synapse-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doronzo, Luigi" <Luigi.Doro...@experian.com>
Subject RE: error starting Synapse
Date Wed, 15 Sep 2010 13:42:17 GMT
 

Hi all,

I use a Synapse installation to connect with an external interface and
since they changed their certificates synapse fails to start.

Here it is the axis2.xml and the synapse.xml file

 

<definitions xmlns="http://ws.apache.org/ns/synapse">

 

    <proxy name="KpsProxy" statistics="enable" transports="http"
startOnLoad="true">

        <target>

            <inSequence>

                <send>

                    <endpoint>

                        <address
uri="https://kps.nvi.gov.tr/Mernis.KPS.Web.SI/kps.asmx">

                            <enableAddressing version="submission"/>

                            <enableSec policy="policy.kps"/>

                        </address>

                    </endpoint>

                </send>

            </inSequence>

            <outSequence>

                <header name="wsse:Security" action="remove"
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
t-1.0.xsd"/>

                <send/>

            </outSequence>

        </target>

        <publishWSDL
uri="https://kps.nvi.gov.tr/Mernis.KPS.Web.SI/kps.asmx" />

    </proxy>

 

    <localEntry key="policy.kps" src="file:repository\conf\policy"/>

 

</definitions>

 

<!-- ================================================= -->

    <!-- Transport Outs -->

    <!-- ================================================= -->

 

    <transportSender name="http"
class="org.apache.synapse.transport.nhttp.HttpCoreNIOSender">

        <parameter name="non-blocking" locked="false">true</parameter>

        <!-- If following is set to 'true', optional action part of the
Content-Type will not be added to the SOAP 1.2 messages -->

        <!--  <parameter name="OmitSOAP12Action">true</parameter>  -->

    </transportSender>

    <transportSender name="https"
class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">

        <parameter name="non-blocking" locked="false">true</parameter>

        <parameter name="keystore" locked="false">

            <KeyStore>

                <Location>identity.jks</Location>

                <Type>JKS</Type>

                <Password>password</Password>

                <KeyPassword>password</KeyPassword>

            </KeyStore>

        </parameter>

        <parameter name="truststore" locked="false">

            <TrustStore>

                <Location>trust.jks</Location>

                <Type>JKS</Type>

                <Password>password</Password>

            </TrustStore>

        </parameter>

        <!--<parameter
name="HostnameVerifier">DefaultAndLocalhost</parameter>

            supports Strict|AllowAll|DefaultAndLocalhost or the default
if none specified -->

    </transportSender>

 

Please bear in mind if i put the .asmx in internet explorer i'm still
able to open it

 

Here it is the relevant extract of the wrapper.log:

 

--> Wrapper Started as Service

Launching a JVM...

Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org

  Copyright 1999-2006 Tanuki Software, Inc.  All Rights Reserved.

 

2010-09-14 12:11:06,399 [-] [WrapperSimpleAppMain]  INFO ServerManager
Using the Axis2 Repository C:\synapse-1.2-SNAPSHOT\repository

2010-09-14 12:11:07,040 [-] [WrapperSimpleAppMain]  INFO
SynapseInitializationModule Initializing Synapse at : Tue Sep 14
12:11:07 EEST 2010

2010-09-14 12:11:07,040 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain]  INFO SynapseInitializationModule Loading
mediator extensions...

2010-09-14 12:11:07,040 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain]  INFO SynapseInitializationModule Initializing
the Synapse configuration ...

2010-09-14 12:11:07,056 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain]  INFO XMLConfigurationBuilder Generating the
Synapse configuration model by parsing the XML configuration

2010-09-14 12:11:07,149 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain]  INFO SynapseConfigurationBuilder Loaded Synapse
configuration from : repository/conf/synapse.xml

2010-09-14 12:11:07,149 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain]  INFO SynapseInitializationModule Deploying the
Synapse service..

2010-09-14 12:11:07,181 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain]  INFO SynapseInitializationModule Synapse server
name : ddmorginweb

2010-09-14 12:11:07,181 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain]  INFO SynapseInitializationModule Deploying Proxy
services...

2010-09-14 12:11:07,181 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain]  INFO ProxyService Building Axis service for
Proxy service : KpsProxy

2010-09-14 12:11:07,556 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain] ERROR ProxyService Error reading from wsdl URI

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

                at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unkno
wn Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)

                at
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)

                at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un
known Source)

                at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)

                at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)

                at
org.apache.synapse.config.SynapseConfigUtils.getOMElementFromURL(Synapse
ConfigUtils.java:245)

                at
org.apache.synapse.core.axis2.ProxyService.buildAxisService(ProxyService
java:243)

                at
org.apache.synapse.core.axis2.SynapseInitializationModule.init(SynapseIn
itializationModule.java:141)

                at
org.apache.axis2.context.ConfigurationContextFactory.initModules(Configu
rationContextFactory.java:226)

                at
org.apache.axis2.context.ConfigurationContextFactory.init(ConfigurationC
ontextFactory.java:204)

                at
org.apache.axis2.context.ConfigurationContextFactory.createConfiguration
Context(ConfigurationContextFactory.java:80)

                at
org.apache.axis2.context.ConfigurationContextFactory.createConfiguration
ContextFromFileSystem(ConfigurationContextFactory.java:184)

                at
org.apache.synapse.ServerManager.start(ServerManager.java:92)

                at
org.apache.synapse.SynapseServer.main(SynapseServer.java:50)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
Source)

                at
sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                at java.lang.reflect.Method.invoke(Unknown Source)

                at
org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:24
0)

                at java.lang.Thread.run(Unknown Source)

Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(Unknown
Source)

                at
sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

                at sun.security.validator.Validator.validate(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk
nown Source)

                at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk
nown Source)

                ... 27 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

                at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)

                at java.security.cert.CertPathBuilder.build(Unknown
Source)

                ... 33 more

2010-09-14 12:11:07,556 [10.130.30.202-ddmorginweb]
[WrapperSimpleAppMain] FATAL ServerManager Startup failed...

org.apache.synapse.SynapseException: Error reading from wsdl URI

                at
org.apache.synapse.core.axis2.ProxyService.handleException(ProxyService.
java:609)

                at
org.apache.synapse.core.axis2.ProxyService.buildAxisService(ProxyService
java:251)

                at
org.apache.synapse.core.axis2.SynapseInitializationModule.init(SynapseIn
itializationModule.java:141)

                at
org.apache.axis2.context.ConfigurationContextFactory.initModules(Configu
rationContextFactory.java:226)

                at
org.apache.axis2.context.ConfigurationContextFactory.init(ConfigurationC
ontextFactory.java:204)

                at
org.apache.axis2.context.ConfigurationContextFactory.createConfiguration
Context(ConfigurationContextFactory.java:80)

                at
org.apache.axis2.context.ConfigurationContextFactory.createConfiguration
ContextFromFileSystem(ConfigurationContextFactory.java:184)

                at
org.apache.synapse.ServerManager.start(ServerManager.java:92)

                at
org.apache.synapse.SynapseServer.main(SynapseServer.java:50)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown
Source)

                at
sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                at java.lang.reflect.Method.invoke(Unknown Source)

                at
org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:24
0)

                at java.lang.Thread.run(Unknown Source)

Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

                at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unkno
wn Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)

                at
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)

                at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Un
known Source)

                at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)

                at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)

                at
org.apache.synapse.config.SynapseConfigUtils.getOMElementFromURL(Synapse
ConfigUtils.java:245)

                at
org.apache.synapse.core.axis2.ProxyService.buildAxisService(ProxyService
java:243)

                ... 13 more

Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

                at sun.security.validator.PKIXValidator.doBuild(Unknown
Source)

                at
sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

                at sun.security.validator.Validator.validate(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
Source)

                at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk
nown Source)

                at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unk
nown Source)

                ... 27 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

                at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)

                at java.security.cert.CertPathBuilder.build(Unknown
Source)

                ... 33 more

2010-09-14 12:11:07,712 [10.130.30.202-ddmorginweb] [Thread-4]  INFO
SynapseServer Shutting down Apache Synapse ...

2010-09-14 12:11:07,712 [10.130.30.202-ddmorginweb] [Thread-4]  INFO
SynapseServer Shutdown complete

2010-09-14 12:11:07,712 [10.130.30.202-ddmorginweb] [Thread-4]  INFO
SynapseServer Halting JVM

<-- Wrapper Stopped

 

 

I changed the trust.jks and the identity.jks to take in charge the new
certificates but nothing happens on synapse side.

For both of the operations i used a statement like this:

 

keytool -v -import -file
"C:\synapse-1.2-SNAPSHOT\repository\certs\Chain.cer" -keystore
"C:\synapse-1.2-SNAPSHOT\lib\trust.jks" -alias "Chain" -trustcacerts

keytool -v -import -file
"C:\synapse-1.2-SNAPSHOT\repository\certs\Chain.cer" -keystore
"C:\synapse-1.2-SNAPSHOT\lib\identity.jks" -alias "Chain" -trustcacerts

 

can you kindly help me understanding what's wrong?

 

best regards

Luigi

 

Luigi Doronzo 

 



This e-mail has come from Experian, the only business to have been twice named the UK's 'Business
of the Year' 

===================================================================================
Information in this e-mail and any attachments is confidential, and may not be copied or used
by anyone other than the addressee, nor disclosed to any third party without our permission.
There is no intention to create any legally binding contract or other binding commitment through
the use of this electronic communication unless it is issued in accordance with the Experian
Limited standard terms and conditions of purchase or other express written agreement between
Experian Limited and the recipient. 
Although Experian has taken reasonable steps to ensure that this communication and any attachments
are free from computer virus, you are advised to take your own steps to ensure that they are
actually virus free. 
Companies Act information:
Registered name: Experian Limited 
Registered office: Landmark House, Experian Way, NG2 Business Park, Nottingham, NG80 1ZZ,
United Kingdom
Place of registration: England and Wales 
Registered number: 653331



Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message