Generic Web Service Client - General SSLEngine problem

Hi Knimers,

we are trying to import data through a webservice using the “Generic Web Service Client” Node. The communication protocol needed is HTTPS using a auto-signed SSL Certificate. We have included the certificate within the java keystore used by KNIME with the following command:

• keytool -import -trustcacerts -alias “webservice” -file certfile.cer|
• Path to keytool: D:\Program Files\KNIME\plugins\org.knime.binary.jre.win32.x86_64_1.8.0.152-01\jre\bin

Nevertheless we still are not able to create the conection obtaining following errormessages:

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

•   at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)*
  

•   at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)*
  

•   at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)*
  

•   at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)*
  

•   at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)*
  

•   at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:220)*
  

•   at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:254)*
  

•   at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:381)*
  

•   at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118)*
  

•   at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:160)*
  

•   at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:342)*
  

•   at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:320)*
  

•   at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:280)*
  

•   at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106)*
  

•   at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:613)*
  

•   at java.lang.Thread.run(Thread.java:748)*
  

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

•   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)*
  

•   at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)*
  

•   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)*
  

•   at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)*
  

•   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)*
  

•   at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)*
  

•   at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)*
  

•   at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)*
  

•   at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)*
  

•   at java.security.AccessController.doPrivileged(Native Method)*
  

•   at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)*
  

•   at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:238)*
  

•   at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:270)*
  

•   ... 9 more*
  

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

•   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)*
  

•   at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)*
  

•   at sun.security.validator.Validator.validate(Validator.java:260)*
  

•   at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)*
  

•   at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)*
  

•   at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)*
  

•   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501)*
  

•   ... 17 more*
  

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

•   at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)*
  

•   at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)*
  

•   at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)*
  

•   at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)*
  

•   ... 23 more*
  

Someone a idea of what could be wrong?

Thank you!!

Hi @jkempelis,

can you check whether import of your cert was successful by running
keytool -list -keystore "%JAVA_HOME%/jre/lib/security/cacerts"

If the certificate is not in there, rerun the steps suggested here: https://stackoverflow.com/questions/9619030/resolving-javax-net-ssl-sslhandshakeexception-sun-security-validator-validatore

Best,
Marten

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.