[prev in list] [next in list] [prev in thread] [next in thread]
List: httpclient-users
Subject: RE: PoolingHttpClientConnectionManager SSL Handshake exception
From: Bhuvaneswari Anandhan <bhuvaneswari.anandhan () oracle ! com>
Date: 2015-09-08 13:53:47
Message-ID: 1f7af38b-30f0-47b1-a1bb-b2dc22b9a58d () default
[Download RAW message or body]
Okay...
Can you suggest me how to create client request using 4.4.1 with proper certificate & \
hostname validation .
I'm looking into apache http client implementation for the same.
Thanks,
Bhuvaneswari
-----Original Message-----
From: Dan Quaroni [mailto:q@invoke.com]
Sent: Tuesday, September 08, 2015 7:20 PM
To: HttpClient User Discussion
Subject: Re: PoolingHttpClientConnectionManager SSL Handshake exception
HttpClient did get more picky about certs.
On Tue, Sep 8, 2015 at 4:31 AM, Bhuvaneswari Anandhan < \
bhuvaneswari.anandhan@oracle.com> wrote:
> Hi ,
>
>
>
> Recently we have done a Apache http component migration from 3.1 to 4.4.1.
>
>
>
> We have changed the connection manager implementation from
> MultiThreadedHttpConnectionManager (3.1 implementation) to
> PoolingHttpClientConnectionManager (apache httpclient 4.4.1).
>
>
>
>
>
> Now we are getting SSL socket exception when we are trying to request
> using the connection.
>
>
>
> Exception trace:
>
> [9/8/15 12:04:27:192 IST] 00000064 SystemErr R
> javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path
> building failed: java.security.cert.CertPathBuilderException:
> PKIXCertPathBuilderImpl could not build a valid CertPath.; internal
> cause
> is:
>
> java.security.cert.CertPathValidatorException: The
> certificate issued by CN=mumgo3206.in.oracle.com, OU=Root Certificate,
> OU=RSAppSrvCell1, OU=RSAppSrvNode1, O=IBM, C=US is not trusted;
> internal cause is:
>
> java.security.cert.CertPathValidatorException:
> Certificate chaining error
>
> [9/8/15 12:04:27:193 IST] 00000064 SystemErr R at
> com.ibm.jsse2.n.a(n.java:28)
>
> [9/8/15 12:04:27:193 IST] 00000064 SystemErr R at
> com.ibm.jsse2.tc.a(tc.java:251)
>
> [9/8/15 12:04:27:193 IST] 00000064 SystemErr R at
> com.ibm.jsse2.gb.a(gb.java:251)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr R at
> com.ibm.jsse2.gb.a(gb.java:228)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr R at
> com.ibm.jsse2.hb.a(hb.java:279)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr R at
> com.ibm.jsse2.hb.a(hb.java:292)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr R at
> com.ibm.jsse2.gb.n(gb.java:71)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr R at
> com.ibm.jsse2.gb.a(gb.java:324)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr R at
> com.ibm.jsse2.tc.a(tc.java:559)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr R at
> com.ibm.jsse2.tc.g(tc.java:25)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr R at
> com.ibm.jsse2.tc.a(tc.java:582)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr R at
> com.ibm.jsse2.tc.startHandshake(tc.java:652)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr R at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocke
> t(SSLConnectionSocketFactory.java:394)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr R at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLC
> onnectionSocketFactory.java:353)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr R at
> org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(
> DefaultHttpClientConnectionOperator.java:134)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr R at
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(P
> oolingHttpClientConnectionManager.java:353)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr R at
> org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClien
> tExec.java:380)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr R at
> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.j
> ava:236)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr R at
> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:
> 184)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr R at
> org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr R at
> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:
> 110)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr R at
> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpC
> lient.java:184)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr R at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpC
> lient.java:117)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr R at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpC
> lient.java:55)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr R at
> com.citi.cpb.emea.revelation.proxy.ProxyServlet.sendApplicationRequest
> (ProxyServlet.java:392)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr R at
> com.citi.cpb.emea.revelation.proxy.ProxyServlet.doGet(ProxyServlet.jav
> a:130)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr R at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr R at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.
> java:1147)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
> apper.java:722)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
> apper.java:449)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(Servl
> etWrapperImpl.java:178)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAp
> pFilterManager.java:1020)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3639)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:30
> 4)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:9
> 50)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.ja
> va:1659)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr R at
> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java
> > 195)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr R at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminat
> ion(HttpInboundLink.java:452)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr R at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(
> HttpInboundLink.java:511)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr R at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(Ht
> tpInboundLink.java:305)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr R at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInbound
> Link.java:276)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr R at
> com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSL
> ConnectionLink.java:1048)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr R at
> com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.
> complete(SSLConnectionLink.java:642)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr R at
> com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCall
> back.complete(SSLReadServiceContext.java:1784)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr R at
> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(
> AioReadCompletionListener.java:165)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr R at
> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFutur
> e.java:217)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr R at
> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannel
> Future.java:161)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr R at
> com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr R at
> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr R at
> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.ja
> va:775)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr R at
> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
>
> [9/8/15 12:04:27:202 IST] 00000064 SystemErr R at
> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1648)
>
> [9/8/15 12:04:27:202 IST] 00000064 SystemErr R Caused by:
> com.ibm.jsse2.util.g: PKIX path building failed:
> java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl
> could not build a valid CertPath.; internal cause is:
>
> java.security.cert.CertPathValidatorException: The
> certificate issued by CN=mumgo3206.in.oracle.com, OU=Root Certificate,
> OU=RSAppSrvCell1, OU=RSAppSrvNode1, O=IBM, C=US is not trusted;
> internal cause is:
>
> java.security.cert.CertPathValidatorException:
> Certificate chaining error
>
> [9/8/15 12:04:27:202 IST] 00000064 SystemErr R at
> com.ibm.jsse2.util.e.b(e.java:30)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr R at
> com.ibm.jsse2.util.e.b(e.java:62)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr R at
> com.ibm.jsse2.util.d.a(d.java:11)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr R at
> com.ibm.jsse2.hc.a(hc.java:40)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr R at
> com.ibm.jsse2.hc.checkServerTrusted(hc.java:33)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr R at
> com.ibm.jsse2.hc.b(hc.java:80)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr R at
> com.ibm.jsse2.hb.a(hb.java:416)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr R ... 48 more
>
> [9/8/15 12:04:27:204 IST] 00000064 SystemErr R Caused by:
> java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl
> could not build a valid CertPath.; internal cause is:
>
> java.security.cert.CertPathValidatorException: The
> certificate issued by CN=mumgo3206.in.oracle.com, OU=Root Certificate,
> OU=RSAppSrvCell1, OU=RSAppSrvNode1, O=IBM, C=US is not trusted;
> internal cause is:
>
> java.security.cert.CertPathValidatorException:
> Certificate chaining error
>
> [9/8/15 12:04:27:204 IST] 00000064 SystemErr R at
> com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPath
> BuilderImpl.java:411)
>
> [9/8/15 12:04:27:204 IST] 00000064 SystemErr R at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
>
> [9/8/15 12:04:27:205 IST] 00000064 SystemErr R at
> com.ibm.jsse2.util.e.b(e.java:103)
>
> [9/8/15 12:04:27:205 IST] 00000064 SystemErr R ... 54 more
>
> [9/8/15 12:04:27:205 IST] 00000064 SystemErr R Caused by:
> java.security.cert.CertPathValidatorException: The certificate issued
> by CN= mumgo3206.in.oracle.com, OU=Root Certificate, OU=RSAppSrvCell1,
> OU=RSAppSrvNode1, O=IBM, C=US is not trusted; internal cause is:
>
> java.security.cert.CertPathValidatorException:
> Certificate chaining error
>
> [9/8/15 12:04:27:206 IST] 00000064 SystemErr R at
> com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
>
> [9/8/15 12:04:27:206 IST] 00000064 SystemErr R at
> com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCer
> tPathValidatorImpl.java:176)
>
> [9/8/15 12:04:27:206 IST] 00000064 SystemErr R at
> com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPath
> BuilderImpl.java:737)
>
>
>
>
>
> Thanks & Regards,
>
> Bhuvaneswari
>
>
>
--
*Daniel Quaroni*
Principal Software Architect
P: 781.810.2743
q@invoke.com
www.invoke.com
See a Demo here <http://www.invoke.com/platform/demo>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic