Hello Tad Thanks for your answer. I do not use startssl certificates. Because I only want to use/test a wave federation scenario in my private network, I created (using OpenSSL) my own root CA-certificate which validates my wave server certificates (e.g. dave.org.crt). So, the "certificate_files" parameter in the server.federation.config file looks than:
certificate_files=dave.org.crt,rootcert.pem In a previous revision (approximately 2 month ago) this method worked well. In addition, I install the root certificate in the Java keystore executing the following command: sudo keytool -importcert -storetype jks -keystore /etc/java/security/ cacerts -file rootcert.pem I don’t know if this is really needed, but I found a recommendation somewhere in the internet that this should be done (unfortunately, the specification about installing of certificates in wave is a little bit short for my opinion...) Johannes On 5 Jan., 17:28, Tad Glines <[email protected]> wrote: > You get this error when there is a configuration or certificate issue. > > Check to make sure that "certificate_files" contains the complete > trust chain. If you used startssl then you need to include > sub.class1.server.ca.pem and ca.pem in the list. > > -Tad > > On Wed, Jan 5, 2011 at 6:57 AM, jowi <[email protected]> wrote: > > Hello everybody > > > when I execute run-server.sh I always get the following error message > > (see detailed screen output below): > > > Failed to add our own signer info to the certificate store > > > What does it mean, and how can I solve the problem? > > Any ideas? > > (I use Ubuntu 10.04, openjdk and the last revision of WiaB. ) > > > ------------------------ error screen output -------------- > > > d...@dave:~/testlab/wave$ ./run-server.sh > > 05.01.2011 14:24:32 > > org.waveprotocol.box.server.waveserver.WaveServerImpl <init> > > INFO: Wave Server configured to host local domains: [dave.org] > > 05.01.2011 14:24:32 > > org.waveprotocol.box.server.waveserver.WaveServerImpl <init> > > SCHWERWIEGEND: Failed to add our own signer info to the certificate > > store > > org.waveprotocol.wave.crypto.SignatureException: Certificate > > validation failure > > at > > org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java: > > 103) > > at > > org.waveprotocol.wave.crypto.CachedCertPathValidator.validate(CachedCertPathValidator.java: > > 65) > > at > > org.waveprotocol.wave.crypto.WaveSignatureVerifier.verifySignerInfo(WaveSignatureVerifier.java: > > 129) > > at > > org.waveprotocol.box.server.waveserver.CertificateManagerImpl.storeSignerInfo(CertificateManagerImpl.java: > > 199) > > at > > org.waveprotocol.box.server.waveserver.WaveServerImpl.<init>(WaveServerImpl.java: > > 363) > > at org.waveprotocol.box.server.waveserver.WaveServerImpl$ > > $FastClassByGuice$$3065e839.newInstance(<generated>) > > at > > com.google.inject.internal.cglib.reflect.FastConstructor.newInstance(FastConstructor.java: > > 40) > > at com.google.inject.internal.DefaultConstructionProxyFactory > > $1.newInstance(DefaultConstructionProxyFactory.java:59) > > at > > com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java: > > 84) > > at com.google.inject.internal.ConstructorBindingImpl > > $Factory.get(ConstructorBindingImpl.java:200) > > at com.google.inject.internal.ProviderToInternalFactoryAdapter > > $1.call(ProviderToInternalFactoryAdapter.java:43) > > at > > com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java: > > 878) > > at > > com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java: > > 40) > > at com.google.inject.Scopes$1$1.get(Scopes.java:64) > > at > > com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java: > > 40) > > at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:53) > > at com.google.inject.internal.ProviderToInternalFactoryAdapter > > $1.call(ProviderToInternalFactoryAdapter.java:43) > > at > > com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java: > > 878) > > at > > com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java: > > 40) > > at com.google.inject.Scopes$1$1.get(Scopes.java:64) > > at > > com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java: > > 40) > > at > > com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java: > > 38) > > at > > com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java: > > 62) > > at > > com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java: > > 83) > > at com.google.inject.internal.ConstructorBindingImpl > > $Factory.get(ConstructorBindingImpl.java:200) > > at > > com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java: > > 825) > > at > > com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java: > > 871) > > at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java: > > 821) > > at > > com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java: > > 860) > > at org.waveprotocol.box.server.ServerMain.run(ServerMain.java:130) > > at org.waveprotocol.box.server.ServerMain.main(ServerMain.java:76) > > Caused by: java.security.cert.CertPathValidatorException: Path does > > not chain with any of the trust anchors > > at > > sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java: > > 204) > > at > > java.security.cert.CertPathValidator.validate(CertPathValidator.java: > > 267) > > at > > org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java: > > 101) > > ... 30 more > > 05.01.2011 14:24:33 com.google.gson.ParameterizedTypeHandlerMap > > register > > WARNUNG: Overriding the existing type handler for class > > com.google.wave.api.Element > > 05.01.2011 14:24:33 com.google.gson.ParameterizedTypeHandlerMap > > register > > WARNUNG: Overriding the existing type handler for class > > com.google.wave.api.Element > > 05.01.2011 14:24:33 com.google.gson.ParameterizedTypeHandlerMap > > register > > WARNUNG: Overriding the existing type handler for class > > com.google.wave.api.Attachment > > 05.01.2011 14:24:33 com.google.gson.ParameterizedTypeHandlerMap > > register > > WARNUNG: Overriding the existing type handler for class > > com.google.wave.api.Attachment > > 05.01.2011 14:24:33 > > org.waveprotocol.wave.federation.xmpp.ComponentPacketTransport > > initialize > > INFO: Initializing with JID: wave.dave.org > > 05.01.2011 14:24:33 > > org.waveprotocol.wave.federation.xmpp.ComponentPacketTransport start > > INFO: Connected to XMPP server with JID: wave.dave.org > > 05.01.2011 14:24:33 org.waveprotocol.box.server.ServerMain run > > INFO: Starting server > > 2011-01-05 14:24:33.649:INFO::jetty-0.3 > > 2011-01-05 > > 14:24:33.884:INFO:org.eclipse.jetty.servlets.org.eclipse.jetty.servlets.ProxyServlet > > $Transparent-14666567:org.eclipse.jetty.servlets.ProxyServlet > > $Transparent-14666567 @ /gadgets tohttp://gmodules.com:80/gadgets > > 2011-01-05 14:24:33.926:INFO::Started > > [email protected]:9898 > > > -- > > You received this message because you are subscribed to the Google Groups > > "Wave Protocol" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/wave-protocol?hl=en. -- You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en.
