Integration

Get Involved. Join the Conversation.

Topic

    Frank Brink
    Unable to find valid certification path to requested target...
    Topic posted November 14, 2019 by Frank BrinkRed Ribbon: 250+ Points, tagged Integration 
    19 Views, 5 Comments
    Title:
    Unable to find valid certification path to requested target within OIC
    Summary:
    Unable to find valid certification path to requested target within OIC while setting up a connection and/or executing a integration using a file based wsdl
    Content:

    Within OIC when I try to setup a browser based wsdl http://webservice-acc.stagemarkt.nl/WhiteLabel2NoCert.svc?singleWsdl" I receive the following error stack during the test and validate step of the OIC connection

    CASDK-0032 : Unable to validate the resource. http://webservice-acc.stagemarkt.nl/WhiteLabel2NoCert.svc?singleWsdl. 
    Correct the WSDL before creating the connection
    WSDLException: faultCode=PARSER_ERROR: 
    Failed to read wsdl file at: "http://webservice-acc.stagemarkt.nl/WhiteLabel2NoCert.svc?singleWsdl", 
    caused by: javax.net.ssl.SSLHandshakeException.: 
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
    PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
    unable to find valid certification path to requested target

    When I use a file based connection leveraging the content of above wsdl (http://webservice-acc.stagemarkt.nl/WhiteLabel2NoCert.svc?singleWsdl") I am able to setup and test/validate the OIC connection

    Subsequently when I use this connection within an integration (as an invoke) I receive the following simular error at runtime:

          Error while dispatching SOAP message to the endpoint http://webservice-acc.stagemarkt.nl/WhiteLabel2NoCert.svc:javax.xml.soap.SOAPException: 
      javax.xml.soap.SOAPException: 
      Message send failed: sun.security.validator.ValidatorException: 
      PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
      unable to find valid certification path to requested target\n
      ...
          "o:errorPath": "<![CDATA[<location>\n   
      <node>RouteNode1<\/node>\n   
      <path>response-pipeline<\/path>\n<\/location>\n]]>",
          "o:errorCode": "OSB-380001"

    Then I use my browser functionality to retrieve/save the chained certifcates:

    Ministerie van Onderwijs Cultuur en Wetenschap Root CA
     Ministerie van OCW Digitaal Onderwijs Certificaat CA
      Webservice-acc-stagemarkt.nl

    As a next step I upload all three certificates (retrieved through my chrome browser as describe above) within OIC - the upload itself seems successfully restart my OIC instance and re-launch my integration with the same runtime error as above

    Note that the wsdl itself contains an element - see below - that a client certificate is not required

    ..
    <wsp:Policy>
     <sp:TransportToken>
     <wsp:Policy>
     <sp:HttpsToken RequireClientCertificate="false"/>
     </wsp:Policy>
    </sp:TransportToken>
    ..
    Questions:
    1. Did I use the correct method to retrieve the appently missing certifcates and subsequently uploaded these within OIC?
    2. Why is it ignoring the uploaded certificates during onnection time and/or integration execution time?
    3. How to circumvent this issue and make my integration successfull?
     

     

    Version:
    OIC Version 19.3.3.0.0 (190924.1600.31521)
    Image:

    Comment

     

    • Frank Brink
    • Hemanth Lakkaraju

      The wsdl (http based url) when opened in browser, it gets redirected to https! So the actual wsdl url and endpoint in the wsdl content in connection should be with https.

      I tried to open the url in browser in firefox and see only 1 certificate, exported it and uploaded in OIC and tested the connection and it worked fine. I cannot test runtime without credentials.

      • Frank Brink

        Hermanth,

        1st of all thx for your effort sofar

        Did you use the browser based wsdl or a file based wsdl during making the connection?

        I am more than happy to provide you with a un/pw - through mail? frank.brink@darwin-it.nl

        k r Frank

         

        • Hemanth Lakkaraju

          Browser based - https URL.

          • Frank Brink

            and did you test and validate the connection?

            That is what I have done and then I receive the error message: CASDK-0032 : Unable to validate the resource ...

            While I already have loaded the certificate

            And below you can see my browser certificate chain -