Connecting via tRestClient to endpoint with self-signed certificate

_AnonymousUser — Mon, 18 Jul 2016 20:03:36 GMT

Hello!
(Currently using Talend OS Big Data, 6.1.1)
I am struggling to connect to a RESTful API using the tRestClient, which has a self-signed root certificate. Is it possible for me to set my Talend environment up to trust the certificate? (i tried creating a truststore from the certificate and using tSetKeystore, but haven't had any luck).
Alternatively, is there a way I can set my job to disableCNCheck? I've seen some JIRA issues requesting this functionality, but I'm looking for a workaround if at all posible.

Re: Connecting via tRestClient to endpoint with self-signed certificate

_AnonymousUser — Mon, 18 Jul 2016 20:16:09 GMT

Error Message:
Exception in component tRESTClient_3
javax.ws.rs.ProcessingException: javax.net.ssl.SSLProtocolException: SSLProtocolException invoking https://<url-replaced-for-talendforge-post> actiondefinitions: handshake alert: unrecognized_name
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:582)
at org.apache.cxf.jaxrs.client.AbstractClient.preProcessResult(AbstractClient.java:564)
at org.apache.cxf.jaxrs.client.WebClient.doResponse(WebClient.java:1144)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1094)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:894)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:865)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:428)
at org.apache.cxf.jaxrs.client.WebClient.get(WebClient.java:611)
at eai.vrealizeops_0_1.vRealizeOps.tRESTClient_3Process(vRealizeOps.java:509)
at eai.vrealizeops_0_1.vRealizeOps.runJobInTOS(vRealizeOps.java:770)
at eai.vrealizeops_0_1.vRealizeOps.main(vRealizeOps.java:627)
Caused by: javax.net.ssl.SSLProtocolException: SSLProtocolException invoking https://<url-replaced-for-talendforge-post>: handshake alert: unrecognized_name
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1376)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1360)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:651)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:649)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1093)
... 7 more
Caused by: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1676)
at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1674)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1672)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.getResponseCode(URLConnectionHTTPConduit.java:332)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.processRetransmit(HTTPConduit.java:1424)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRetransmits(HTTPConduit.java:1411)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1545)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1347)
... 13 more
Caused by: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
at sun.security.ssl.ClientHandshaker.handshakeAlert(ClientHandshaker.java:1380)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1972)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderFields(HttpURLConnection.java:2714)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getHeaderFields(HttpsURLConnectionImpl.java:283)
at org.apache.cxf.transport.http.Headers.readFromConnection(Headers.java:257)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.updateCookiesBeforeRetransmit(URLConnectionHTTPConduit.java:297)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRetransmits(HTTPConduit.java:1409)
... 15 more
disconnected
Job vRealizeOps ended at 13:44 18/07/2016.

Re: Connecting via tRestClient to endpoint with self-signed certificate

Anonymous — Wed, 20 Jul 2016 16:29:17 GMT

Hi Gabby,
I'm trying to do exactly the same... without success 😕
To share a little more, I also tried to put the URL of the WS directly in Chrome, entering login/pwd as asked and it worked. I got the JSON response.
I guess that Chrome automatically does the SSL handshake.
When I get the response I have tryed to export the SSL certificate in Chrome to use it with the Talend tSetKeystore with no luck because it is a different format.
I think that the thing that we need is how to deal with the SSL handshake in Talend.
If someone could help us about this, it could be nice!

Re: Connecting via tRestClient to endpoint with self-signed certificate

Anonymous — Thu, 21 Jul 2016 08:12:02 GMT

Hi Gabby,
I have found the solution by my self (with google help ).
I got a better understanding of the subject after reading this article:
add-list-certficates-java-keystore.html on javarevisited.blogspot.fr (2012/03)
(the forum does not want me to post link directly)
So I did the adding on my local Java KeyStore.
Put a tRESTClient on my Talend job.
Enterer parameters (Trustore path's and password).
Linked it to the tRESTClient component.
Launched the job and it worked!!!
Solved for me
So let's thank Javin Paul for his excelent post!

Re: Connecting via tRestClient to endpoint with self-signed certificate

Teguard_Dev — Wed, 12 May 2021 10:52:01 GMT

Can you elaborate on this?

I added the truststore path and password to my tRestClient as parameters and did not get any change in behaviour.

topic Re: Connecting via tRestClient to endpoint with self-signed certificate in Talend Studio

Connecting via tRestClient to endpoint with self-signed certificate

Re: Connecting via tRestClient to endpoint with self-signed certificate

Re: Connecting via tRestClient to endpoint with self-signed certificate

Re: Connecting via tRestClient to endpoint with self-signed certificate

Re: Connecting via tRestClient to endpoint with self-signed certificate