Finally I did get the SSL config working. 1. I have added 2 lines at system.properties
javax.net.ssl.trustStore=${karaf.etc}/truststore.jks javax.net.ssl.trustStorePassword=xxxxx 2. I've changed the route as following <bean id="noopHostnameVerifier" class="org.apache.http.conn.ssl.NoopHostnameVerifier" /> <camelContext id="isp.routes.system.deployment" xmlns="http://camel.apache.org/schema/blueprint"> <route id="isp.routes.system.deployment"> <from uri="file:/tmp/in?include=.*\.xml&moveFailed=error" /> ... <toD uri='https://anyhost.eu-central-1.compute.amazonaws.com:8080/...& x509HostnameVerifier=noopHostnameVerifier' /> 1. does set the trust store, 2. helped with certs that not match the hostname Best - Gerald > Gerald Kallas < catsh...@mailbox.org mailto:catsh...@mailbox.org > hat am > 5. Januar 2020 um 14:50 geschrieben: > > > Dear community, > > I'm using Karaf 4.2.7 with Camel 3.0.0. For calling an external HTTPS > resource I need to configure the truststore for the Camel HTTP component. See > my blueprint route below > > <blueprint xmlns=" http://www.osgi.org/xmlns/blueprint/v1.0.0" > http://www.osgi.org/xmlns/blueprint/v1.0.0 > xmlns:camel=" http://camel.apache.org/schema/blueprint" > http://camel.apache.org/schema/blueprint > > <!-- set JMS connection factory --> > <bean id="jmsConnectionFactory" > class="org.apache.activemq.ActiveMQConnectionFactory"> > <property name="brokerURL" value="tcp://localhost:61616" /> > <property name="userName" value="admin" /> > <property name="password" value="xxxxx" /> > </bean> > <!-- set truststore --> > <camel:sslContextParameters id="sslContextParameters"> > <camel:keyManagers keyPassword="xxxxx"> > <camel:keyStore > resource="/home/ec2-user/casisp-runtime/apache-karaf-4.2.7/etc/truststore.jks" > password="xxxxx" /> > </camel:keyManagers> > </camel:sslContextParameters> > <camelContext id="isp.routes.system.deployment" xmlns=" > http://camel.apache.org/schema/blueprint" > http://camel.apache.org/schema/blueprint > > <route id="isp.routes.system.deployment"> > <from uri="file:/tmp/in?include=.*\.xml&moveFailed=error" /> > <log message="isp.routes.system.deployment - Route started" /> > <!-- set HTTP header values --> > <setHeader name="CamelHttpMethod"> > <constant>GET</constant> > </setHeader> > <setHeader name="Content-Type"> > <constant>application/json</constant> > </setHeader> > <setHeader name="Authorization"> > <constant>Basic xxxxx</constant> > </setHeader> > <toD uri=' > https://ec2-3-124-33-3.eu-central-1.compute.amazonaws.com:8080/api/v2/data/integrationservice?filter={"deployDev": > true}&sslContextParameters=#sslContextParameters' /> > <to uri="activemq:queue:IN" /> > <log message="isp.routes.system.deployment.xml - Route finished" /> > </route> > </camelContext> > </blueprint> > > The truststore contains 1 self signed PEM cert from the destination. > > Finally I'm still getting an error > > javax.net.ssl.SSLHandshakeException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > Do I still miss something? > > Is there any other way to configure a truststore globally for the HTTP > component? > > Many thanks in advance for any comments and hints. > > Best > - Gerald >