I’m hoping someone can help me with a workaround for this SSL-related issue:
try {
http url="https://api.cipcert.goevo.com/REST/2.0.20/SvcInfo/token"
method="GET" result="EVOResult" throwonerror="true" {
}
dump(EVOResult);
}
catch(Any excpt) {
dump(excpt);
}
The error returned is:
Connection reset at
java.net.SocketInputStream.read(SocketInputStream.java:196):196 at
java.net.SocketInputStream.read(SocketInputStream.java:122):122 at
sun.security.ssl.InputRecord.readFully(InputRecord.java:442):442 at
sun.security.ssl.InputRecord.read(InputRecord.java:480):480 at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927):927 at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312):1312
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339):1339
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323):1323
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394):394
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353):353
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134):134
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353):353
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380):380
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236):236
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184):184
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88):88
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110):110
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184):184
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82):82
at lucee.runtime.tag.Executor41.execute(Http41.java:1494):1494 at
lucee.runtime.tag.Executor41.run(Http41.java:1482):1482
I presume this has to do with a certificate chain error on the remote host
though I recall that in the past, I’ve been able to workaround this by
loading the cert chain into cacerts using keytool. Am I looking in the
wrong place? Does anybody have any suggestions?
Thanks,
Juan
I’m certainly not an SSL pro but I’m guessing the certificate provider not
valid error is due to a self-signed certificate. Other than adding it to
the trusted Java key store directly I’m not sure how to bypass that.
Perhaps using the Lucee admin where you can add certificates will take care
of that for you? Good luck.
Warm regards,
MikeOn Jan 2, 2016 12:50 AM, “Juan Aguilar” <@Juan_Aguilar> wrote:
I’m hoping someone can help me with a workaround for this SSL-related
issue:
try {
http url="https://api.cipcert.goevo.com/REST/2.0.20/SvcInfo/token"
method="GET" result="EVOResult" throwonerror="true" {
}
dump(EVOResult);
}
catch(Any excpt) {
dump(excpt);
}
The error returned is:
Connection reset at
java.net.SocketInputStream.read(SocketInputStream.java:196):196 at
java.net.SocketInputStream.read(SocketInputStream.java:122):122 at
sun.security.ssl.InputRecord.readFully(InputRecord.java:442):442 at
sun.security.ssl.InputRecord.read(InputRecord.java:480):480 at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927):927 at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312):1312
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339):1339
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323):1323
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394):394
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353):353
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134):134
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353):353
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380):380
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236):236
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184):184
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88):88
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110):110
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184):184
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82):82
at lucee.runtime.tag.Executor41.execute(Http41.java:1494):1494 at
lucee.runtime.tag.Executor41.run(Http41.java:1482):1482
I presume this has to do with a certificate chain error on the remote host
though I recall that in the past, I’ve been able to workaround this by
loading the cert chain into cacerts using keytool. Am I looking in the
wrong place? Does anybody have any suggestions?
Thanks,
Juan
You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/8a9ca8a5-0fe2-4bc3-a2a8-7e340e613b84%40googlegroups.com
https://groups.google.com/d/msgid/lucee/8a9ca8a5-0fe2-4bc3-a2a8-7e340e613b84%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
It does but, unfortunately, it seems to be unrelated. Workaround was to upgrade to Java 8. Thanks!> On Jan 2, 2016, at 4:14 AM, Paul Klinkenberg <@Paul_Klinkenberg> wrote:
Hi Juan,
The API you are calling, seems to use Basic Authentication.
Therefor, you need to add a username and password to the http call, like so:
http url=“https://api.cipcert.goevo.com/REST/2.0.20/SvcInfo/token” method=“GET” result=“EVOResult” throwonerror=“true” username=“myUsername” password=“myPassword”;
Kind regards,
Paul Klinkenberg
Op 2 jan. 2016, om 07:52 heeft Juan Aguilar <@Juan_Aguilar> het volgende geschreven:
Thanks Mike,
Unfortunately, attempting to add via the Lucee admin results in a “Could not obtain server certificate chain” error, which is why I tried adding to the cacerts keystore using keytool.
I think I’m in the right keystore (/lucee-server/context/security/cacerts). Could there be a different keystore?
On Saturday, January 2, 2016 at 1:12:51 AM UTC-5, Michael Sprague wrote:
I’m certainly not an SSL pro but I’m guessing the certificate provider not valid error is due to a self-signed certificate. Other than adding it to the trusted Java key store directly I’m not sure how to bypass that. Perhaps using the Lucee admin where you can add certificates will take care of that for you? Good luck.
Warm regards,
Mike
You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/f70600bc-1d1b-47c6-9039-07819d7c20d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to a topic in the Google Groups “Lucee” group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/oE4R6mXCj4I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/13E5F561-DA7C-4E2B-BA8F-508FE2920B38%40ongevraagdadvies.nl.
For more options, visit https://groups.google.com/d/optout.