You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by ychawla <pr...@yahoo.com> on 2011/06/22 06:04:58 UTC
Re: Disable CertificateValidation when Routing to HTTPS endpoint
Does the server require a client certificate? If so, you need to get the
Certificate Authority to provide you one.
If the server just has an SSL Server certificate that is not in your
truststore, you can use HTTP conduit to configure your truststore to accept
the certificate or add the certificate to your default truststore.
More info on CXF and HTTP Conduit here:
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
--
View this message in context: http://camel.465427.n5.nabble.com/Disable-CertificateValidation-when-Routing-to-HTTPS-endpoint-tp4431968p4512855.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Disable CertificateValidation when Routing to HTTPS endpoint
Posted by contactreji <co...@gmail.com>.
I tried this solution but I get this error while I start my application. Can
you provide me a clue on this?
Logs below
Stacktrace
---------------------------------------------------------------------------------------------------------------------------------------"}
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at
org.apache.camel.component.http4.HttpProducer.executeMethod(HttpProducer.java:306)
at
org.apache.camel.component.http4.HttpProducer.process(HttpProducer.java:178)
at
org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:145)
at
org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
at
org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:542)
at
org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:197)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:120)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:83)
at
org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:197)
at
org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerConsumer.java:192)
at
org.apache.camel.component.timer.TimerConsumer$1.run(TimerConsumer.java:76)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 33 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 39 common frames omitted
-----
Reji Mathews
Sr. Developer - Middleware Integration / SOA ( Open Source - Apache Camel & Jboss Fuse ESB | Mule ESB )
LinkedIn - http://in.linkedin.com/pub/reji-mathews/31/9a2/40a
Twitter - reji_mathews
--
View this message in context: http://camel.465427.n5.nabble.com/Disable-CertificateValidation-when-Routing-to-HTTPS-endpoint-tp4431968p5805703.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Disable CertificateValidation when Routing to HTTPS endpoint
Posted by Magnus Palmér <ma...@gmail.com>.
OK, forgot to post that I found solution to my problem, it is based on some
of postings I've found but unfortunately I don't remember which one.
Still, I had to modify it to get it to work for me so here is how I did it,
in case someone else runs into the same problem:
(javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated)
>
> In the Spring applicationContext.xml:
<bean id="myHttpClientConfigurerTrustAllCACerts"
class="packagename.HttpClientConfigurerTrustAllCACerts" />
And in my route:
https4:
example.org/webservice?httpClientConfigurer=myHttpClientConfigurerTrustAllCACerts
My httpClientConfigurer (excluding package declaration)
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.camel.component.http4.HttpClientConfigurer;
import org.apache.camel.component.http4.HttpComponent;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.log4j.Logger;
public class HttpClientConfigurerTrustAllCACerts implements
HttpClientConfigurer {
private final static Logger logger = Logger
.getLogger(HttpClientConfigurerTrustAllCACerts.class);
HttpComponent httpComponent;
public HttpClientConfigurerTrustAllCACerts() {
}
public void configureHttpClient(org.apache.http.client.HttpClient
client) {
X509TrustManager tm = new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
};
try {
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https4", 443, ssf));
} catch (NoSuchAlgorithmException e) {
logger.error(e);
} catch (KeyManagementException e) {
logger.error(e);
}
}
}
2011/6/22 Magnus Palmér <ma...@gmail.com>
> Hi,
>
> I was just about to ask a similiar question after being up all night trying
> to get my https4 URI to work.
>
> I get this:
>
>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>
>
> There are several posts to be found via Google, some specific for Camel,
> and I've tried several others but must be missing something.
> Can't find a complete working example for self signed certificates though.
> I am at a loss right now after trying out a lot of different approaches.
> If anyone could point me in the right direction so I can get a fresh start
> again I will be most thankful.
> (Using Camel 2.7.2)
>
> Kind regards, Magnus Palmér
>
> P.S. Yes, I've seen this:
> http://camel.465427.n5.nabble.com/Using-HTTPS-in-camel-http-when-remote-side-has-self-signed-cert-td473876.html
> I've also read the http://camel.apache.org/http4.html
> Tried to make something out of the test sourcecode for http4 but so far
> failed.
> Also read this:
> http://stackoverflow.com/questions/5706166/apache-camel-http-and-ssl
>
>
> 2011/6/22 ychawla <pr...@yahoo.com>
>
>> Does the server require a client certificate? If so, you need to get the
>> Certificate Authority to provide you one.
>>
>> If the server just has an SSL Server certificate that is not in your
>> truststore, you can use HTTP conduit to configure your truststore to
>> accept
>> the certificate or add the certificate to your default truststore.
>>
>> More info on CXF and HTTP Conduit here:
>>
>>
>> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>>
>> --
>> View this message in context:
>> http://camel.465427.n5.nabble.com/Disable-CertificateValidation-when-Routing-to-HTTPS-endpoint-tp4431968p4512855.html
>> Sent from the Camel - Users mailing list archive at Nabble.com.
>>
>
>
>
> --
> --
> Brgds, Magnus Palmér
> +46736845680
>
>
Re: Disable CertificateValidation when Routing to HTTPS endpoint
Posted by Magnus Palmér <ma...@gmail.com>.
Hi,
I was just about to ask a similiar question after being up all night trying
to get my https4 URI to work.
I get this:
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>
There are several posts to be found via Google, some specific for Camel, and
I've tried several others but must be missing something.
Can't find a complete working example for self signed certificates though.
I am at a loss right now after trying out a lot of different approaches.
If anyone could point me in the right direction so I can get a fresh start
again I will be most thankful.
(Using Camel 2.7.2)
Kind regards, Magnus Palmér
P.S. Yes, I've seen this:
http://camel.465427.n5.nabble.com/Using-HTTPS-in-camel-http-when-remote-side-has-self-signed-cert-td473876.html
I've also read the http://camel.apache.org/http4.html
Tried to make something out of the test sourcecode for http4 but so far
failed.
Also read this:
http://stackoverflow.com/questions/5706166/apache-camel-http-and-ssl
2011/6/22 ychawla <pr...@yahoo.com>
> Does the server require a client certificate? If so, you need to get the
> Certificate Authority to provide you one.
>
> If the server just has an SSL Server certificate that is not in your
> truststore, you can use HTTP conduit to configure your truststore to accept
> the certificate or add the certificate to your default truststore.
>
> More info on CXF and HTTP Conduit here:
>
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/Disable-CertificateValidation-when-Routing-to-HTTPS-endpoint-tp4431968p4512855.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
--
--
Brgds, Magnus Palmér
+46736845680