Hi,
We have deployed the
spring boot application on WAS app server and experiencing with SSL hand shake error (please find attached text file with the detailed error stack trace) with usage of the keystore.p12 and truststore.p12 files (i.e. through WAS admin console using
SSL certificate and key management > Key stores and certificates imported the remote github server self sign certificate).
Works as expected if we add remote server (GitHUB server) self sign certificate to the <WAS_INSTALL_ROOT>/java/jre/lib/security/cacertsAs per our company security guidelines we would like to leverage the trusstore.p12 option instead of the cacerts. Could you provide us the help on this regard.. appreciated any help on these lines..
Target Environment : WAS 8.5.5.15
Deployed Artifact : Spring boot cloud configuration server (i.e. spring-boot-starter-parent (2.0.6.RELEASE)
ERROR :[1/30/20 16:05:38:786 EST] 000000d0 SystemOut O WebContainer : 0, SEND TLSv1 ALERT: fatal, description = certificate_unknown
[1/30/20 16:05:38:786 EST] 000000d0 SystemOut O WebContainer : 0, WRITE: TLSv1 Alert, length = 2
[1/30/20 16:05:38:786 EST] 000000d0 SystemOut O [Raw write]: length = 7
[1/30/20 16:05:38:786 EST] 000000d0 SystemOut O 0000: 15 03 01 00 02 02 2e .......
[1/30/20 16:05:38:786 EST] 000000d0 SystemOut O WebContainer : 0, called closeSocket()
[1/30/20 16:05:38:786 EST] 000000d0 SystemOut O WebContainer : 0, handling exception: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=RDC Certificate Authority, DC=XXX-XX-ABC-Z001, DC=com is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
[1/30/20 16:05:38:815 EST] 000000d0 SystemOut O 2020-01-30 16:05:38.788 ERROR 13362 --- [ebContainer : 0] o.h.n.c.s.h.PropertySearchController : Cannot clone or checkout repository:
https://github.server.name/sx-development/sx-configuration.gitorg.springframework.cloud.config.server.environment.NoSuchRepositoryException: Cannot clone or checkout repository:
https://github.server.name/sx-development/sx-configuration.git at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.refresh(JGitEnvironmentRepository.java:292) ~[spring-cloud-config-server-2.0.1.RELEASE.jar:2.0.1.RELEASE]
------------------------------
Subba Reddy Bogathi
java/j2ee developer
------------------------------