Hi,
I am building a Java RESTful Client to connect & access Puppet Master
services. While attempting this, I am unable to get SSLHandshake through.
Can you pls let me know where I am going wrong:
Puppet Master: puppetmaster.domain.com
Java Client: javaclient.domain.com
Obtained required signed certificates from puppetmaster.domain.com using:
a. Run command "*puppet cert --generate javaclient.domain.com*"
b. Obtained
Signed Certificate from {ssldir}/certs/javaclient.domain.com.pem & renamed
it to javaclient.domain.com-cert.pem
Private key from {ssldir}/private_keys/javaclient.domain.com.pem & renamed
it to javaclient.domain.com-key.pem
c. Created PKCS12 keystore using "*openssl pkcs12 -export -name
myservercert
-in javaclient.domain.com-cert.pem -inkey javaclient.domain.com-key.pem -out
javaclient.domain.com.p12*
"
d. Convert PKCS12 keystore into a JKS keystore using "*keytool
-importkeystore
-destkeystore javaclient.domain.com.jks -srckeystore javaclient.domain.com.p12
-srcstoretype
pkcs12 -alias myservercert*"
Now the keystore *javaclient.domain.com.jks* is used in the java
application using the snippet
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream({javaclient.domain.com.jks
path}), "{Password}".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustStore);
ctx = SSLContext.getInstance("SSL");
ctx.init(null, tmf.getTrustManagers(), null);
ClientConfig config = new DefaultClientConfig(); // Jersey API
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new
HTTPSProperties(hostnameVerifier, ctx));
The Java client fails to run with exception "No trusted certficate found"
com.sun.jersey.api.client.ClientHandlerException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:151)
at com.sun.jersey.api.client.Client.handle(Client.java:648)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:680)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:507)
at test.JerseyRestAPI.executeRestAPI(JerseyRestAPI.java:105)
at test.JerseyRestAPI.main(JerseyRestAPI.java:37)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:249)
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
Can you suggest where I am going wrong - in creating Signed certificate on
Puppet Master (or) creation of Keystore from the obtained certificate &
private-key?
Thanks,
Naveen.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d1579151-ca08-43fb-9f31-d780b5b2d904%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
