[Building Sakai] webservice access error ( sun.security.validator.ValidatorException) for Sakai 2.8
Matthew Jones
matthew at longsight.com
Sat Mar 24 09:02:17 PDT 2012
The easiest way was always just to buy a public certified SSL cert. That
often just saved a lot of aggravation in the long run. :)
The second best was a blog from sun that has since been removed called "No
more 'unable to find valid certification path to requested target". It
looks like it's mirrored here.
http://cold-caffein.blogspot.com/2011/07/looks-like-article-no-more-unable-to.html
There was an small java app there called InstallCert which would go out to
the external server, get the cert it needs and add it to a file called
"jssecacerts".
You'd either put that file in $JAVA_HOME/jre/lib/security or just override
the keystore path to point to this.
-Djavax.net.ssl.keyStore=path/to/keystore.jks
I never could seem to get java to import and use things correctly
otherwise. I think I had some other program, but this was a great writeup.
On Sat, Mar 24, 2012 at 11:31 AM, Liu, Peter <peter.liu at yale.edu> wrote:
> Hi,****
>
> ** **
>
> We are running into Web-service access error (shown below) in the Sakai
> 2.8.x. Since it is running in the Dev-environment (with https protocol)
> and the server SSL-Cer is not public certified. ****
>
> ** **
>
> I tried to import the certificate (got from browser) into java by running
> following command:****
>
> ** **
>
> keytool -import -alias classesV2dev -file my_dev_sakai.crt****
>
> ** **
>
> It still didn’t work for me after the above command. Does anyone know how
> to set up this Java/tomcat environment to solve this webservice access
> (SSL) error: javax.net.ssl.SSLHandshakeException****
>
> ** **
>
> Is this command the right one?****
>
> keytool -importcert -file certificate.cer -keystore keystore.jks -alias
> "Alias"****
>
> ** **
>
> ** **
>
> (Note: it works fine without SSL at my local environment)****
>
> ** **
>
> Any suggestion will be highly appreciated.****
>
> ** **
>
> Thanks,****
>
> Peter****
>
> ** **
>
> - - - -Errors - - - - - - - - - - - - - - - -****
>
> WARN: Error executing web service call to change roles (2012-03-24
> 10:40:30,180 TP-Processor16_org.sakaiproject.site.tool.SiteChangeRole)****
>
> AxisFault****
>
> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> ****
>
> faultSubcode: ****
>
> faultString: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target****
>
> faultActor: ****
>
> faultNode: ****
>
> faultDetail: ****
>
> {
> http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target****
>
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)****
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)*
> ***
>
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)****
>
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)****
>
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> ****
>
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> ****
>
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)**
> **
>
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> ****
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
> ****
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
> ****
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
> ****
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
> ****
>
> at
> org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
> ****
>
> at
> org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)**
> **
>
> at
> org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
> ****
>
> at
> org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)****
>
> at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
> ****
>
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)***
> *
>
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)****
>
> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)**
> **
>
> at org.apache.axis.client.Call.invokeEngine(Call.java:2784)****
>
> at org.apache.axis.client.Call.invoke(Call.java:2767)****
>
> at org.apache.axis.client.Call.invoke(Call.java:2443)****
>
> at org.apache.axis.client.Call.invoke(Call.java:2366)****
>
> at org.apache.axis.client.Call.invoke(Call.java:1812)****
>
> at
> org.sakaiproject.site.tool.SiteChangeRole.updateRole(SiteChangeRole.java:39)
> ****
>
> at
> org.sakaiproject.site.tool.MembershipAction.change_participant_role(MembershipAction.java:571)
> ****
>
> at
> org.sakaiproject.site.tool.MembershipAction.doGoto_changerole(MembershipAction.java:539)
> ****
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)****
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> ****
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> ****
>
> at java.lang.reflect.Method.invoke(Method.java:597)****
>
> at
> org.sakaiproject.cheftool.VelocityPortletPaneledAction.actionDispatch(VelocityPortletPaneledAction.java:679)
> ****
>
> at
> org.sakaiproject.cheftool.VelocityPortletPaneledAction.processAction(VelocityPortletPaneledAction.java:555)
> ****
>
> at
> org.sakaiproject.cheftool.ToolServlet.doGet(ToolServlet.java:230)****
>
> at
> org.sakaiproject.cheftool.VelocityPortletPaneledAction.doGet(VelocityPortletPaneledAction.java:1086)
> ****
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:627)***
> *
>
> at
> org.sakaiproject.vm.ComponentServlet.service(ComponentServlet.java:56)****
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)***
> *
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> ****
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> ****
>
> at
> org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:598)****
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> ****
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> ****
>
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:659)
> ****
>
> at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
> ****
>
> at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
> ****
>
> at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311)
> ****
>
> at
> org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:511)
> ****
>
> at
> org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1444)
> ****
>
> at
> org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:204)
> ****
>
> at
> org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)
> ****
>
> at
> org.sakaiproject.portal.charon.SkinnableCharonPortal.doGet(SkinnableCharonPortal.java:869)
> ****
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:627)***
> *
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)***
> *
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> ****
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> ****
>
> at
> org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:659)****
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> ****
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> ****
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> ****
>
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> ****
>
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> ****
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> ****
>
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)*
> ***
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> ****
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> ****
>
> at
> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)****
>
> at
> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)****
>
> at
> org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:775)****
>
> at
> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:704)
> ****
>
> at
> org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:897)
> ****
>
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> ****
>
> at java.lang.Thread.run(Thread.java:662)****
>
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target****
>
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)****
>
> at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> ****
>
> at sun.security.validator.Validator.validate(Validator.java:218)**
> **
>
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> ****
>
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> ****
>
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> ****
>
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ****
>
> ... 69 more****
>
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target****
>
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> ****
>
> at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)****
>
> at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)****
>
> ... 75 more****
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120324/b497ac08/attachment.html
More information about the sakai-dev
mailing list