Hello Lifeng. The dropwizard-user@ mailing list is the best place to ask these sorts of questions.
On Fri, Nov 4, 2016 at 11:09 PM, Lifeng Sang <[email protected]> wrote: > Hi Evan, > Sorry to bother you again. I just had a weird issue, not sure if you > have experienced in the past. > I have a testing server cert (that's signed by an intermediate cert, which > is signed by a self-signed root cert). The intermediate cert and root cert > are included in a truststore file. Everything worked for a long time, but > today when I tried to start the dropwizard application, it suddenly > complained with the following exception and the server failed to start. > Things I'm 100% sure are > > - The keystore file and truststore file (configured in the dropwizard > application) haven't been changed > - None of the server cert, intermediate cert or root cert is expired > - The dropwizard version is the same > > Do you know if there is any environment variable (or system > configurations) that could change the behavior of how the server cert is > validated in dropwizard? > > Thank you! > Lifeng > > > keyStorePath: src/main/resources/dev/test.keystore.jks > keyStorePassword: testingxxxxxx > trustStorePath: src/main/resources/dev/test.truststore.jks > trustStorePassword: testingxxxxxx > crlPath: src/main/resources/dev/test.crl.pem > wantClientAuth: true > enableCRLDP: false > enableOCSP: false > supportedProtocols: [TLSv1.2] > > > > > WARN [2016-11-05 05:41:31,900] -main- > org.eclipse.jetty.util.component.AbstractLifeCycle: > FAILED SslContextFactory@15f8701f(src/main/resources/dev/test. > keystore.jks,src/main/resources/dev/test.truststore.jks): > java.security.cert.CertificateException: Unable to validate certificate: > unable to find valid certification path to requested target ! > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > ! at sun.security.provider.certpath.SunCertPathBuilder. > build(SunCertPathBuilder.java:145) ~[na:1.8.0_51] > ! at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) > ~[na:1.8.0_51] > ! at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > ~[na:1.8.0_51] > ! at org.eclipse.jetty.util.security.CertificateValidator. > validate(CertificateValidator.java:248) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! ... 15 common frames omitted > ! Causing: java.security.cert.CertificateException: Unable to validate > certificate: unable to find valid certification path to requested target > ! at org.eclipse.jetty.util.security.CertificateValidator. > validate(CertificateValidator.java:256) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.security.CertificateValidator. > validate(CertificateValidator.java:189) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:293) > ~[jetty-util-9.0.7.v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.AbstractLifeCycle. > start(AbstractLifeCycle.java:69) [jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.ContainerLifeCycle. > start(ContainerLifeCycle.java:118) [jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.server.Server.start(Server.java:342) > [jetty-server-9.0.7.v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.ContainerLifeCycle. > doStart(ContainerLifeCycle.java:100) [jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.server.handler.AbstractHandler. > doStart(AbstractHandler.java:60) [jetty-server-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.server.Server.doStart(Server.java:290) > [jetty-server-9.0.7.v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.AbstractLifeCycle. > start(AbstractLifeCycle.java:69) [jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at io.dropwizard.cli.ServerCommand.run(ServerCommand.java:43) > [dropwizard-core-0.7.1.jar:0.7.1] > ! at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:43) > [dropwizard-core-0.7.1.jar:0.7.1] > ! at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:76) > [dropwizard-core-0.7.1.jar:0.7.1] > ! at io.dropwizard.cli.Cli.run(Cli.java:70) [dropwizard-core-0.7.1.jar:0. > 7.1] > ! at io.dropwizard.Application.run(Application.java:72) > [dropwizard-core-0.7.1.jar:0.7.1] > > WARN [2016-11-05 05:41:31,901] -main- > org.eclipse.jetty.util.component.AbstractLifeCycle: > FAILED org.eclipse.jetty.server.Server@53a5e217: > java.security.cert.CertificateException: > Unable to validate certificate: unable to find valid certification path to > requested target ! sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > ! at sun.security.provider.certpath.SunCertPathBuilder. > build(SunCertPathBuilder.java:145) ~[na:1.8.0_51] > ! at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) > ~[na:1.8.0_51] > ! at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > ~[na:1.8.0_51] > ! at org.eclipse.jetty.util.security.CertificateValidator. > validate(CertificateValidator.java:248) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! ... 15 common frames omitted > ! Causing: java.security.cert.CertificateException: Unable to validate > certificate: unable to find valid certification path to requested target > ! at org.eclipse.jetty.util.security.CertificateValidator. > validate(CertificateValidator.java:256) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.security.CertificateValidator. > validate(CertificateValidator.java:189) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:293) > ~[jetty-util-9.0.7.v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.AbstractLifeCycle. > start(AbstractLifeCycle.java:69) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.ContainerLifeCycle. > start(ContainerLifeCycle.java:118) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.server.Server.start(Server.java:342) > ~[jetty-server-9.0.7.v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.ContainerLifeCycle. > doStart(ContainerLifeCycle.java:100) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.server.handler.AbstractHandler. > doStart(AbstractHandler.java:60) ~[jetty-server-9.0.7. > v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.server.Server.doStart(Server.java:290) > ~[jetty-server-9.0.7.v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.AbstractLifeCycle. > start(AbstractLifeCycle.java:69) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at io.dropwizard.cli.ServerCommand.run(ServerCommand.java:43) > [dropwizard-core-0.7.1.jar:0.7.1] > ! at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:43) > [dropwizard-core-0.7.1.jar:0.7.1] > ! at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:76) > [dropwizard-core-0.7.1.jar:0.7.1] > ! at io.dropwizard.cli.Cli.run(Cli.java:70) [dropwizard-core-0.7.1.jar:0. > 7.1] > ! at io.dropwizard.Application.run(Application.java:72) > [dropwizard-core-0.7.1.jar:0.7.1] > > ERROR [2016-11-05 05:41:31,901] -main- io.dropwizard.cli.ServerCommand: > Unable to start server, shutting down ! > sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > ! at sun.security.provider.certpath.SunCertPathBuilder. > build(SunCertPathBuilder.java:145) ~[na:1.8.0_51] > ! at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) > ~[na:1.8.0_51] > ! at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > ~[na:1.8.0_51] > ! at org.eclipse.jetty.util.security.CertificateValidator. > validate(CertificateValidator.java:248) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! ... 15 common frames omitted > ! Causing: java.security.cert.CertificateException: Unable to validate > certificate: unable to find valid certification path to requested target > ! at org.eclipse.jetty.util.security.CertificateValidator. > validate(CertificateValidator.java:256) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.security.CertificateValidator. > validate(CertificateValidator.java:189) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:293) > ~[jetty-util-9.0.7.v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.AbstractLifeCycle. > start(AbstractLifeCycle.java:69) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.ContainerLifeCycle. > start(ContainerLifeCycle.java:118) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.server.Server.start(Server.java:342) > ~[jetty-server-9.0.7.v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.ContainerLifeCycle. > doStart(ContainerLifeCycle.java:100) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at org.eclipse.jetty.server.handler.AbstractHandler. > doStart(AbstractHandler.java:60) ~[jetty-server-9.0.7. > v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.server.Server.doStart(Server.java:290) > ~[jetty-server-9.0.7.v20131107.jar:9.0.7.v20131107] > ! at org.eclipse.jetty.util.component.AbstractLifeCycle. > start(AbstractLifeCycle.java:69) ~[jetty-util-9.0.7.v20131107. > jar:9.0.7.v20131107] > ! at io.dropwizard.cli.ServerCommand.run(ServerCommand.java:43) > ~[dropwizard-core-0.7.1.jar:0.7.1] > ! at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:43) > [dropwizard-core-0.7.1.jar:0.7.1] > ! at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:76) > [dropwizard-core-0.7.1.jar:0.7.1] > ! at io.dropwizard.cli.Cli.run(Cli.java:70) [dropwizard-core-0.7.1.jar:0. > 7.1] > ! at io.dropwizard.Application.run(Application.java:72) > [dropwizard-core-0.7.1.jar:0.7.1] > > -- Evan Meagher -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
