1

while I'm connecting to the Kafka cluster with apache camel with SSL then I'm facing the below problem, can anyone please help to resolve the issue

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:957) at sun.security.ssl.Handshaker.process_record(Handshaker.java:892) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:735) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

// is it the correct way of loading the .jks file?

  @Component
    public class MyRouteDefinition extends RouteBuilder {
    
    @Override
    public void configure() throws Exception {

        KeyStoreParameters ksp = new KeyStoreParameters();
        ksp.setType("jks");
        ksp.setResource("truststore.jks);
        ksp.setPassword("password");

        KeyManagersParameters kmp = new KeyManagersParameters();
        kmp.setKeyStore(ksp);
        kmp.setKeyPassword("password");

        TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
        trustManagersParameters.setKeyStore(ksp);

        SSLContextParameters scp = new SSLContextParameters();
        scp.setKeyManagers(kmp);
        scp.setTrustManagers(trustManagersParameters);

        HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class);
        httpComponent.setSslContextParameters(scp);

        //TO HTTPS
        from(...)
        .to("https://localhost:8080/load")
             log.debug("The response code is: {}", responseCode);
         }
    }
Srikanth Janapati
  • 393
  • 3
  • 16

2 Answers2

0

When you use HTTPs, the client needs to trust the server. The server sends a certificate to prove its identity. Certificate are signed by a CA (Certificate Authority). A client trusts a server only if it recognizes the CA that signed its certificate. The client recognizes the CA if it is present in its truststore.

You can also directly import the certificate into the truststore in case it is not signed by a CA.

My guess is that you need to either

  1. import the CA that signed the server's (the one listening at localhost:8080) certificate into the client's truststore
  2. import the server's certificate itself into the truststore.
Dharman
  • 30,962
  • 25
  • 85
  • 135
CefBoud
  • 214
  • 2
  • 4
  • On the client-side I have truststore Keystore file, I think it's can validate the server SSL at client-side, code is : ksp.setResource("truststore.jks") , can you please confirm where i did the mistake? if you have a sample code that would be helpful – Srikanth Janapati Oct 22 '20 at 15:04
0
System.setProperty("javax.net.ssl.trustStore", "C:\\user\\myTrustStore"); 
System.setProperty("javax.net.ssl.trustStorePassword", "123456");

I GOT THE SOLUTION, WITH ABOVE LINES IT'S WORKING FINE

Srikanth Janapati
  • 393
  • 3
  • 16