| Author |
Message
|
| iamfat |
 Posted: Sun May 06, 2012 4:37 pm Post subject: SOAP Request Node failed!!!! Broker's bug??? |
 |
|
Apprentice
Joined: 08 Mar 2012
Posts: 32
Location: China
|
I use a soap request node in my flow. But it always failed, send message to the failure terminal, here is the error message.
| Quote: |
Text:CHARACTER:An error occurred whilst performing an SSL socket operation
Insert
Type:INTEGER:5
Text:CHARACTER:connect
Insert
Type:INTEGER:5
Text:CHARACTER:javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Certificate Authority FOR XXXXX USE ONLY, O=XXXX Corp., C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error |
Is this the broker's bug? How can is solve this problem.
Thank you!   |
|
| Back to top |
|
 |
| Esa |
| Posted: Sun May 06, 2012 10:40 pm Post subject: |
|
|
Grand Master
Joined: 22 May 2008
Posts: 1387
Location: Finland
|
No, it is not a bug.
Your broker does not trust the endpoints certificate. You must add the certificate of the certificate authority in the brokers trust store. It seems to be a (self-signed?) company internal CA. |
|
| Back to top |
|
|
| ruchir123 |
| Posted: Mon May 07, 2012 2:48 am Post subject: |
|
|
Acolyte
Joined: 04 Jan 2012
Posts: 58
|
| Esa wrote: |
No, it is not a bug.
Your broker does not trust the endpoints certificate. You must add the certificate of the certificate authority in the brokers trust store. It seems to be a (self-signed?) company internal CA. |
you can ask your administrator to put certificates for your broker or can ask to have different url with no such security on it for ur testing.
Can also chck if you have selected SSL Protocol in HTTP Transport property of SOAP Request Node. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Mon May 07, 2012 5:16 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
|
| Back to top |
|
|
| iamfat |
| Posted: Mon May 07, 2012 9:53 pm Post subject: |
|
|
Apprentice
Joined: 08 Mar 2012
Posts: 32
Location: China
|
| Esa wrote: |
No, it is not a bug.
Your broker does not trust the endpoints certificate. You must add the certificate of the certificate authority in the brokers trust store. It seems to be a (self-signed?) company internal CA. |
Yeah, thank you. I'll ask the downstream system's administrator for help.
 |
|
| Back to top |
|
|
| iamfat |
| Posted: Mon May 07, 2012 9:54 pm Post subject: |
|
|
Apprentice
Joined: 08 Mar 2012
Posts: 32
Location: China
|
| ruchir123 wrote: |
| Esa wrote: |
No, it is not a bug.
Your broker does not trust the endpoints certificate. You must add the certificate of the certificate authority in the brokers trust store. It seems to be a (self-signed?) company internal CA. |
you can ask your administrator to put certificates for your broker or can ask to have different url with no such security on it for ur testing.
Can also chck if you have selected SSL Protocol in HTTP Transport property of SOAP Request Node. |
I tried both SSl and TLS protocol.
But all returned the same error. |
|
| Back to top |
|
|
| iamfat |
| Posted: Mon May 07, 2012 9:56 pm Post subject: |
|
|
Apprentice
Joined: 08 Mar 2012
Posts: 32
Location: China
|
| lancelotlinc wrote: |
Certificate chaining error means you have not configured your truststore properly. It may be a bug, but not with broker. The bug is with the human.
You need to import the Web Service SSL certificate into your truststore. But you would know this if you had attended the class.
http://www-304.ibm.com/jct03001c/services/learning/ites.wss/us/en?pageType=course_description&courseCode=WM663
Since you did not attend the class, you do not know the required information to make the system perform the proper way. I hope this is not your day job. |
The system that i sent message to is a very important system, it's a hardware will do some process. So that's why the need the certification.
maybe i need to talk to the system's administrator.
Thank you. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue May 08, 2012 3:28 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| iamfat wrote: |
| ruchir123 wrote: |
| Esa wrote: |
No, it is not a bug.
Your broker does not trust the endpoints certificate. You must add the certificate of the certificate authority in the brokers trust store. It seems to be a (self-signed?) company internal CA. |
you can ask your administrator to put certificates for your broker or can ask to have different url with no such security on it for ur testing.
Can also chck if you have selected SSL Protocol in HTTP Transport property of SOAP Request Node. |
I tried both SSl and TLS protocol.
But all returned the same error. |
To explain further.
A certificate is the digital equivalent of a piece of paper that has an identity on it, and the signature of another entity. In order to trust that the identity on the piece of paper is who they say they are, you have to trust the person who signed it. Likewise, if the identity the signing person presents is *also* signed, you have to then trust that second signer. And so on and so on.
This "web of trust" is established by adding in the certificates of the signing parties until you reach the top - the certificate authority. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Tue May 08, 2012 4:59 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
| iamfat wrote: |
| lancelotlinc wrote: |
Certificate chaining error means you have not configured your truststore properly. It may be a bug, but not with broker. The bug is with the human.
You need to import the Web Service SSL certificate into your truststore. But you would know this if you had attended the class.
http://www-304.ibm.com/jct03001c/services/learning/ites.wss/us/en?pageType=course_description&courseCode=WM663
Since you did not attend the class, you do not know the required information to make the system perform the proper way. I hope this is not your day job. |
The system that i sent message to is a very important system, it's a hardware will do some process. So that's why the need the certification.
maybe i need to talk to the system's administrator.
Thank you. |
The problem is with your Message Broker not the downstream provider. Since you do not know how to configure a truststore, this problem will not be solved until you get the proper knowledge. What is your action plan to acquire the proper knowledge?
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
|
|
