[Eagle-i-admins] self signed certificate and data-migration script
Norman, Neil
neil.norman at vanderbilt.edu
Mon Aug 18 15:44:10 EDT 2014
That doesn't seem to affect the outcome. I have checked that the password is correct as I can login to the web site with it, and that user is listed as an admin.
[nrrapp at ori02lt ~]$ bash /app001/eaglei/repo/etc/data-migration.sh -u XXXXXXXXX -p XXXXXX -r https://ori02lt.ea.vanderbilt.edu:8443
Java info:
/usr/bin/java
java version "1.7.0_51"
OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
using classpath : /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-datamanagement.jar:/app001/eaglei/conf
***** There are no special procedures for this release.
***** Standard data migration procedures
2014-08-18 14:39:39,694 ERROR org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk command did not proceed.
org.eaglei.services.repository.RepositoryProviderException: Could not authenticate user. Re-enter username and/or password.
at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:90)
at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:100)
at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:253)
at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:223)
at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:175)
at org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsSecurityProvider.java:88)
at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize(AbstractBulkCommand.java:84)
at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndExecuteCommand(AbstractBulkCommand.java:178)
at org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUtils.java:107)
at org.eaglei.datatools.datamanagement.command.ChangePredicate.main(ChangePredicate.java:205)
===== Command did not complete. Root cause: Could not authenticate user. Re-enter username and/or password.
Stack trace for diagnosis:
org.eaglei.services.repository.RepositoryProviderException: Could not authenticate user. Re-enter username and/or password.
at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:90)
at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:100)
at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:253)
at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:223)
at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:175)
at org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsSecurityProvider.java:88)
at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize(AbstractBulkCommand.java:84)
at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndExecuteCommand(AbstractBulkCommand.java:178)
at org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUtils.java:107)
at org.eaglei.datatools.datamanagement.command.ChangePredicate.main(ChangePredicate.java:205)
[nrrapp at ori02lt ~]$
-----Original Message-----
From: Bourges, Daniela [mailto:Daniela_Bourges at hms.harvard.edu]
Sent: Monday, August 18, 2014 14:25
To: Norman, Neil
Cc: eagle-i-admins at open.med.harvard.edu
Subject: Re: [Eagle-i-admins] self signed certificate and data-migration script
Can you try using the hostname in the command? I'm not sure that localhost is supported.
Dr. Daniela Bourges-Waldegg
Lead Architect, Harvard Catalyst
Harvard Medical School
Daniela_Bourges at hms.harvard.edu
skype: dbourgesw
phone: 617-384-8898 (NEW)
On Aug 15, 2014, at 17:10, Norman, Neil <neil.norman at vanderbilt.edu> wrote:
> Okay, thanks to Mike I've finally been able to resolve my certificate issues. But now I get a *new* error. Anyone run into this before?
> bash /app001/eaglei/repo/etc/data-migration.sh -u xxxx -p xxxxxx -r
> http://localhost:8443 Java info:
> /usr/bin/java
> java version "1.7.0_51"
> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
> OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>
> using classpath :
> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-data
> management.jar:/app001/eaglei/conf
>
>
> ***** There are no special procedures for this release.
>
> ***** Standard data migration procedures
>
> 2014-08-15 16:06:15,824 ERROR org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk command did not proceed.
> org.eaglei.services.repository.RepositoryProviderException: Could not authenticate user. Re-enter username and/or password.
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:90)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:100)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:253)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:223)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:175)
> at org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsSecurityProvider.java:88)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize(AbstractBulkCommand.java:84)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndExecuteCommand(AbstractBulkCommand.java:178)
> at org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUtils.java:107)
> at
> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
> ePredicate.java:205)
>
>
> ===== Command did not complete. Root cause: Could not authenticate user. Re-enter username and/or password.
> Stack trace for diagnosis:
>
> org.eaglei.services.repository.RepositoryProviderException: Could not authenticate user. Re-enter username and/or password.
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:90)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:100)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:253)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:223)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:175)
> at org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsSecurityProvider.java:88)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize(AbstractBulkCommand.java:84)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndExecuteCommand(AbstractBulkCommand.java:178)
> at org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUtils.java:107)
> at
> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
> ePredicate.java:205)
>
> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
> Sent: Friday, August 15, 2014 14:12
> To: Norman, Neil
> Cc: Davis, Ross
> Subject: Re: [Eagle-i-admins] self signed certificate and
> data-migration script
>
> Hi Neil,
>
> Is the password you are typing in the same as available in the derby db?
>
> # vim /opt/apache/db-derby-10.10.1.1-bin/bin/setEmbeddedCP
> Add the following line AFTER the comments but BEFORE the actual
> script. Change the location accordingly
> > DERBY_HOME=/opt/Apache/db-derby-10.10.1.1-bin
> # source !$
> # sudo -u tomcat /usr/share/tomcat7/bin/catalina.sh stop # java
> org.apache.derby.tools.ij
> ij> connect 'jdbc:derby:/opt/eaglei/repo/db/eagle-i-users.derby';
> ij> select * from users;
>
> Ctrl-D to exit the database before starting Tomcat again
>
> That will let you confirm you are typing the correct username / password combination. Another institute was misspelling the username a couple of times. Once I pointed out they probably had it misspelled they got right in.
>
> -Mike
>
>
> On Aug 15, 2014, at 2:45 PM, "Norman, Neil"
> <neil.norman at vanderbilt.edu>
> wrote:
>
>
> Okay, making progress. You were correct it was choking on the cert. I had to create one for tomcat with the hostname "localhost" and added that to my keystore. Now I get the following error. I know this password works for that "victri" user that we have.
> Java info:
> /usr/bin/java
> java version "1.7.0_51"
> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
> OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>
> using classpath :
> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-data
> management.jar:/app001/eaglei/conf
>
>
> ***** There are no special procedures for this release.
>
> ***** Standard data migration procedures
>
> 2014-08-15 13:39:23,632 ERROR org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk command did not proceed.
> org.eaglei.services.repository.RepositoryProviderException: Could not authenticate user. Re-enter username and/or password.
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:90)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:100)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:253)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:223)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:175)
> at org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsSecurityProvider.java:88)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize(AbstractBulkCommand.java:84)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndExecuteCommand(AbstractBulkCommand.java:178)
> at org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUtils.java:107)
> at
> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
> ePredicate.java:205)
>
>
> ===== Command did not complete. Root cause: Could not authenticate user. Re-enter username and/or password.
> Stack trace for diagnosis:
>
> org.eaglei.services.repository.RepositoryProviderException: Could not authenticate user. Re-enter username and/or password.
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:90)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:100)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:253)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:223)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:175)
> at org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsSecurityProvider.java:88)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize(AbstractBulkCommand.java:84)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndExecuteCommand(AbstractBulkCommand.java:178)
> at org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUtils.java:107)
> at
> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
> ePredicate.java:205)
>
> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
> Sent: Thursday, August 14, 2014 11:23
> To: Norman, Neil
> Subject: Re: [Eagle-i-admins] self signed certificate and
> data-migration script
>
> The INFO warning looks like it can't find your credentials file.
> Does your tomcat/conf/catalina.properties file have the following line?
> common.loader=/app001/eaglei/conf,${catalina.base}/lib,${catalina.base
> }/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
> Does the credentials file exist in that location?
>
> Your ERROR still looks like you need to add the intermediate cert to java. Sadly, missing either the server cert or the intermediate cert causes the same error "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
>
> -Mike
>
> On Aug 14, 2014, at 12:02 PM, "Norman, Neil" <neil.norman at vanderbilt.edu> wrote:
>
>
>
> Okay, that seems to have cleared up the SSL problem, but now it is complaining about class path.
> Java info:
> /usr/bin/java
> java version "1.7.0_51"
> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
> OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>
> using classpath :
> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-data
> management.jar
>
>
> ***** There are no special procedures for this release.
>
> ***** Standard data migration procedures
>
> 2014-08-14 10:59:18,739 INFO org.eaglei.utilities.EIAppsConfiguration - org.eaglei.utilities.EIFileException: Could not locate relative file eagle-i-apps-credentials.properties in classpath. ; proceeding without it.
> 2014-08-14 10:59:19,702 WARN
> org.eaglei.services.connection.Apache4xHttpConnectionProvider - An ssl
> exception occurred performing a request to
> [https://localhost:8443/repository/whoami]
> 2014-08-14 10:59:19,707 ERROR org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk command did not proceed.
> org.eaglei.services.repository.RepositoryProviderException: An SSL exception has occurred.
> at org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnection(Apache4xHttpConnectionProvider.java:601)
> at org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHttpGetConnection(Apache4xHttpConnectionProvider.java:351)
> at org.eaglei.services.connection.ConnectionManager.openHttpGetConnection(ConnectionManager.java:214)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:75)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:100)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:253)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:223)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:175)
> at org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsSecurityProvider.java:88)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize(AbstractBulkCommand.java:84)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndExecuteCommand(AbstractBulkCommand.java:178)
> at org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUtils.java:107)
> at
> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
> at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
> at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)
> at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:117)
> at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
> at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
> at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
> at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
> at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
> at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
> at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> at org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnection(Apache4xHttpConnectionProvider.java:586)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
> ... 37 more
>
>
> ===== Command did not complete. Root cause: An SSL exception has occurred.
> Stack trace for diagnosis:
>
> org.eaglei.services.repository.RepositoryProviderException: An SSL exception has occurred.
> at org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnection(Apache4xHttpConnectionProvider.java:601)
> at org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHttpGetConnection(Apache4xHttpConnectionProvider.java:351)
> at org.eaglei.services.connection.ConnectionManager.openHttpGetConnection(ConnectionManager.java:214)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:75)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:100)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:253)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:223)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:175)
> at org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsSecurityProvider.java:88)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize(AbstractBulkCommand.java:84)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndExecuteCommand(AbstractBulkCommand.java:178)
> at org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUtils.java:107)
> at
> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
> at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
> at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)
> at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:117)
> at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
> at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
> at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
> at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
> at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
> at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
> at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> at org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnection(Apache4xHttpConnectionProvider.java:586)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
> ... 37 more
>
> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
> Sent: Thursday, August 14, 2014 06:14
> To: Norman, Neil
> Subject: Re: [Eagle-i-admins] self signed certificate and
> data-migration script
>
> Hi Neil,
>
> It looks like you need to add your server certificate to Java. That
> can be accomplished with the below command
>
> keytool -importcert -alias eaglei -file eagle-i.crt -keystore
> /usr/java/jdk1.7.0_67/jre/lib/security/cacerts -storepass changeit
>
> eagle-i.crt is the server certificate your CA gave you. Also the -keystore is the default location for that version of Java but should be similar for your version. Do a search for a file called cacerts just in case. "changeit" is also the default keystore password.
>
> If that doesn't fix it you may need to import your intermediate cert
> into java keytool -import -trustcacerts -alias caint -file
> intermediateca.cer -keystore
> /usr/java/jdk1.7.0_67/jre/lib/security/cacerts
>
> I can't remember if you need to pass the -storepass argument when doing the intermediate certificate or not.
>
> -Mike Carnegie
> On Aug 13, 2014, at 4:41 PM, "Norman, Neil"
> <neil.norman at vanderbilt.edu>
> wrote:
>
>
>
>
> When trying to run `data-migration.sh` I get SSL errors occurs. I'm assuming that it doesn't like my certificate.
> org.eaglei.services.repository.RepositoryProviderException: An SSL exception has occurred.
> at org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnection(Apache4xHttpConnectionProvider.java:601)
> at org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHttpGetConnection(Apache4xHttpConnectionProvider.java:351)
> at org.eaglei.services.connection.ConnectionManager.openHttpGetConnection(ConnectionManager.java:214)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:75)
> at org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(StandardAuthenticationProvider.java:100)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:253)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:223)
> at org.eaglei.services.authentication.AuthenticationManager.logIn(AuthenticationManager.java:175)
> at org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsSecurityProvider.java:88)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize(AbstractBulkCommand.java:84)
> at org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndExecuteCommand(AbstractBulkCommand.java:178)
> at org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUtils.java:107)
> at
> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
> at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
> at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)
> at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:117)
> at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
> at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
> at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
> at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
> at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
> at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
> at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> at org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnection(Apache4xHttpConnectionProvider.java:586)
> ... 12 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
> ... 31 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
> ... 37 more
> _______________________________________________
> Eagle-i-admins mailing list
> Eagle-i-admins at open.med.harvard.edu
> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
>
> _______________________________________________
> Eagle-i-admins mailing list
> Eagle-i-admins at open.med.harvard.edu
> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
More information about the Eagle-i-admins
mailing list