Jonathan Barbero
2017-05-19 02:54:09 UTC
Hi,
I'm using the version 4.5 of HttpClient on a servlet in a WAS 7 calling to
another WAS 7.
When I test the call with http protocol everything works. But when I try
with https the call fails because "Chaining certificate error", the
certificate of the CA is not recognized as trusted.
The CA certificate is in the WAS truststore. When we call in another app
with a JAX-WS client over https to the same endpoint it works, so it get
the CA certificate from the truststore. Also, I capture in the WAS log that
when it starts the app server loads the CA certificate as trusted
[5/18/17 18:17:39:867 ART] 00000000 CSIServerRI A JSAS0008I: Server
request interceptor registered.
[5/18/17 18:17:39:878 ART] 00000000 SecurityCompo A JSAS0009I: IOR
interceptor registered.
[5/18/17 18:17:40:732 ART] 00000000 SystemOut O adding as trusted cert:
[5/18/17 18:17:40:734 ART] 00000000 SystemOut O Subject: CN=CABNA,
DC=cc, DC=bna, DC=net
[5/18/17 18:17:40:737 ART] 00000000 SystemOut O Issuer: CN=CABNA,
DC=cc, DC=bna, DC=net
[5/18/17 18:17:40:744 ART] 00000000 SystemOut O Algorithm: RSA;
Serial number: 0x476da8f2b43899b24dfe7a94e66a1b7f
[5/18/17 18:17:40:747 ART] 00000000 SystemOut O Valid from Mon May 09
12:38:13 ART 2016 until Sat May 09 12:48:13 ART 2026
[5/18/17 18:17:40:748 ART] 00000000 SystemOut O
But when I call my servlet and this one tries to call with an HttpClient to
the other WAS over https, I captured that it does not load the same
truststore of the WAS
[5/18/17 18:22:36:965 ART] 00000028 SystemOut O keyStore is:*
/opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts*
[5/18/17 18:22:36:965 ART] 00000028 SystemOut O keyStore type is: jks
[5/18/17 18:22:36:965 ART] 00000028 SystemOut O keyStore provider is:
[5/18/17 18:22:36:965 ART] 00000028 SystemOut O init keystore
[5/18/17 18:22:37:237 ART] 0000000d SystemOut O Finalizer thread,
called close()
[5/18/17 18:22:37:237 ART] 0000000d SystemOut O Finalizer thread,
called closeInternal(true)
[5/18/17 18:22:37:237 ART] 0000000d SystemOut O Finalizer thread,
called close()
[5/18/17 18:22:37:237 ART] 0000000d SystemOut O Finalizer thread,
called closeInternal(true)
[5/18/17 18:22:37:248 ART] 00000028 SystemOut O SSLContextImpl: Using
X509ExtendedKeyManager com.ibm.jsse2.hd
[5/18/17 18:22:37:250 ART] 00000028 SystemOut O trustStore is:
*/opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts*
[5/18/17 18:22:37:250 ART] 00000028 SystemOut O trustStore type is: jks
[5/18/17 18:22:37:250 ART] 00000028 SystemOut O trustStore provider is:
[5/18/17 18:22:37:250 ART] 00000028 SystemOut O init truststore
[5/18/17 18:22:37:253 ART] 00000028 SystemOut O adding as trusted cert:
[5/18/17 18:22:37:253 ART] 00000028 SystemOut O Subject: CN=Certum
Trusted Network CA, OU=Certum Certification Authority, O=Unizeto
Technologies S.A., C=PL
[5/18/17 18:22:37:254 ART] 00000028 SystemOut O Issuer: CN=Certum
Trusted Network CA, OU=Certum Certification Authority, O=Unizeto
Technologies S.A., C=PL
[5/18/17 18:22:37:254 ART] 00000028 SystemOut O Algorithm: RSA;
Serial number: 0x444c0
[5/18/17 18:22:37:254 ART] 00000028 SystemOut O Valid from Wed Oct 22
10:07:37 ARST 2008 until Mon Dec 31 09:07:37 ART 2029
[5/18/17 18:22:37:254 ART] 00000028 SystemOut O
.............
.........
... and so on
seems like the HttpClient loads the certificates in cacerts of the JVM only.
So, I modified the creation of the HttpClient and added useSystemProperties()
because I read that this might take the truststore of the WAS, but didn't
work. Used a Basic connection manager and a Pooled one, but no difference.
Also tried to modify the certificate validation, using an strategy that
does nothing, but the verification fails anyway. The strategy that
validates nothing is never called.
The certificate validation failure appears when the HttpClient uses the IBM
socket (trace at the bottom of the email).
A couple of years ago I used a version of Spring WS with HttpClient 4.1 or
4.2 version and didn't have this problem.
Any help or tip is really welcome.
Regards,
Jonathan.
Trace of the certificate verification:
[5/18/17 18:22:46:070 ART] 00000028 SystemOut O ***
[5/18/17 18:22:46:174 ART] 00000028 SystemOut O %% Invalidated:
[Session-8, SSL_RSA_WITH_AES_128_CBC_SHA]
[5/18/17 18:22:46:174 ART] 00000028 SystemOut O WebContainer : 0, SEND
TLSv1 ALERT: fatal, description = certificate_unknown
[5/18/17 18:22:46:174 ART] 00000028 SystemOut O WebContainer : 0,
WRITE: TLSv1 Alert, length = 2
[5/18/17 18:22:46:175 ART] 00000028 SystemOut O WebContainer : 0,
called closeSocket()
[5/18/17 18:22:46:175 ART] 00000028 SystemOut O WebContainer : 0,
handling exception: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h:
PKIX path building failed: java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause
is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=
CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
[5/18/17 18:22:46:217 ART] 00000028 servlet E com.ibm.ws.webcontainer.
servlet.ServletWrapper service SRVE0068E: Uncaught exception created in one
of the service methods of the servlet ProxyServlet in application
BNAFUProxyEAR. Exception created : javax.net.ssl.SSLHandshakeException: com.
ibm.jsse2.util.h: PKIX path building failed: java.security.cert.
CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid
CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=
CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.o.a(o.java:22)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:423)
at com.ibm.jsse2.kb.a(kb.java:192)
at com.ibm.jsse2.kb.a(kb.java:176)
at com.ibm.jsse2.lb.a(lb.java:53)
at com.ibm.jsse2.lb.a(lb.java:464)
at com.ibm.jsse2.kb.s(kb.java:545)
at com.ibm.jsse2.kb.a(kb.java:530)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:79)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(
SSLConnectionSocketFactory.java:394)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(
SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(
DefaultHttpClientConnectionOperator.java:134)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(
PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(
MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec
.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec
.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec
.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(
InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(
CloseableHttpClient.java:71)
at org.apache.http.impl.client.CloseableHttpClient.execute(
CloseableHttpClient.java:55)
at ar.com.bna.fu.proxy.proxy.ProxyServlet.service(ProxyServlet.java:343)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper
.java:1657)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper
.java:1597)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(
WebAppFilterChain.java:131)
at ar.com.bna.fu.proxy.filter.CachedHttpServletRequestFilter.doFilter(
CachedHttpServletRequestFilter.java:49)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(
FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(
WebAppFilterChain.java:116)
at ar.com.bna.fu.proxy.filter.dump.DumpFilter.doFilter(DumpFilter.java:37)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(
FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(
WebAppFilterChain.java:116)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(
WebAppFilterChain.java:77)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(
WebAppFilterManager.java:908)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(
ServletWrapper.java:934)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(
ServletWrapper.java:502)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(
ServletWrapperImpl.java:181)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3935)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:931)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer
.java:1592)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink
.java:186)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination
(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(
HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(
HttpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(
HttpInboundLink.java:276)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.
sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(
NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(
AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture
.java:217)
at com.ibm.io.async.AsyncChannelFuture$1.run(AsyncChannelFuture.java:205)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1613)
Caused by: com.ibm.jsse2.util.h: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could
not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=
CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.util.f.b(f.java:113)
at com.ibm.jsse2.util.f.b(f.java:61)
at com.ibm.jsse2.util.e.a(e.java:22)
at com.ibm.jsse2.pc.a(pc.java:100)
at com.ibm.jsse2.pc.checkServerTrusted(pc.java:15)
at com.ibm.jsse2.pc.b(pc.java:76)
at com.ibm.jsse2.lb.a(lb.java:104)
... 50 more
Caused by: java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause
is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=
CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(
PKIXCertPathBuilderImpl.java:411)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
at com.ibm.jsse2.util.f.b(f.java:98)
... 56 more
Caused by: java.security.cert.CertPathValidatorException: The certificate
issued by CN=CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause
is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(
PKIXCertPathValidatorImpl.java:176)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(
PKIXCertPathBuilderImpl.java:737)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(
PKIXCertPathBuilderImpl.java:649)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(
PKIXCertPathBuilderImpl.java:595)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(
PKIXCertPathBuilderImpl.java:357)
... 58 more
Caused by: java.security.cert.CertPathValidatorException: Certificate
chaining error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
... 63 more
I'm using the version 4.5 of HttpClient on a servlet in a WAS 7 calling to
another WAS 7.
When I test the call with http protocol everything works. But when I try
with https the call fails because "Chaining certificate error", the
certificate of the CA is not recognized as trusted.
The CA certificate is in the WAS truststore. When we call in another app
with a JAX-WS client over https to the same endpoint it works, so it get
the CA certificate from the truststore. Also, I capture in the WAS log that
when it starts the app server loads the CA certificate as trusted
[5/18/17 18:17:39:867 ART] 00000000 CSIServerRI A JSAS0008I: Server
request interceptor registered.
[5/18/17 18:17:39:878 ART] 00000000 SecurityCompo A JSAS0009I: IOR
interceptor registered.
[5/18/17 18:17:40:732 ART] 00000000 SystemOut O adding as trusted cert:
[5/18/17 18:17:40:734 ART] 00000000 SystemOut O Subject: CN=CABNA,
DC=cc, DC=bna, DC=net
[5/18/17 18:17:40:737 ART] 00000000 SystemOut O Issuer: CN=CABNA,
DC=cc, DC=bna, DC=net
[5/18/17 18:17:40:744 ART] 00000000 SystemOut O Algorithm: RSA;
Serial number: 0x476da8f2b43899b24dfe7a94e66a1b7f
[5/18/17 18:17:40:747 ART] 00000000 SystemOut O Valid from Mon May 09
12:38:13 ART 2016 until Sat May 09 12:48:13 ART 2026
[5/18/17 18:17:40:748 ART] 00000000 SystemOut O
But when I call my servlet and this one tries to call with an HttpClient to
the other WAS over https, I captured that it does not load the same
truststore of the WAS
[5/18/17 18:22:36:965 ART] 00000028 SystemOut O keyStore is:*
/opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts*
[5/18/17 18:22:36:965 ART] 00000028 SystemOut O keyStore type is: jks
[5/18/17 18:22:36:965 ART] 00000028 SystemOut O keyStore provider is:
[5/18/17 18:22:36:965 ART] 00000028 SystemOut O init keystore
[5/18/17 18:22:37:237 ART] 0000000d SystemOut O Finalizer thread,
called close()
[5/18/17 18:22:37:237 ART] 0000000d SystemOut O Finalizer thread,
called closeInternal(true)
[5/18/17 18:22:37:237 ART] 0000000d SystemOut O Finalizer thread,
called close()
[5/18/17 18:22:37:237 ART] 0000000d SystemOut O Finalizer thread,
called closeInternal(true)
[5/18/17 18:22:37:248 ART] 00000028 SystemOut O SSLContextImpl: Using
X509ExtendedKeyManager com.ibm.jsse2.hd
[5/18/17 18:22:37:250 ART] 00000028 SystemOut O trustStore is:
*/opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts*
[5/18/17 18:22:37:250 ART] 00000028 SystemOut O trustStore type is: jks
[5/18/17 18:22:37:250 ART] 00000028 SystemOut O trustStore provider is:
[5/18/17 18:22:37:250 ART] 00000028 SystemOut O init truststore
[5/18/17 18:22:37:253 ART] 00000028 SystemOut O adding as trusted cert:
[5/18/17 18:22:37:253 ART] 00000028 SystemOut O Subject: CN=Certum
Trusted Network CA, OU=Certum Certification Authority, O=Unizeto
Technologies S.A., C=PL
[5/18/17 18:22:37:254 ART] 00000028 SystemOut O Issuer: CN=Certum
Trusted Network CA, OU=Certum Certification Authority, O=Unizeto
Technologies S.A., C=PL
[5/18/17 18:22:37:254 ART] 00000028 SystemOut O Algorithm: RSA;
Serial number: 0x444c0
[5/18/17 18:22:37:254 ART] 00000028 SystemOut O Valid from Wed Oct 22
10:07:37 ARST 2008 until Mon Dec 31 09:07:37 ART 2029
[5/18/17 18:22:37:254 ART] 00000028 SystemOut O
.............
.........
... and so on
seems like the HttpClient loads the certificates in cacerts of the JVM only.
So, I modified the creation of the HttpClient and added useSystemProperties()
because I read that this might take the truststore of the WAS, but didn't
work. Used a Basic connection manager and a Pooled one, but no difference.
Also tried to modify the certificate validation, using an strategy that
does nothing, but the verification fails anyway. The strategy that
validates nothing is never called.
The certificate validation failure appears when the HttpClient uses the IBM
socket (trace at the bottom of the email).
A couple of years ago I used a version of Spring WS with HttpClient 4.1 or
4.2 version and didn't have this problem.
Any help or tip is really welcome.
Regards,
Jonathan.
Trace of the certificate verification:
[5/18/17 18:22:46:070 ART] 00000028 SystemOut O ***
[5/18/17 18:22:46:174 ART] 00000028 SystemOut O %% Invalidated:
[Session-8, SSL_RSA_WITH_AES_128_CBC_SHA]
[5/18/17 18:22:46:174 ART] 00000028 SystemOut O WebContainer : 0, SEND
TLSv1 ALERT: fatal, description = certificate_unknown
[5/18/17 18:22:46:174 ART] 00000028 SystemOut O WebContainer : 0,
WRITE: TLSv1 Alert, length = 2
[5/18/17 18:22:46:175 ART] 00000028 SystemOut O WebContainer : 0,
called closeSocket()
[5/18/17 18:22:46:175 ART] 00000028 SystemOut O WebContainer : 0,
handling exception: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h:
PKIX path building failed: java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause
is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=
CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
[5/18/17 18:22:46:217 ART] 00000028 servlet E com.ibm.ws.webcontainer.
servlet.ServletWrapper service SRVE0068E: Uncaught exception created in one
of the service methods of the servlet ProxyServlet in application
BNAFUProxyEAR. Exception created : javax.net.ssl.SSLHandshakeException: com.
ibm.jsse2.util.h: PKIX path building failed: java.security.cert.
CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid
CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=
CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.o.a(o.java:22)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:423)
at com.ibm.jsse2.kb.a(kb.java:192)
at com.ibm.jsse2.kb.a(kb.java:176)
at com.ibm.jsse2.lb.a(lb.java:53)
at com.ibm.jsse2.lb.a(lb.java:464)
at com.ibm.jsse2.kb.s(kb.java:545)
at com.ibm.jsse2.kb.a(kb.java:530)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:79)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(
SSLConnectionSocketFactory.java:394)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(
SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(
DefaultHttpClientConnectionOperator.java:134)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(
PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(
MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec
.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec
.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec
.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(
InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(
CloseableHttpClient.java:71)
at org.apache.http.impl.client.CloseableHttpClient.execute(
CloseableHttpClient.java:55)
at ar.com.bna.fu.proxy.proxy.ProxyServlet.service(ProxyServlet.java:343)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper
.java:1657)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper
.java:1597)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(
WebAppFilterChain.java:131)
at ar.com.bna.fu.proxy.filter.CachedHttpServletRequestFilter.doFilter(
CachedHttpServletRequestFilter.java:49)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(
FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(
WebAppFilterChain.java:116)
at ar.com.bna.fu.proxy.filter.dump.DumpFilter.doFilter(DumpFilter.java:37)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(
FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(
WebAppFilterChain.java:116)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(
WebAppFilterChain.java:77)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(
WebAppFilterManager.java:908)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(
ServletWrapper.java:934)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(
ServletWrapper.java:502)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(
ServletWrapperImpl.java:181)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3935)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:931)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer
.java:1592)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink
.java:186)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination
(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(
HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(
HttpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(
HttpInboundLink.java:276)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.
sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(
NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(
AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture
.java:217)
at com.ibm.io.async.AsyncChannelFuture$1.run(AsyncChannelFuture.java:205)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1613)
Caused by: com.ibm.jsse2.util.h: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could
not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=
CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.util.f.b(f.java:113)
at com.ibm.jsse2.util.f.b(f.java:61)
at com.ibm.jsse2.util.e.a(e.java:22)
at com.ibm.jsse2.pc.a(pc.java:100)
at com.ibm.jsse2.pc.checkServerTrusted(pc.java:15)
at com.ibm.jsse2.pc.b(pc.java:76)
at com.ibm.jsse2.lb.a(lb.java:104)
... 50 more
Caused by: java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause
is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=
CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(
PKIXCertPathBuilderImpl.java:411)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
at com.ibm.jsse2.util.f.b(f.java:98)
... 56 more
Caused by: java.security.cert.CertPathValidatorException: The certificate
issued by CN=CABNA, DC=cc, DC=bna, DC=net is not trusted; internal cause
is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(
PKIXCertPathValidatorImpl.java:176)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(
PKIXCertPathBuilderImpl.java:737)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(
PKIXCertPathBuilderImpl.java:649)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(
PKIXCertPathBuilderImpl.java:595)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(
PKIXCertPathBuilderImpl.java:357)
... 58 more
Caused by: java.security.cert.CertPathValidatorException: Certificate
chaining error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
... 63 more