[Eagle-i-admins] self signed certificate and data-migration script
Norman, Neil
neil.norman at vanderbilt.edu
Tue Aug 19 11:00:52 EDT 2014
Status and Configuration
Repository webapp version: 3.0.4, built 2014-07-09 20:46:20, SCM revision 17340 (on trunk)
OpenRDF Sesame Version: 2.6.10
Java info: Oracle Corporation version 1.7.0_51
JVM info: Oracle Corporation version 24.45-b08, named OpenJDK 64-Bit Server VM, installed in /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51.x86_64/jre
JVM Memory: 204,472,320 bytes allocated, 118,144,992 bytes free, 954,728,448 bytes maximum available. More Details...
Default RDF Namespace: https://testeagle-i.mc.vanderbilt.edu/i/
Home Directory: /app001/eaglei/repo
Log Directory: /app001/eaglei/repo/logs
Dissemination XSLT stylesheet: repository/styles/example.xsl
Uptime: 19:21:22 hrs, started 2014-08-18 14:39:09 CDT
-----Original Message-----
From: Cheng, Sophia [mailto:Sophia_Cheng at hms.harvard.edu]
Sent: Tuesday, August 19, 2014 09:58
To: Norman, Neil; Bourges, Daniela
Cc: eagle-i-admins at open.med.harvard.edu
Subject: Re: [Eagle-i-admins] self signed certificate and data-migration script
Hi Norman,
2) Is the website that you are logging into:
https://ori02lt.ea.vanderbilt.edu:8443/repository/admin?
3 Can you login to the repository via the website and respond with the information under Status & Configuration. This is on the landing page of the repository admin website after you login.
Thanks,
Sophia
On 8/19/14, 10:53 AM, "Norman, Neil" <neil.norman at vanderbilt.edu> wrote:
>The repository.log doesn't have any "whoami" entries in it.
>
>I can log into the site and see the info from whoami with my admin user
>uri username firstname lastname mbox isSuperuser
> "victri" "true"^^<http://www.w3.org/2001/XMLSchema#boolean>
>
>Accesing that page doesn't add anything to the repository log either.
>
>-----Original Message-----
>From: Cheng, Sophia [mailto:Sophia_Cheng at hms.harvard.edu]
>Sent: Tuesday, August 19, 2014 09:00
>To: Norman, Neil; Bourges, Daniela
>Cc: eagle-i-admins at open.med.harvard.edu
>Subject: Re: [Eagle-i-admins] self signed certificate and
>data-migration script
>
>Hi Neil,
>
>I have some sanity checking questions, apologies if they are a bit basic:
>
>1) Verify user login attempt in the repository:
>+--> In the terminal, open the repository log file located
>${REPO_HOME}/logs/repository.log
>+--> Search the file from the bottom for: whoami (case sensitive) You
>+--> should see something like ŒEnding Request /repository/whoami¹ In
>+--> the line above that, verify the parameters for username and roles.
> The roles should be Œhttp://eagle-i.org/ont/repo/1.0/Role_Anonymous,
>http://eagle-i.org/ont/repo/1.0/Role_Authenti
>cated, http://eagle-i.org/ont/repo/1.0/Role_Superuser'
>2) Is the website that you are logging into:
>https://ori02lt.ea.vanderbilt.edu:8443/repository/admin
>3 Can you login to the repository via the website and respond with the
>information under ŒStatus and Configuration¹
>
>Thanks,
>Sophia
>
>
>On 8/18/14, 3:44 PM, "Norman, Neil" <neil.norman at vanderbilt.edu> wrote:
>
>>That doesn't seem to affect the outcome. I have checked that the
>>password is correct as I can login to the web site with it, and that
>>user is listed as an admin.
>>
>>[nrrapp at ori02lt ~]$ bash /app001/eaglei/repo/etc/data-migration.sh -u
>>XXXXXXXXX -p XXXXXX -r https://ori02lt.ea.vanderbilt.edu:8443
>>Java info:
>>/usr/bin/java
>>java version "1.7.0_51"
>>OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>>OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>
>>using classpath :
>>/app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-data
>>m
>>ana
>>gement.jar:/app001/eaglei/conf
>>
>>
>>***** There are no special procedures for this release.
>>
>>***** Standard data migration procedures
>>
>>2014-08-18 14:39:39,694 ERROR
>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk
>>command did not proceed.
>>org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n
>>(St
>>andardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n
>>(St
>>andardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>i
>>cat
>>ionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>i
>>cat
>>ionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>i
>>cat
>>ionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datato
>>o
>>lsS
>>ecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initia
>>l
>>ize
>>(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupA
>>n
>>dEx
>>ecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comma
>>n
>>dUt
>>ils.java:107)
>> at
>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>>e
>>Pre
>>dicate.java:205)
>>
>>
>>===== Command did not complete. Root cause: Could not authenticate user.
>>Re-enter username and/or password.
>>Stack trace for diagnosis:
>>
>>org.eaglei.services.repository.RepositoryProviderException: Could not
>>authenticate user. Re-enter username and/or password.
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n
>>(St
>>andardAuthenticationProvider.java:90)
>> at
>>org.eaglei.services.authentication.StandardAuthenticationProvider.logI
>>n
>>(St
>>andardAuthenticationProvider.java:100)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>i
>>cat
>>ionManager.java:253)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>i
>>cat
>>ionManager.java:223)
>> at
>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authent
>>i
>>cat
>>ionManager.java:175)
>> at
>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datato
>>o
>>lsS
>>ecurityProvider.java:88)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initia
>>l
>>ize
>>(AbstractBulkCommand.java:84)
>> at
>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setupA
>>n
>>dEx
>>ecuteCommand(AbstractBulkCommand.java:178)
>> at
>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comma
>>n
>>dUt
>>ils.java:107)
>> at
>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chang
>>e
>>Pre
>>dicate.java:205)
>>[nrrapp at ori02lt ~]$
>>
>>-----Original Message-----
>>From: Bourges, Daniela [mailto:Daniela_Bourges at hms.harvard.edu]
>>Sent: Monday, August 18, 2014 14:25
>>To: Norman, Neil
>>Cc: eagle-i-admins at open.med.harvard.edu
>>Subject: Re: [Eagle-i-admins] self signed certificate and
>>data-migration script
>>
>>Can you try using the hostname in the command? I'm not sure that
>>localhost is supported.
>>
>>
>>
>>Dr. Daniela Bourges-Waldegg
>>Lead Architect, Harvard Catalyst
>>Harvard Medical School
>>
>>Daniela_Bourges at hms.harvard.edu
>>skype: dbourgesw
>>phone: 617-384-8898 (NEW)
>>
>>
>>
>>On Aug 15, 2014, at 17:10, Norman, Neil <neil.norman at vanderbilt.edu>
>>wrote:
>>
>>> Okay, thanks to Mike I've finally been able to resolve my
>>>certificate issues. But now I get a *new* error. Anyone run into this before?
>>> bash /app001/eaglei/repo/etc/data-migration.sh -u xxxx -p xxxxxx -r
>>> http://localhost:8443 Java info:
>>> /usr/bin/java
>>> java version "1.7.0_51"
>>> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>>>OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>>
>>> using classpath :
>>> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-da
>>> t
>>> a
>>> management.jar:/app001/eaglei/conf
>>>
>>>
>>> ***** There are no special procedures for this release.
>>>
>>> ***** Standard data migration procedures
>>>
>>> 2014-08-15 16:06:15,824 ERROR
>>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk
>>>command did not proceed.
>>> org.eaglei.services.repository.RepositoryProviderException: Could
>>>not authenticate user. Re-enter username and/or password.
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:90)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:100)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:253)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:223)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:175)
>>> at
>>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datat
>>>o
>>>ols
>>>SecurityProvider.java:88)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initi
>>>a
>>>liz
>>>e(AbstractBulkCommand.java:84)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setup
>>>A
>>>ndE
>>>xecuteCommand(AbstractBulkCommand.java:178)
>>> at
>>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comm
>>>a
>>>ndU
>>>tils.java:107)
>>> at
>>>
>>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chan
>>>g
>>> ePredicate.java:205)
>>>
>>>
>>> ===== Command did not complete. Root cause: Could not authenticate
>>>user. Re-enter username and/or password.
>>> Stack trace for diagnosis:
>>>
>>> org.eaglei.services.repository.RepositoryProviderException: Could
>>>not authenticate user. Re-enter username and/or password.
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:90)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:100)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:253)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:223)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:175)
>>> at
>>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datat
>>>o
>>>ols
>>>SecurityProvider.java:88)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initi
>>>a
>>>liz
>>>e(AbstractBulkCommand.java:84)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setup
>>>A
>>>ndE
>>>xecuteCommand(AbstractBulkCommand.java:178)
>>> at
>>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comm
>>>a
>>>ndU
>>>tils.java:107)
>>> at
>>>
>>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chan
>>>g
>>> ePredicate.java:205)
>>>
>>> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
>>> Sent: Friday, August 15, 2014 14:12
>>> To: Norman, Neil
>>> Cc: Davis, Ross
>>> Subject: Re: [Eagle-i-admins] self signed certificate and
>>> data-migration script
>>>
>>> Hi Neil,
>>>
>>> Is the password you are typing in the same as available in the derby
>>>db?
>>>
>>> # vim /opt/apache/db-derby-10.10.1.1-bin/bin/setEmbeddedCP
>>> Add the following line AFTER the comments but BEFORE the actual
>>> script. Change the location accordingly
>>> > DERBY_HOME=/opt/Apache/db-derby-10.10.1.1-bin
>>> # source !$
>>> # sudo -u tomcat /usr/share/tomcat7/bin/catalina.sh stop # java
>>> org.apache.derby.tools.ij
>>> ij> connect 'jdbc:derby:/opt/eaglei/repo/db/eagle-i-users.derby';
>>> ij> select * from users;
>>>
>>> Ctrl-D to exit the database before starting Tomcat again
>>>
>>> That will let you confirm you are typing the correct username /
>>>password combination. Another institute was misspelling the username
>>>a couple of times. Once I pointed out they probably had it misspelled
>>>they got right in.
>>>
>>> -Mike
>>>
>>>
>>> On Aug 15, 2014, at 2:45 PM, "Norman, Neil"
>>> <neil.norman at vanderbilt.edu>
>>> wrote:
>>>
>>>
>>> Okay, making progress. You were correct it was choking on the cert.
>>>I had to create one for tomcat with the hostname "localhost" and
>>>added that to my keystore. Now I get the following error. I know
>>>this password works for that "victri" user that we have.
>>> Java info:
>>> /usr/bin/java
>>> java version "1.7.0_51"
>>> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>>>OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>>
>>> using classpath :
>>> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-da
>>> t
>>> a
>>> management.jar:/app001/eaglei/conf
>>>
>>>
>>> ***** There are no special procedures for this release.
>>>
>>> ***** Standard data migration procedures
>>>
>>> 2014-08-15 13:39:23,632 ERROR
>>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk
>>>command did not proceed.
>>> org.eaglei.services.repository.RepositoryProviderException: Could
>>>not authenticate user. Re-enter username and/or password.
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:90)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:100)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:253)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:223)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:175)
>>> at
>>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datat
>>>o
>>>ols
>>>SecurityProvider.java:88)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initi
>>>a
>>>liz
>>>e(AbstractBulkCommand.java:84)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setup
>>>A
>>>ndE
>>>xecuteCommand(AbstractBulkCommand.java:178)
>>> at
>>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comm
>>>a
>>>ndU
>>>tils.java:107)
>>> at
>>>
>>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chan
>>>g
>>> ePredicate.java:205)
>>>
>>>
>>> ===== Command did not complete. Root cause: Could not authenticate
>>>user. Re-enter username and/or password.
>>> Stack trace for diagnosis:
>>>
>>> org.eaglei.services.repository.RepositoryProviderException: Could
>>>not authenticate user. Re-enter username and/or password.
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:90)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:100)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:253)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:223)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:175)
>>> at
>>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datat
>>>o
>>>ols
>>>SecurityProvider.java:88)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initi
>>>a
>>>liz
>>>e(AbstractBulkCommand.java:84)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setup
>>>A
>>>ndE
>>>xecuteCommand(AbstractBulkCommand.java:178)
>>> at
>>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comm
>>>a
>>>ndU
>>>tils.java:107)
>>> at
>>>
>>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chan
>>>g
>>> ePredicate.java:205)
>>>
>>> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
>>> Sent: Thursday, August 14, 2014 11:23
>>> To: Norman, Neil
>>> Subject: Re: [Eagle-i-admins] self signed certificate and
>>> data-migration script
>>>
>>> The INFO warning looks like it can't find your credentials file.
>>> Does your tomcat/conf/catalina.properties file have the following line?
>>> common.loader=/app001/eaglei/conf,${catalina.base}/lib,${catalina.ba
>>> s e }/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
>>> Does the credentials file exist in that location?
>>>
>>> Your ERROR still looks like you need to add the intermediate cert to
>>>java. Sadly, missing either the server cert or the intermediate cert
>>>causes the same error "PKIX path building failed:
>>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>find valid certification path to requested target"
>>>
>>> -Mike
>>>
>>> On Aug 14, 2014, at 12:02 PM, "Norman, Neil"
>>><neil.norman at vanderbilt.edu> wrote:
>>>
>>>
>>>
>>> Okay, that seems to have cleared up the SSL problem, but now it is
>>>complaining about class path.
>>> Java info:
>>> /usr/bin/java
>>> java version "1.7.0_51"
>>> OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02)
>>>OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)
>>>
>>> using classpath :
>>> /app001/eaglei/repo/etc:/app001/eaglei/repo/etc/eagle-i-datatools-da
>>> t
>>> a
>>> management.jar
>>>
>>>
>>> ***** There are no special procedures for this release.
>>>
>>> ***** Standard data migration procedures
>>>
>>> 2014-08-14 10:59:18,739 INFO
>>>org.eaglei.utilities.EIAppsConfiguration
>>>-
>>>org.eaglei.utilities.EIFileException: Could not locate relative file
>>>eagle-i-apps-credentials.properties in classpath. ; proceeding
>>>without it.
>>> 2014-08-14 10:59:19,702 WARN
>>> org.eaglei.services.connection.Apache4xHttpConnectionProvider - An
>>>ssl exception occurred performing a request to
>>>[https://localhost:8443/repository/whoami]
>>> 2014-08-14 10:59:19,707 ERROR
>>>org.eaglei.datatools.datamanagement.command.CommandUtils - Bulk
>>>command did not proceed.
>>> org.eaglei.services.repository.RepositoryProviderException: An SSL
>>>exception has occurred.
>>> at
>>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openCon
>>>n
>>>ect
>>>ion(Apache4xHttpConnectionProvider.java:601)
>>> at
>>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHtt
>>>p
>>>Get
>>>Connection(Apache4xHttpConnectionProvider.java:351)
>>> at
>>>org.eaglei.services.connection.ConnectionManager.openHttpGetConnectio
>>>n
>>>(Co
>>>nnectionManager.java:214)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:75)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:100)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:253)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:223)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:175)
>>> at
>>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datat
>>>o
>>>ols
>>>SecurityProvider.java:88)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initi
>>>a
>>>liz
>>>e(AbstractBulkCommand.java:84)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setup
>>>A
>>>ndE
>>>xecuteCommand(AbstractBulkCommand.java:178)
>>> at
>>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comm
>>>a
>>>ndU
>>>tils.java:107)
>>> at
>>>
>>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chan
>>>g
>>> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>find valid certification path to requested target
>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>> at
>>>sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>>> at
>>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
>>>j
>>>ava
>>>:1341)
>>> at
>>>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
>>>a
>>>:15
>>>3)
>>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>>> at
>>>sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>>> at
>>>sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>>> at
>>>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
>>>j
>>>ava
>>>:1312)
>>> at
>>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>>> at
>>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>>> at
>>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSock
>>>e
>>>t(S
>>>SLConnectionSocketFactory.java:275)
>>> at
>>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSL
>>>C
>>>onn
>>>ectionSocketFactory.java:254)
>>> at
>>>org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpCl
>>>i
>>>ent
>>>ConnectionOperator.java:117)
>>> at
>>>org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(
>>>P
>>>ool
>>>ingHttpClientConnectionManager.java:314)
>>> at
>>>org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClie
>>>n
>>>tEx
>>>ec.java:363)
>>> at
>>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.
>>>j
>>>ava
>>>:219)
>>> at
>>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:
>>>195
>>>)
>>> at
>>>org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>>> at
>>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:
>>>108
>>>)
>>> at
>>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttp
>>>C
>>>lie
>>>nt.java:186)
>>> at
>>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp
>>>C
>>>lie
>>>nt.java:82)
>>> at
>>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openCon
>>>n
>>>ect
>>>ion(Apache4xHttpConnectionProvider.java:586)
>>> ... 12 more
>>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>>building failed:
>>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>find valid certification path to requested target
>>> at
>>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>>> at
>>>sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
>>>a
>>>:29
>>>2)
>>> at
>>>sun.security.validator.Validator.validate(Validator.java:260)
>>> at
>>>sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j
>>>ava
>>>:
>>>326)
>>> at
>>>sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm
>>>p
>>>l.j
>>>ava:231)
>>> at
>>>sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan
>>>a
>>>ger
>>>Impl.java:126)
>>> at
>>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
>>>j
>>>ava
>>>:1323)
>>> ... 31 more
>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>>unable to find valid certification path to requested target
>>> at
>>>sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert
>>>P
>>>ath
>>>Builder.java:196)
>>> at
>>>java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>>> at
>>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>>> ... 37 more
>>>
>>>
>>> ===== Command did not complete. Root cause: An SSL exception has
>>>occurred.
>>> Stack trace for diagnosis:
>>>
>>> org.eaglei.services.repository.RepositoryProviderException: An SSL
>>>exception has occurred.
>>> at
>>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openCon
>>>n
>>>ect
>>>ion(Apache4xHttpConnectionProvider.java:601)
>>> at
>>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHtt
>>>p
>>>Get
>>>Connection(Apache4xHttpConnectionProvider.java:351)
>>> at
>>>org.eaglei.services.connection.ConnectionManager.openHttpGetConnectio
>>>n
>>>(Co
>>>nnectionManager.java:214)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:75)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:100)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:253)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:223)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:175)
>>> at
>>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datat
>>>o
>>>ols
>>>SecurityProvider.java:88)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initi
>>>a
>>>liz
>>>e(AbstractBulkCommand.java:84)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setup
>>>A
>>>ndE
>>>xecuteCommand(AbstractBulkCommand.java:178)
>>> at
>>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comm
>>>a
>>>ndU
>>>tils.java:107)
>>> at
>>>
>>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chan
>>>g
>>> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>find valid certification path to requested target
>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>> at
>>>sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>>> at
>>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
>>>j
>>>ava
>>>:1341)
>>> at
>>>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
>>>a
>>>:15
>>>3)
>>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>>> at
>>>sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>>> at
>>>sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>>> at
>>>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
>>>j
>>>ava
>>>:1312)
>>> at
>>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>>> at
>>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>>> at
>>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSock
>>>e
>>>t(S
>>>SLConnectionSocketFactory.java:275)
>>> at
>>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSL
>>>C
>>>onn
>>>ectionSocketFactory.java:254)
>>> at
>>>org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpCl
>>>i
>>>ent
>>>ConnectionOperator.java:117)
>>> at
>>>org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(
>>>P
>>>ool
>>>ingHttpClientConnectionManager.java:314)
>>> at
>>>org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClie
>>>n
>>>tEx
>>>ec.java:363)
>>> at
>>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.
>>>j
>>>ava
>>>:219)
>>> at
>>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:
>>>195
>>>)
>>> at
>>>org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>>> at
>>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:
>>>108
>>>)
>>> at
>>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttp
>>>C
>>>lie
>>>nt.java:186)
>>> at
>>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp
>>>C
>>>lie
>>>nt.java:82)
>>> at
>>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openCon
>>>n
>>>ect
>>>ion(Apache4xHttpConnectionProvider.java:586)
>>> ... 12 more
>>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>>building failed:
>>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>find valid certification path to requested target
>>> at
>>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>>> at
>>>sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
>>>a
>>>:29
>>>2)
>>> at
>>>sun.security.validator.Validator.validate(Validator.java:260)
>>> at
>>>sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j
>>>ava
>>>:
>>>326)
>>> at
>>>sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm
>>>p
>>>l.j
>>>ava:231)
>>> at
>>>sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan
>>>a
>>>ger
>>>Impl.java:126)
>>> at
>>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
>>>j
>>>ava
>>>:1323)
>>> ... 31 more
>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>>unable to find valid certification path to requested target
>>> at
>>>sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert
>>>P
>>>ath
>>>Builder.java:196)
>>> at
>>>java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>>> at
>>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>>> ... 37 more
>>>
>>> From: Mike Carnegie [mailto:mcarnegie at hmc.psu.edu]
>>> Sent: Thursday, August 14, 2014 06:14
>>> To: Norman, Neil
>>> Subject: Re: [Eagle-i-admins] self signed certificate and
>>> data-migration script
>>>
>>> Hi Neil,
>>>
>>> It looks like you need to add your server certificate to Java. That
>>> can be accomplished with the below command
>>>
>>> keytool -importcert -alias eaglei -file eagle-i.crt -keystore
>>> /usr/java/jdk1.7.0_67/jre/lib/security/cacerts -storepass changeit
>>>
>>> eagle-i.crt is the server certificate your CA gave you. Also the
>>>-keystore is the default location for that version of Java but should
>>>be similar for your version. Do a search for a file called cacerts
>>>just in case. "changeit" is also the default keystore password.
>>>
>>> If that doesn't fix it you may need to import your intermediate cert
>>> into java keytool -import -trustcacerts -alias caint -file
>>> intermediateca.cer -keystore
>>> /usr/java/jdk1.7.0_67/jre/lib/security/cacerts
>>>
>>> I can't remember if you need to pass the -storepass argument when
>>>doing the intermediate certificate or not.
>>>
>>> -Mike Carnegie
>>> On Aug 13, 2014, at 4:41 PM, "Norman, Neil"
>>> <neil.norman at vanderbilt.edu>
>>> wrote:
>>>
>>>
>>>
>>>
>>> When trying to run `data-migration.sh` I get SSL errors occurs. I'm
>>>assuming that it doesn't like my certificate.
>>> org.eaglei.services.repository.RepositoryProviderException: An SSL
>>>exception has occurred.
>>> at
>>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openCon
>>>n
>>>ect
>>>ion(Apache4xHttpConnectionProvider.java:601)
>>> at
>>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openHtt
>>>p
>>>Get
>>>Connection(Apache4xHttpConnectionProvider.java:351)
>>> at
>>>org.eaglei.services.connection.ConnectionManager.openHttpGetConnectio
>>>n
>>>(Co
>>>nnectionManager.java:214)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:75)
>>> at
>>>org.eaglei.services.authentication.StandardAuthenticationProvider.log
>>>I
>>>n(S
>>>tandardAuthenticationProvider.java:100)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:253)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:223)
>>> at
>>>org.eaglei.services.authentication.AuthenticationManager.logIn(Authen
>>>t
>>>ica
>>>tionManager.java:175)
>>> at
>>>org.eaglei.datatools.repository.DatatoolsSecurityProvider.login(Datat
>>>o
>>>ols
>>>SecurityProvider.java:88)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.initi
>>>a
>>>liz
>>>e(AbstractBulkCommand.java:84)
>>> at
>>>org.eaglei.datatools.datamanagement.command.AbstractBulkCommand.setup
>>>A
>>>ndE
>>>xecuteCommand(AbstractBulkCommand.java:178)
>>> at
>>>org.eaglei.datatools.datamanagement.command.CommandUtils.execute(Comm
>>>a
>>>ndU
>>>tils.java:107)
>>> at
>>>
>>>org.eaglei.datatools.datamanagement.command.ChangePredicate.main(Chan
>>>g
>>> ePredicate.java:205) Caused by: javax.net.ssl.SSLHandshakeException:
>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>find valid certification path to requested target
>>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>> at
>>>sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
>>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
>>> at
>>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
>>>j
>>>ava
>>>:1341)
>>> at
>>>sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
>>>a
>>>:15
>>>3)
>>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>>> at
>>>sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>>> at
>>>sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>>> at
>>>sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
>>>j
>>>ava
>>>:1312)
>>> at
>>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>>> at
>>>sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>>> at
>>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSock
>>>e
>>>t(S
>>>SLConnectionSocketFactory.java:275)
>>> at
>>>org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSL
>>>C
>>>onn
>>>ectionSocketFactory.java:254)
>>> at
>>>org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpCl
>>>i
>>>ent
>>>ConnectionOperator.java:117)
>>> at
>>>org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(
>>>P
>>>ool
>>>ingHttpClientConnectionManager.java:314)
>>> at
>>>org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClie
>>>n
>>>tEx
>>>ec.java:363)
>>> at
>>>org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.
>>>j
>>>ava
>>>:219)
>>> at
>>>org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:
>>>195
>>>)
>>> at
>>>org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
>>> at
>>>org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:
>>>108
>>>)
>>> at
>>>org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttp
>>>C
>>>lie
>>>nt.java:186)
>>> at
>>>org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttp
>>>C
>>>lie
>>>nt.java:82)
>>> at
>>>org.eaglei.services.connection.Apache4xHttpConnectionProvider.openCon
>>>n
>>>ect
>>>ion(Apache4xHttpConnectionProvider.java:586)
>>> ... 12 more
>>> Caused by: sun.security.validator.ValidatorException: PKIX path
>>>building failed:
>>>sun.security.provider.certpath.SunCertPathBuilderException: unable to
>>>find valid certification path to requested target
>>> at
>>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
>>> at
>>>sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
>>>a
>>>:29
>>>2)
>>> at
>>>sun.security.validator.Validator.validate(Validator.java:260)
>>> at
>>>sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j
>>>ava
>>>:
>>>326)
>>> at
>>>sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm
>>>p
>>>l.j
>>>ava:231)
>>> at
>>>sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan
>>>a
>>>ger
>>>Impl.java:126)
>>> at
>>>sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
>>>j
>>>ava
>>>:1323)
>>> ... 31 more
>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>>unable to find valid certification path to requested target
>>> at
>>>sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert
>>>P
>>>ath
>>>Builder.java:196)
>>> at
>>>java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
>>> at
>>>sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>>> ... 37 more
>>> _______________________________________________
>>> Eagle-i-admins mailing list
>>> Eagle-i-admins at open.med.harvard.edu
>>> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
>>>
>>> _______________________________________________
>>> Eagle-i-admins mailing list
>>> Eagle-i-admins at open.med.harvard.edu
>>> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
>>
>>_______________________________________________
>>Eagle-i-admins mailing list
>>Eagle-i-admins at open.med.harvard.edu
>>https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins
>
More information about the Eagle-i-admins
mailing list