Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Showing results for 
Search instead for 
Did you mean: 
sreddy3
Contributor
Contributor

Experiencing SSLHandshakeException intermittent

Hello All,

Am using talend version 7.2 open source version and I have my job running on my talend container.

I have used tsetKeystore as the first component in my job to load my keystore(.pfx) file.

I have created my own pfx file and imported the server's certificate chain into my keystore(.pfx). Mentioned the keystore(.pfx) file details and its password in tsetkeystore component's truststore param.

As seen below test.pfx is my keystore and xxx is the password I have set. into my test.pfx file, using java keytool command I have imported the entire certificate chain given by the team that deals with the REST endpoint am trying to connect to.

Also in the , org.ops4j.pax.web.cfg file in

container/etc folder, mentioned below

org.osgi.service.http.port=8040 

org.osgi.service.http.port.secure=9001

org.osgi.service.http.secure.enabled=true

org.ops4j.pax.web.ssl.keystore=${karaf.base}/etc/keystores/test.pfx

org.ops4j.pax.web.ssl.keystore.type=PKCS12

org.ops4j.pax.web.ssl.password=xxx

org.ops4j.pax.web.ssl.keypassword=xxx

most of the times a successful connection is established with the REST endpoint BUT The container after a system restart or a container restart or at some random times is throwing a SSLHandshake exception.

Kindly throw some light. This issue is pestering. Any help is really appreciating.

p.s - this issue is experienced when job runs on talend container . but from Talend studio it is all successful, no SSLHandshake

Labels (3)
6 Replies
Anonymous
Not applicable

Hello @sreenija reddy​ ,

Please make sure the ssl keystore file path is correctly setup for the tSetKeystore component in the job while running on the container?

PS: it should be different file path while running on the container and on talend studio, you can setup 2 job context environments, one for the studio, one for the container.

 

Best regards

Aiming

 

sreddy3
Contributor
Contributor
Author

@Aiming Chen​ ,

Many thanks for your kind reply.

Our deployment happens on Talend container. For development alone we use Studio.

Kindly explain - why it should be different file path while running on the container and on talend studio? curious to learn. Am new to Talend.

 

Also the SSLHandShake exception, the pattern we have observed is after the SYSTEM restart the SSLHandShake is coming up. Our server auto restarts every Friday.

Anonymous
Not applicable

Hello @sreenija reddy​ ,

As the studio and the container are different machine, so the ssl file path should be different for them.

BTW, it need to check the container log file under {runtime}/container/log/tesb.log to find the real cause of the issue.

 

Thanks

Aiming

 

sreddy3
Contributor
Contributor
Author

@Aiming Chen​ 

thank you for your reply.

I am using Talend OPEN SOURCE version 7.2.1 and am badly stuck with this system restart causing SSLHandshake on every restart of the system. Kindly help me out. This issue is because am using opensource? @Aiming Chen​ - please help with a clue.

 

But Studio we do not use all the time. The jobs majorly run on the container.

 

Also could you explain the significance of the data folder under the container.

D:\Talend\Runtime_ESBSE\container\data

 

Because in the first run my container started successfully and was receiving the requests and could see them in the container logs too.

Next/second time I emptied/cleared the entire content inside the DATA folder and tried restarting my container and it failed it MANY errors. Container did NOT restart successfully.

pasting some errors here:

org.osgi.service.blueprint.container.ComponentDefinitionException: Error when instantiating bean cxf of class org.apache.cxf.bus.blueprint.BlueprintBus

 

Caused by: java.lang.NoClassDefFoundError: org/osgi/service/http/HttpService

ETC

 

 

So third time, I restored the contents of the data folder with the content deleted from the first successful run and the container happily re-started successfully and logged the received requests.

 

Kindly explain please. I smell that this container cache thing is even causing the SSLHandShake also very much.

 

ps: The SSLHandshakeException is :

javax.ws.rs.ProcessingException:javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://abc.mg.com/idi/getdata java.security.cert.CertificateException: No X509TrustManager implementation available

Anonymous
Not applicable

Hello @sreenija reddy​ ,

Talend runtime is based on apache karaf. The data folder contains all the working and temporary files for Karaf​.

It's NOT recommended to clear the folder while restarting the runtime.

please refer to the article

https://svn.apache.org/repos/asf/karaf/site/production/manual/latest/directory-structure.html

Best regards

Aiming

sreddy3
Contributor
Contributor
Author

@Aiming Chen​ ,

 

ok. I will refrain from clearing the data folder. Is my open source talend 7.2.1 is limited and causing this SSLHandshake on SYSTEM/server restart.

System restart means, am referring to the machine that is hosting the talend container.