call the secure service using cHttp component

user19 · ‎2022-02-25

Hello,

I am trying to call a secure (Https) backend using cHttp component in a route. but When I send a call I got following error.

Error 500 org.apache.cxf.interceptor.Fault: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target while invoking public abstract java.lang.Object

I tried https://help.talend.com/r/NUuq0nJiWNDq5Yi0HIGnzw/JgJYEYfycI59q9PCxukDHQ but it didn't work.

how can I call the Https? Any help would be appreciated.

user19 · ‎2022-03-01

they are stored in etc\keystore lets say C:\Talend\esb\container\etc\keystores\truststore.jks and in conduit I configured it as

tlsClientParameters.trustManagers.keyStore.file = ./etc/keystores/truststore.jks

Anonymous · ‎2022-03-01

Sorry about the delay in getting back to you. I've been trying a few things out. I don't suppose you are using a public service that I could attempt to test against are you?

In the meantime, can you try adding .....

${karaf.etc}/keystores/truststore.jks

....as your truststore path?

Also, can you show me the full file (removing passwords or any sensitive data)? I need to see as close to exactly what you are working with.

user19 · ‎2022-03-02

@Richard Hall ok. so I design a route in studio as shown in first screenshot. Then i build the root and put the .kar file in deploy folder to test it. I followed the given link by skipping the step where they tsetkeystore component in studio. I put my keystores in etc/keystore and directly changed the conduit file as followed.restart the runtime and call the service in SOAP UI

it throws following error

Anonymous · ‎2022-03-02

From what you have said, all you should need is this......

url = https://test_endpoint.*

tlsClientParameters.disableCNCheck = true

tlsClientParameters.trustManagers.keyStore.type = JKS

tlsClientParameters.trustManagers.keyStore.password = keystorepassword

tlsClientParameters.trustManagers.keyStore.file = ${karaf.etc}/keystores/truststore.jks

There should be no need for a trustManagers.keyPassword here.

What does the service provider's API documentation say about the certificates? Did you get the certificate and add it to your keystore in the way described in the documentation I provided or did you do it in a different way?

Can you test your truststore.jks file in the Studio as I showed in my first post. This is just to see whether the truststore.jks is configured correctly.

user19 · ‎2022-03-02

@Richard Hall so do you mean even I don't need keyManagers?

before I ceated the keystores with keyexplorer tool but later I recreate them according to documentation.

yes I tested the truststore instudio if I just add the truststore then it is fine but if I add the keystore then it gives error

Anonymous · ‎2022-03-02

Have you tested the service in Studio with just the truststore? That is what I wanted to see. However, the failure here when you add the keystore is interesting. Test the service in Studio with just the truststore. If that works, then hash the keystore lines out of the conduits file and test in the runtime.

This suggests that there is something wrong with your keystore....but I don't believe you need that for this.

user19 · ‎2022-03-04

@Richard Hall here the issue is that I can't directly test it in studio. I always got error that certificate is required even though I am using certificate. But I test it with just trust certificate in runtime and have same error.

Anonymous · ‎2022-03-04

Where did you get the certificate from? Did you get it by following the documentation I sent you. For example, by loading the site via a web browser and then taking the certificate from there? Or were you given the certificate? If you were given the certificate, you need to speak to the person who gave it to you to ask why this is causing issues.

Unless I have access to the service, I cannot help here I am afraid. It is impossible for me to work through this unless I can try it out myself.

SOAP

Studio

v7.x