Hi,
I am new to camunda and have a requirement to call a HTTPS endpoint. I am getting the error as below:
SEVERE [http-nio-8080-exec-4] org.camunda.commons.logging.BaseLogger.logError ENGINE-16004 Exception while closing command context: HTCL-02007 Unable to execute HTTP request
org.camunda.connect.ConnectorRequestException: HTCL-02007 Unable to execute HTTP request
at org.camunda.connect.httpclient.impl.HttpConnectorLogger.unableToExecuteRequest(HttpConnectorLogger.java:48)
at org.camunda.connect.httpclient.impl.AbstractHttpConnector.execute(AbstractHttpConnector.java:72)
at org.camunda.connect.httpclient.impl.AbstractHttpConnector.execute(AbstractHttpConnector.java:38)
at org.camunda.connect.impl.AbstractConnectorRequest.execute(AbstractConnectorRequest.java:42)
at org.camunda.connect.plugin.impl.ServiceTaskConnectorActivityBehavior$1.call(ServiceTaskConnectorActivityBehavior.java:57)
at org.camunda.connect.plugin.impl.ServiceTaskConnectorActivityBehavior$1.call(ServiceTaskConnectorActivityBehavior.java:51)
at org.camunda.bpm.engine.impl.bpmn.behavior.AbstractBpmnActivityBehavior.executeWithErrorPropagation(AbstractBpmnActivityBehavior.java:108)
…
…
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at connectjar.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
at connectjar.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)
at connectjar.org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:117)
at connectjar.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:314)
at connectjar.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
at connectjar.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
at connectjar.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
at connectjar.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
at connectjar.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at connectjar.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)
at connectjar.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at connectjar.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
at connectjar.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
at org.camunda.connect.httpclient.impl.HttpRequestInvocation.invokeTarget(HttpRequestInvocation.java:35)
at org.camunda.connect.impl.AbstractRequestInvocation.proceed(AbstractRequestInvocation.java:60)
at org.camunda.connect.httpclient.impl.AbstractHttpConnector.execute(AbstractHttpConnector.java:70)
… 122 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
I have done the following steps. Please advise if anyone has any idea.
- In bpm file
camunda:connector
camunda:inputOutput
<camunda:inputParameter name=“url”>https://<ACTUAL_SERVICE_ENDPOINT></camunda:inputParameter>
<camunda:inputParameter name=“method”>POST</camunda:inputParameter>
…
…
2 Created a custom connectorconfigurator file named org.camunda.connect.spi.ConnectorConfigurator. It has the following content:
package org.camunda.connect.example;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.camunda.connect.httpclient.HttpConnector;
import org.camunda.connect.httpclient.impl.AbstractHttpConnector;
import org.camunda.connect.spi.ConnectorConfigurator;
public class HttpConnectorConfigurator implements ConnectorConfigurator {
public Class getConnectorClass() {
return HttpConnector.class;
}
public void configure(HttpConnector connector) {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
return;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
return;
}
}
};
SSLContext sc = null;
try {
sc = SSLContext.getInstance(“SSL”);
sc.init(null, trustAllCerts, new SecureRandom());
} catch (Exception e) {
throw new RuntimeException(“Could not change SSL TrustManager to accept arbitray certificates”, e);
}
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
if (!urlHostName.equalsIgnoreCase(session.getPeerHost())) {
System.out.println("Warning: URL host '" + urlHostName + "' is different to SSLSession host '" + session.getPeerHost() + "'.");
}
return true;
}
};
CloseableHttpClient client = HttpClients.custom()
.setSSLContext(sc)
.setSSLHostnameVerifier(hv)
.build();
((AbstractHttpConnector) connector).setHttpClient(client);
}
}
- Put this file inside \webapps\engine-rest\WEB-INF\classes\META-INF\services