javax.net.ssl.SSLHandshakeException while installing openhim-mediator-xds

On 2 June 2015 at 00:05, cspnanda cspnanda@gmail.com wrote:

I am trying to install openhim-mediator-xds and point it to openhie-core. I imported the certficate by

$ echo -n |openssl s_client -connect localhost:8080 |sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > filename.crt

$ sudo keytool -import -file $HOME/filename.crt -alias openhie -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/openhie.keystore

$ java -jar mediator-xds-1.0.2-jar-with-dependencies.jar -Djavax.net.ssl.trustStore=/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/openhie.keystore -Djavax.net.ssl.trustStorePassword=openhie

I still get the error

[INFO] [06/01/2015 15:03:48.122] [mediator-akka.actor.default-dispatcher-6] [akka://mediator/user/xds-mediator/core-api-connector] Registering mediator with core…

[ERROR] [06/01/2015 15:03:48.647] [mediator-akka.actor.default-dispatcher-2] [akka://mediator/user/xds-mediator/core-api-connector] Mediator Registration Error

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

–

You received this message because you are subscribed to the Google Groups “Interoperability Layer (OpenHIE)” group.

To unsubscribe from this group and stop receiving emails from it, send an email to openhie-interoperability-layer+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–

Hannes Venter

Senior Software Developer, Jembi Health Systems | SOUTH AFRICA

Mobile: +27 73 276 2848 | Office: +27 21 701 0939 | Skype: venter.johannes

E-mail: hannes@jembi.org

On Tuesday, June 2, 2015 at 2:11:55 PM UTC+7, Hannes Venter wrote:

There's a little mini-tutorial on the following page outlining steps for installing a self-signed certificate for core: http://www.openhim.org/tutorials/creating-a-basic-passthrough-mediator/
On that page select the "Java" option and scroll down to near the bottom of the page. There's a box title "SunCertPathBuilderException: unable to find valid certification path to requested target"

Hopefully the approach outlined there will work better for you.

Cheers
Hannes

On 2 June 2015 at 00:05, cspnanda <cspn...@gmail.com> wrote:

I am trying to install openhim-mediator-xds and point it to openhie-core. I imported the certficate by

$ echo -n |openssl s_client -connect localhost:8080 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > filename.crt

$ sudo keytool -import -file $HOME/filename.crt -alias openhie -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/openhie.keystore
$ java -jar mediator-xds-1.0.2-jar-with-dependencies.jar -Djavax.net.ssl.trustStore=/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/openhie.keystore -Djavax.net.ssl.trustStorePassword=openhie

I still get the error

[INFO] [06/01/2015 15:03:48.122] [mediator-akka.actor.default-dispatcher-6] [akka://mediator/user/xds-mediator/core-api-connector] Registering mediator with core...
[ERROR] [06/01/2015 15:03:48.647] [mediator-akka.actor.default-dispatcher-2] [akka://mediator/user/xds-mediator/core-api-connector] Mediator Registration Error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

--

You received this message because you are subscribed to the Google Groups "Interoperability Layer (OpenHIE)" group.

To unsubscribe from this group and stop receiving emails from it, send an email to openhie-interoperability-layer+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Hannes Venter
Senior Software Developer, Jembi Health Systems | SOUTH AFRICA
Mobile: +27 73 276 2848 | Office: +27 21 701 0939 | Skype: venter.johannes
E-mail: han...@jembi.org

On 14 March 2016 at 19:42, ralf.hundertmark@gmail.com wrote:

On Tuesday, June 2, 2015 at 2:11:55 PM UTC+7, Hannes Venter wrote:

There’s a little mini-tutorial on the following page outlining steps for installing a self-signed certificate for core: http://www.openhim.org/tutorials/creating-a-basic-passthrough-mediator/

On that page select the “Java” option and scroll down to near the bottom of the page. There’s a box title “SunCertPathBuilderException: unable to find valid certification path to requested target”

Hopefully the approach outlined there will work better for you.

Cheers

Hannes

On 2 June 2015 at 00:05, cspnanda cspn...@gmail.com wrote:

I am trying to install openhim-mediator-xds and point it to openhie-core. I imported the certficate by

$ echo -n |openssl s_client -connect localhost:8080 |sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > filename.crt

$ sudo keytool -import -file $HOME/filename.crt -alias openhie -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/openhie.keystore

$ java -jar mediator-xds-1.0.2-jar-with-dependencies.jar -Djavax.net.ssl.trustStore=/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/openhie.keystore -Djavax.net.ssl.trustStorePassword=openhie

I still get the error

[INFO] [06/01/2015 15:03:48.122] [mediator-akka.actor.default-dispatcher-6] [akka://mediator/user/xds-mediator/core-api-connector] Registering mediator with core…

[ERROR] [06/01/2015 15:03:48.647] [mediator-akka.actor.default-dispatcher-2] [akka://mediator/user/xds-mediator/core-api-connector] Mediator Registration Error

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

–

You received this message because you are subscribed to the Google Groups “Interoperability Layer (OpenHIE)” group.

To unsubscribe from this group and stop receiving emails from it, send an email to openhie-interoperability-layer+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–

Hannes Venter

Senior Software Developer, Jembi Health Systems | SOUTH AFRICA

Mobile: +27 73 276 2848 | Office: +27 21 701 0939 | Skype: venter.johannes

E-mail: han...@jembi.org

Hi Hannes,

I have the same trouble unfortunately the tutorial you mentioned is gone. Do you by any chance know the new place or how to install teh self signed certificates?

Thanks,

Ralf

–

You received this message because you are subscribed to the Google Groups “Interoperability Layer (OpenHIE)” group.

To unsubscribe from this group and stop receiving emails from it, send an email to openhie-interoperability-layer+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–

Hannes Venter

Senior Software Developer

Jembi Health Systems | SOUTH AFRICA

Mobile: +27 73 276 2848 | Office: +27 21 701 0939 | Skype: venter.johannes

E-mail: hannes@jembi.org

This e-mail contains proprietary and confidential information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and then deleting same. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. Jembi Health Systems NPO, its subsidiaries and associated companies is not liable for the security of information sent by e-mail and accepts no liability of whatsoever nature for any loss, damage or expense resulting, directly or indirectly, from the access of this e-mail or any attachments hereto.

On Tuesday, March 15, 2016 at 1:18:23 AM UTC-7, Hannes Venter wrote:

Hi Ralf,

Yeah apologies, the documentation has since moved. You can find the tutorial here now:

http://openhim.readthedocs.org/en/latest/tutorial/3-creating-a-passthrough-mediator.html#suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target

I’ve also just attached the required java resource.

Cheers

Hannes

On 14 March 2016 at 19:42, ralf.hun...@gmail.com wrote:

On Tuesday, June 2, 2015 at 2:11:55 PM UTC+7, Hannes Venter wrote:

There’s a little mini-tutorial on the following page outlining steps for installing a self-signed certificate for core: http://www.openhim.org/tutorials/creating-a-basic-passthrough-mediator/

On that page select the “Java” option and scroll down to near the bottom of the page. There’s a box title “SunCertPathBuilderException: unable to find valid certification path to requested target”

Hopefully the approach outlined there will work better for you.

Cheers

Hannes

On 2 June 2015 at 00:05, cspnanda cspn...@gmail.com wrote:

I am trying to install openhim-mediator-xds and point it to openhie-core. I imported the certficate by

$ echo -n |openssl s_client -connect localhost:8080 |sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > filename.crt

$ sudo keytool -import -file $HOME/filename.crt -alias openhie -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/openhie.keystore

$ java -jar mediator-xds-1.0.2-jar-with-dependencies.jar -Djavax.net.ssl.trustStore=/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/openhie.keystore -Djavax.net.ssl.trustStorePassword=openhie

I still get the error

[INFO] [06/01/2015 15:03:48.122] [mediator-akka.actor.default-dispatcher-6] [akka://mediator/user/xds-mediator/core-api-connector] Registering mediator with core…

[ERROR] [06/01/2015 15:03:48.647] [mediator-akka.actor.default-dispatcher-2] [akka://mediator/user/xds-mediator/core-api-connector] Mediator Registration Error

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

–

You received this message because you are subscribed to the Google Groups “Interoperability Layer (OpenHIE)” group.

To unsubscribe from this group and stop receiving emails from it, send an email to openhie-interoperability-layer+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–

Hannes Venter

Senior Software Developer, Jembi Health Systems | SOUTH AFRICA

Mobile: +27 73 276 2848 | Office: +27 21 701 0939 | Skype: venter.johannes

E-mail: han...@jembi.org

Hi Hannes,

I have the same trouble unfortunately the tutorial you mentioned is gone. Do you by any chance know the new place or how to install teh self signed certificates?

Thanks,

Ralf

–

You received this message because you are subscribed to the Google Groups “Interoperability Layer (OpenHIE)” group.

To unsubscribe from this group and stop receiving emails from it, send an email to openhie-interoperability-layer+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

–
Hannes Venter

Senior Software Developer

Jembi Health Systems | SOUTH AFRICA

Mobile: +27 73 276 2848 | Office: +27 21 701 0939 | Skype: venter.johannes

E-mail: han...@jembi.org

This e-mail contains proprietary and confidential information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and then deleting same. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. Jembi Health Systems NPO, its subsidiaries and associated companies is not liable for the security of information sent by e-mail and accepts no liability of whatsoever nature for any loss, damage or expense resulting, directly or indirectly, from the access of this e-mail or any attachments hereto.