Unable to Resolve PKIX Path Building Failed - https

I try to connect to https web service using below code.
adapter.xml:
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>https</protocol>
<domain>somewhere.com</domain>
<port>443</port>
<connectionTimeoutInMilliseconds>30000</connectionTimeoutInMilliseconds>
<socketTimeoutInMilliseconds>30000</socketTimeoutInMilliseconds>
<maxConcurrentConnectionsPerNode>50</maxConcurrentConnectionsPerNode>
</connectionPolicy>
</connectivity>
impl.js:
function getTest() {
var input = {
method : 'GET',
returnedContentType : 'json',
path : "WS.svc"
};
return WL.Server.invokeHttp(input);
}
Unfortunately, this error appears when I try to call the adapter:
{
"errors": [
"Runtime: Http request failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
],
"info": [
],
"isSuccessful": false,
"warnings": [
]
}
I have added the public certificate of the WS (accessed from browser and get it from certificate details) into my Java folder in Program Files (C:\Program Files\Java\jdk_version\jre\lib\security), however the issue still persists.
Is there any advise?

The instructions you've followed are incorrect when using MobileFirst Platform.
Follow the steps described in this user documentation topic (for Worklight 6.2, but valid for MFPF 6.3 and above as well).
Do not export the certificate from a browser because this action adds browser metadata and other artifacts which shouldn't be there. Instead use a tool such as OpenSSL to get the certificate (described in the documentation)
The certificate should then be stored in the keystore of the application server and not in your Java's JVM.

Related

When I run the example code of openai-java in my machine, SSLHandshakeException error happens

I tried to run the example of openai-java, but SSLHandshakeException error happens.
here is my code
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at io.reactivex.internal.util.ExceptionHelper.wrapOrThrow(ExceptionHelper.java:45)
at io.reactivex.internal.observers.BlockingMultiObserver.blockingGet(BlockingMultiObserver.java:91)
at io.reactivex.Single.blockingGet(Single.java:2585)
at com.theokanning.openai.OpenAiService.createCompletion(OpenAiService.java:116)
Also, I used postman to send post requests to https://api.openai.com/v1/completions with my secret-key, it gives "You exceeded your current quota, please check your plan and billing details"
I guess it may because of https Certificate, and I followed How to Resolve Error message "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", and put certificate of https://openai.com/ into my JDK. And It doesn't work. I wanna ask how to fix this problem

SpringBoot in IntelliJ. unable to find valid certification path to requested target

IntelliJ Community Edition, Java8, Spring Boot 2.1.11
Trying to do a basic linkedIn course (Building Reactive apps with Spring Boot2 by Chris Anatalio)
I am unable to run the application. It uses an embedded Mongo DB.
failed
:ReactivespringApplication.main()
org.springframework.beans.BeanInstantiationException: Failed to instantiate [de.flapdoodle.embed.mongo.MongodExecutable]: Factory method 'embeddedMongoServer' threw exception; nested exception is de.flapdoodle.embed.process.exceptions.DistributionException: prepare executable
de.flapdoodle.embed.process.exceptions.DistributionException: prepare executable
java.io.IOException: Could not open inputStream for https://downloads.mongodb.org/win32/mongodb-win32-x86_64-3.5.5.zip
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Update:
I found that LinkedIn provides an 'end' code set for each lecture. I downloaded and imported it and it ran fine. I dont know what is different. Did a WinMerge but no obvious differences.
Been in the same situation, Root cause is that you are behind a proxy server which requires ssl certificate to communicate/download.
Resolution:
1. Try different network, this worked for me when I connected to a mobile hotspot.
2. import/create a ssl certificate or bypass ssl, am also still exploring this path.

How to configure local issuer certificate in Wamp using OpenSSL in Laravel project?

Am trying to send SMS Locally with Nexmo but i configured my Wamp server to use OpenSSL but when i try sending, i get this error.
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
Am sending the message in a route from my web.php like this,
Route::get( '/sms/send/{to}', function(\ Nexmo\Client $nexmo, $to){
$message = $nexmo->message()->send([
'to' => $to,
'from' => env('NEXMO_NUMBER'),
'text' => 'Sending SMS from Laravel. Woohoo!'
]);
Log::info('sent message: ' . $message['message-id']);
});
Need help of how i can fix this.
Source: https://github.com/nexmo/nexmo-php#troubleshooting
Some users have issues making requests due to the following error:
Fatal error: Uncaught exception 'GuzzleHttp\Exception\RequestException' with message 'cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)'
This is due to some PHP installations not shipping with a list of trusted CA certificates. This is a system configuration problem, and not specific to either cURL or Nexmo.
IMPORTANT: In the next paragraph we provide a link to a CA certificate bundle. Nexmo do not guarantee the safety of this bundle, and you should review it yourself before installing any CA bundle on your machine.
To resolve this issue, download a list of trusted CA certificates (e.g. the curl bundle) and copy it on to your machine. Once this is done, edit php.ini and set the curl.cainfo parameter:
Linux/MacOS
curl.cainfo = "/etc/pki/tls/cacert.pem"
Windows
curl.cainfo = "C:\php\extras\ssl\cacert.pem"

Does Java 8 Jsse provider support sha224withRSA Algorithm?

jdk1.8.0.91 works fine here, but the latest revision (111) gives below error:
*handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: SHA224withRSA*
Clients accept the certificate when using jdk1.8.0.91, or jsse.jar of that distribution. But when I upgrade to the latest revision of Java, I see above error. So which one is the correct behaviour?
This is an update from Java on windows, see below bug link for details
https://bugs.openjdk.java.net/browse/JDK-8064330

Consul Check HTTPS self signed

I use Consul to register a web application. The web app use Java Consul client to register with check. I am able to activate TLS and encryption using a self signed CA to encrypt exchanges between consul agents and between my webapp and consul agent. But I am not able to make checks onto a HTTPS with self signed CA signed certificate.
My web application is secured and listens only on HTTPS with a self signed certificate. When I register a session with consul and provide a https://... URL for check, I am rejected:
com.orbitz.consul.ConsulException: Consul request failed with status [500]: rpc error: rpc error: Check 'service:a4cHealthCheck:172.17.0.3' is in critical state
In consul agent logs, I can see:
2016/07/23 08:24:45 [WARN] agent: http request failed 'https://172.17.0.3:8443/rest/latest/health/check': Get https://172.17.0.3:8443/rest/latest/health/check: x509: certificate signed by unknown authority
It seems that the consul agent don't accept self signed certificates for checks. How can I disable SSL verify only for checks or provide a truster for checks ?
You can disabled the HTTPS checks with the property tls_skip_verify. It is described in the section HTTP of the Consul checks documentation.
If you use a JSON file to configure your agent, here is an example of configuration.
{
"services": [
{
"id": "instance-1",
"name": "ManagementService",
"address": "localhost",
"port": 11080,
"checks": [
{
"id": "api",
"name": "HTTP API",
"http": "https://localhost:11081/service/monitoring/ping",
"tls_skip_verify": true,
"interval": "5s",
"timeout": "1s"
}
]
}
]
}
Golang crypto lib have a set paths he looks for trustworthy authorities. This varies by OS, but for Linux systems you can check the following link.
https://golang.org/src/crypto/x509/root_linux.go
So, you can have your issue solved by installing your CA into the system defaults.
For how to install a root certificate, see
https://superuser.com/questions/437330/how-do-you-add-a-certificate-authority-ca-to-ubuntu
or for others OS
http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

Resources