You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Syed Ahmed <sa...@cloudops.com> on 2013/11/27 01:28:12 UTC

Getting error while adding Netscaler with the new 10.1 API

Hi,

I am trying to move the Netscaler to the 10.1 Nitro API and while using 
the new API I am getting the following error when adding Netscaler device

PKIX
  path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target


I have changed to use HTTP instead of HTTPS in nitro to temporarily work 
around this problem. Is HTTPS absolutely required for communication with 
external devices? or does my workaround is a valid fix?

Thanks,
-Syed

RE: Getting error while adding Netscaler with the new 10.1 API

Posted by Rajesh Battala <ra...@citrix.com>.

I have fixed this issue
https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=ca6e6e2b7cccbec7d065465d547ef7149383f7ae 


-----Original Message-----
From: Rajesh Battala [mailto:rajesh.battala@citrix.com] 
Sent: Thursday, April 24, 2014 3:27 PM
To: dev@cloudstack.apache.org; Syed Ahmed
Cc: Vijay Venkatachalam
Subject: RE: Getting error while adding Netscaler with the new 10.1 API

Syed, 

I have tried with NS 10.0 version. 
Its failing to add NS device with error 

"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"} "
Your patch will take care of NS 10.0 version also or only 10.1. 
On latest master/4.4 adding NS10.0 is failing to add as CS is not able to login to NS due to above error.

Thanks
Rajesh Battala

-----Original Message-----
From: Syed Ahmed [mailto:sahmed@cloudops.com]
Sent: Thursday, November 28, 2013 7:07 AM
To: dev@cloudstack.apache.org
Cc: Vijay Venkatachalam
Subject: Re: Getting error while adding Netscaler with the new 10.1 API

Got it Vijay.  I have submitted another patch for certificate chaining. 
I have tested with 10.1 and it works. I send a patch for the move to
10.1 as well.

Thanks,
-Syed

On Wed 27 Nov 2013 04:52:47 AM EST, Vijay Venkatachalam wrote:
> In order to continue with the old behavior, use HTTPS but have cert and hostname validation turned off, the following has to be done
>               nitro_service.set_certvalidation(false);
>               nitro_service.set_hostnameverification(false);
>
>> -----Original Message-----
>> From: Syed Ahmed [mailto:sahmed@cloudops.com]
>> Sent: Wednesday, November 27, 2013 5:58 AM
>> To: dev@cloudstack.apache.org
>> Subject: Getting error while adding Netscaler with the new 10.1 API
>>
>> Hi,
>>
>> I am trying to move the Netscaler to the 10.1 Nitro API and while 
>> using the new API I am getting the following error when adding 
>> Netscaler device
>>
>> PKIX
>>    path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to 
>> find valid certification path to requested target
>>
>>
>> I have changed to use HTTP instead of HTTPS in nitro to temporarily 
>> work around this problem. Is HTTPS absolutely required for 
>> communication with external devices? or does my workaround is a valid fix?
>>
>> Thanks,
>> -Syed

RE: Getting error while adding Netscaler with the new 10.1 API

Posted by Rajesh Battala <ra...@citrix.com>.

Syed, 

I have tried with NS 10.0 version. 
Its failing to add NS device with error 

"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
"
Your patch will take care of NS 10.0 version also or only 10.1. 
On latest master/4.4 adding NS10.0 is failing to add as CS is not able to login to NS due to above error.

Thanks
Rajesh Battala

-----Original Message-----
From: Syed Ahmed [mailto:sahmed@cloudops.com] 
Sent: Thursday, November 28, 2013 7:07 AM
To: dev@cloudstack.apache.org
Cc: Vijay Venkatachalam
Subject: Re: Getting error while adding Netscaler with the new 10.1 API

Got it Vijay.  I have submitted another patch for certificate chaining. 
I have tested with 10.1 and it works. I send a patch for the move to
10.1 as well.

Thanks,
-Syed

On Wed 27 Nov 2013 04:52:47 AM EST, Vijay Venkatachalam wrote:
> In order to continue with the old behavior, use HTTPS but have cert and hostname validation turned off, the following has to be done
>               nitro_service.set_certvalidation(false);
>               nitro_service.set_hostnameverification(false);
>
>> -----Original Message-----
>> From: Syed Ahmed [mailto:sahmed@cloudops.com]
>> Sent: Wednesday, November 27, 2013 5:58 AM
>> To: dev@cloudstack.apache.org
>> Subject: Getting error while adding Netscaler with the new 10.1 API
>>
>> Hi,
>>
>> I am trying to move the Netscaler to the 10.1 Nitro API and while 
>> using the new API I am getting the following error when adding 
>> Netscaler device
>>
>> PKIX
>>    path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to 
>> find valid certification path to requested target
>>
>>
>> I have changed to use HTTP instead of HTTPS in nitro to temporarily 
>> work around this problem. Is HTTPS absolutely required for 
>> communication with external devices? or does my workaround is a valid fix?
>>
>> Thanks,
>> -Syed

Re: Getting error while adding Netscaler with the new 10.1 API

Posted by Syed Ahmed <sa...@cloudops.com>.

Got it Vijay.  I have submitted another patch for certificate chaining. 
I have tested with 10.1 and it works. I send a patch for the move to 
10.1 as well.

Thanks,
-Syed

On Wed 27 Nov 2013 04:52:47 AM EST, Vijay Venkatachalam wrote:
> In order to continue with the old behavior, use HTTPS but have cert and hostname validation turned off, the following has to be done
>               nitro_service.set_certvalidation(false);
>               nitro_service.set_hostnameverification(false);
>
>> -----Original Message-----
>> From: Syed Ahmed [mailto:sahmed@cloudops.com]
>> Sent: Wednesday, November 27, 2013 5:58 AM
>> To: dev@cloudstack.apache.org
>> Subject: Getting error while adding Netscaler with the new 10.1 API
>>
>> Hi,
>>
>> I am trying to move the Netscaler to the 10.1 Nitro API and while using the
>> new API I am getting the following error when adding Netscaler device
>>
>> PKIX
>>    path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target
>>
>>
>> I have changed to use HTTP instead of HTTPS in nitro to temporarily work
>> around this problem. Is HTTPS absolutely required for communication with
>> external devices? or does my workaround is a valid fix?
>>
>> Thanks,
>> -Syed

RE: Getting error while adding Netscaler with the new 10.1 API

Posted by Vijay Venkatachalam <Vi...@citrix.com>.

In order to continue with the old behavior, use HTTPS but have cert and hostname validation turned off, the following has to be done
             nitro_service.set_certvalidation(false);
             nitro_service.set_hostnameverification(false);

> -----Original Message-----
> From: Syed Ahmed [mailto:sahmed@cloudops.com]
> Sent: Wednesday, November 27, 2013 5:58 AM
> To: dev@cloudstack.apache.org
> Subject: Getting error while adding Netscaler with the new 10.1 API
> 
> Hi,
> 
> I am trying to move the Netscaler to the 10.1 Nitro API and while using the
> new API I am getting the following error when adding Netscaler device
> 
> PKIX
>   path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> 
> 
> I have changed to use HTTP instead of HTTPS in nitro to temporarily work
> around this problem. Is HTTPS absolutely required for communication with
> external devices? or does my workaround is a valid fix?
> 
> Thanks,
> -Syed

Re: Getting error while adding Netscaler with the new 10.1 API

Posted by Chiradeep Vittal <Ch...@citrix.com>.

That happens when you use a self-signed certificate.
You can use EasySSLProtocolSocketFactory.java from utils

On 11/26/13 4:28 PM, "Syed Ahmed" <sa...@cloudops.com> wrote:

>Hi,
>
>I am trying to move the Netscaler to the 10.1 Nitro API and while using
>the new API I am getting the following error when adding Netscaler device
>
>PKIX
>  path building failed:
>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>find valid certification path to requested target
>
>
>I have changed to use HTTP instead of HTTPS in nitro to temporarily work
>around this problem. Is HTTPS absolutely required for communication with
>external devices? or does my workaround is a valid fix?
>
>Thanks,
>-Syed