Since I have try to get data from HTTPS.
For that i have configured "GetHTTP" processor with "StandardSSLContextService".
i have Created JKS using KeyTool and imported Security certificate(.CER) file for website into it.
i can able get data from "HTTPS" URL using "GetHTTP" but it not worked in "InvokeHTTP".
I have used GetHTTP for download one file from Server.But i need to download 100 files from Server using Loop.In that case i should not drag the "GetHTTP" processor for 100 files.
That's why i have find loop in NiFi with the InvokeHttp to download 100 files by index 1 to 100 with single processor.
In InvokeHTTP shows following exception but it runs in GetHTTP well.
ERROR [Timer-Driven Process Thread-8] o.a.nifi.processors.standard.InvokeHTTP InvokeHTTP[id=4aa3eb07-8dce-4037-867b-2d36b0b6fab8] Routing to Failure due to exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available
But those changes worked in GetHTTP.
Can anyone guide me solve this?
Related
I have a java web application that runs in WebSphere that need to call to third party service (IBM) to get some response.
At first IBM give me a p12 file, which is contain client certificate, and I test it in Firefox RestClient, the call success and I am getting response code 200 in the RestClient. Else, I will get 403 forbidden. So this is proof that the p12 provided by third party is correct. Please correct me if my statement is wrong.
Thus, I happily import this p12 file into my CellDefaultKeyStore to test the connection on my application. Unfortunately, after I import this p12 file, the nodes status become "unknown", and I cant even "synchronize" them. And when I check server log, I keep seeing
com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by xxx is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
After that I remove it from CellDefaultKeyStore try to import it into NodeDefaultKeyStore, the node issue gone, the node can sync back and my app can call to the third party successfully. I think this is done of my job today, however, this solution is not stable, its only work some times, not every time. The node status will still become "unknown" after a moment, or, if I run ./stopManager.sh and ./startManager.sh, the node issue will immediately come back.
I have try run ./stopNode.sh and ./startNode.sh, there are no error in the log of this 2 shell script. But the WAS Console UI there still showing status is unknown, and I cant even stop start my server through WAS Console.
At first I am thinking its maybe display issue, but this issue will solve if I delete the p12 file from my NodeDefaultKeyStore.
I try google around but end up still cant find any clue. I am not sure is it my configuration or the p12 file having problem.
Which log should I refer to see why the node status will become unknown, or what else I can continue to debug/troubleshoot on this?
You received the certificate for an external service and you want code in Websphere to connect to that service right? The default cell store is not the place to put external connection`s certificates.
Put it in the Trusted keystore. This will tell WebSphere to trust that external connections certificate, enabling your code to connect to it.
You can do it via the console, or using iKeyman directly on the file.
That being said, do not mess with the default certificate in the default keystore. #dbreaux is right on that in the comments.
I have a requirement to pull the files and push the files from FTP Server but I am getting the below error while pulling/fetching the files from/into FTP server. I am using Talend Open Source Data Integration Tool, also tried using custom java code and getting the same error. While I am able to pull and fetch the files using FileZilla FTP Client. I am getting the error when I am trying to pull and push the files.
Error Start ..
com.enterprisedt.net.ftp.ControlChannelIOException: Connection reset
at
com.enterprisedt.net.ftp.FTPControlSocket.readLine(FTPControlSocket.java:1014)
at
com.enterprisedt.net.ftp.FTPControlSocket.readReply(FTPControlSocket.java:1049)
at
com.enterprisedt.net.ftp.FTPControlSocket.sendCommand(FTPControlSocket.java:973)
at
com.enterprisedt.net.ftp.FTPControlSocket.createDataSocketPASV(FTPControlSocket.java:807)
at
com.enterprisedt.net.ftp.FTPControlSocket.createDataSocket(FTPControlSocket.java:563)
at
com.enterprisedt.net.ftp.FTPClient.setupDataSocket(FTPClient.java:2561)
at com.enterprisedt.net.ftp.FTPClient.dir(FTPClient.java:3468) at
vikas_sir.ftp_salesforce_and_vice_verasa_0_1.FTP_Salesforce_AND_Vice_Verasa.tFTPFileList_2Process(FTP_Salesforce_AND_Vice_Verasa.java:488) at
vikas_sir.ftp_salesforce_and_vice_verasa_0_1.FTP_Salesforce_AND_Vice_Verasa.tFTPConnection_1Process(FTP_Salesforce_AND_Vice_Verasa.java:396)
at
vikas_sir.ftp_salesforce_and_vice_verasa_0_1.FTP_Salesforce_AND_Vice_Verasa.runJobInTOS(FTP_Salesforce_AND_Vice_Verasa.java:1085) at
vikas_sir.ftp_salesforce_and_vice_verasa_0_1.FTP_Salesforce_AND_Vice_Verasa.main(FTP_Salesforce_AND_Vice_Verasa.java:942)
Error End ..
I have already tried the below things :
Allowed java application for my firewall e.g java.exe, javaw.exe and etc.
Also tried by disabling the firewall.
used netsh advfirewall set global StatefulFTP disable command as admin.
Disabled my antivirus.
Also added TLS1.1 and TLS 1.2 into .ini file.
Also tried in different Local Machines.
Tried by writing custom java code.
Below is link to the screenshot of the talend job :
Talend Job to pull the files from FTP server
Also when I am trying another FTP credentials, not getting(Can push and pull the files from/into FTP Server) any error.
Please let me know what/where I am doing wrong.
Any help will be greatly appreciated.
Thanks in Advance.
Amit
I am facing a peculiar issue while trying to SFTP a file from Windows to Unix server. The error "stack trace" is -
4: Failure
at com.jcraft.jsch.ChannelSftp.throwStatusError(ChannelSftp.java:2846)
at com.jcraft.jsch.ChannelSftp.checkStatus(ChannelSftp.java:2459)
at com.jcraft.jsch.ChannelSftp._sendCLOSE(ChannelSftp.java:2465)
at com.jcraft.jsch.ChannelSftp._put(ChannelSftp.java:683)
at com.jcraft.jsch.ChannelSftp.put(ChannelSftp.java:475)
at com.jcraft.jsch.ChannelSftp.put(ChannelSftp.java:365)
I have searched a lot on other forums but could not get to the root cause. I have observed one more thing - the file name, I am trying to SFTP, is *.xml when I change it to *.XML the SFTP is "successful". Very weird could not identify the issue. I am trying this using JSch Java API. But I have seen the same issue while trying the WinSCP front end.
It is common for OpenSSH SFTP server to return code 4 (Failure) for many different reasons, without giving any details.
You would have to check SFTP server log to find more.
Though the most usual cause is a lack of free disk or user quota space – Which can usually be identified by the file being created with zero size.
i was facing the same issue. was puzzled then i realized there was a space issue on the server folder. Please do check the server available space.
command: df path to the folder
I was facing the same issue. Please make sure that your SFTP service is running. And If it is already running then restarting this service should do the trick.
I had the same issue. Tried everything, turns out I had set the timeout to what I thought was 30s but it was actually 30ms. Changing it to 30000ms solved the issue.
session.setTimeout(30000);
I've seen this error and the cause in my case was, the uploaded file names weren't supported by the file system used by the SFTP server.
When I try to connect to my EC2 server, using Netbeans(Git-Remote-Push), I get "incorrect credentials coonecting to repository at SSH://xx.xx.xxx.xx/git-repo"
In my ide.log, I get the following message:
"WARNING [org.netbeans.modules.progress.spi.InternalHandle]: Cannot call progress on a task that was never started at org.netbeans.modules.git.client.GitProgressSupport.setProgressMessage(GitProgressSupport.java:247)
INFO [org.netbeans.modules.git.ui.repository.remote.SelectUriStep]: Auth failed when accessing ssh://54.77.226.97/git-repo
com.jcraft.jsch.JSchException: Algorithm negotiation fail"
Steps I have taken to overcome the problem.
I can connect using git-bash OK
I have ussed ssh-keygen to generate the keys
I have downloaded JCE 8 unlimited strength policy files.
Any help much appreciated, thanks
"Algorithm negotiation fail" means that the SSH-Client implementation netbeans uses and the server implementation, cannot find a mutual algorithm to encrypt/compress.
Reason could be that an administrator doesn't want the server to support insecure or doubtful algorithms from now on. So you have to find an update for Netbeans.
Hope you are doing well.I know there are many answers alike to the issue that i am going to ask but still no one seems to help.
Please help!!!
Issue:-
I am trying to connect to a secure website(HTTPS) using WebScarab, so that i can capture the traffic.Http is working fine for me.
For this i am using WebScarab as a proxy.
'client.getHostConfiguration().setProxy("127.0.0.1", 8008);'
but everytime i gets an exception (
SunCertPathBuilderException
) as stated above.
I have tried adding the website certificate to the Java using Keytool utility also.
I then added a proxy (reverse) entry in WebScarab (127.0.0.1 , 443) and changed the program to use it as a proxy server.
'client.getHostConfiguration().setProxy("127.0.0.1", 443);'
Then i got the following exception :-
org.apache.commons.httpclient.ProtocolException: The server stbeehive.oracle.com failed to respond with a valid HTTP response.
I also tried creating a .p12 certificate (for the website which i want to connect to) and importing it to WebScarab.
But inspite of all these methods i am not able to get the proper response.
I am using WebScarab as a proxy for firefox to capture its traffic and it is working fine (for both http and https).
Please help me as i have run out of ideas now :(
Are you using WebScarab or WebScarab-NG?
Please try WebScarab "classic", rather than the -NG variant. NG was a failed experiment, and no real effort was put into validating the client-side certificate functionality.
Also, what version of Java are you using, what operating system, 32 bit or 64-bit, etc, etc
Regards,
Rogan