You might try running your bundle in Equinox to narrow down the environment. If it still fails, you can then ask on the Equinox forum and mailing list which may have others who've seen this before.
You've tried googling on "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", right?
Sometimes the JRE makes hierarchical class loading assumptions and it is necessary to add implementation packages to the boot delegation property, so that's another angle. To find this, debug deep into the failing path to find out what's going on. If you hit native code, which is not unlikely for security code, too bad.
On 12 Apr 2011, at 22:06, Fetyko, Jan wrote:
I have tried this, but still no luck. I get the same error, which is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I will keep digging, but I hope somebody has more hints.
From: Hristo Iliev [mailto:hsiliev@xxxxxxxxx]
Sent: Thursday, April 07, 2011 6:02 AM
To: Virgo Project
Cc: Fetyko, Jan
Subject: Re: [virgo-dev] LDAP over SSL and keystore
The property javax.net.ssl.trustStore
is specified in Virgo's startup scripts. To change the location you can use the -truststore
I'm not sure if changes to the system property done after first use of SSL will have any effect. Probably the Java classes handling the trust store are already initialized and no check for a changed value is made when they are used.
I’m turning to the mailing list with a problem we have with one of our bundles. It is an authentication bundle that validates users against ldap. The code uses a separate keystore where the LDAP’s public key is stored. The code works perfectly in junit tests, but unfortunately in virgo 2.1 the keystore is not used for some reason. I could only get it working if I import the LDAP’s public cert into the JRE’s cacerts keystore. I even tried to put the public key into the $VIRGO/config/keystore, still no luck.
import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPException; import com.novell.ldap.LDAPJSSESecureSocketFactory; import com.novell.ldap.LDAPSearchResults; Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); System.setProperty("javax.net.ssl.trustStore", “keystore.jks”); LDAPConnection.setSocketFactory(new LDAPJSSESecureSocketFactory()); ldapConnection = new LDAPConnection(); ldapConnection.connect(host, 636); ldapConnection.bind(V3, loginDN, password);
Is there anything different in virgo than in say servlet containers that would cause this issue ?
virgo-dev mailing list
virgo-dev mailing listvirgo-dev@xxxxxxxxxxxhttps://dev.eclipse.org/mailman/listinfo/virgo-dev