| Author |
Message
|
| madrox |
 Posted: Wed Jun 10, 2015 6:30 am Post subject: Intermittent Certificate chaining error in IIB |
 |
|
Acolyte
Joined: 11 Mar 2015
Posts: 71
|
We are these seeing intermittent certificate chaining errors. Funny thing is that its random. I see successful web service calls before and after this occurs.
| Quote: |
ErrorCode: 3152, ErrorText: A Web Service request has detected a SOCKET error whilst invoking a web service via a proxy server located at host ^1, on port ^2, on path ^3., xxx.xxx.xx.xx, xx, /, ErrorCode: 3165, ErrorText: An error occurred whilst performing an SSL socket operation, initiateSslHandshake, javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=x.xxx.xxx.x, OU=1410085164, O=Blue Coat SG810 Series, ST=Some-State, C=" " is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error, ErrorText: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=x.xxx.xxx.x, OU=1410085164, O=Blue Coat SG810 Series, ST=Some-State, C=" " is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error |
Any suggestions
Thanks in advance |
|
| Back to top |
|
 |
| ganesh |
| Posted: Wed Jun 10, 2015 8:06 am Post subject: |
|
|
Master
Joined: 18 Jul 2010
Posts: 294
|
| Is your web service load balanced? |
|
| Back to top |
|
|
| madrox |
| Posted: Wed Jun 10, 2015 8:14 am Post subject: |
|
|
Acolyte
Joined: 11 Mar 2015
Posts: 71
|
Yes it is load balanced. we have 2 broker on 2 different vm's. And here is a update
So we had issues yesterday and had to restart one of the VM's. Ever since the restart we have started seeing this issue. Broker on vm 1 is fine its only on the second where we are seeing this error. Every request on this broker has this error.
We are using 1 way ssl using the default truststore |
|
| Back to top |
|
|
| ganesh |
| Posted: Wed Jun 10, 2015 8:18 am Post subject: |
|
|
Master
Joined: 18 Jul 2010
Posts: 294
|
| So most probably the cert store on the server where it is failing was changed. |
|
| Back to top |
|
|
| madrox |
| Posted: Wed Jun 10, 2015 8:20 am Post subject: |
|
|
Acolyte
Joined: 11 Mar 2015
Posts: 71
|
That should be the assumption. But we didn't, only the VM was restarted.
We were debugging an issue and we bounced the broker first and then the admin restarted the VM |
|
| Back to top |
|
|
| ganesh |
| Posted: Wed Jun 10, 2015 8:27 am Post subject: |
|
|
Master
Joined: 18 Jul 2010
Posts: 294
|
| You could visually compare the certificates from both the servers to make sure they are in sync. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jun 10, 2015 8:30 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Confirm that the proxy server hasn't cached the certificate somewhere.
Confirm that the consumer's trust store hasn't changed somehow. |
|
| Back to top |
|
|
| madrox |
| Posted: Wed Jun 10, 2015 8:40 am Post subject: |
|
|
Acolyte
Joined: 11 Mar 2015
Posts: 71
|
| Quote: |
| Confirm that the proxy server hasn't cached the certificate somewhere. |
How do we do this? |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Jun 10, 2015 8:41 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Ask the administrators of your proxy server. |
|
| Back to top |
|
|
| madrox |
| Posted: Wed Jun 10, 2015 10:54 am Post subject: |
|
|
Acolyte
Joined: 11 Mar 2015
Posts: 71
|
| Thank you mqjeff. It was an issue with the proxy server caching |
|
| Back to top |
|
|
|
|
