SSL exception thrown on server, but not localy in studio
Hello,
I'm facing weird issue where my Job works fine when launched localy from Talend ESB studio on the server machine, but after deployment it throws:
org.apache.cxf.interceptor.Fault: Could not send Message.
Caused by: javax.net.ssl.SSLException: SSLException invoking https://test.salesforce.com/services/Soap/u/42.0: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Scenario was working fine yesterday (deployed). It's failing on tESBConsumer. Throwing the same result on previous version of that job as well (this version was working without any problems for at least two weeks now). Server machine runs windows server 2016 with Java in version 1.8.0_171.
Thanks in advance for any tips which will help me to at least track the root of my problem.
Simmilar problems should be resolved with manual creation of configuration files and cert stores for your partner's endpoints. You can put cert store anywhere, configuration file has to be a copy of runtime/etc/org.apache.cxf.http.conduits-common.cfg
Just copy the file, replace "common" with your own suffix and edit "url", "tlsClientParameters.trustManagers.keyStore.file", "tlsClientParameters.keyManagers.keyStore.file" and passwords if necessary.
On which talend ESB build version you got this issue? Are you invoking a https service in runtime? Did you use tSetKeystore component in your job and add SSL (trustore,keystore) configuration in the runtime configuration file?
It's the most recent version, we are keeping it up to date with all patches, for the studio - also 7.0.1. We don't need pcks in this webservice call, it's just the fact that this is a call to https endpoint signed by some certificate. It was working previously and stopped doing that without any actions made to it. It's also working when built from studio using the same jvm. Sorry but I don't fully understand "Are you invoking a https service in runtime?". Do you have any clues where I have the biggest chance to find the root of this problem? Is it something in Talend (for example studio is using different method to check list of known CAs than runtime), JVM or maybe the webservice we're calling is trying to play a game with us?
We met this issue on v 6.1.1 "Exception in component tESBConsumer: org.apache.cxf.interceptor.Fault: Could not send Message
" before when running a job with tESBConsumer is used to connect to a remote service. This is because the version of TLS used by Talend 6.1.1 is not compatible with the version that the service host can handle.
Are you using talend open studio for ESB product or subscription solution?
If you are using talend open studio, we will appreciate if you could post your webservice job setting screenshots on forum which will be helpful for us to address the root of this problem.
If you are using talend subscription solution, it is recommended that you create a case on talend support portal so that we can give you a remote assistance(webex session) through support cycle with priority.
So I've tried to reach out talend support portal, but I'm getting the following message after logon:
"We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins."
Is this a common mistake/issue? Or do I have to create another thread in different category?
Btw. the main issue seems to be with the JVM used by Talend, when using tESBProvider to https endpoint, it's trying to find valid certificate in JVM's truststore but fails on that, so I have to find which JVM which truststore it's using and then check if it's not found / no cert found in it / or not enough permissions to read it.
For your support portal login issue, could you please send an email to Customer Care <CustomerCare@talend.com>? Our colleagues from support team will help you as soon as possible.
Do you mean this SSL certifcate is not recognized by the JVM?
Have you tried to upgrade your java(JDK 1.8) to see if it works?
Talend Runtime provides support for HTTP and HTTPS by default with the help of the pax web component. HTTP / HTTPS configuration for Talend Runtime is done in the org.ops4j.pax.web.cfg configuration file, located in TalendRuntimePath/container/etc/org.ops4j.pax.web.cfg.
To encrypt communication and secure the identification of a server, you can use the HTTPS protocol. HTTPS is based on SSL, which supports the encryption of messages sent via HTTP. To secure communication, HTTPS uses key pairs containing one public key and one private key. Data is encrypted with one key and can only be decrypted with the other key of the key pair. This establishes trust and privacy in message transfers.
For more information about the How-to steps, refer to SSL configuration.
I've tried to update JVM, use different ones but it does not help. I don't know if cert is not recognized / it's corrupted (for example certificatoin path is swapped or sth like that) / doesn't exists at all at location JVM is trying to reach it / something doesn't have rights to write or read from it. I'll give a feedback here when the issue will be resolved.
