[Eagle-i-admins] self signed certificate and data-migration script
Norman, Neil
neil.norman at vanderbilt.edu
Tue Aug 19 10:53:47 EDT 2014
The repository.log doesn't have any "whoami" entries in it.
I can log into the site and see the info from whoami with my admin user
uri username firstname lastname mbox isSuperuser
"victri" "true"^^<http://www.w3.org/2001/XMLSchema#boolean>
Accesing that page doesn't add anything to the repository log either.
-----Original Message-----
From: Cheng, Sophia [mailto:Sophia_Cheng at hms.harvard.edu]
Sent: Tuesday, August 19, 2014 09:00
To: Norman, Neil; Bourges, Daniela
Cc: eagle-i-admins at open.med.harvard.edu
Subject: Re: [Eagle-i-admins] self signed certificate and data-migration script
Hi Neil,
I have some sanity checking questions, apologies if they are a bit basic:
1) Verify user login attempt in the repository:
+--> In the terminal, open the repository log file located
${REPO_HOME}/logs/repository.log
+--> Search the file from the bottom for: whoami (case sensitive) You
+--> should see something like ŒEnding Request /repository/whoami¹ In
+--> the line above that, verify the parameters for username and roles.
The roles should be Œhttp://eagle-i.org/ont/repo/1.0/Role_Anonymous,
http://eagle-i.org/ont/repo/1.0/Role_Authenti
cated, http://eagle-i.org/ont/repo/1.0/Role_Superuser'
2) Is the website that you are logging into:
https://ori02lt.ea.vanderbilt.edu:8443/repository/admin
3 Can you login to the repository via the website and respond with the information under ŒStatus and Configuration¹
Thanks,
Sophia
On 8/18/14, 3:44 PM, "Norman, Neil" <neil.norman at vanderbilt.edu> wrote:
>That doesn't seem to affect the outcome. I have checked that the
>password is correct as I can login to the web site with it, and that
>user is listed as an admin.
>
>[nrrapp at ori02lt ~]$ bash /app001/eaglei/repo/etc/data-migration.sh -u
>XXXXXXXXX -p XXXXXX -r https://ori02lt.ea.vanderbilt.edu:8443
>Java info:
>/usr/bin/java
>java version "1.7.0_51"
>OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02) OpenJDK
>64-Bit Server VM (build 24.45-b08, mixed mode)
>
>using classpath :
>/app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-datam
>ana
>gement.jar:/app001/eaglei/conf
>
>
>***** There are no special procedures for this release.
>
>***** Standard data migration procedures
>
>2014-08-18 14:39:39,694 ERROR
>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk command
>did not proceed.
>org.eaglei.services.repository.RepositoryProviderException: Could not
>authenticate user. Re-enter username and/or password.
> at
>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn
>(St
>andardAuthenticationProvider.java:90)
> at
>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn
>(St
>andardAuthenticationProvider.java:100)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenti
>cat
>ionManager.java:253)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenti
>cat
>ionManager.java:223)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenti
>cat
>ionManager.java:175)
> at
>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datatoo
>lsS
>ecurityProvider.java:88)
> at
>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initial
>ize
>(AbstractBulkCommand.java:84)
> at
>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAn
>dEx
>ecuteCommand(AbstractBulkCommand.java:178)
> at
>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comman
>dUt
>ils.java:107)
> at
>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Change
>Pre
>dicate.java:205)
>
>
>===== Command did not complete. Root cause: Could not authenticate user.
>Re-enter username and/or password.
>Stack trace for diagnosis:
>
>org.eaglei.services.repository.RepositoryProviderException: Could not
>authenticate user. Re-enter username and/or password.
> at
>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn
>(St
>andardAuthenticationProvider.java:90)
> at
>org.eaglei.services.authentication.StandardAuthenticationProvider.logIn
>(St
>andardAuthenticationProvider.java:100)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenti
>cat
>ionManager.java:253)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenti
>cat
>ionManager.java:223)
> at
>org.eaglei.services.authentication.AuthenticationManager.logIn(Authenti
>cat
>ionManager.java:175)
> at
>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datatoo
>lsS
>ecurityProvider.java:88)
> at
>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initial
>ize
>(AbstractBulkCommand.java:84)
> at
>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupAn
>dEx
>ecuteCommand(AbstractBulkCommand.java:178)
> at
>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comman
>dUt
>ils.java:107)
> at
>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Change
>Pre
>dicate.java:205)
>[nrrapp at ori02lt ~]$
>
>-----Original Message-----
>From: Bourges, Daniela [mailto:Daniela_Bourges at hms.harvard.edu]
>Sent: Monday, August 18, 2014 14:25
>To: Norman, Neil
>Cc: eagle-i-admins at open.med.harvard.edu
>Subject: Re: [Eagle-i-admins] self signed certificate and
>data-migration script
>
>Can you try using the hostname in the command? I'm not sure that
>localhost is supported.
>
>
>
>Dr. Daniela Bourges-Waldegg
>Lead Architect, Harvard Catalyst
>Harvard Medical School
>
>Daniela_Bourges at hms.harvard.edu
>skype: dbourgesw
>phone: 617-384-8898 (NEW)
>
>
>
>On Aug 15, 2014, at 17:10, Norman, Neil <neil.norman at vanderbilt.edu>
>wrote:
>
>> Okay, thanks to Mike I've finally been able to resolve my certificate
>>issues. But now I get a *new* error. Anyone run into this before?
>> bash /app001/eaglei/repo/etc/data-migration.sh -u xxxx -p xxxxxx -r
>> http://localhost:8443 Java info:
>> /usr/bin/java
>> java version "1.7.0_51"
>> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>>OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>
>> using classpath :
>> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-dat
>> a
>> management.jar:/app001/eaglei/conf
>>
>>
>> ***** There are no special procedures for this release.
>>
>> ***** Standard data migration procedures
>>
>> 2014-08-15 16:06:15,824 ERROR
>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk
>>command did not proceed.
>> org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datato
>>ols
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initia
>>liz
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupA
>>ndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comma
>>ndU
>>tils.java:107)
>> at
>>
>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205)
>>
>>
>> ===== Command did not complete. Root cause: Could not authenticate
>>user. Re-enter username and/or password.
>> Stack trace for diagnosis:
>>
>> org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datato
>>ols
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initia
>>liz
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupA
>>ndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comma
>>ndU
>>tils.java:107)
>> at
>>
>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205)
>>
>> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
>> Sent: Friday, August 15, 2014 14:12
>> To: Norman, Neil
>> Cc: Davis, Ross
>> Subject: Re: [Eagle-i-admins] self signed certificate and
>> data-migration script
>>
>> Hi Neil,
>>
>> Is the password you are typing in the same as available in the derby db?
>>
>> # vim /opt/apache/db-derby-10.10.1.1-bin/bin/setEmbeddedCP
>> Add the following line AFTER the comments but BEFORE the actual
>> script. Change the location accordingly
>> > DERBY_HOME=/opt/Apache/db-derby-10.10.1.1-bin
>> # source !$
>> # sudo -u tomcat /usr/share/tomcat7/bin/catalina.sh stop # java
>> org.apache.derby.tools.ij
>> ij> connect 'jdbc:derby:/opt/eaglei/repo/db/eagle-i-users.derby';
>> ij> select * from users;
>>
>> Ctrl-D to exit the database before starting Tomcat again
>>
>> That will let you confirm you are typing the correct username /
>>password combination. Another institute was misspelling the username a
>>couple of times. Once I pointed out they probably had it misspelled
>>they got right in.
>>
>> -Mike
>>
>>
>> On Aug 15, 2014, at 2:45 PM, "Norman, Neil"
>> <neil.norman at vanderbilt.edu>
>> wrote:
>>
>>
>> Okay, making progress. You were correct it was choking on the cert.
>>I had to create one for tomcat with the hostname "localhost" and added
>>that to my keystore. Now I get the following error. I know this
>>password works for that "victri" user that we have.
>> Java info:
>> /usr/bin/java
>> java version "1.7.0_51"
>> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>>OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>
>> using classpath :
>> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-dat
>> a
>> management.jar:/app001/eaglei/conf
>>
>>
>> ***** There are no special procedures for this release.
>>
>> ***** Standard data migration procedures
>>
>> 2014-08-15 13:39:23,632 ERROR
>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk
>>command did not proceed.
>> org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datato
>>ols
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initia
>>liz
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupA
>>ndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comma
>>ndU
>>tils.java:107)
>> at
>>
>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205)
>>
>>
>> ===== Command did not complete. Root cause: Could not authenticate
>>user. Re-enter username and/or password.
>> Stack trace for diagnosis:
>>
>> org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datato
>>ols
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initia
>>liz
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupA
>>ndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comma
>>ndU
>>tils.java:107)
>> at
>>
>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205)
>>
>> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
>> Sent: Thursday, August 14, 2014 11:23
>> To: Norman, Neil
>> Subject: Re: [Eagle-i-admins] self signed certificate and
>> data-migration script
>>
>> The INFO warning looks like it can't find your credentials file.
>> Does your tomcat/conf/catalina.properties file have the following line?
>> common.loader=/app001/eaglei/conf,${catalina.base}/lib,${catalina.bas
>> e }/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
>> Does the credentials file exist in that location?
>>
>> Your ERROR still looks like you need to add the intermediate cert to
>>java. Sadly, missing either the server cert or the intermediate cert
>>causes the same error "PKIX path building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target"
>>
>> -Mike
>>
>> On Aug 14, 2014, at 12:02 PM, "Norman, Neil"
>><neil.norman at vanderbilt.edu> wrote:
>>
>>
>>
>> Okay, that seems to have cleared up the SSL problem, but now it is
>>complaining about class path.
>> Java info:
>> /usr/bin/java
>> java version "1.7.0_51"
>> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>>OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>
>> using classpath :
>> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-dat
>> a
>> management.jar
>>
>>
>> ***** There are no special procedures for this release.
>>
>> ***** Standard data migration procedures
>>
>> 2014-08-14 10:59:18,739 INFO org.eaglei.utilities.EIAppsConfiguration
>>-
>>org.eaglei.utilities.EIFileException: Could not locate relative file
>>eagle-i-apps-credentials.properties in classpath. ; proceeding without
>>it.
>> 2014-08-14 10:59:19,702 WARN
>> org.eaglei.services.connection.Apache4xHttpConnectionProvider - An
>>ssl exception occurred performing a request to
>>[https://localhost:8443/repository/whoami]
>> 2014-08-14 10:59:19,707 ERROR
>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk
>>command did not proceed.
>> org.eaglei.services.repository.RepositoryProviderException: An SSL
>>exception has occurred.
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConn
>>ect
>>ion(Apache4xHttpConnectionProvider.java:601)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHttp
>>Get
>>Connection(Apache4xHttpConnectionProvider.java:351)
>> at
>>org.eaglei.services.connection.ConnectionManager.openHttpGetConnection
>>(Co
>>nnectionManager.java:214)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:75)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datato
>>ols
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initia
>>liz
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupA
>>ndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comma
>>ndU
>>tils.java:107)
>> at
>>
>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.j
>>ava
>>:1341)
>> at
>>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java
>>:15
>>3)
>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>> at
>>sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>> at
>>sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>> at
>>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.j
>>ava
>>:1312)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocke
>>t(S
>>SLConnectionSocketFactory.java:275)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLC
>>onn
>>ectionSocketFactory.java:254)
>> at
>>org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpCli
>>ent
>>ConnectionOperator.java:117)
>> at
>>org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(P
>>ool
>>ingHttpClientConnectionManager.java:314)
>> at
>>org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClien
>>tEx
>>ec.java:363)
>> at
>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.j
>>ava
>>:219)
>> at
>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:
>>195
>>)
>> at
>>org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>> at
>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:
>>108
>>)
>> at
>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpC
>>lie
>>nt.java:186)
>> at
>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpC
>>lie
>>nt.java:82)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConn
>>ect
>>ion(Apache4xHttpConnectionProvider.java:586)
>> ... 12 more
>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>> at
>>sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java
>>:29
>>2)
>> at sun.security.validator.Validator.validate(Validator.java:260)
>> at
>>sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
>>326)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImp
>>l.j
>>ava:231)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMana
>>ger
>>Impl.java:126)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.j
>>ava
>>:1323)
>> ... 31 more
>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>unable to find valid certification path to requested target
>> at
>>sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertP
>>ath
>>Builder.java:196)
>> at
>>java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>> ... 37 more
>>
>>
>> ===== Command did not complete. Root cause: An SSL exception has
>>occurred.
>> Stack trace for diagnosis:
>>
>> org.eaglei.services.repository.RepositoryProviderException: An SSL
>>exception has occurred.
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConn
>>ect
>>ion(Apache4xHttpConnectionProvider.java:601)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHttp
>>Get
>>Connection(Apache4xHttpConnectionProvider.java:351)
>> at
>>org.eaglei.services.connection.ConnectionManager.openHttpGetConnection
>>(Co
>>nnectionManager.java:214)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:75)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datato
>>ols
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initia
>>liz
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupA
>>ndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comma
>>ndU
>>tils.java:107)
>> at
>>
>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.j
>>ava
>>:1341)
>> at
>>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java
>>:15
>>3)
>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>> at
>>sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>> at
>>sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>> at
>>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.j
>>ava
>>:1312)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocke
>>t(S
>>SLConnectionSocketFactory.java:275)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLC
>>onn
>>ectionSocketFactory.java:254)
>> at
>>org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpCli
>>ent
>>ConnectionOperator.java:117)
>> at
>>org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(P
>>ool
>>ingHttpClientConnectionManager.java:314)
>> at
>>org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClien
>>tEx
>>ec.java:363)
>> at
>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.j
>>ava
>>:219)
>> at
>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:
>>195
>>)
>> at
>>org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>> at
>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:
>>108
>>)
>> at
>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpC
>>lie
>>nt.java:186)
>> at
>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpC
>>lie
>>nt.java:82)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConn
>>ect
>>ion(Apache4xHttpConnectionProvider.java:586)
>> ... 12 more
>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>> at
>>sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java
>>:29
>>2)
>> at sun.security.validator.Validator.validate(Validator.java:260)
>> at
>>sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
>>326)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImp
>>l.j
>>ava:231)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMana
>>ger
>>Impl.java:126)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.j
>>ava
>>:1323)
>> ... 31 more
>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>unable to find valid certification path to requested target
>> at
>>sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertP
>>ath
>>Builder.java:196)
>> at
>>java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>> ... 37 more
>>
>> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
>> Sent: Thursday, August 14, 2014 06:14
>> To: Norman, Neil
>> Subject: Re: [Eagle-i-admins] self signed certificate and
>> data-migration script
>>
>> Hi Neil,
>>
>> It looks like you need to add your server certificate to Java. That
>> can be accomplished with the below command
>>
>> keytool -importcert -alias eaglei -file eagle-i.crt -keystore
>> /usr/java/jdk1.7.0_67/jre/lib/security/cacerts -storepass changeit
>>
>> eagle-i.crt is the server certificate your CA gave you. Also the
>>-keystore is the default location for that version of Java but should
>>be similar for your version. Do a search for a file called cacerts
>>just in case. "changeit" is also the default keystore password.
>>
>> If that doesn't fix it you may need to import your intermediate cert
>> into java keytool -import -trustcacerts -alias caint -file
>> intermediateca.cer -keystore
>> /usr/java/jdk1.7.0_67/jre/lib/security/cacerts
>>
>> I can't remember if you need to pass the -storepass argument when
>>doing the intermediate certificate or not.
>>
>> -Mike Carnegie
>> On Aug 13, 2014, at 4:41 PM, "Norman, Neil"
>> <neil.norman at vanderbilt.edu>
>> wrote:
>>
>>
>>
>>
>> When trying to run `data-migration.sh` I get SSL errors occurs. I'm
>>assuming that it doesn't like my certificate.
>> org.eaglei.services.repository.RepositoryProviderException: An SSL
>>exception has occurred.
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConn
>>ect
>>ion(Apache4xHttpConnectionProvider.java:601)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHttp
>>Get
>>Connection(Apache4xHttpConnectionProvider.java:351)
>> at
>>org.eaglei.services.connection.ConnectionManager.openHttpGetConnection
>>(Co
>>nnectionManager.java:214)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:75)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n(S
>>tandardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>ica
>>tionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datato
>>ols
>>SecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initia
>>liz
>>e(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupA
>>ndE
>>xecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comma
>>ndU
>>tils.java:107)
>> at
>>
>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.j
>>ava
>>:1341)
>> at
>>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java
>>:15
>>3)
>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>> at
>>sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>> at
>>sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>> at
>>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.j
>>ava
>>:1312)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>> at
>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocke
>>t(S
>>SLConnectionSocketFactory.java:275)
>> at
>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLC
>>onn
>>ectionSocketFactory.java:254)
>> at
>>org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpCli
>>ent
>>ConnectionOperator.java:117)
>> at
>>org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(P
>>ool
>>ingHttpClientConnectionManager.java:314)
>> at
>>org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClien
>>tEx
>>ec.java:363)
>> at
>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.j
>>ava
>>:219)
>> at
>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:
>>195
>>)
>> at
>>org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>> at
>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:
>>108
>>)
>> at
>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpC
>>lie
>>nt.java:186)
>> at
>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpC
>>lie
>>nt.java:82)
>> at
>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openConn
>>ect
>>ion(Apache4xHttpConnectionProvider.java:586)
>> ... 12 more
>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>building failed:
>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>find valid certification path to requested target
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>> at
>>sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java
>>:29
>>2)
>> at sun.security.validator.Validator.validate(Validator.java:260)
>> at
>>sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:
>>326)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImp
>>l.j
>>ava:231)
>> at
>>sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMana
>>ger
>>Impl.java:126)
>> at
>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.j
>>ava
>>:1323)
>> ... 31 more
>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>unable to find valid certification path to requested target
>> at
>>sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertP
>>ath
>>Builder.java:196)
>> at
>>java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>> at
>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>> ... 37 more
>> _______________________________________________
>> Eagle-i-admins mailing list
>> Eagle-i-admins at open.med.harvard.edu
>> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
>>
>> _______________________________________________
>> Eagle-i-admins mailing list
>> Eagle-i-admins at open.med.harvard.edu
>> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
>
>_______________________________________________
>Eagle-i-admins mailing list
>Eagle-i-admins at open.med.harvard.edu
>https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
More information about the Eagle-i-admins
mailing list