ssl - PKIX 路径构建失败 : sun. security.provider.certpath.SunCertPathBuilderException

Question

我试图在 HP Helion 公共(public)云(以前称为 HP Cloud)上安装 WSO2 Private PaaS 4.0.0。安装完成并出现以下错误

Starting WSO2 IS core service...
nohup: ignoring input and redirecting stderr to stdout
Restoring from the Original template file /home/ubuntu/paas/resources/json/os/partition.json
Deploying partition at /home/ubuntu/paas/resources/json/os/partition.json
{"Error":{ "errorCode": " 400", "errorMessage": " Invalid Partition Detected : P1. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target connecting to POST https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/tokens HTTP/1.1"}}Deploying autoscale policy at /home/ubuntu/paas/resources/json/os/autoscale-policy.json
{"stratosAdminResponse":{"message":"Successfully deployed autoscaling policy definition with id economy"}}Deploying deployment policy at /home/ubuntu/paas/resources/json/os/deployment-policy.json
{"Error":{ "errorCode": " 400", "errorMessage": " Deployment policy is invalid: [id] deployp"}}Deploying deployment policy at /home/ubuntu/paas/resources/json/os/deployment-flat.json
{"Error":{ "errorCode": " 400", "errorMessage": " Deployment policy is invalid: [id] deployf"}}Deploying LB cartridge at /home/ubuntu/paas/resources/json/os/lb-cart.json
{"Error":{ "errorCode": " 400", "errorMessage": " Unable to build the jclouds object for iaas of type: openstack"}}Deploying Aplication Server (AS) cartridge at /home/ubuntu/paas/resources/json/os/appserver-cart.json
{"Error":{ "errorCode": " 400", "errorMessage": " Unable to build the jclouds object for iaas of type: openstack"}}Deploying Application Service service
{"Error":{ "errorCode": " 400", "errorMessage": " Failed to deploy the Service [Cartridge type] appserver [alias] b25aa290-4d15-4160-ab29-3fb65450a50c . Cause: appserver is not a valid cartridgeSubscription type. Please try again with a valid cartridgeSubscription type."}}Deploying Business Process Server (BPS) cartridge at /home/ubuntu/paas/resources/json/os/bps-cart.json
{"Error":{ "errorCode": " 400", "errorMessage": " Unable to build the jclouds object for iaas of type: openstack"}}Deploying Business Process Server service
{"Error":{ "errorCode": " 400", "errorMessage": " Failed to deploy the Service [Cartridge type] bps [alias] 9f8501bd-2707-41b8-8169-575f76e80e74 . Cause: bps is not a valid cartridgeSubscription type. Please try again with a valid cartridgeSubscription type."}}

conf.sh

# IaaS configuration
export iaas="os"
# Region Name
export region="region-a.geo-1"
# Cartridge base image
export cartridge_base_img_id="xxxxxxxa2-bff1-41cf-8f92-c3xxxxxxx5b"

# OpenStack
export os_identity="1XXXXXXXXXX:XXXXX5BL7VXXXXXXXXX"
export os_credentials="AMXXXXXXXXXXXXXXXXXX"
export os_jclouds_endpoint="https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/"
export os_keypair_name="xxxxxx"
export os_security_groups="xxxxxxx"

我四处搜索，发现问题的原因是 PaaS 无法找到 jcloud 端点 ( https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0 ) 的证书。

我首先尝试使用 keytool -import -keystore 命令将端点证书导入/usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts。是行不通的，同样的问题仍然存在

然后我尝试将端点证书导入/home/ubuntu/.keystore。同样的问题仍然存在。

请指教

谢谢

乔治

Answer 1

后端(jclouds 端点)的 Cetifacte 应该添加到 WSO2 Private PaaS 的 client-truststore.jks。看看[1]

[1] http://evanthika.blogspot.com/2014/01/how-to-solve-pkix-path-building-failed.html