This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to create a keystore in java, for Apigee on-premises installation v15.04.15

Posted on 09-22-2015 01:21 PM
Not applicable
Reply posted on --/--/---- --:-- AM

We have an issue with a JavaCallout step, we have a .jar class that calls a service https://, (TLS/SSL) this step throws this exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

We installed the certificate in apigee private cloud with the curl command, to build the curl command correctly we use this:

We create a keystore with this:

http://apigee.com/docs/management/apis/post/organi...

When we see the apigee admin web page the certificate is correctly installed.

What we didn't do is to upload .jar in the keystore.

http://apigee.com/docs/management/apis/post/organi...

---------------------------------------------

We have created a keystore with a certificate using keytool command in a local machine.

We have debugged the .jar class inside Eclipse environment that calls https://, (TLS/SSL) service, and It returns us an expected response.

We don't know what to do, What do you recommend us to do?

This configuration is apigee onpremise instalation v15.04.15 (7) nodes.

Regards,

Solved Solved
0 7 1,065
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

We got the solution to this problem:

We downloaded the certificate for this example we named certificateCompanyAPIExample, you can download from the browser https:// SSL service (accept and download the certificate). the other way is using the openssl command and get the certificate in you screen, then you have to copy and past that code to a file an save it with any of this extensions ".cer" , ".pem", ".der", ".crt".

Command openssl example:

C:\Users\peter>openssl s_client -connect services.organization.com:443

Server certificate

-----BEGIN CERTIFICATE-----

MIIF3jCCBMagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCB6TELMAkGA1UEBhMCQ0wx ETAPBgNVBAgTCFNhbnRpYWdvMREwDwYDVQQHEwhTYW50aWFnbzElMCMGA1UEChQc O2+NF5vQ765pEwXawpVob6QHBiBJIeSk4ZbfjTavHS6oo6B4T1izKUX0A1AY4PN+

-----END CERTIFICATE-----

Then you have to copy this certificate to every node in your cluster.

Then you have to import the certificate with the keytool provided by java.

cd /usr/java/jdk1.7.0_55/jre/bin

./keytool -importcert -file /usr/java/jdk1.7.0_55/jre/lib/security/certificateCompanyAPIExample -keystore /usr/java/jdk1.7.0_55/jre/lib/security/cacerts

It's everythings is ok, the only thing you must do it's restart every MP in you cluster, one by one.

Now try again executing your api with javacallout step calling https service.

Best regards,

View solution in original post

Jump to Solution
0 Likes
7 REPLIES 7