2016-11-05T18:34:42.381+0530|Severe: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.oracle.iot.client.impl.http.HttpClient$Transport.invokeMethod(HttpClient.java:114)
at com.oracle.iot.client.impl.http.HttpClient.post(HttpClient.java:175)
at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl.postRenewAccessToken(HttpSecureConnectionImpl.java:318)
at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl.renewAccessToken(HttpSecureConnectionImpl.java:343)
at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl.invoke(HttpSecureConnectionImpl.java:131)
at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl.get(HttpSecureConnectionImpl.java:75)
at com.oracle.iot.client.impl.DeviceModelFactory.getObject(DeviceModelFactory.java:204)
at com.oracle.iot.client.impl.DeviceModelFactory.getDeviceModel(DeviceModelFactory.java:151)
at com.oracle.iot.client.impl.DeviceModelFactory.getDeviceModel(DeviceModelFactory.java:76)
at com.oracle.iot.client.device.DirectlyConnectedDevice.getDeviceModel(DirectlyConnectedDevice.java:328)
at oracle.iot.client.device.DirectlyConnectedDevice.getDeviceModel(DirectlyConnectedDevice.java:214)
at com.smartcommunity.parking.GatewayAdapter.init(GatewayAdapter.java:94)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1583)
at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:1212)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:237)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:416)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:283)
at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:206)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:180)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:591)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:571)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl$2.checkServerTrusted(HttpSecureConnectionImpl.java:268)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 53 more
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:153)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at com.oracle.iot.client.impl.http.HttpSecureConnectionImpl$2.checkServerTrusted(HttpSecureConnectionImpl.java:264)
... 55 more
Create a .key and .crt file giving CN as iotserver and added entry in /etc/hosts/ for 10.203.139.103 iotserver.
Steps executed:
- Created a .key file on server i.e. machine 10.203.139.103
openssl genrsa -des3 -out apache.key 2048 [passphrase: changeit]- Created .crt using the key
openssl req -x509 -sha256 -newkey rsa:2048 -nodes -keyout apache.key -out apache.crt -days Country Name (2 letter code) [XX]:23 State or Province Name (full name) []:abc Locality Name (eg, city) [Default City]:abc Organization Name (eg, company) [Default Company Ltd]:xyz Organizational Unit Name (eg, section) []:xyz Common Name (eg, your name or your server's hostname) []:iotserver Email Address []:email@email.com
- goto /usr/java/latest/jre/lib/security and import .crt file to cacerts
_keytool -import -alias ca -file /etc/httpd/ssl/apache.crt -keystore cacerts -storepass_
- Restart httpd service -
service httpd restart
At my Device side, add entry in /etc/hosts/
10.203.139.103 iotserver
Execute, to check new certificates created at server:
openssl s_client -connect iotserver:443 this shows me certificate that i created on cloud instance [created above]
Now execute, to download the certificate chain:
openssl s_client -host -port 443 -showcerts > /scratch/iot/apache_cert_chain.crt
Go to /usr/java/latest/jre/lib/security and execute, to import the certificate chain
keytool -import -alias ca -file /scratch/iot/apache_cert_chain.crt -keystore cacerts -storepass changeit
Restart httpd service. But for connecting via device i am creating .jks file with URI as provided above but it fails with error
SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
