Hi,
I have running 4.19.01 version of apigee and am trying to add TLS to the components. and am following https://docs.apigee.com/private-cloud/v4.18.05/configuring-ssl-management-api url for configuring ssl on management api.Works when i con figure https://docs.apigee.com/private-cloud/v4.18.05/configuring-ssl-management-api#configuretls according the this link. but when i proceed further to the next (https://docs.apigee.com/private-cloud/v4.18.05/configuring-ssl-management-api#configuretheedgeuitousetlstoaccesstheedgeapi) i couldn't able to login to the UI.
Configuration files are:
[user@ip-x-x-x-x application]# cat management-server.properties
conf_webserver_ssl.enabled=true # Leave conf_webserver_http.turn.off set to false # because many Edge internal calls use HTTP.
conf_webserver_http.turn.off=true
conf_webserver_ssl.port=8443 conf_webserver_keystore.path=/opt/apigee/customer/application/newkestore.jks # Enter the obfuscated keystore password below.
conf_webserver_keystore.password=OBF:adjhdajv131h1541
conf_webserver_cert.alias=alias
====================================================
[user@ip-x-x-x-x application]# cat ui.properties
conf_apigee_apigee.mgmt.baseurl="https://localhost:8443/v1" conf/application.conf+play.ws.ssl.loose.acceptAnyCertificate=true
==================================
found errors on the /opt/apigee/var/log/edge-ui/application.log
2019-03-07 08:51:17,268 [ERROR] from play.core.server.netty.PlayDefaultUpstreamHandler in application-akka.actor.default-dispatcher-26 - Cannot invoke the action java.net.ConnectException: General SSLEngine problem at com.ning.http.client.providers.netty.request.NettyConnectListener.onFutureFailure(NettyConnectListener.java:133) ~[com.ning.async-http-client-1.9.36.jar:na] at com.ning.http.client.providers.netty.request.NettyConnectListener.access$200(NettyConnectListener.java:37) ~[com.ning.async-http-client-1.9.36.jar:na] at com.ning.http.client.providers.netty.request.NettyConnectListener$1.operationComplete(NettyConnectListener.java:104) ~[com.ning.async-http-client-1.9.36.jar:na] at org.jboss.netty.channel.DefaultChannelFuture.notifyListener(DefaultChannelFuture.java:409) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.DefaultChannelFuture.notifyListeners(DefaultChannelFuture.java:395) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.DefaultChannelFuture.setFailure(DefaultChannelFuture.java:362) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1460) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1314) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) ~[io.netty.netty-3.10.5.Final.jar:na] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[na:1.8.0_202] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[na:1.8.0_202] at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_202] Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521) ~[na:1.8.0_202] at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528) ~[na:1.8.0_202] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:802) ~[na:1.8.0_202] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766) ~[na:1.8.0_202] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.8.0_202] at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218) ~[io.netty.netty-3.10.5.Final.jar:na] ... 18 common frames omitted Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_202] at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709) ~[na:1.8.0_202] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318) ~[na:1.8.0_202] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) ~[na:1.8.0_202] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) ~[na:1.8.0_202] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[na:1.8.0_202] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[na:1.8.0_202] at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[na:1.8.0_202] at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[na:1.8.0_202] at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_202] at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[na:1.8.0_202] at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1392) ~[io.netty.netty-3.10.5.Final.jar:na] at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1255) ~[io.netty.netty-3.10.5.Final.jar:na] ... 18 common frames omitted Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_202] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_202] at sun.security.validator.Validator.validate(Validator.java:262) ~[na:1.8.0_202] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_202] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[na:1.8.0_202] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_202] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ~[na:1.8.0_202] ... 26 common frames omitted Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_202] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_202] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_202] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[na:1.8.0_202] ... 32 common frames omitted
Note: Am using self signed certificates for this activity since it is a test environment i have added
conf/application.conf+play.ws.ssl.loose.acceptAnyCertificate=true
Please let me know if am missing anything.
Thanks,
Sridhara K.B
LinkedIn
Twitter
