VMware Cloud Community
dcoulter
Enthusiast
Enthusiast
Jump to solution

WaveMaker 6.5 and vCO 5.1 - default self signed certs

This is a bit off topic, but I'm curious if anyone out there has successfully connected WaveMaker 6.5.x (web service) to vCO 5.1 (SOAP or REST) when vCO is configured using the default self signed SSL certs (vanilla vCO 5.1 appliance).

I get the following error even after importing the "localhost.localdom" cert from vCO into my Java keystore/restarting WaveMaker:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Looks like real certs should work or if you signed them from your own CA, but that's not the case with the out-of-the-box vCO appliance.

Related links:

http://mighty-virtualization.blogspot.com/2012/09/wavemaker-handling-ssl-certificates.html?showComme...

http://dev.wavemaker.com/forums/?q=node/8424

Reply
0 Kudos
1 Solution

Accepted Solutions
tschoergez
Leadership
Leadership
Jump to solution

Hi!

I think the hostname of the certificate has to match the hostname you are trying to reach.

So the default certificate localhost.localdom would only work, if you try to connect to vCO with localhost.localdom (it might be worth a quick shot editing the hosts-file on your wavemaker system 🙂

To change the certificate on vCO to match the actual hostname of the vCO box, see here:

http://www.vcoteam.info/learn-vco/work-with-vco-over-ssl.html

http://enterpriseadmins.org/blog/virtualization/vco-appliance-and-ssl-certificates/

After chaning this, and deleting the old one and importing the new one to wavemaker's keystore it should work... Let us know! 🙂

As heavy-weight workaround: You can skip using WaveMaker's webService tool, and create your own JavaService. See an example here: http://blog.mightycare.de/en/2012/06/wavemaker-spring-and-vmware-infrastructure/

PS: The example there uses the old SOAP API of vCO, but you'll get the idea (and java bindings for the new REST API from https://yourvcoserver:8281/api/docs/downloads.html

PPS: It's in German, but you can download the example project at the end of the article. If you need a translation/further discussion about this, let me know...

Cheers,

Joerg

View solution in original post

Reply
0 Kudos
10 Replies
tschoergez
Leadership
Leadership
Jump to solution

Hi!

I think the hostname of the certificate has to match the hostname you are trying to reach.

So the default certificate localhost.localdom would only work, if you try to connect to vCO with localhost.localdom (it might be worth a quick shot editing the hosts-file on your wavemaker system 🙂

To change the certificate on vCO to match the actual hostname of the vCO box, see here:

http://www.vcoteam.info/learn-vco/work-with-vco-over-ssl.html

http://enterpriseadmins.org/blog/virtualization/vco-appliance-and-ssl-certificates/

After chaning this, and deleting the old one and importing the new one to wavemaker's keystore it should work... Let us know! 🙂

As heavy-weight workaround: You can skip using WaveMaker's webService tool, and create your own JavaService. See an example here: http://blog.mightycare.de/en/2012/06/wavemaker-spring-and-vmware-infrastructure/

PS: The example there uses the old SOAP API of vCO, but you'll get the idea (and java bindings for the new REST API from https://yourvcoserver:8281/api/docs/downloads.html

PPS: It's in German, but you can download the example project at the end of the article. If you need a translation/further discussion about this, let me know...

Cheers,

Joerg

Reply
0 Kudos
dcoulter
Enthusiast
Enthusiast
Jump to solution

Thanks for the helpful and quick response, however still having trouble...

Tried the quick change of adding localhost.localdom to my /etc/hosts file, no luck.

Also tried the following:

  • changed the hostname on vCO server appliance
  • generated/imported a new cert to match new hostname per instructions
  • rebooted vCO server
  • verified hostname resolution works and certificate (CN) reflects hostname fqdn
  • exported cert using FireFox (PEM)
  • imported cert into keystore /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts
  • restarted WaveMaker

The same SSL error occurs trying to import WSDL (although it seems to take a couple seconds to responsd versus instantaneous before):

Error occurred while importing WSDL! Error: WSDLException: WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at 'https://vco.a.local:8281/vmware-vmo-webcontrol/webservice?WSDL'.: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Reply
0 Kudos
dcoulter
Enthusiast
Enthusiast
Jump to solution

Spoke to soon - got it working.  Apparently just restarting the WaveMaker service via the WaveMaker Console (GUI application) isn't enough.  Once I quit the WaveMaker Console and re-opened it, everything works!

Reply
0 Kudos
tschoergez
Leadership
Leadership
Jump to solution

Cool!

Glad to read you got it work. Enjoy the fun with WaveMaker and vCO :smileycool:.

Some helpful things on WaveMaker: http://www.vcoportal.de/2012/02/lessons-learned-with-wavemaker/

Cheers,

Joerg

Burke-
VMware Employee
VMware Employee
Jump to solution

David, Is this all working for you with a self-signed certificate that was generated using keytool as per my blog post? Or did you use a corp CA server and issue a cert that way? I'm having troubles with this as well and have done everything you have listed in that last post, but I still get the errors...

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
Reply
0 Kudos
dcoulter
Enthusiast
Enthusiast
Jump to solution

I used your blog post as a guide to create a new self signed cert, making modifications to path as required since the vCO appliance runs on Linux.

Reply
0 Kudos
Burke-
VMware Employee
VMware Employee
Jump to solution

hmm.. maybe I need to try running WM on WIndows instead of my Mac & see if that makes a difference... I've gone through the above process on two different vCO servers (one running on Windows and one as an appliance), but in both cases, I was using WM on OSX and have not been able to import the WSDL from the endpoint...

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
Reply
0 Kudos
dcoulter
Enthusiast
Enthusiast
Jump to solution

I'm using a Mac as well.  What tripped me up was having to quit the WaveMaker console app altogether and restart versus just restarting the WaveMaker service via the console app.

Reply
0 Kudos
Burke-
VMware Employee
VMware Employee
Jump to solution

That's odd - I had seen that comment so I have closed the app completely and even rebooted my laptop completely but still have the issue Smiley Sad

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
Reply
0 Kudos
Burke-
VMware Employee
VMware Employee
Jump to solution

Just tried this using WM running on a Windows XP VM - worked first time through! hmm... something must not have matched up correctly on my attempt in OSX...

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
Reply
0 Kudos