[Eagle-i-admins] self signed certificate and data-migration script
Cheng, Sophia
Sophia_Cheng at hms.harvard.edu
Tue Aug 19 10:00:14 EDT 2014
Hi Neil,
I have some sanity checking questions, apologies if they are a bit basic:
1) Verify user login attempt in the repository:
+--> In the terminal, open the repository log file located
${REPO_HOME}/logs/repository.log
+--> Search the file from the bottom for: whoami (case sensitive)
+--> You should see something like ŒEnding Request /repository/whoami¹
+--> In the line above that, verify the parameters for username and roles.
The roles should be Œhttp://eagle-i.org/ont/repo/1.0/Role_Anonymous,
http://eagle-i.org/ont/repo/1.0/Role_Authenti
cated, http://eagle-i.org/ont/repo/1.0/Role_Superuser'
2) Is the website that you are logging into:
https://ori02lt.ea.vanderbilt.edu:8443/repository/admin
3 Can you login to the repository via the website and respond with the
information under ŒStatus and Configuration¹
Thanks,
Sophia
On 8/18/14, 3:44 PM, "Norman, Neil" <neil.norman at vanderbilt.edu> wrote:
>That doesn't seem to affect the outcome. I have checked that the
>password is correct as I can login to the web site with it, and that user
>is listed as an admin.
>
>[nrrapp at ori02lt ~]$ bash /app001/eaglei/repo/etc/data-migration.sh -u
>XXXXXXXXX -p XXXXXX -r https://ori02lt.ea.vanderbilt.edu:8443
>Java info:
>/usr/bin/java
>java version "1.7.0_51"
>OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>
>using classpath :
>/app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-datamana
>gement.jar:/app001/eaglei/conf
>
>
>***** There are no special procedures for this release.
>
>***** Standard data migration procedures
>
>2014-08-18 14:39:39,694 ERROR
>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk command
>did not proceed.
>org.eaglei.services.repository.RepositoryProviderException: Could not
>authenticate user. Re-enter username and/or password.
> at
>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(St
>andardAuthenticationProvider.java:90)
> at
>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(St
>andardAuthenticationProvider.java:100)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenticat
>ionManager.java:253)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenticat
>ionManager.java:223)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenticat
>ionManager.java:175)
> at
>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsS
>ecurityProvider.java:88)
> at
>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize
>(AbstractBulkCommand.java:84)
> at
>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndEx
>ecuteCommand(AbstractBulkCommand.java:178)
> at
>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUt
>ils.java:107)
> at
>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(ChangePre
>dicate.java:205)
>
>
>===== Command did not complete. Root cause: Could not authenticate user.
>Re-enter username and/or password.
>Stack trace for diagnosis:
>
>org.eaglei.services.repository.RepositoryProviderException: Could not
>authenticate user. Re-enter username and/or password.
> at
>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(St
>andardAuthenticationProvider.java:90)
> at
>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(St
>andardAuthenticationProvider.java:100)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenticat
>ionManager.java:253)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenticat
>ionManager.java:223)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenticat
>ionManager.java:175)
> at
>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(DatatoolsS
>ecurityProvider.java:88)
> at
>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initialize
>(AbstractBulkCommand.java:84)
> at
>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndEx
>ecuteCommand(AbstractBulkCommand.java:178)
> at
>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandUt
>ils.java:107)
> at
>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(ChangePre
>dicate.java:205)
>[nrrapp at ori02lt ~]$
>
>-----Original Message-----
>From: Bourges, Daniela [mailto:Daniela_Bourges at hms.harvard.edu]
>Sent: Monday, August 18, 2014 14:25
>To: Norman, Neil
>Cc: eagle-i-admins at open.med.harvard.edu
>Subject: Re: [Eagle-i-admins] self signed certificate and data-migration
>script
>
>Can you try using the hostname in the command? I'm not sure that
>localhost is supported.
>
>
>
>Dr. Daniela Bourges-Waldegg
>Lead Architect, Harvard Catalyst
>Harvard Medical School
>
>Daniela_Bourges at hms.harvard.edu
>skype: dbourgesw
>phone: 617-384-8898 (NEW)
>
>
>
>On Aug 15, 2014, at 17:10, Norman, Neil <neil.norman at vanderbilt.edu>
>wrote:
>
>> Okay, thanks to Mike I've finally been able to resolve my certificate
>>issues. But now I get a *new* error. Anyone run into this before?
>> bash /app001/eaglei/repo/etc/data-migration.sh -u xxxx -p xxxxxx -r
>> http://localhost:8443 Java info:
>> /usr/bin/java
>> java version "1.7.0_51"
>> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>> OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>
>> using classpath :
>> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-data
>> management.jar:/app001/eaglei/conf
>>
>>
>> ***** There are no special procedures for this release.
>>
>> ***** Standard data migration procedures
>>
>> 2014-08-15 16:06:15,824 ERROR
>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk command
>>did not proceed.
>> org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datatools
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initializ
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandU
>>tils.java:107)
>> at
>> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205)
>>
>>
>> ===== Command did not complete. Root cause: Could not authenticate
>>user. Re-enter username and/or password.
>> Stack trace for diagnosis:
>>
>> org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datatools
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initializ
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandU
>>tils.java:107)
>> at
>> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205)
>>
>> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
>> Sent: Friday, August 15, 2014 14:12
>> To: Norman, Neil
>> Cc: Davis, Ross
>> Subject: Re: [Eagle-i-admins] self signed certificate and
>> data-migration script
>>
>> Hi Neil,
>>
>> Is the password you are typing in the same as available in the derby db?
>>
>> # vim /opt/apache/db-derby-10.10.1.1-bin/bin/setEmbeddedCP
>> Add the following line AFTER the comments but BEFORE the actual
>> script. Change the location accordingly
>> > DERBY_HOME=/opt/Apache/db-derby-10.10.1.1-bin
>> # source !$
>> # sudo -u tomcat /usr/share/tomcat7/bin/catalina.sh stop # java
>> org.apache.derby.tools.ij
>> ij> connect 'jdbc:derby:/opt/eaglei/repo/db/eagle-i-users.derby';
>> ij> select * from users;
>>
>> Ctrl-D to exit the database before starting Tomcat again
>>
>> That will let you confirm you are typing the correct username /
>>password combination. Another institute was misspelling the username a
>>couple of times. Once I pointed out they probably had it misspelled they
>>got right in.
>>
>> -Mike
>>
>>
>> On Aug 15, 2014, at 2:45 PM, "Norman, Neil"
>> <neil.norman at vanderbilt.edu>
>> wrote:
>>
>>
>> Okay, making progress. You were correct it was choking on the cert. I
>>had to create one for tomcat with the hostname "localhost" and added
>>that to my keystore. Now I get the following error. I know this
>>password works for that "victri" user that we have.
>> Java info:
>> /usr/bin/java
>> java version "1.7.0_51"
>> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>> OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>
>> using classpath :
>> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-data
>> management.jar:/app001/eaglei/conf
>>
>>
>> ***** There are no special procedures for this release.
>>
>> ***** Standard data migration procedures
>>
>> 2014-08-15 13:39:23,632 ERROR
>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk command
>>did not proceed.
>> org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datatools
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initializ
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandU
>>tils.java:107)
>> at
>> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205)
>>
>>
>> ===== Command did not complete. Root cause: Could not authenticate
>>user. Re-enter username and/or password.
>> Stack trace for diagnosis:
>>
>> org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datatools
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initializ
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandU
>>tils.java:107)
>> at
>> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205)
>>
>> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
>> Sent: Thursday, August 14, 2014 11:23
>> To: Norman, Neil
>> Subject: Re: [Eagle-i-admins] self signed certificate and
>> data-migration script
>>
>> The INFO warning looks like it can't find your credentials file.
>> Does your tomcat/conf/catalina.properties file have the following line?
>> common.loader=/app001/eaglei/conf,${catalina.base}/lib,${catalina.base
>> }/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
>> Does the credentials file exist in that location?
>>
>> Your ERROR still looks like you need to add the intermediate cert to
>>java. Sadly, missing either the server cert or the intermediate cert
>>causes the same error "PKIX path building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target"
>>
>> -Mike
>>
>> On Aug 14, 2014, at 12:02 PM, "Norman, Neil"
>><neil.norman at vanderbilt.edu> wrote:
>>
>>
>>
>> Okay, that seems to have cleared up the SSL problem, but now it is
>>complaining about class path.
>> Java info:
>> /usr/bin/java
>> java version "1.7.0_51"
>> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>> OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>
>> using classpath :
>> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-data
>> management.jar
>>
>>
>> ***** There are no special procedures for this release.
>>
>> ***** Standard data migration procedures
>>
>> 2014-08-14 10:59:18,739 INFO org.eaglei.utilities.EIAppsConfiguration -
>>org.eaglei.utilities.EIFileException: Could not locate relative file
>>eagle-i-apps-credentials.properties in classpath. ; proceeding without
>>it.
>> 2014-08-14 10:59:19,702 WARN
>> org.eaglei.services.connection.Apache4xHttpConnectionProvider - An ssl
>> exception occurred performing a request to
>> [https://localhost:8443/repository/whoami]
>> 2014-08-14 10:59:19,707 ERROR
>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk command
>>did not proceed.
>> org.eaglei.services.repository.RepositoryProviderException: An SSL
>>exception has occurred.
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnect
>>ion(Apache4xHttpConnectionProvider.java:601)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHttpGet
>>Connection(Apache4xHttpConnectionProvider.java:351)
>> at
>>org.eaglei.services.connection.ConnectionManager.openHttpGetConnection(Co
>>nnectionManager.java:214)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:75)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datatools
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initializ
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandU
>>tils.java:107)
>> at
>> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java
>>:1341)
>> at
>>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:15
>>3)
>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>> at
>>sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>> at
>>sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>> at
>>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java
>>:1312)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(S
>>SLConnectionSocketFactory.java:275)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConn
>>ectionSocketFactory.java:254)
>> at
>>org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClient
>>ConnectionOperator.java:117)
>> at
>>org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(Pool
>>ingHttpClientConnectionManager.java:314)
>> at
>>org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientEx
>>ec.java:363)
>> at
>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java
>>:219)
>> at
>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195
>>)
>> at
>>org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>> at
>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108
>>)
>> at
>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClie
>>nt.java:186)
>> at
>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClie
>>nt.java:82)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnect
>>ion(Apache4xHttpConnectionProvider.java:586)
>> ... 12 more
>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>> at
>>sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:29
>>2)
>> at sun.security.validator.Validator.validate(Validator.java:260)
>> at
>>sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
>>326)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.j
>>ava:231)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManager
>>Impl.java:126)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java
>>:1323)
>> ... 31 more
>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>unable to find valid certification path to requested target
>> at
>>sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPath
>>Builder.java:196)
>> at
>>java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>> ... 37 more
>>
>>
>> ===== Command did not complete. Root cause: An SSL exception has
>>occurred.
>> Stack trace for diagnosis:
>>
>> org.eaglei.services.repository.RepositoryProviderException: An SSL
>>exception has occurred.
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnect
>>ion(Apache4xHttpConnectionProvider.java:601)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHttpGet
>>Connection(Apache4xHttpConnectionProvider.java:351)
>> at
>>org.eaglei.services.connection.ConnectionManager.openHttpGetConnection(Co
>>nnectionManager.java:214)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:75)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datatools
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initializ
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandU
>>tils.java:107)
>> at
>> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java
>>:1341)
>> at
>>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:15
>>3)
>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>> at
>>sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>> at
>>sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>> at
>>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java
>>:1312)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(S
>>SLConnectionSocketFactory.java:275)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConn
>>ectionSocketFactory.java:254)
>> at
>>org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClient
>>ConnectionOperator.java:117)
>> at
>>org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(Pool
>>ingHttpClientConnectionManager.java:314)
>> at
>>org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientEx
>>ec.java:363)
>> at
>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java
>>:219)
>> at
>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195
>>)
>> at
>>org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>> at
>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108
>>)
>> at
>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClie
>>nt.java:186)
>> at
>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClie
>>nt.java:82)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnect
>>ion(Apache4xHttpConnectionProvider.java:586)
>> ... 12 more
>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>> at
>>sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:29
>>2)
>> at sun.security.validator.Validator.validate(Validator.java:260)
>> at
>>sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
>>326)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.j
>>ava:231)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManager
>>Impl.java:126)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java
>>:1323)
>> ... 31 more
>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>unable to find valid certification path to requested target
>> at
>>sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPath
>>Builder.java:196)
>> at
>>java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>> ... 37 more
>>
>> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
>> Sent: Thursday, August 14, 2014 06:14
>> To: Norman, Neil
>> Subject: Re: [Eagle-i-admins] self signed certificate and
>> data-migration script
>>
>> Hi Neil,
>>
>> It looks like you need to add your server certificate to Java. That
>> can be accomplished with the below command
>>
>> keytool -importcert -alias eaglei -file eagle-i.crt -keystore
>> /usr/java/jdk1.7.0_67/jre/lib/security/cacerts -storepass changeit
>>
>> eagle-i.crt is the server certificate your CA gave you. Also the
>>-keystore is the default location for that version of Java but should be
>>similar for your version. Do a search for a file called cacerts just in
>>case. "changeit" is also the default keystore password.
>>
>> If that doesn't fix it you may need to import your intermediate cert
>> into java keytool -import -trustcacerts -alias caint -file
>> intermediateca.cer -keystore
>> /usr/java/jdk1.7.0_67/jre/lib/security/cacerts
>>
>> I can't remember if you need to pass the -storepass argument when doing
>>the intermediate certificate or not.
>>
>> -Mike Carnegie
>> On Aug 13, 2014, at 4:41 PM, "Norman, Neil"
>> <neil.norman at vanderbilt.edu>
>> wrote:
>>
>>
>>
>>
>> When trying to run `data-migration.sh` I get SSL errors occurs. I'm
>>assuming that it doesn't like my certificate.
>> org.eaglei.services.repository.RepositoryProviderException: An SSL
>>exception has occurred.
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnect
>>ion(Apache4xHttpConnectionProvider.java:601)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHttpGet
>>Connection(Apache4xHttpConnectionProvider.java:351)
>> at
>>org.eaglei.services.connection.ConnectionManager.openHttpGetConnection(Co
>>nnectionManager.java:214)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:75)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authentica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datatools
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initializ
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(CommandU
>>tils.java:107)
>> at
>> org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java
>>:1341)
>> at
>>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:15
>>3)
>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>> at
>>sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>> at
>>sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>> at
>>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java
>>:1312)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(S
>>SLConnectionSocketFactory.java:275)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConn
>>ectionSocketFactory.java:254)
>> at
>>org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClient
>>ConnectionOperator.java:117)
>> at
>>org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(Pool
>>ingHttpClientConnectionManager.java:314)
>> at
>>org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientEx
>>ec.java:363)
>> at
>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java
>>:219)
>> at
>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195
>>)
>> at
>>org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>> at
>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108
>>)
>> at
>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClie
>>nt.java:186)
>> at
>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClie
>>nt.java:82)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConnect
>>ion(Apache4xHttpConnectionProvider.java:586)
>> ... 12 more
>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>> at
>>sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:29
>>2)
>> at sun.security.validator.Validator.validate(Validator.java:260)
>> at
>>sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
>>326)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.j
>>ava:231)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManager
>>Impl.java:126)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java
>>:1323)
>> ... 31 more
>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>unable to find valid certification path to requested target
>> at
>>sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPath
>>Builder.java:196)
>> at
>>java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>> ... 37 more
>> _______________________________________________
>> Eagle-i-admins mailing list
>> Eagle-i-admins at open.med.harvard.edu
>> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
>>
>> _______________________________________________
>> Eagle-i-admins mailing list
>> Eagle-i-admins at open.med.harvard.edu
>> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
>
>_______________________________________________
>Eagle-i-admins mailing list
>Eagle-i-admins at open.med.harvard.edu
>https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
More information about the Eagle-i-admins
mailing list