Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-5504

Unable to use cli.sh for administration over a secure port

    Details

      Description

      Based on OPENIDM-4321.

      Solution to that issue revealed a second problem: when I try to run the cli.sh commands over a secure port, locally or remotely, I get an error. For example:

      ./cli.sh update -u openidm-admin:openidm-admin --url https://localhost:8443/openidm/ openidm-patch.zip

      or

      ./cli.sh update -u openidm-admin:openidm-admin --url https://172.16.206.5:8443/openidm/ openidm-patch.zip

      I get the following error:

      An error occurred during the communication with the remote HTTP server.
      
      javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1916)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1472)
      

      Based on this article, one solution is to use a genuine SSL certificate – but the cli.sh command (and related internal code such as RemoteCommandScope.java and LocalCommandScope.java) do not include any option to read in a different SSL cert.

      Alternative question – would the commands work if a genuine SSL cert is added to the OpenIDM keystore?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jason Jason Lemay
                Reporter:
                Mike2 Mike Jang
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: