1

I am currently working on Mobile first version 8. While creating a java adapter to call a api through the following code I m receiving error "java.security.cert.CertificateException: PKIX path building failed mobile first java adapter error"

@GET
@Path("/unprotected")
@Produces(MediaType.TEXT_PLAIN)
@OAuthSecurity(enabled = false)
   public String unprotected() {
StringBuffer content = new StringBuffer();
try {
URL url = new URL("Some Url");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
   con.setRequestMethod("GET");
  BufferedReader in =new BufferedReader(new inputStreamReader(con.getInputStream()));
String inputLine;

while ((inputLine = in.readLine()) != null)
     content.append(inputLine);

logger.info("MYFind Data" + content.toString());
in.close();

con.disconnect();
} catch (Exception e) {
    logger.info("" + e.getMessage());
}
return content.toString();
}

error found in the logfile from "C:\Users\Admin\MobileFirst-8.0.0.0\mfp-server\usr\servers\mfp\logs\messages.log"

E CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.openweathermap.org, OU=EssentialSSL Wildcard, OU=Domain Control Validated was sent from the target host. The signer might need to be added to local trust store C:/Users/Admin/MobileFirst-8.0.0.0/mfp-server/usr/servers/mfp/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

00000619 com.wether.JavaAdapterMainResource I java.security.cert.CertificateException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

pavel
  • 122
  • 13
Bhagyesh Radiya
  • 19
  • 3
  • 1
    *What* api are you trying to access and from *where*? It seems that the api is behind a proxy, which needs certificates to access. Do you have these required certificates? And are you providing them when trying to access said api? – Lino Feb 05 '19 at 09:36
  • its simple wether api "https://samples.openweathermap.org/data/2.5/weather?q=London,uk&appid=b6907d289e10d714a6e88b30761fae22". It works fine in http adapter of mobile first – Bhagyesh Radiya Feb 05 '19 at 10:10

2 Answers2

0

The error message very clearly articulates the problem:

SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.openweathermap.org, OU=EssentialSSL Wildcard, OU=Domain Control Validated was sent from the target host. The signer might need to be added to local trust store C:/Users/Admin/MobileFirst-8.0.0.0/mfp-server/usr/servers/mfp/resources/security/key.jks

The certificate from the endpoint is signed by 'COMODO'. Verify if your Java cacerts and/or keystore configured in your Liberty server has the root CA. If not, add it.

Vivin K
  • 2,681
  • 1
  • 11
  • 14
  • can you elaborate it? thank you – Bhagyesh Radiya Feb 05 '19 at 12:22
  • SSL handshake is failing from a missing signer in your server. When calling the "openweathermap.org" endpoint, from MFP server, it needs the rootCA to be present in it's keystore. Either your JVM's cacerts is missing it or you need to add it to the keystore specified in your Application server. – Vivin K Feb 06 '19 at 09:14
0

Yes i finally got the answer as uh said "SSL handshake is failing from a missing signer in your server". I just registered the my api url certificate to my mobile-first server.To do so with the software to import the certificate on server.

The url for software :- https://keystore-explorer.org/downloads.html

the path of file where to import certificate:-

C:\Users\Admin\MobileFirst-8.0.0.0\mfp-server\usr\servers\mfp\resources\security

Password:-"mobilefirst"

and just drag and drop the certificate of you api url

final setp to restart server

Bhagyesh Radiya
  • 19
  • 3