topic Re: SSL error connecting to Salesforce from Talend ESB in Talend Studio

SSL error connecting to Salesforce from Talend ESB

_AnonymousUser — Sat, 16 Nov 2024 12:10:35 GMT

Hello,
has anyone seen this msg when trying to get data from the SalesForce SOAP service inside Talend ESB?
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://test.salesforce.com/services/Soap/c/26.0: sun.security.validator.ValidatorException: No trusted certificate found
The ESB server is version 5.1.1: TESB_SE-V5.1.1
I'm using the current latest version of the SF API: 26.0
I also have a main method for testing in one class, that has no trouble connecting to SalesForce when I run it using Maven, outside of the ESB server.
full stack trace:
012-10-03 15:10:18,038 | WARN | tp2076228887-168 | PhaseInterceptorChain | ache.cxf.common.logging.LogUtils 405 | - - | Interceptor for {urn:enterprise.soap.sforce.com}SforceService#{urn:enterprise.soap.sforce.com}login has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Messag

To see the whole post, download it here

Re: SSL error connecting to Salesforce from Talend ESB

_AnonymousUser — Thu, 04 Oct 2012 16:23:22 GMT

Does anyone have an answer?
I need to get this working as a service by tomorrow.
As a backup plan, I guess I am going to port this to Tomcat.
But I would rather have it in the ESB.

Re: SSL error connecting to Salesforce from Talend ESB

Anonymous — Fri, 05 Oct 2012 10:35:18 GMT

Does anyone have an answer?
I need to get this working as a service by tomorrow.
As a backup plan, I guess I am going to port this to Tomcat.
But I would rather have it in the ESB.

It was a very long time since I've addressed Salesforce web services, so I don't remember exatcly.. but let' try - as far I remember you don't necessarily need mutual SSL to connect the salesforce. It can be 'server only'certificate for data confiddiality (please correct me if I'm wrong). Than maybe you could try import Salesforce's SSL certificate into your (Karaf's) keystore and trustCA store.
Now I see you invoke the service from a Mediation Route using TOS, I'm not sure what trustca store it uses

Gabriel

Re: SSL error connecting to Salesforce from Talend ESB

_AnonymousUser — Fri, 05 Oct 2012 17:30:45 GMT

Thanks for the response Gusto2.
I didn't use the Open Studio (TOS?) to create the job.
Its written directly in Java using the Java DSL.
I never have SSL issues with SalesForce when running jobs like this directly in Apache CXF (This job runs fine in CXF 2.4.3, and later I will move it to 2.6.2)
The stubs were created using CXF 2.6.2 from the enterprise wsdl.
In CXF, I have a main method which tests the SOAP client with some calls directly to the methods.
The SSL handshake problems only appear when I try to run this as a bundle in Talend ESB 5.1.1.
For the bundle, I added a Camel RouteBuilder which simply creates a CXF REST service, and passes the queries to a Processor:
public class SfRouteBuilder extends RouteBuilder {

private static final String CXF_RS_ENDPOINT_URI = "cxfrs://http://0.0.0.0:9111" + "/?resourceClasses=com.cn.dsa.sf.server.JobControlServiceImpl";

@Override
public void configure() throws Exception {
from(CXF_RS_ENDPOINT_URI)
.process( new SfProcessor() );
}
}

Re: SSL error connecting to Salesforce from Talend ESB

_AnonymousUser — Thu, 15 Nov 2012 20:23:30 GMT

Re-wrote this to run in TomEE. No SSL problems at all.

Re: SSL error connecting to Salesforce from Talend ESB

Anonymous — Mon, 19 Nov 2012 08:59:27 GMT

Solution: comment out all content from container\etc\org.apache.cxf.http.conduits-common.cfg
The sample keystore we deliver only contains a self signed certificate for usable for our samples. For all other kind of HTTPS connections you of course need the corresponding certificates. Especially for public servers, whose certificate is derived from some "official" root certificate using the default keystore which comes with the JRE is the better way as this keystore already containes all necessary root certificates. If you don't specify a keystore in your conduit configuration this is exactly the keystore that is taken.

Re: SSL error connecting to Salesforce from Talend ESB

Anonymous — Mon, 19 Nov 2012 11:52:39 GMT

In addition to what Alexey posted:
You might also simply remove the org.apache.cxf.http.conduits-common.cfg the conduits configuration file. Then the JRE keystore will be used by default fo all HTTPS endpoints or restrict the validity of the configuration to localhost endpoints by setting the url property to

url = https\://localhost

So the samples still work at least id you are running everything on localhost and certificates of public servers are validated against the JRE truststore. I also created a Jira issue to restrict the scope of the conduits file by default, see https://jira.talendforge.org/browse/TESB-7621 .
Regards,
Zsolt

Re: SSL error connecting to Salesforce from Talend ESB

Anonymous — Fri, 07 Dec 2012 15:38:21 GMT

In addition to what Alexey posted:
You might restrict the validity of the configuration to localhost endpoints by setting the url property to
url = https\://localhost
Regards,
Zsolt

Thank you Zsolt!
The only change I made was changing the url property to:

url = https\://localhost

in org.apache.cxf.http.conduits-common.cfg
This fixes the SSL problem.

Re: SSL error connecting to Salesforce from Talend ESB

Anonymous — Fri, 07 Dec 2012 16:50:39 GMT

Good to hear it worked. With 5.2.1 we fixed it in the conduits configuration. So with the latest version it should even work out of the box.
Zsolt