I am having a problem with the keycloak 8.0.1, not a docker image, when the identity provider redirects back to keycloak there is this error
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 96 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 102 more
In this redirect on the devTools appears a 502.
The certificates are self-signed, and I have added them to the JAVA_HOME/jre/lib/security/cacerts, but the error continues.
How I use a reverse proxy with nginx I have seen some people indicating that we need to add some headers, I have done it that too, but still doesn't work.
Related
I'm facing the below error in connecting the LDAP in JBoss 7.3 while deploying the SSL.
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
LDAP is working fine, once we rollback the SSL over the JBoss7.3.
We've tried
Reinstall the SSL over the JBoss7.3
Check the Certificate
Expecting:
LDAP should be working fine after deploying the SSL over JBossEAP7.3
How should it be configured the spring-cloud-schema-registry-client to communicate with Confluent Schema Registry on a secured manner using SSL truststore?
My configuration is the following:
spring:
cloud:
schema-registry-client:
endpoint: https://confluent-schema-registry:443
basic.auth.credentials.source: SASL_INHERIT
stream:
function:
definition: functionConsumer;functionProducer
kafka:
binder:
brokers: message-broker-url:9091
configuration:
security.protocol: SASL_SSL
sasl:
mechanism: SCRAM-SHA-512
jaas.config: org.apache.kafka.common.security.scram.ScramLoginModule required username="username" password="password";
ssl:
truststore:
location: classpath:cacerts
password: password
bindings:
output-0:
destination: output
contentType: application/*+avro
input-0:
destination: input
contentType: application/*+avro
Trying to produce a message to a channel, an javax.net.ssl.SSLHandshakeException is being thrown:
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://confluent-schema-registry:443": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I need to make HTTPS Get call with certificate in Rest Assured. I had .pfx certificate, I changed it to .jks format. And my code is:
Response resp=given().trustStore("C:\\Users\\userName\\clientcert.jks","Password").
param("reportId", "111").
param("startDate","2020-01-01").
param("endDate", " 2020-01-01").
when().get(path);
resp.prettyPrint();
When I run this code, it gives me this error: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
Could you please help me how can I fix this issue.
Try to invoke the below line right before making a request. Like this:
RestAssured.config = RestAssured.newConfig().sslConfig(new SSLConfig("C:\\Users\\userName\\clientcert.jks","Password");
Response resp = given().
param("reportId", "111").
param("startDate","2020-01-01").
param("endDate", " 2020-01-01").
when().get(path);
resp.prettyPrint();
I request a access token from a UAA service. recieve the token. then use the token to upload a file to an AWS environment. now it works with one environment and doesn't work with another. the only major difference can find is that the one that works uses SSO auth and and one that doesn't work uses UAA auth. since I request a token from a UAA server/service and use it to POST a data file to an environment I don't have use of a key store. I am getting the following error.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am using JBoss Fuse JBoss Fuse (6.3.0.redhat-310) container running my application bundles
Java 8
Camel-HTTP4 to post
any suggestions or help would be greatly appreciated, is there anything I am missing? does anything special need to be done ? thank you!
oh yeah, It works when I do it in Postman? not in fuse?
it also works with Curl.
HTTP/1.1 200 Connection Established
Proxy-Agent: Zscaler/6.0
HTTP/1.1 100 Continue
Server: Zscaler/6.0
HTTP/1.1 201 Created
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 0
Corr: ef75916afaf1db34
Date: Tue, 05 Jun 2018 22:58:27 GMT
Expires: 0
Pragma: no-cache
Server: none
X-Application-Context: APMTS:cloud:10
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: 1b964238-0dbc-4c09-7c6f-0bc429698584
X-Xss-Protection: 1; mode=block
found my problem was with certs. I located the certs for those systems, imported to java keystore. problem is gone.
thank you all
I'm getting the following error in the Eclipse console when trying to connect my App (IBM Maximo Anywhere):
[WARNING ] FWLSE0239W: Authentication failure in realm 'CustomAuthenticationRealm': javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.secur
ity.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [project MaximoAnywhere]
I'm using MobileFirst Studio 7.1 within Eclipse. My backend server has a single, self signed certificate. I have imported the backend server's cert into the following keystores on the machine:
C:\Java\jdk1.8.0_102\jre\lib\security\cacerts
C:\Java\jre1.8.0_102\lib\security\cacerts
C:\IBM\Anywhere\MaximoAnywhere\server\conf\default.keystore
My MobileFirst Development Server has the following keystore entry in the server.xml file:
<keyStore id="defaultKeyStore" password="worklight"/>
My worklight.properties has the following entries:
ssl.keystore.path=conf/default.keystore
ssl.keystore.type=jks
ssl.keystore.password=worklight
I have tested keystore connectivity to the backend target using these utilities: SSLPoke and Portecle
Both utilties connect all three of the above mentioned keystores to the backend target server over port 443 with no problems.
I am wondering if anyone has any further comments or suggestions.
From the comments:
I actually was able to resolve the problem. The cert also needed to be added to the following keystore: C:\Users\Username\workspace\MobileFirstServerConfig\servers\worklight\resources\security\key.jks