0

I'm a bit lost of how I can use certificate in WidlFly 11. I re the doccumentation and found a lot of terms like JSSE, OpenSSL, Elytron, ApplicationRealm. The problem occurs when I execute the code

final URL url = new URL("https://someUrl");
HttpsURLConnection httpURLConnection = (HttpsURLConnection)url.openConnection();

This exception is thrown sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

So, what exactly need to configure? I tried the section "Enable One-way SSL/TLS for Applications" in Elytron Doccumentation but didn't works.

ps: I'm using java 9.01 ps2: I'm using standalone-full.xml

let me know if you need more informations

Bruno Morais
  • 23
  • 1
  • 5

2 Answers2

4

This is unrelated to WildFly - you need to configure certificates trusted by java URL connections - you need to create and configure truststore:

  1. create keystore containing certificate of server (if it is self-signed certificate), or better, certificate of its CA:

    keytool -import -file myCA.cert -alias myCA -storepass mypassword -noprompt -keystore my.truststore

  2. start using created keystore file as truststore in WildFly by setting javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties:

    bin/jboss-cli.sh -c
/system-property=javax.net.ssl.trustStore:add(value="/path/to/my.truststore")
/system-property=javax.net.ssl.trustStorePassword:add(value="mypassword")

Elytron documentation you mention is related only to server side - but this is client side configuration, which is not currently handled by it.

Honza
  • 974
  • 10
  • 18
1

The certificate is not trusted, iirc there is a self-signed certificate in WildFly 11 so yo need to trust it or install a real certificate. Accept server's self-signed ssl certificate in Java client

ehsavoie
  • 3,126
  • 1
  • 16
  • 14