2

I tried to config Camel route in order to forward my SOAP request to SSL endpoint. Here is my camel configuration for SSL connection:

<http:conduit name="https://localhost:*">
<http:tlsClientParameters secureSocketProtocol="SSL">
    <sec:keyManagers keyPassword="changeit">
        <sec:keyStore type="JKS" password="changeit"
              file="C:\Program Files (x86)\Java\jdk1.7.0_79\jre\lib\security\cacerts"/> 
    </sec:keyManagers>
    <sec:trustManagers>
        <sec:keyStore type="JKS" password="changeit"
              file="C:\Program Files (x86)\Java\jdk1.7.0_79\jre\lib\security\cacerts"/> 
    </sec:trustManagers>
</http:tlsClientParameters>
<http:authorization>
  <sec:UserName>username</sec:UserName>
  <sec:Password>password</sec:Password>
</http:authorization>

The error I got from the Karaf log is shown as below:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.7.0_79]
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)[:1.7.0_79]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)[:1.7.0_79]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)[:1.7.0_79]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)[:1.7.0_79]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)[:1.7.0_79]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)[:1.7.0_79]
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)[:1.7.0_79]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)[:1.7.0_79]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)[:1.7.0_79]
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709)[:1.7.0_79]
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)[:1.7.0_79]
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)[:1.7.0_79]
        at java.io.BufferedOutputStream.write(BufferedOutputStream.java:126)[:1.7.0_79]
        at java.io.FilterOutputStream.write(FilterOutputStream.java:97)[:1.7.0_79]
        at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:145)[211:org.apache.servicemix.bundles.commons-httpclient:3.1.0.7]
        at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)[211:org.apache.servicemix.bundles.commons-httpclient:3.1.0.7]
        at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)[211:org.apache.servicemix.bundles.commons-httpclient:3.1.0.7]
        at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)[211:org.apache.servicemix.bundles.commons-httpclient:3.1.0.7]
        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)[211:org.apache.servicemix.bundles.commons-httpclient:3.1.0.7]
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)[211:org.apache.servicemix.bundles.commons-httpclient:3.1.0.7]
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)[211:org.apache.servicemix.bundles.commons-httpclient:3.1.0.7]
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)[211:org.apache.servicemix.bundles.commons-httpclient:3.1.0.7]
        at org.apache.camel.component.http.HttpProducer.executeMethod(HttpProducer.java:244)[212:org.apache.camel.camel-http:2.14.1]
        at org.apache.camel.component.http.HttpProducer.process(HttpProducer.java:144)[212:org.apache.camel.camel-http:2.14.1]
        at org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:120)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:72)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:416)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.processor.Pipeline.process(Pipeline.java:118)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.processor.Pipeline.process(Pipeline.java:80)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:191)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:105)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:87)[116:org.apache.camel.camel-core:2.14.1]
        at org.apache.camel.component.jms.EndpointMessageListener.onMessage(EndpointMessageListener.java:103)[118:org.apache.camel.camel-jms:2.14.1]
        at org.springframework.jms.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:562)[111:org.apache.servicemix.bundles.spring-jms:3.2.11.RELEASE_1]
        at org.springframework.jms.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:500)[111:org.apache.servicemix.bundles.spring-jms:3.2.11.RELEASE_1]
        at org.springframework.jms.listener.AbstractMessageListenerContainer.doExecuteListener(AbstractMessageListenerContainer.java:468)[111:org.apache.servicemix.bundles.spring-jms:3.2.11.RELEASE_1]

        at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.doReceiveAndExecute(AbstractPollingMessageListenerContainer.java:325)[111:org.apache.servicemix.bundles.spring-jms:3.2.11.RELEASE_1]
        at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.receiveAndExecute(AbstractPollingMessageListenerContainer.java:263)[111:org.apache.servicemix.bundles.spring-jms:3.2.11.RELEASE_1]
        at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.invokeListener(DefaultMessageListenerContainer.java:1101)[111:org.apache.servicemix.bundles.spring-jms:3.2.11.RELEASE_1]
        at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.executeOngoingLoop(DefaultMessageListenerContainer.java:1093)[111:org.apache.servicemix.bundles.
spring-jms:3.2.11.RELEASE_1]
        at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:990)[111:org.apache.servicemix.bundles.spring-jms:3.2.1
1.RELEASE_1]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)[:1.7.0_79]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)[:1.7.0_79]
        at java.lang.Thread.run(Thread.java:745)[:1.7.0_79]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)[:1.7.0_79]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.7.0_79]
        at sun.security.validator.Validator.validate(Validator.java:260)[:1.7.0_79]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)[:1.7.0_79]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)[:1.7.0_79]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)[:1.7.0_79]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)[:1.7.0_79]
        ... 42 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)[:1.7.0_79]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)[:1.7.0_79]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)[:1.7.0_79]
        ... 48 more

I also import the certificate file into my JVM using the command:

keytool -import -alias itpam -keystore "C:\Program Files (x86)\Java\jdk1.7.0_79\jre\lib\security\cacerts" -file c:\mycert.cer

Certification information can be seen as below:

Owner: O=ComputerAssociates, OU=EmbeddedIAM, OU=ApplicationInstance, CN=CERT-Process Automation
Issuer: O=iTechnology, OU=Configuration, OU=CertServer, CN=CSCVIEAE635989
Serial number: 1230abc
Valid from: Mon Dec 22 15:23:19 ICT 2014 until: Thu Dec 19 15:23:19 ICT 2024
Certificate fingerprints:
         MD5:  7A:37:45:BF:28:E0:36:58:4D:7C:D0:26:2A:FD:2F:CC
         SHA1: 76:E1:CB:86:8D:9A:D1:5A:95:CC:E9:5C:3B:A4:C9:FF:E6:B9:D3:8C
         SHA256: E5:60:76:7F:90:D5:FA:4A:FC:93:C1:4F:FF:30:38:69:79:91:69:EC:CF:
46:B0:01:32:B6:0D:00:B7:30:9D:DB
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FA 36 2F 87 D6 4B 89 A4   F5 9D 8A B2 78 97 86 9F  .6/..K......x...
0010: F4 A1 9F 59                                        ...Y
]
[O=iTechnology, OU=Configuration, OU=CertServer, CN=CSCVIEAE635989]
SerialNumber: [    01230abc]
]

#2: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  RFC822Name: email@ca.com
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FE FF 9A 44 43 55 DA CA   14 7E 20 5F E3 E8 A4 91  ...DCU.... _....
0010: B6 10 56 28                                        ..V(
]
]

Am I missing anything?

Hưng Trần
  • 21
  • 1
  • 2
  • Is the root and intermedia certificate of the certificate chain also in your truststore? – soilworker May 13 '15 at 13:53
  • I'm new to the SSL, pls advice how I can check the root and intermedia certificate in my truststore? – Hưng Trần May 14 '15 at 06:07
  • Problem solved. Just follow the [answer](http://stackoverflow.com/questions/20122099/error-in-javamail-pkix-path-building-failed-unable-to-find-valid-certification) below – Hưng Trần May 14 '15 at 09:53

0 Answers0