Hi All, I am consuming a External vendor webservice into my Client application. Recently they have upgraded the service from http to https. I tried to infer the SSL Certificate of the Service from “Security ” tab of the browser and added it in mendix project settings which makes service hit working as expected in Local. But when i tried to deploy the app on an on-premise IIS server and hitting the same web service , am getting this below error. Exception in execution of monitored action '{"name":"Rates.XXX","type":"Microflow"}' (execution id: 9a768df1-8ac2-45b1-b3dd-63003e0fb24a, execution type: CLIENT_ASYNC_MONITORED) Stack trace com.mendix.modules.microflowengine.MicroflowException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at Rates.XXX(CallWebservice : 'Call web service 'GetExpectedValue'') Advanced stacktrace: at com.mendix.modules.microflowengine.MicroflowUtil.processException(MicroflowUtil.java:146) Caused by: com.sun.xml.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:132) at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:256) at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:184) at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:137) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482) at com.sun.xml.ws.client.Stub.process(Stub.java:323) at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:192) at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:218) at com.mendix.integration.webservices.call.MetroDispatcher.$anonfun$dispatchAsPayload$2(MetroDispatcher.scala:102) at com.mendix.integration.util.PrivilegedUtil$$anon$1.run(PrivilegedUtil.scala:12) at java.security.AccessController.doPrivileged(Native Method) at com.mendix.integration.util.PrivilegedUtil$.withPrivileged(PrivilegedUtil.scala:11) at com.mendix.integration.webservices.call.MetroDispatcher.dispatchAsPayload(MetroDispatcher.scala:102) at com.mendix.integration.webservices.call.MetroDispatcher.$anonfun$dispatch$1(MetroDispatcher.scala:38) at com.mendix.integration.util.AutoCloseableUtil$.using(AutoCloseableUtil.scala:10) at com.mendix.integration.webservices.call.MetroDispatcher.dispatch(MetroDispatcher.scala:33) at com.mendix.integration.webservices.call.WebserviceCaller.call(WebserviceCaller.scala:113) at com.mendix.integration.webservices.call.WebserviceCaller.callWithRequestStream(WebserviceCaller.scala:58) at com.mendix.integration.webservices.call.WebserviceCaller.$anonfun$call$2(WebserviceCaller.scala:34) at scala.Option.fold(Option.scala:158) at com.mendix.integration.webservices.call.WebserviceCaller.call(WebserviceCaller.scala:34) at com.mendix.integration.webservices.WebserviceModuleImpl.callWebservice(WebserviceModuleImpl.scala:46) at com.mendix.integration.actions.microflow.WebServiceCallAction.execute(WebServiceCallAction.scala:101) at com.mendix.modules.microflowengine.microflow.impl.MicroflowObject.execute(MicroflowObject.java:47) at com.mendix.modules.microflowengine.microflow.impl.MicroflowImpl.executeAfterBreakingIfNecessary(MicroflowImpl.java:201) at com.mendix.modules.microflowengine.microflow.impl.MicroflowImpl.executeAction(MicroflowImpl.java:157) at com.mendix.systemwideinterfaces.core.UserAction.execute(UserAction.java:46) at com.mendix.basis.actionmanagement.CoreActionHandlerImpl.doCall(CoreActionHandlerImpl.scala:79) at com.mendix.basis.actionmanagement.CoreActionHandlerImpl.call(CoreActionHandlerImpl.scala:57) at com.mendix.core.actionmanagement.CoreAction.call(CoreAction.java:55) at com.mendix.basis.actionmanagement.DefaultActionMonitor$.$anonfun$run$1(CustomMonitoredAction.scala:18) at com.mendix.basis.actionmanagement.IMonitoredAction$$anon$1.execute(IMonitoredAction.scala:47) at com.mendix.util.classloading.Runner.doRunUsingClassLoaderOf(Runner.java:32) at com.mendix.basis.actionmanagement.IMonitoredAction.monitor(IMonitoredAction.scala:49) at com.mendix.basis.actionmanagement.IMonitoredAction.monitor$(IMonitoredAction.scala:25) at com.mendix.basis.actionmanagement.CustomMonitoredAction.monitor(CustomMonitoredAction.scala:22) at com.mendix.basis.actionmanagement.DefaultActionMonitor$.run(CustomMonitoredAction.scala:18) at com.mendix.basis.actionmanagement.CoreActionHandlerImpl.runMonitoredAction(CoreActionHandlerImpl.scala:68) at com.mendix.basis.actionmanagement.CoreActionHandlerImpl.call(CoreActionHandlerImpl.scala:55) at com.mendix.core.actionmanagement.CoreAction.call(CoreAction.java:55) at com.mendix.basis.actionmanagement.AsyncExecution$AsyncCallableWrapper.$anonfun$call$1(AsyncExecution.scala:33) at scala.util.Try$.apply(Try.scala:209) at com.mendix.basis.actionmanagement.AsyncExecution$AsyncCallableWrapper.call(AsyncExecution.scala:33) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Unknown Source) at sun.security.ssl.TransportContext.fatal(Unknown Source) at sun.security.ssl.TransportContext.fatal(Unknown Source) at sun.security.ssl.TransportContext.fatal(Unknown Source) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at sun.security.ssl.TransportContext.dispatch(Unknown Source) at sun.security.ssl.SSLTransport.decode(Unknown Source) at sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:120) ... 49 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 67 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 73 more Let me know your inputs to proceed further
asked
Thilagavathi Duraisamy
2 answers
1
Looks like your outgoing call to this HTTPS webservice doesn’t trust the Certificate Authority that signed the certificate offered by this endpoint. Based on https://docs.mendix.com/refguide/project-settings#5-certificates-tab, on Windows you should install the certificate (the same you installed in your project) on the server running the Mendix java process (same as IIS I suppose here). Here’s a rough step-by-step guide:
On your server, open a web-browser window and navigate to the troubling webservice; confirm you are getting HTTPS error regarding untrusted endpoint.
Obtain the root certificate (example-root.cer), easiest is to ask the service provider for it. If not you can also find it with some research (find out the name of the CA common name and search it online)
Copy this example-root.cer to the server running Mendix service
Double click on example-root.cer and confirm the root CA is correct
Follow the instructions to install it on system/global level
Restart your webbrowser window and retest the webservice endpoint, now it should work without complaint of HTTPS errors.
Restart the mendix app
Confirm your webservice call works from within Mendix app