hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bhuvaneswari Anandhan <bhuvaneswari.anand...@oracle.com>
Subject RE: PoolingHttpClientConnectionManager SSL Handshake exception
Date Tue, 08 Sep 2015 13:53:47 GMT
Okay... 

Can you suggest me how to create client request using 4.4.1 with proper certificate &
hostname validation .

I'm looking into apache http client implementation for the same.

Thanks,
Bhuvaneswari

-----Original Message-----
From: Dan Quaroni [mailto:q@invoke.com] 
Sent: Tuesday, September 08, 2015 7:20 PM
To: HttpClient User Discussion
Subject: Re: PoolingHttpClientConnectionManager SSL Handshake exception

HttpClient did get more picky about certs.

On Tue, Sep 8, 2015 at 4:31 AM, Bhuvaneswari Anandhan < bhuvaneswari.anandhan@oracle.com>
wrote:

> Hi ,
>
>
>
> Recently we have done a Apache http component migration from 3.1 to 4.4.1.
>
>
>
> We have changed the connection manager implementation from 
> MultiThreadedHttpConnectionManager (3.1 implementation) to 
> PoolingHttpClientConnectionManager (apache httpclient 4.4.1).
>
>
>
>
>
> Now we are getting SSL socket exception when we are trying to request 
> using the connection.
>
>
>
> Exception trace:
>
> [9/8/15 12:04:27:192 IST] 00000064 SystemErr     R
> javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path 
> building failed: java.security.cert.CertPathBuilderException:
> PKIXCertPathBuilderImpl could not build a valid CertPath.; internal 
> cause
> is:
>
>                 java.security.cert.CertPathValidatorException: The 
> certificate issued by CN=mumgo3206.in.oracle.com, OU=Root Certificate, 
> OU=RSAppSrvCell1, OU=RSAppSrvNode1, O=IBM, C=US is not trusted; 
> internal cause is:
>
>                 java.security.cert.CertPathValidatorException: 
> Certificate chaining error
>
> [9/8/15 12:04:27:193 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.n.a(n.java:28)
>
> [9/8/15 12:04:27:193 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.tc.a(tc.java:251)
>
> [9/8/15 12:04:27:193 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.gb.a(gb.java:251)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.gb.a(gb.java:228)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.hb.a(hb.java:279)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.hb.a(hb.java:292)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.gb.n(gb.java:71)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.gb.a(gb.java:324)
>
> [9/8/15 12:04:27:194 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.tc.a(tc.java:559)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.tc.g(tc.java:25)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.tc.a(tc.java:582)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.tc.startHandshake(tc.java:652)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr     R             at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocke
> t(SSLConnectionSocketFactory.java:394)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr     R             at
> org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLC
> onnectionSocketFactory.java:353)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(
> DefaultHttpClientConnectionOperator.java:134)
>
> [9/8/15 12:04:27:195 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(P
> oolingHttpClientConnectionManager.java:353)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClien
> tExec.java:380)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.j
> ava:236)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:
> 184)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:
> 110)
>
> [9/8/15 12:04:27:196 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpC
> lient.java:184)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpC
> lient.java:117)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr     R             at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpC
> lient.java:55)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr     R             at
> com.citi.cpb.emea.revelation.proxy.ProxyServlet.sendApplicationRequest
> (ProxyServlet.java:392)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr     R             at
> com.citi.cpb.emea.revelation.proxy.ProxyServlet.doGet(ProxyServlet.jav
> a:130)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr     R             at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
>
> [9/8/15 12:04:27:197 IST] 00000064 SystemErr     R             at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.
> java:1147)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
> apper.java:722)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
> apper.java:449)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(Servl
> etWrapperImpl.java:178)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAp
> pFilterManager.java:1020)
>
> [9/8/15 12:04:27:198 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3639)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:30
> 4)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:9
> 50)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.ja
> va:1659)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr     R             at
> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java
> :195)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr     R             at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminat
> ion(HttpInboundLink.java:452)
>
> [9/8/15 12:04:27:199 IST] 00000064 SystemErr     R             at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(
> HttpInboundLink.java:511)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr     R             at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(Ht
> tpInboundLink.java:305)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr     R             at
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInbound
> Link.java:276)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr     R             at
> com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSL
> ConnectionLink.java:1048)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr     R             at
> com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.
> complete(SSLConnectionLink.java:642)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr     R             at
> com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCall
> back.complete(SSLReadServiceContext.java:1784)
>
> [9/8/15 12:04:27:200 IST] 00000064 SystemErr     R             at
> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(
> AioReadCompletionListener.java:165)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr     R             at
> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFutur
> e.java:217)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr     R             at
> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannel
> Future.java:161)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr     R             at
> com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr     R             at
> com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr     R             at
> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.ja
> va:775)
>
> [9/8/15 12:04:27:201 IST] 00000064 SystemErr     R             at
> com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
>
> [9/8/15 12:04:27:202 IST] 00000064 SystemErr     R             at
> com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1648)
>
> [9/8/15 12:04:27:202 IST] 00000064 SystemErr     R Caused by:
> com.ibm.jsse2.util.g: PKIX path building failed:
> java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl 
> could not build a valid CertPath.; internal cause is:
>
>                 java.security.cert.CertPathValidatorException: The 
> certificate issued by CN=mumgo3206.in.oracle.com, OU=Root Certificate, 
> OU=RSAppSrvCell1, OU=RSAppSrvNode1, O=IBM, C=US is not trusted; 
> internal cause is:
>
>                 java.security.cert.CertPathValidatorException: 
> Certificate chaining error
>
> [9/8/15 12:04:27:202 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.util.e.b(e.java:30)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.util.e.b(e.java:62)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.util.d.a(d.java:11)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.hc.a(hc.java:40)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.hc.checkServerTrusted(hc.java:33)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.hc.b(hc.java:80)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.hb.a(hb.java:416)
>
> [9/8/15 12:04:27:203 IST] 00000064 SystemErr     R             ... 48 more
>
> [9/8/15 12:04:27:204 IST] 00000064 SystemErr     R Caused by:
> java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl 
> could not build a valid CertPath.; internal cause is:
>
>                 java.security.cert.CertPathValidatorException: The 
> certificate issued by CN=mumgo3206.in.oracle.com, OU=Root Certificate, 
> OU=RSAppSrvCell1, OU=RSAppSrvNode1, O=IBM, C=US is not trusted; 
> internal cause is:
>
>                 java.security.cert.CertPathValidatorException: 
> Certificate chaining error
>
> [9/8/15 12:04:27:204 IST] 00000064 SystemErr     R             at
> com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPath
> BuilderImpl.java:411)
>
> [9/8/15 12:04:27:204 IST] 00000064 SystemErr     R             at
> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
>
> [9/8/15 12:04:27:205 IST] 00000064 SystemErr     R             at
> com.ibm.jsse2.util.e.b(e.java:103)
>
> [9/8/15 12:04:27:205 IST] 00000064 SystemErr     R             ... 54 more
>
> [9/8/15 12:04:27:205 IST] 00000064 SystemErr     R Caused by:
> java.security.cert.CertPathValidatorException: The certificate issued 
> by CN= mumgo3206.in.oracle.com, OU=Root Certificate, OU=RSAppSrvCell1, 
> OU=RSAppSrvNode1, O=IBM, C=US is not trusted; internal cause is:
>
>                 java.security.cert.CertPathValidatorException: 
> Certificate chaining error
>
> [9/8/15 12:04:27:206 IST] 00000064 SystemErr     R             at
> com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
>
> [9/8/15 12:04:27:206 IST] 00000064 SystemErr     R             at
> com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCer
> tPathValidatorImpl.java:176)
>
> [9/8/15 12:04:27:206 IST] 00000064 SystemErr     R             at
> com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPath
> BuilderImpl.java:737)
>
>
>
>
>
> Thanks & Regards,
>
> Bhuvaneswari
>
>
>


-- 

*Daniel Quaroni*
Principal Software Architect
P: 781.810.2743
q@invoke.com
www.invoke.com
See a Demo here <http://www.invoke.com/platform/demo>

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message