« Return to Thread: HTTPS connection
Re: HTTPS connection
by Ruwan Linton-3
::
Rate this Message:
Hi Stefan,
By looking at the stack trace, I think the server to which you are
talking through ESB returns a *HTML* response rather than a *SOAP*
response, with a 404 not found, which can not be handled by the ESB
because it contains a DTD which cannot be built by AXIOM.
Can you please tell us the server to which you are talking through ESB,
and can you make sure to send a request which will not result in a 404
Resource not found and see whether it is working properly.
Thanks,
Ruwan
stlecho wrote:
> Hi Asankha,
>
> I've changed the HTTPS Transport sender and the following error message
> disappeared: "PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target".
>
> But now I'm receiving another one :o(:
> "com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"'
> (code 34) in DOCTYPE declaration; expected a space between public and system
> identifiers".
>
> The only modification I've done, is changing the trustStore parameter of the
> HTTPS Transport Sender in the webapp\WEB-INF\classes\conf\axis2.xml file.
> Based on the stacktrace I'm not able to determine which document causes this
> error. The modified axis2.xml file does not contain a DOCTYPE declaration.
>
> Stacktrace:
> 2008-03-05 17:20:01,567 [192.168.13.175-INFOR2] [I/O dispatcher 3] ERROR
> ClientHandler Received an unexpected response - of content type : text/html;
> charset=iso-8859-1 and status code : 404 with reason : Not Found
> 2008-03-05 17:20:01,582 [192.168.13.175-INFOR2] [HttpClientWorker-1] ERROR
> ClientWorker Unexpected response received
> org.apache.axiom.om.OMException:
> com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"' (code
> 34) in DOCTYPE declaration; expected a space between public and system
> identifiers
> at [row,col {unknown-source}]: [1,50]
> at
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:239)
> at
> org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelope(StAXSOAPModelBuilder.java:161)
> at
> org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.<init>(StAXSOAPModelBuilder.java:110)
> at
> org.apache.axis2.builder.BuilderUtil.getSOAPBuilder(BuilderUtil.java:609)
> at
> org.apache.axis2.transport.TransportUtils.createDocumentElement(TransportUtils.java:178)
> at
> org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:111)
> at
> org.apache.synapse.transport.nhttp.ClientWorker.run(ClientWorker.java:160)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
> at java.lang.Thread.run(Thread.java:595)
>
> PS: I'm using ESB v1.6.
>
> Regards, Stefan Lecho.
>
>
> asankha wrote:
>
>> Hi Stefan
>>
>>> In order to setup an SSL connection with the Axis2-based client, we've
>>> added
>>> the following: "System.setProperty("javax.net.ssl.trustStore",
>>> "d:/path_to_file/name_of_keystore");
>>> System.setProperty("javax.net.ssl.trustStorePassword", "secret");".
>>>
>>> In ESB, I've changed the value of the "truststore" parameter to use the
>>> same
>>> truststore used by the Axis2-based client. I've also created a Proxy that
>>> points to the https webservice. When calling this Proxy, the following
>>> error
>>> is generated: "Caused by: sun.security.validator.ValidatorException: PKIX
>>> path building failed:
>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>> find
>>> valid certification path to requested target". The used truststore
>>> contains
>>> the SSL certificate of the site.
>>>
>>>
>> Which "truststore" parameter did you change? Since you are "calling" and
>> external HTTPS service, you must edit the HTTPS Transport Sender
>> configuration as follows, and not the Listener
>>
>> <transportSender name="https"
>> class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
>> <parameter name="non-blocking" locked="false">true</parameter>
>> <parameter name="keystore" locked="false">
>> <KeyStore>
>> <Location>identity.jks</Location>
>> <Type>JKS</Type>
>> <Password>password</Password>
>> <KeyPassword>password</KeyPassword>
>> </KeyStore>
>> </parameter>
>> *<parameter name="truststore" locked="false">
>> <TrustStore>
>> <Location>trust.jks</Location>
>> <Type>JKS</Type>
>> <Password>password</Password>
>> </TrustStore>
>> </parameter>*
>> <!--<parameter
>> name="HostnameVerifier">DefaultAndLocalhost</parameter>
>> supports Strict|AllowAll|DefaultAndLocalhost or the default
>> if none specified -->
>> </transportSender>
>>
>>
>>> I'm aware that this question is more related to JKS and SSL
>>> configuration,
>>> but - although I found it out for the Axis2-based client - I'm unable to
>>> configure it correctly for ESB.
>>>
>>>
>> I am confident that this works without any issues if the keystores are
>> properly configured. Basically I would expect the truststore to contain
>> the CA certificate of your external server as a "trusted certificate" in
>> the keystore
>>
>> If you can also send me the output of "keytool -v -list -keystore
>> trust.jks" for your JKS, that would be helpful (please remember to hide
>> your password from the output generated before you post it here :-))
>>
>> asankha
>>
>> _______________________________________________
>> Esb-java-user mailing list
>> Esb-java-user@...
>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
>>
>>
>>
>
>
_______________________________________________
Esb-java-user mailing list
Esb-java-user@...
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
By looking at the stack trace, I think the server to which you are
talking through ESB returns a *HTML* response rather than a *SOAP*
response, with a 404 not found, which can not be handled by the ESB
because it contains a DTD which cannot be built by AXIOM.
Can you please tell us the server to which you are talking through ESB,
and can you make sure to send a request which will not result in a 404
Resource not found and see whether it is working properly.
Thanks,
Ruwan
stlecho wrote:
> Hi Asankha,
>
> I've changed the HTTPS Transport sender and the following error message
> disappeared: "PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target".
>
> But now I'm receiving another one :o(:
> "com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"'
> (code 34) in DOCTYPE declaration; expected a space between public and system
> identifiers".
>
> The only modification I've done, is changing the trustStore parameter of the
> HTTPS Transport Sender in the webapp\WEB-INF\classes\conf\axis2.xml file.
> Based on the stacktrace I'm not able to determine which document causes this
> error. The modified axis2.xml file does not contain a DOCTYPE declaration.
>
> Stacktrace:
> 2008-03-05 17:20:01,567 [192.168.13.175-INFOR2] [I/O dispatcher 3] ERROR
> ClientHandler Received an unexpected response - of content type : text/html;
> charset=iso-8859-1 and status code : 404 with reason : Not Found
> 2008-03-05 17:20:01,582 [192.168.13.175-INFOR2] [HttpClientWorker-1] ERROR
> ClientWorker Unexpected response received
> org.apache.axiom.om.OMException:
> com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '"' (code
> 34) in DOCTYPE declaration; expected a space between public and system
> identifiers
> at [row,col {unknown-source}]: [1,50]
> at
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:239)
> at
> org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.getSOAPEnvelope(StAXSOAPModelBuilder.java:161)
> at
> org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder.<init>(StAXSOAPModelBuilder.java:110)
> at
> org.apache.axis2.builder.BuilderUtil.getSOAPBuilder(BuilderUtil.java:609)
> at
> org.apache.axis2.transport.TransportUtils.createDocumentElement(TransportUtils.java:178)
> at
> org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:111)
> at
> org.apache.synapse.transport.nhttp.ClientWorker.run(ClientWorker.java:160)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
> at java.lang.Thread.run(Thread.java:595)
>
> PS: I'm using ESB v1.6.
>
> Regards, Stefan Lecho.
>
>
> asankha wrote:
>
>> Hi Stefan
>>
>>> In order to setup an SSL connection with the Axis2-based client, we've
>>> added
>>> the following: "System.setProperty("javax.net.ssl.trustStore",
>>> "d:/path_to_file/name_of_keystore");
>>> System.setProperty("javax.net.ssl.trustStorePassword", "secret");".
>>>
>>> In ESB, I've changed the value of the "truststore" parameter to use the
>>> same
>>> truststore used by the Axis2-based client. I've also created a Proxy that
>>> points to the https webservice. When calling this Proxy, the following
>>> error
>>> is generated: "Caused by: sun.security.validator.ValidatorException: PKIX
>>> path building failed:
>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>> find
>>> valid certification path to requested target". The used truststore
>>> contains
>>> the SSL certificate of the site.
>>>
>>>
>> Which "truststore" parameter did you change? Since you are "calling" and
>> external HTTPS service, you must edit the HTTPS Transport Sender
>> configuration as follows, and not the Listener
>>
>> <transportSender name="https"
>> class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
>> <parameter name="non-blocking" locked="false">true</parameter>
>> <parameter name="keystore" locked="false">
>> <KeyStore>
>> <Location>identity.jks</Location>
>> <Type>JKS</Type>
>> <Password>password</Password>
>> <KeyPassword>password</KeyPassword>
>> </KeyStore>
>> </parameter>
>> *<parameter name="truststore" locked="false">
>> <TrustStore>
>> <Location>trust.jks</Location>
>> <Type>JKS</Type>
>> <Password>password</Password>
>> </TrustStore>
>> </parameter>*
>> <!--<parameter
>> name="HostnameVerifier">DefaultAndLocalhost</parameter>
>> supports Strict|AllowAll|DefaultAndLocalhost or the default
>> if none specified -->
>> </transportSender>
>>
>>
>>> I'm aware that this question is more related to JKS and SSL
>>> configuration,
>>> but - although I found it out for the Axis2-based client - I'm unable to
>>> configure it correctly for ESB.
>>>
>>>
>> I am confident that this works without any issues if the keystores are
>> properly configured. Basically I would expect the truststore to contain
>> the CA certificate of your external server as a "trusted certificate" in
>> the keystore
>>
>> If you can also send me the output of "keytool -v -list -keystore
>> trust.jks" for your JKS, that would be helpful (please remember to hide
>> your password from the output generated before you post it here :-))
>>
>> asankha
>>
>> _______________________________________________
>> Esb-java-user mailing list
>> Esb-java-user@...
>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
>>
>>
>>
>
>
_______________________________________________
Esb-java-user mailing list
Esb-java-user@...
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
« Return to Thread: HTTPS connection
| Free embeddable forum powered by Nabble | Forum Help |
