My code connects to apns for push notification. Am using clevertap library from git(https://github.com/CleverTap/apns-http2). It uses okhttp3 for the connection. When I run code on IBM WAS 8.5.5 and am receiving an exception. Details below. Can you pls help me on how to address this? Am trying with Synchronous mode of sending push message. I use Java 1.7, WAS 8.5.5. Pls let me know if you need more details.
Caused by: java.lang.IllegalStateException: Unable to extract the trust manager on okhttp3.internal.Platform$JdkWithJettyBootPlatform#aeaa4bd5, sslSocketFactory is class com.ibm.jsse2.SSLSocketFactoryImpl
at okhttp3.OkHttpClient.<init>(OkHttpClient.java:187)
at okhttp3.OkHttpClient.<init>(OkHttpClient.java:60)
at okhttp3.OkHttpClient$Builder.build(OkHttpClient.java:718)
at com.clevertap.apns.clients.SyncOkHttpApnsClient.<init>(SyncOkHttpApnsClient.java:79)
Edit:
There were some solutions suggesting to re-install the certificate etc. But now, I don't get the trust store issue. But getting SSLHandshakeException. Error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure. I googled for the problem, but most of the solutions are with p12 option, with certificate not extracted correctly. But am using a p8 file here.
Related
I am getting error while installing Microsoft Monitoring Agent.
Installation Error Screenshot
I look at the Monitoring agent log file available in %temp% file and it shows below Error.
Error: Failed to connect, exception : System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.MOMv3.Setup.MOMv3ManagedCAs.ValidateOpInsightsConnection(Session session)
I check communication and firewall all are ok but getting same error. I have referrer official document troubleshoot issues as well but didn't help much on this. Same Agent we are able to install on other systems and working fine. So our Workspace key and ID is working fine.
please help here to resolve this issue.
Above issue can be resolved by set up correct registry entry. If Hardening is applied and lower version of TLS is disabled then above issue will occur.
This is basically TLS handshake issue between target system and Azure Log Analytics.
To resolve, we have to Setup below Registry policy.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
I'm trying to run liquibase update command using
liquibase --driver="com.ibm.db2.jcc.DB2Driver" --changeLogFile="masterchangelog.xml " --url="jdbc:db2://localhost:60001/SMDINTDB:retrieveMessageFromServerOnGetMessage=true;sslConnection=true;" --username="" --password="" --classpath=/home/db2inst1/sqllib/java/db2jcc4.jar validate
But I'm getting following error. Can anyone help me how to resolve this issue? How I can specify the location of certs ?
Unexpected error running Liquibase: com.ibm.db2.jcc.am.DisconnectNonTransientConnectionException: [jcc][t4][2030][11211][4.26.14] A communication error occurred during operations on the connection's underlying socket, socket input stream,
or socket output stream. Error location: Reply.fill() - socketInputStream.read (-1). Message: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. ERRORCODE=-4499, SQLSTATE=08001
Several pre-requisites exist for on-premises Db2-LUW SSL connectivity with jdbc.
liquibase works correctly with SSL connections to on-premises Db2-LUW, if all the prerequisite configuration completed successfully. Here are some tips.
the target Db2-LUW instance has to be already configured for SSL as per IBM Db2 documentation here. If you are using a cloud based Db2 service from IBM then this is already done for you, although you may need to use the IBM supplied root cert on the client side.
your client side JRE needs to be configured per IBM's Db2-LUW documentation here. I use the IBM JRE (as supplied with the Db2-LUW server) for liquibase.
for on-premises Db2-LUW your client side needs the java keystore created, and the server's certificate imported into it (keytool -importcert -file /your/path/to/server_certificate ... ).
for your specific error, for on-premises Db2-LUW you might try additional options in the connection string to tell the JRE how to access the client side keystore into which you already imported the server certificate. Specifically sslTrustStoreLocation=/path/to/.keystore;sslTrustStorePassword=whatever; . Note that I did not need these options if using Db2-on-cloud (liquibase worked correctly with SSL to Db2-on-cloud once I added DigiCertGlobalRootCA.crt to my keystore (although even that may be unnecessary) , but I did not try Db2-warehouse-on-cloud as I don't use that service.
I am trying to create a bot on my server running 10.9, and I keep getting the following error:
Bot creation failed with error: An SSL error has occurred and a secure
connection to the server cannot be made.
I just updated my SSL cert from the self signed to one from GoDaddy. My https://servername connects fine with a green https.
How do I get it to recognize my certificate?
I never was able to find a solution. I ended up doing a clean install, add my GoDaddy SSL certificates again, and the problem was resolved.
We are getting this error
"BW-HTTP-100300 Job-29000 Error in [Processes/Services/HTTP Request/Process Definition.process/Send HTTP Request]
An IOException was thrown while trying to execute the Http method
caused by: java.io.IOException: Failed to create secure client socket: Server certificate rejected by ChainVerifier"
I have done the following:
1. Created send http request.
2. Configured everything in the Configuration tab and the Input tabs.
3. Created Identity and imported the same into Identity
4. Downloaded the certificate and imported it in to 'Configure SSL'
5. While running the process I get the error mentioned above.
Am I missing anything?
Please provide me some guidance. Thanks in advance
Downloading the server certificate is not enough, you need to download the whole certificate chain from the root CA down to the server cert.
In the above example, you need to download all certs (except the last one mail.google.com which is optional) and add them to your trusted certificates folder.
Have you enabled VerifyHostName option while making the connection? If yes, then the server name should be in the allowed list too. In most cases you dont need this option enabled.
I'm using XCode 4.0.2 to upload my iPhone app to the iTunes app store but get the following error messages:
Failure instantiating web-service client
An exception has occurred: Unable to open url: https://contentdelivery.itunes.apple.com/WebObjects/MZLabelService.woa/ws/MZITunesProducerService?wsdl
Could not connect to Apple's web service
Unable to authenticate the package: 450416349.itmsp
I've got the latest Java version (1.6) and have double checked the network settings in the Java preferences.
Any ideas?
Got to the bottom of it. Running a TCP dump on our firewall discovered that some (but not all) of the requests that XCode made were using the configured proxy, and others were not.
We allowed the proxy to be bypassed completely to test and it all worked fine.
Have you tried using Application Loader? Try that and see if it works. Hope this helps.