TechQA.

Getting PKIX path building failed Exception with Apache Camel while connecting to the Kafka cluster with SSL

1.8k views Asked by At

while I'm connecting to the Kafka cluster with apache camel with SSL then I'm facing the below problem, can anyone please help to resolve the issue

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:957) at sun.security.ssl.Handshaker.process_record(Handshaker.java:892) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:735) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)

// is it the correct way of loading the .jks file?

  @Component
    public class MyRouteDefinition extends RouteBuilder {
    
    @Override
    public void configure() throws Exception {

        KeyStoreParameters ksp = new KeyStoreParameters();
        ksp.setType("jks");
        ksp.setResource("truststore.jks);
        ksp.setPassword("password");

        KeyManagersParameters kmp = new KeyManagersParameters();
        kmp.setKeyStore(ksp);
        kmp.setKeyPassword("password");

        TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
        trustManagersParameters.setKeyStore(ksp);

        SSLContextParameters scp = new SSLContextParameters();
        scp.setKeyManagers(kmp);
        scp.setTrustManagers(trustManagersParameters);

        HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class);
        httpComponent.setSslContextParameters(scp);

        //TO HTTPS
        from(...)
        .to("https://localhost:8080/load")
             log.debug("The response code is: {}", responseCode);
         }
    }
apache-kafka apache-camel spring-kafka spring-camel
Original Q&A
2

There are 2 answers

0
Srikanth Janapati On BEST ANSWER 
System.setProperty("javax.net.ssl.trustStore", "C:\\user\\myTrustStore"); 
System.setProperty("javax.net.ssl.trustStorePassword", "123456");

I GOT THE SOLUTION, WITH ABOVE LINES IT'S WORKING FINE

1
CefBoud On

When you use HTTPs, the client needs to trust the server. The server sends a certificate to prove its identity. Certificate are signed by a CA (Certificate Authority). A client trusts a server only if it recognizes the CA that signed its certificate. The client recognizes the CA if it is present in its truststore.

You can also directly import the certificate into the truststore in case it is not signed by a CA.

My guess is that you need to either

  1. import the CA that signed the server's (the one listening at localhost:8080) certificate into the client's truststore
  2. import the server's certificate itself into the truststore.

Related Questions in APACHE-KAFKA

Related Questions in APACHE-CAMEL

Related Questions in SPRING-KAFKA

Related Questions in SPRING-CAMEL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions