cancel
Showing results for 
Search instead for 
Did you mean: 

javax.net.ssl.SSLHandshakeException between hybris and datahub

0 Kudos
2,070

Hi All,

I want to enable https connection between datahub and hybris. I followed steps given in : https://help.hybris.com/6.7.0/hcd/1dec8042f1944a9fb090967ebe770ceb.html

I tried adding datahub certificate to keystore as well as given in : https://help.hybris.com/6.7.0/hcd/e840eaa7eb374cc5ad6dee48eca81d97.html

In hybris console I am still getting error like:

Data Hub @ https://localhost:8443/datahub-webapp/v1 is not running because: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Any help is appreciated!

Sid

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Hi All,

I am able to resolve the issue by using truststore.jks on both side.

Firstly, I created a cert file from truststore.jks and added this cert file to the trusted keystore in jre.

I used below properties in hybris side:

additional.javax.net.ssl.trustStore=${platformhome}/resources/devcerts/truststore.jks additional.javax.net.ssl.trustStorePassword=123456

In datahub side , I used :

datahub.security.ssl.trustStore=file\:C:/Tomcat_8.5.33/apache-tomcat-8.5.33/webapps/datahub-webapp/WEB-INF/classes/truststore.jks datahub.security.ssl.trustStorePassword=123456

Answers (1)

Answers (1)

Slava
Product and Topic Expert
Product and Topic Expert
0 Kudos

Sid,

it's hard to recommend anything specific based on the information you provided in the question. It's unclear whether you:

  • used a signed certificate or a self-issued certificate

  • added the certificate to the standard JRE keystore or to the custom DataHub store

Generally that error indicates that a matching certificate is not found. That may be because the added certificate name does not match the host name in your URLs; self-signed certificate was not added as trusted certificate; the certificate was added to a wrong key store, e.g. to the JRE store while DataHub is configured to use custom keystore. If you just copied the commands from the documents and executed them without adjusting the JRE paths, it's possible your JRE version is different and the path should be different.

Because, there are so many things, which might have gone wrong, all that can be recommended now is to learn more about SSL and to understand how it works with Java. There are plenty documents and troubleshooting advices on the net for that.

Setting up a certificate in the JRE may be simpler, because custom DataHub keystore adds another level of complexity. Once you got it working with the JRE, then you can move the certificate to the custom keystore. Also, try to configure the SSL in tomcat and add the certificates, then just hit DataHub and/or the hybris platform over HTTPS from a web browser. That should be simper to resolve. Once you can do that, then attempt configuring DataHub/platform to talk to each other.