You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Syed Ahmed <sa...@cloudops.com> on 2013/11/27 01:28:12 UTC
Getting error while adding Netscaler with the new 10.1 API
Hi,
I am trying to move the Netscaler to the 10.1 Nitro API and while using
the new API I am getting the following error when adding Netscaler device
PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
I have changed to use HTTP instead of HTTPS in nitro to temporarily work
around this problem. Is HTTPS absolutely required for communication with
external devices? or does my workaround is a valid fix?
Thanks,
-Syed
RE: Getting error while adding Netscaler with the new 10.1 API
Posted by Rajesh Battala <ra...@citrix.com>.
I have fixed this issue
https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=ca6e6e2b7cccbec7d065465d547ef7149383f7ae
-----Original Message-----
From: Rajesh Battala [mailto:rajesh.battala@citrix.com]
Sent: Thursday, April 24, 2014 3:27 PM
To: dev@cloudstack.apache.org; Syed Ahmed
Cc: Vijay Venkatachalam
Subject: RE: Getting error while adding Netscaler with the new 10.1 API
Syed,
I have tried with NS 10.0 version.
Its failing to add NS device with error
"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"} "
Your patch will take care of NS 10.0 version also or only 10.1.
On latest master/4.4 adding NS10.0 is failing to add as CS is not able to login to NS due to above error.
Thanks
Rajesh Battala
-----Original Message-----
From: Syed Ahmed [mailto:sahmed@cloudops.com]
Sent: Thursday, November 28, 2013 7:07 AM
To: dev@cloudstack.apache.org
Cc: Vijay Venkatachalam
Subject: Re: Getting error while adding Netscaler with the new 10.1 API
Got it Vijay. I have submitted another patch for certificate chaining.
I have tested with 10.1 and it works. I send a patch for the move to
10.1 as well.
Thanks,
-Syed
On Wed 27 Nov 2013 04:52:47 AM EST, Vijay Venkatachalam wrote:
> In order to continue with the old behavior, use HTTPS but have cert and hostname validation turned off, the following has to be done
> nitro_service.set_certvalidation(false);
> nitro_service.set_hostnameverification(false);
>
>> -----Original Message-----
>> From: Syed Ahmed [mailto:sahmed@cloudops.com]
>> Sent: Wednesday, November 27, 2013 5:58 AM
>> To: dev@cloudstack.apache.org
>> Subject: Getting error while adding Netscaler with the new 10.1 API
>>
>> Hi,
>>
>> I am trying to move the Netscaler to the 10.1 Nitro API and while
>> using the new API I am getting the following error when adding
>> Netscaler device
>>
>> PKIX
>> path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find valid certification path to requested target
>>
>>
>> I have changed to use HTTP instead of HTTPS in nitro to temporarily
>> work around this problem. Is HTTPS absolutely required for
>> communication with external devices? or does my workaround is a valid fix?
>>
>> Thanks,
>> -Syed
RE: Getting error while adding Netscaler with the new 10.1 API
Posted by Rajesh Battala <ra...@citrix.com>.
Syed,
I have tried with NS 10.0 version.
Its failing to add NS device with error
"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
"
Your patch will take care of NS 10.0 version also or only 10.1.
On latest master/4.4 adding NS10.0 is failing to add as CS is not able to login to NS due to above error.
Thanks
Rajesh Battala
-----Original Message-----
From: Syed Ahmed [mailto:sahmed@cloudops.com]
Sent: Thursday, November 28, 2013 7:07 AM
To: dev@cloudstack.apache.org
Cc: Vijay Venkatachalam
Subject: Re: Getting error while adding Netscaler with the new 10.1 API
Got it Vijay. I have submitted another patch for certificate chaining.
I have tested with 10.1 and it works. I send a patch for the move to
10.1 as well.
Thanks,
-Syed
On Wed 27 Nov 2013 04:52:47 AM EST, Vijay Venkatachalam wrote:
> In order to continue with the old behavior, use HTTPS but have cert and hostname validation turned off, the following has to be done
> nitro_service.set_certvalidation(false);
> nitro_service.set_hostnameverification(false);
>
>> -----Original Message-----
>> From: Syed Ahmed [mailto:sahmed@cloudops.com]
>> Sent: Wednesday, November 27, 2013 5:58 AM
>> To: dev@cloudstack.apache.org
>> Subject: Getting error while adding Netscaler with the new 10.1 API
>>
>> Hi,
>>
>> I am trying to move the Netscaler to the 10.1 Nitro API and while
>> using the new API I am getting the following error when adding
>> Netscaler device
>>
>> PKIX
>> path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find valid certification path to requested target
>>
>>
>> I have changed to use HTTP instead of HTTPS in nitro to temporarily
>> work around this problem. Is HTTPS absolutely required for
>> communication with external devices? or does my workaround is a valid fix?
>>
>> Thanks,
>> -Syed
Re: Getting error while adding Netscaler with the new 10.1 API
Posted by Syed Ahmed <sa...@cloudops.com>.
Got it Vijay. I have submitted another patch for certificate chaining.
I have tested with 10.1 and it works. I send a patch for the move to
10.1 as well.
Thanks,
-Syed
On Wed 27 Nov 2013 04:52:47 AM EST, Vijay Venkatachalam wrote:
> In order to continue with the old behavior, use HTTPS but have cert and hostname validation turned off, the following has to be done
> nitro_service.set_certvalidation(false);
> nitro_service.set_hostnameverification(false);
>
>> -----Original Message-----
>> From: Syed Ahmed [mailto:sahmed@cloudops.com]
>> Sent: Wednesday, November 27, 2013 5:58 AM
>> To: dev@cloudstack.apache.org
>> Subject: Getting error while adding Netscaler with the new 10.1 API
>>
>> Hi,
>>
>> I am trying to move the Netscaler to the 10.1 Nitro API and while using the
>> new API I am getting the following error when adding Netscaler device
>>
>> PKIX
>> path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target
>>
>>
>> I have changed to use HTTP instead of HTTPS in nitro to temporarily work
>> around this problem. Is HTTPS absolutely required for communication with
>> external devices? or does my workaround is a valid fix?
>>
>> Thanks,
>> -Syed
RE: Getting error while adding Netscaler with the new 10.1 API
Posted by Vijay Venkatachalam <Vi...@citrix.com>.
In order to continue with the old behavior, use HTTPS but have cert and hostname validation turned off, the following has to be done
nitro_service.set_certvalidation(false);
nitro_service.set_hostnameverification(false);
> -----Original Message-----
> From: Syed Ahmed [mailto:sahmed@cloudops.com]
> Sent: Wednesday, November 27, 2013 5:58 AM
> To: dev@cloudstack.apache.org
> Subject: Getting error while adding Netscaler with the new 10.1 API
>
> Hi,
>
> I am trying to move the Netscaler to the 10.1 Nitro API and while using the
> new API I am getting the following error when adding Netscaler device
>
> PKIX
> path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
>
> I have changed to use HTTP instead of HTTPS in nitro to temporarily work
> around this problem. Is HTTPS absolutely required for communication with
> external devices? or does my workaround is a valid fix?
>
> Thanks,
> -Syed
Re: Getting error while adding Netscaler with the new 10.1 API
Posted by Chiradeep Vittal <Ch...@citrix.com>.
That happens when you use a self-signed certificate.
You can use EasySSLProtocolSocketFactory.java from utils
On 11/26/13 4:28 PM, "Syed Ahmed" <sa...@cloudops.com> wrote:
>Hi,
>
>I am trying to move the Netscaler to the 10.1 Nitro API and while using
>the new API I am getting the following error when adding Netscaler device
>
>PKIX
> path building failed:
>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>find valid certification path to requested target
>
>
>I have changed to use HTTP instead of HTTPS in nitro to temporarily work
>around this problem. Is HTTPS absolutely required for communication with
>external devices? or does my workaround is a valid fix?
>
>Thanks,
>-Syed