[Dev] ESB Connector - SSLHandshakeException
When we invoke our services into proxy we got this error: [2014-09-03 11:24:57,617] ERROR - TargetHandler I/O error: General SSLEngine problem javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1108) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1080) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452) at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:220) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:254) at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:380) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118) at org.apache.http.impl.nio.reactor.BaseIOReactor.validate(BaseIOReactor.java:220) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:284) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604) at java.lang.Thread.run(Thread.java:662) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1508) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:243) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952) at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:238) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:270) ... 7 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188) ... 14 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 20 more [2014-09-03 11:24:57,621] WARN - EndpointContext Endpoint : AnonymousEndpoint will be marked SUSPENDED as it failed [2014-09-03 11:24:57,621] WARN - EndpointContext Suspending endpoint : AnonymousEndpoint - last suspend duration was : 3ms and current suspend duration is : 3ms - Next retry after : Wed Sep 03 11:25:27 IST 2014 Naasheer Ali Associate Software Engineer WSO2 Inc. Mob: +94 754284288 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] ESB Connector - SSLHandshakeException
Hi Naasheer, I hope this will be useful http://www.webapper.com/blog/index.php/2007/02/09/troubleshooting-javaxnetsslsslhandshakeexception/ try this keytool -export -alias wso2carbon -keystore ESB_HOME/repository/resources/security/wso2carbon.jks -storepass wso2carbon -file wso2carbon.pem keytool -import -alias wso2crbon -file wso2carbon.pem -keystore JAVA_HOME/jre/lib/security/cacerts On Wed, Sep 3, 2014 at 1:13 PM, Naasheera Ali naashe...@wso2.com wrote: When we invoke our services into proxy we got this error: [2014-09-03 11:24:57,617] ERROR - TargetHandler I/O error: General SSLEngine problem javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1108) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1080) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452) at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:220) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:254) at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:380) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118) at org.apache.http.impl.nio.reactor.BaseIOReactor.validate(BaseIOReactor.java:220) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:284) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604) at java.lang.Thread.run(Thread.java:662) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1508) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:243) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1209) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:135) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952) at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:238) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:270) ... 7 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1188) ... 14 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 20 more [2014-09-03 11:24:57,621] WARN - EndpointContext Endpoint : AnonymousEndpoint will be marked SUSPENDED as it failed [2014-09-03 11:24:57,621] WARN - EndpointContext Suspending endpoint : AnonymousEndpoint - last suspend duration was : 3ms and current suspend duration is : 3ms - Next retry after : Wed Sep 03 11:25:27 IST 2014 Naasheer Ali Associate Software Engineer WSO2 Inc. Mob: +94 754284288 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Thanks Best Regards, Tharindu Edirisinghe Software Engineer *WSO2 Inc* *email : tharin...@wso2.com tharin...@wso2.com * *mobile : +94 775 181586* *www: :http://wso2.com
Re: [Dev] ESB Connector - SSLHandshakeException
Hi Naasheer, Import particular certificate in to ESB_HOME\repository\resources\security\client-truststore.jks keystore. Regards, Janaka -- View this message in context: http://wso2-oxygen-tank.10903.n7.nabble.com/ESB-Connector-SSLHandshakeException-tp102207p102211.html Sent from the WSO2 Development mailing list archive at Nabble.com. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] ESB Connector - SSLHandshakeException
Hi, ESB should trust the server you are trying to connect to in order to create a SSH handshake. In order to trust it, the public certificate of the server should be added to ESB. You can use keytool to add the certificate to client-trustore. Please find a guide on [1] which shows how to add a CA to ESB trust store. [1] http://udaraliyanage.wordpress.com/2014/06/16/add-a-ca-certificate-to-wso2-truststore/ On Wed, Sep 3, 2014 at 1:36 PM, Jay janaka.n.ranathu...@gmail.com wrote: Hi Naasheer, Import particular certificate in to ESB_HOME\repository\resources\security\client-truststore.jks keystore. Regards, Janaka -- View this message in context: http://wso2-oxygen-tank.10903.n7.nabble.com/ESB-Connector-SSLHandshakeException-tp102207p102211.html Sent from the WSO2 Development mailing list archive at Nabble.com. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Udara Liyanage Software Engineer WSO2, Inc.: http://wso2.com lean. enterprise. middleware web: http://udaraliyanage.wordpress.com phone: +94 71 443 6897 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev