Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Save $650 on Qlik Connect, Dec 1 - 7, our lowest price of the year. Register with code CYBERWEEK: Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
_AnonymousUser
Specialist III
Specialist III
‎2012-10-03 04:23 PM

SSL error connecting to Salesforce from Talend ESB

Hello,
has anyone seen this msg when trying to get data from the SalesForce SOAP service inside Talend ESB?
Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://test.salesforce.com/services/Soap/c/26.0: sun.security.validator.ValidatorException: No trusted certificate found
The ESB server is version 5.1.1: TESB_SE-V5.1.1
I'm using the current latest version of the SF API: 26.0
I also have a main method for testing in one class, that has no trouble connecting to SalesForce when I run it using Maven, outside of the ESB server.
full stack trace:
012-10-03 15:10:18,038 | WARN | tp2076228887-168 | PhaseInterceptorChain | ache.cxf.common.logging.LogUtils 405 | - - | Interceptor for {urn:enterprise.soap.sforce.com}SforceService#{urn:enterprise.soap.sforce.com}login has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Messag



To see the whole post, download it here
Labels (1)
Labels

  • Other

471 Views
0 Likes
8 Replies
_AnonymousUser
Specialist III
Specialist III
‎2012-10-04 12:23 PM
Author

Does anyone have an answer?
I need to get this working as a service by tomorrow.
As a backup plan, I guess I am going to port this to Tomcat.
But I would rather have it in the ESB.
471 Views
0 Likes
Anonymous
Not applicable
‎2012-10-05 06:35 AM

Does anyone have an answer?
I need to get this working as a service by tomorrow.
As a backup plan, I guess I am going to port this to Tomcat.
But I would rather have it in the ESB.

It was a very long time since I've addressed Salesforce web services, so I don't remember exatcly.. but let' try - as far I remember you don't necessarily need mutual SSL to connect the salesforce. It can be 'server only'certificate for data confiddiality (please correct me if I'm wrong). Than maybe you could try import Salesforce's SSL certificate into your (Karaf's) keystore and trustCA store.
Now I see you invoke the service from a Mediation Route using TOS, I'm not sure what trustca store it uses 0683p000009MPcz.png

Gabriel
471 Views
0 Likes
_AnonymousUser
Specialist III
Specialist III
‎2012-10-05 01:30 PM
Author

Thanks for the response Gusto2.
I didn't use the Open Studio (TOS?) to create the job.
Its written directly in Java using the Java DSL.
I never have SSL issues with SalesForce when running jobs like this directly in Apache CXF (This job runs fine in CXF 2.4.3, and later I will move it to 2.6.2)
The stubs were created using CXF 2.6.2 from the enterprise wsdl.
In CXF, I have a main method which tests the SOAP client with some calls directly to the methods.
The SSL handshake problems only appear when I try to run this as a bundle in Talend ESB 5.1.1.
For the bundle, I added a Camel RouteBuilder which simply creates a CXF REST service, and passes the queries to a Processor:
public class SfRouteBuilder extends RouteBuilder {

private static final String CXF_RS_ENDPOINT_URI = "cxfrs://http://0.0.0.0:9111" + "/?resourceClasses=com.cn.dsa.sf.server.JobControlServiceImpl";


@Override
public void configure() throws Exception {
from(CXF_RS_ENDPOINT_URI)
.process( new SfProcessor() );
}
}
471 Views
0 Likes
_AnonymousUser
Specialist III
Specialist III
‎2012-11-15 03:23 PM
Author

Re-wrote this to run in TomEE. No SSL problems at all.
471 Views
0 Likes
Anonymous
Not applicable
‎2012-11-19 03:59 AM

Solution: comment out all content from container\etc\org.apache.cxf.http.conduits-common.cfg
The sample keystore we deliver only contains a self signed certificate for usable for our samples. For all other kind of HTTPS connections you of course need the corresponding certificates. Especially for public servers, whose certificate is derived from some "official" root certificate using the default keystore which comes with the JRE is the better way as this keystore already containes all necessary root certificates. If you don't specify a keystore in your conduit configuration this is exactly the keystore that is taken.
471 Views
0 Likes
Anonymous
Not applicable
‎2012-11-19 06:52 AM

In addition to what Alexey posted:
You might also simply remove the org.apache.cxf.http.conduits-common.cfg the conduits configuration file. Then the JRE keystore will be used by default fo all HTTPS endpoints or restrict the validity of the configuration to localhost endpoints by setting the url property to 
url = https\://localhost

So the samples still work at least id you are running everything on localhost and certificates of public servers are validated against the JRE truststore. I also created a Jira issue to restrict the scope of the conduits file by default, see https://jira.talendforge.org/browse/TESB-7621 .
Regards,
Zsolt
471 Views
0 Likes
Anonymous
Not applicable
‎2012-12-07 10:38 AM

In addition to what Alexey posted:
You might restrict the validity of the configuration to localhost endpoints by setting the url property to 
url = https\://localhost

Regards,
Zsolt

Thank you Zsolt!
The only change I made was changing the url property to: 
url = https\://localhost

in org.apache.cxf.http.conduits-common.cfg
This fixes the SSL problem.
471 Views
0 Likes
Anonymous
Not applicable
‎2012-12-07 11:50 AM

Good to hear it worked. With 5.2.1 we fixed it in the conduits configuration. So with the latest version it should even work out of the box.
Zsolt
471 Views
0 Likes