> This seems like an issue, Is there any config in APIM, I can change to
>> get this property?
>>
>> Thank you,
>> Chalitha.
>>
>>
>> On Mon, Nov 27, 2017 at 4:51 PM, Chalitha Waldeniyage <[email protected]>
>> wrote:
>>
>>> Hi Chamin,
>>>
>>> Those configuration are verified as per [1]. However these are not
>>> manually configured.Used existing puppet configuration.
>>>
>>> [1] https://docs.wso2.com/display/AM210/Distributed+Deployment+o
>>> f+API+Manager
>>>
>>>
>>> Thank you,
>>> Chalitha.
>>>
>>> On Mon, Nov 27, 2017 at 2:53 PM, Chamin Dias <[email protected]> wrote:
>>>
>>>> Hi,
>>>>
>>>> Based on this answer
>>>> <https://stackoverflow.com/questions/39649801/wso2-am-2-0-0-error-occurred-while-executing-the-action-generateapplicationkey>,
>>>> this error might happen due to datasource configuration in IS. Shall we
>>>> recheck those?
>>>>
>>>> Thanks.
>>>>
>>>> On Mon, Nov 27, 2017 at 12:23 PM, Chalitha Waldeniyage <
>>>> [email protected]> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Mon, Nov 27, 2017 at 12:20 PM, Chalitha Waldeniyage <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Adding Asela
>>>>>>
>>>>>> On Mon, Nov 27, 2017 at 11:26 AM, Chalitha Waldeniyage <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> Hi Harsha/Samitha,
>>>>>>>
>>>>>>> Yes i have created a self sign certificate as per [1] and imported
>>>>>>> all the nginx public keys there. I have verified that with above
>>>>>>> command as
>>>>>>> well.
>>>>>>> Here with I'm attaching the client trust.jks file which i'm using in
>>>>>>> the servers.
>>>>>>> Further key manager is fronted via nginx.
>>>>>>>
>>>>>>> On Sun, Nov 26, 2017 at 10:09 PM, Samitha Chathuranga <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Hi Chalitha,
>>>>>>>>
>>>>>>>> Are you pointing KM (from other nodes) through load balancer? I
>>>>>>>> don't think you have done so. And if you have changed the hostnames of
>>>>>>>> the
>>>>>>>> servers, the default keystore/client-trustore won't work. Refer [1]
>>>>>>>>
>>>>>>>> To check which certificates are in a Java keystore, enter the below
>>>>>>>> command.
>>>>>>>>
>>>>>>>> keytool -list -v -keystore client-truststore.jks
>>>>>>>>
>>>>>>>>
>>>>>>>> [1] - https://github.com/wso2/puppet-apim/tree/master/wso2am_runti
>>>>>>>> me#keystore-and-client-truststore-related-configs
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Samitha
>>>>>>>>
>>>>>>>> On Sun, Nov 26, 2017 at 7:17 PM, Harsha Kumara <[email protected]>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi Chalitha,
>>>>>>>>>
>>>>>>>>> It seems KM certificate isn't imported to the trustee. Can you
>>>>>>>>> verify it? If so we will need to fix it.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Harsha
>>>>>>>>>
>>>>>>>>> On Sun, Nov 26, 2017 at 1:46 PM, Chalitha Waldeniyage <
>>>>>>>>> [email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> Hi All,
>>>>>>>>>>
>>>>>>>>>> I'm setting up an APIM cluster puppet patten 6 using APIM 2.1.0
>>>>>>>>>> puppet scripts[1].
>>>>>>>>>> When I try to generate keys for an application, pub/store nodes
>>>>>>>>>> are throwing the below error. (IS 5.3.0 used as the Keymanager)
>>>>>>>>>> Additionally in gateway Manager and worker also throwing the
>>>>>>>>>> similar errors in the startup. I have imported the nginx public cert
>>>>>>>>>> to the
>>>>>>>>>> each node client-truststore.jks file as per instruction in
>>>>>>>>>> [2] .
>>>>>>>>>> Could you please looking to this?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> *pub/store Node error:*
>>>>>>>>>> TID: [-1234] [] [2017-11-26 06:40:15,956] ERROR
>>>>>>>>>> {org.wso2.carbon.apimgt.impl.APIConsumerImpl} - Could not
>>>>>>>>>> execute Workflow {org.wso2.carbon.apimgt.impl.APIConsumerImpl}
>>>>>>>>>>
>>>>>>>>>> org.wso2.carbon.apimgt.impl.workflow.WorkflowException: Error
>>>>>>>>>> occurred when updating the status of the Application creation process
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:82)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java:54)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration(APIConsumerImpl.java:2789)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestApprovalForApplicationRegistration(UserAwareAPIConsumer.java:36)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplicationKey(APIStoreHostObject.java:385)
>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>>> at
>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>>>> at
>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.modules.subscription.c3._c_anonymous_2(/store/modules/subscription/key.jag:39)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.modules.subscription.c3.call(/store/modules/subscription/key.jag)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.modules.subscription.c0._c_anonymous_10(/store/modules/subscription/module.jag:35)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.modules.subscription.c0.call(/store/modules/subscription/module.jag)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_anonymous_1(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:240)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_script_0(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:3)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
>>>>>>>>>> at
>>>>>>>>>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.exec(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
>>>>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>>>>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
>>>>>>>>>> at
>>>>>>>>>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
>>>>>>>>>> at
>>>>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
>>>>>>>>>> at
>>>>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
>>>>>>>>>> at
>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
>>>>>>>>>> at
>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)
>>>>>>>>>> at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>>>>>>> at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>>>>>>> at
>>>>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>>>>>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>>>>>> Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error
>>>>>>>>>> occurred while executing SubscriberKeyMgtClient.
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.utils.APIUtil.handleException(APIUtil.java:1269)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:155)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:118)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:78)
>>>>>>>>>> ... 75 more
>>>>>>>>>> Caused by: org.wso2.carbon.apimgt.api.APIManagementException: Error
>>>>>>>>>> while creating tokens - sun.security.validator.ValidatorException:
>>>>>>>>>> PKIX path building failed:
>>>>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable
>>>>>>>>>> to find valid certification path to requested target
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.handleException(AMDefaultKeyManagerImpl.java:639)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:389)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:151)
>>>>>>>>>> ... 77 more
>>>>>>>>>> Caused by: javax.net.ssl.SSLHandshakeException:
>>>>>>>>>> sun.security.validator.ValidatorException: PKIX path building
>>>>>>>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException:
>>>>>>>>>> unable to find valid certification path to requested target
>>>>>>>>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>>>>>>>>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
>>>>>>>>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
>>>>>>>>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
>>>>>>>>>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
>>>>>>>>>> at
>>>>>>>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
>>>>>>>>>> at
>>>>>>>>>> org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:363)
>>>>>>>>>> ... 78 more
>>>>>>>>>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>>>>>>>>> building failed:
>>>>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable
>>>>>>>>>> to find valid certification path to requested target
>>>>>>>>>> at
>>>>>>>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
>>>>>>>>>> at
>>>>>>>>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
>>>>>>>>>> at sun.security.validator.Validator.validate(Validator.java:260)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
>>>>>>>>>> at
>>>>>>>>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
>>>>>>>>>> ... 97 more
>>>>>>>>>> Caused by:
>>>>>>>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable
>>>>>>>>>> to find valid certification path to requested target
>>>>>>>>>> at
>>>>>>>>>> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
>>>>>>>>>> at
>>>>>>>>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
>>>>>>>>>> at
>>>>>>>>>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
>>>>>>>>>> at
>>>>>>>>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
>>>>>>>>>> ... 103 more
>>>>>>>>>>
>>>>>>>>>> ... 103 more
>>>>>>>>>> TID: [-1234] [] [2017-11-26 06:40:15,992] ERROR
>>>>>>>>>> {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag}
>>>>>>>>>> - org.jaggeryjs.scriptengine.exceptions.ScriptException: Error
>>>>>>>>>> while obtaining the application access token for the
>>>>>>>>>> application:Helloapp45
>>>>>>>>>> {JAGGERY.site.blocks.subscription.subscription-add.ajax.subscription-add:jag}
>>>>>>>>>>
>>>>>>>>>> *GatewayManager/Worker error*
>>>>>>>>>>
>>>>>>>>>> TID: [-1] [] [2017-11-26 06:40:24,183] WARN
>>>>>>>>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever}
>>>>>>>>>> - Failed retrieving Blocking Conditions from remote endpoint:
>>>>>>>>>> sun.security.validator.ValidatorException: PKIX path building
>>>>>>>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException:
>>>>>>>>>> unable to find valid certification path to requested target.
>>>>>>>>>> Retrying after 15 seconds...
>>>>>>>>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever}
>>>>>>>>>> TID: [-1] [] [2017-11-26 06:40:39,187] WARN
>>>>>>>>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever}
>>>>>>>>>> - Failed retrieving Blocking Conditions from remote endpoint:
>>>>>>>>>> sun.security.validator.ValidatorException: PKIX path building
>>>>>>>>>> failed: sun.security.provider.certpath.SunCertPathBuilderException:
>>>>>>>>>> unable to find valid certification path to requested target.
>>>>>>>>>> Retrying after 15 seconds...
>>>>>>>>>> {org.wso2.carbon.apimgt.gateway.throttling.util.BlockingConditionRetriever}
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> [1] https://github.com/wso2/puppet-apim
>>>>>>>>>>
>>>>>>>>>> [2] https://docs.wso2.com/display/AM210/Distributed+Deployment+o
>>>>>>>>>> f+the+Gateway
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thank you,
>>>>>>>>>> Chalitha.
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Chalitha Maheshwari*
>>>>>>>>>> Software Engineer-QA,
>>>>>>>>>> WSO2 Inc.
>>>>>>>>>>
>>>>>>>>>> *E-mail:* [email protected]
>>>>>>>>>> *Mobile: *+94710 411 112 <+94%2071%20041%201112>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Dev mailing list
>>>>>>>>>> [email protected]
>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Harsha Kumara
>>>>>>>>> Software Engineer, WSO2 Inc.
>>>>>>>>> Mobile: +94775505618 <+94%2077%20550%205618>
>>>>>>>>> Blog:harshcreationz.blogspot.com
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Samitha Chathuranga
>>>>>>>> Software Engineer, WSO2 Inc.
>>>>>>>> lean.enterprise.middleware
>>>>>>>> Mobile: +94715123761
>>>>>>>>
>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Chalitha Maheshwari*
>>>>>>> Software Engineer-QA,
>>>>>>> WSO2 Inc.
>>>>>>>
>>>>>>> *E-mail:* [email protected]
>>>>>>> *Mobile: *+94710 411 112 <+94%2071%20041%201112>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Chalitha Maheshwari*
>>>>>> Software Engineer-QA,
>>>>>> WSO2 Inc.
>>>>>>
>>>>>> *E-mail:* [email protected]
>>>>>> *Mobile: *+94710 411 112 <+94%2071%20041%201112>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Chalitha Maheshwari*
>>>>> Software Engineer-QA,
>>>>> WSO2 Inc.
>>>>>
>>>>> *E-mail:* [email protected]
>>>>> *Mobile: *+94710 411 112 <+94%2071%20041%201112>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Chamin Dias
>>>> Mobile : 0716097455
>>>> Email : [email protected]
>>>> LinkedIn : https://www.linkedin.com/in/chamindias
>>>>
>>>>
>>>
>>>
>>> --
>>> *Chalitha Maheshwari*
>>> Software Engineer-QA,
>>> WSO2 Inc.
>>>
>>> *E-mail:* [email protected]
>>> *Mobile: *+94710 411 112 <+94%2071%20041%201112>
>>>
>>
>>
>>
>> --
>> *Chalitha Maheshwari*
>> Software Engineer-QA,
>> WSO2 Inc.
>>
>> *E-mail:* [email protected]
>> *Mobile: *+94710 411 112 <+94%2071%20041%201112>
>>
>
>
>
> --
> Samitha Chathuranga
> Software Engineer, WSO2 Inc.
> lean.enterprise.middleware
> Mobile: +94715123761
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>
--
*Chalitha Maheshwari*
Software Engineer-QA,
WSO2 Inc.
*E-mail:* [email protected]
*Mobile: *+94710 411 112
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
