Finally I did get the SSL config working.
1. I have added 2 lines at system.properties
javax.net.ssl.trustStore=${karaf.etc}/truststore.jks
javax.net.ssl.trustStorePassword=xxxxx
2. I've changed the route as following
<bean id="noopHostnameVerifier"
class="org.apache.http.conn.ssl.NoopHostnameVerifier" />
<camelContext id="isp.routes.system.deployment"
xmlns="http://camel.apache.org/schema/blueprint";>
<route id="isp.routes.system.deployment">
<from uri="file:/tmp/in?include=.*\.xml&moveFailed=error" />
...
<toD uri='https://anyhost.eu-central-1.compute.amazonaws.com:8080/...&
x509HostnameVerifier=noopHostnameVerifier' />
1. does set the trust store, 2. helped with certs that not match the hostname
Best
- Gerald
> Gerald Kallas < catsh...@mailbox.org mailto:catsh...@mailbox.org > hat am
> 5. Januar 2020 um 14:50 geschrieben:
>
>
> Dear community,
>
> I'm using Karaf 4.2.7 with Camel 3.0.0. For calling an external HTTPS
> resource I need to configure the truststore for the Camel HTTP component. See
> my blueprint route below
>
> <blueprint xmlns=" http://www.osgi.org/xmlns/blueprint/v1.0.0";
> http://www.osgi.org/xmlns/blueprint/v1.0.0
> xmlns:camel=" http://camel.apache.org/schema/blueprint";
> http://camel.apache.org/schema/blueprint >
> <!-- set JMS connection factory -->
> <bean id="jmsConnectionFactory"
> class="org.apache.activemq.ActiveMQConnectionFactory">
> <property name="brokerURL" value="tcp://localhost:61616" />
> <property name="userName" value="admin" />
> <property name="password" value="xxxxx" />
> </bean>
> <!-- set truststore -->
> <camel:sslContextParameters id="sslContextParameters">
> <camel:keyManagers keyPassword="xxxxx">
> <camel:keyStore
> resource="/home/ec2-user/casisp-runtime/apache-karaf-4.2.7/etc/truststore.jks"
> password="xxxxx" />
> </camel:keyManagers>
> </camel:sslContextParameters>
> <camelContext id="isp.routes.system.deployment" xmlns="
> http://camel.apache.org/schema/blueprint";
> http://camel.apache.org/schema/blueprint >
> <route id="isp.routes.system.deployment">
> <from uri="file:/tmp/in?include=.*\.xml&moveFailed=error" />
> <log message="isp.routes.system.deployment - Route started" />
> <!-- set HTTP header values -->
> <setHeader name="CamelHttpMethod">
> <constant>GET</constant>
> </setHeader>
> <setHeader name="Content-Type">
> <constant>application/json</constant>
> </setHeader>
> <setHeader name="Authorization">
> <constant>Basic xxxxx</constant>
> </setHeader>
> <toD uri='
> https://ec2-3-124-33-3.eu-central-1.compute.amazonaws.com:8080/api/v2/data/integrationservice?filter={"deployDev":
> true}&sslContextParameters=#sslContextParameters' />
> <to uri="activemq:queue:IN" />
> <log message="isp.routes.system.deployment.xml - Route finished" />
> </route>
> </camelContext>
> </blueprint>
>
> The truststore contains 1 self signed PEM cert from the destination.
>
> Finally I'm still getting an error
>
> javax.net.ssl.SSLHandshakeException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
> Do I still miss something?
>
> Is there any other way to configure a truststore globally for the HTTP
> component?
>
> Many thanks in advance for any comments and hints.
>
> Best
> - Gerald
>
