You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@jclouds.apache.org by Udara Liyanage <ud...@gmail.com> on 2014/12/22 17:41:48 UTC

Certificate validation issue with AWS EC2

Hi.

Below error is occurred  while starting an instance with Jclouds. Do we
have to add aws-ec2 certs to our truststore in order to resolve this?
It seems that Jclouds does a certificate validation. Like to know some
details on this.

sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target connecting to POST
https://ec2.us-east-1.amazonaws.com/ HTTP/1.1

-- 
Udara S.S Liyanage.
Software Engineer at WSO2.
Commiter and PPMC Member of Apache Stratos.
Blog - http://udaraliyanage.wordpress.com
phone: +94 71 443 6897

Re: Certificate validation issue with AWS EC2

Posted by Giovanni Toraldo <me...@gionn.net>.

Hi,

On Mon, Dec 22, 2014 at 11:01 PM, Ignasi Barrera <na...@apache.org> wrote:
> So, as in any regular Java application, if you have to connect to an
> SSL endpoint and you need to explicitly trust a server certificate,
> you'll have to add that certificate to your trust store (or use any
> insecure mean of ignoring the certificates).

this is usually true if you are using self-signed certificates, but in
this case Amazon has surely proper certificates, so you probably have
a borked java install missing CA certificates necessary to trust any
other valid certificate, or a misconfigured date/time on your machine,
or some other glitch of this kind.

-- 
Giovanni Toraldo
http://gionn.net

Re: Certificate validation issue with AWS EC2

Posted by Ignasi Barrera <na...@apache.org>.

jclouds uses a driver mechanism to perform HTTP requests. Currently it
supports 3 drivers: the default one that uses the Java
HttpUrlConnection, the OkHttp driver and the Apache HttpClient one.
Those drivers are the ones that create and manage the actual HTTP
connections, and jclouds doesn't set any SSL attribute unless
explicitly configured.

So, as in any regular Java application, if you have to connect to an
SSL endpoint and you need to explicitly trust a server certificate,
you'll have to add that certificate to your trust store (or use any
insecure mean of ignoring the certificates).

I.

On 22 December 2014 at 17:41, Udara Liyanage <ud...@gmail.com> wrote:
> Hi.
>
> Below error is occurred  while starting an instance with Jclouds. Do we have
> to add aws-ec2 certs to our truststore in order to resolve this?
> It seems that Jclouds does a certificate validation. Like to know some
> details on this.
>
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target connecting to POST
> https://ec2.us-east-1.amazonaws.com/ HTTP/1.1
>
> --
> Udara S.S Liyanage.
> Software Engineer at WSO2.
> Commiter and PPMC Member of Apache Stratos.
> Blog - http://udaraliyanage.wordpress.com
> phone: +94 71 443 6897