VMware {code} Community
ilyak
Contributor
Contributor

Error during rest request

Hi,

My plugin is making rest requests to the remote server, the same server from where the plugin package was downloaded.

I have registered the plugin in my vCenter 6.5 via extension-registration.sh script form the html-client-sdk.

During http request from my java service i'm getting an error:

com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

 

How can I solve this problem ?

Reply
0 Kudos
5 Replies
ilyak
Contributor
Contributor

How can I know that ssl certificate of the backend server of my extension is installed on the vsphere client ?
Reply
0 Kudos
_vladi_
VMware Employee
VMware Employee

This topic is already discussed in another thread: https://code.vmware.com/forums/4974#566897|3825009

Cheers,

Vladi

Reply
0 Kudos
wodge
Enthusiast
Enthusiast

HI, I'm having the same error when running the remote sample code for 8.0 U1:

at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://<my vcenter fqdn>:443/api/ui/vcenter/session/clone-ticket": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 

I've tried the links in the thread here, but unfortunately they are broken and don't exist, or don't lead anywhere with a solution any more.

Could you please provide the updated link to where the solution is, or provide the solution for this please?

Warren

Reply
0 Kudos
wodge
Enthusiast
Enthusiast

Hi,

Just to follow up on this - if you could provide the information from the missing link of the solutions for this, that would be great.

However, in the mean-time, I put in place a short term solution for the problem which works in my development environment (for the remote plugin architecture). 

It appears this error usually occurs when your Java program tries to establish an SSL connection with a remote server, but the server's SSL certificate is not trusted by the JVM's default truststore.

I am using MacOS for my development environment, for anyone else in a similar situation, this should work to get the sample to run without needing a fully-fledged certification on their VCSA:

The short-term solution I used:

Import the server's SSL certificate into the JVM's default truststore, using these steps:

1. Locate the JVM's default truststore file. For Java 8, this was in: /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/cacerts

2. Take a backup of the default truststore file to make sure you can restore it if something goes wrong.

3. Obtain the SSL certificate of the VCSA server. This can be done by connecting to the server using a web browser and exporting the certificate. Alternatively, you can use command-line tools like OpenSSL to retrieve the certificate. I used Chrome to get the .cer file.

4. Use the `keytool` command-line tool, which is provided with the Java Development Kit (JDK), to import the certificate into the truststore. Open a command prompt or terminal and navigate to the directory where `keytool` is located.

5. Run the following command to import the certificate into the truststore:

keytool -import -alias <alias_name> -file <path_to_certificate_file> -keystore <path_to_truststore_file>

Replace `<alias_name>` with a name you want to assign to the certificate in the truststore. Replace `<path_to_certificate_file>` with the path to the certificate file you obtained earlier. Replace `<path_to_truststore_file>` with the path to the truststore file you located in step 1.

6. When prompted, enter the password for the truststore. The default password for the JVM's default truststore is usually `changeit`. If you have changed it previously, use the updated password.

7. Verify that the certificate has been imported successfully by listing the content of the truststore:

keytool -list -keystore <path_to_truststore_file>

This will display the aliases of all the certificates in the truststore, including the one you just imported.

By importing the server's SSL certificate into the JVM's default truststore, you make it trusted by default when your Java applications establish SSL/TLS connections to that server.

You can now run the remote plugin sample code and it should work as expected to show the Chassis objects and UI elements properly..

Hope that helps for now!

Reply
0 Kudos
Denis_Chorbadzh
VMware Employee
VMware Employee

Hi,

 

I think Vladi was refering to this thread: https://communities.vmware.com/t5/vSphere-Client-SDK-Discussions/SSL-problems/td-p/2219486

Let us know if you were able to resolve the problem.

 

Best Regards,

Denis

Reply
0 Kudos