AppWorx, Dollar Universe and Sysload Community

 View Only
Expand all | Collapse all

AwE-5103 network socket error : unable to find valid certification path to requested target

  • 1.  AwE-5103 network socket error : unable to find valid certification path to requested target

    Posted Sep 18, 2019 10:56 AM
    Hi, 
    I have installed remote agent #applicationsmanager V9 and trying to start the agent 

    awstat
    RPASPOC watchworx Running 0 1 hours XXXXXX
    RPASPOC agentservice Running 0 1 hours 16813

    awexe node 
    231 Error number from open pipe 2. /applman/POC/pipe/AWAPI_RPASPOC_PIPE
    334 Check that the API server is running.
    Could not open server pipe.

    startso RPASPOC
    awapi failed to respond
    startso done

    I have added the Master certificate at location .Appworx as did for client , but anable to start the agent 
    Help appreciated!!! 

    AgentService1909181538.log

    ErrorMsg: AwE-5103 network socket error (9/18/19, 4:36 PM)
    Details: Network socket error
    javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1324)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1199)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1146)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
    at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:716)
    at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:970)
    at java.base/java.io.OutputStream.write(OutputStream.java:122)
    at com.appworx.shared.code.server.B.A(RequestSocket.java:150)
    at com.appworx.agent.AgentSocketManager.A(AgentSocketManager.java:165)
    at com.appworx.agent.AgentSocketManager.A(AgentSocketManager.java:107)
    at com.appworx.agent.AgentService.A(AgentService.java:681)
    at com.appworx.agent.AgentService.<init>(AgentService.java:361)
    at com.appworx.agent.AgentService.main(AgentService.java:1017)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
    at java.base/sun.security.validator.Validator.validate(Validator.java:264)
    at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1308)
    ... 19 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)


    ------------------------------
    Ansari
    ------------------------------


  • 2.  RE: AwE-5103 network socket error : unable to find valid certification path to requested target
    Best Answer

    Posted Sep 24, 2019 03:34 AM
    We have found the issue, there is a miss match between the user created in AM Master and remote agent machine.
    Assigned the correct user for remote agent using AM client and restarted the agent.



  • 3.  RE: AwE-5103 network socket error : unable to find valid certification path to requested target

    Posted Mar 16, 2020 01:42 AM
    Hi

    Could you please let us know where you found this mismatch between the user created in AM Master and remote agent machine., could you please let us know in which path you found this mismatch and please let us know what changes you have done




  • 4.  RE: AwE-5103 network socket error : unable to find valid certification path to requested target

    Posted Mar 17, 2020 09:43 AM
    Hi everyone,  this is what I did. I did a su to the user the master runs under on that system. Then copied the user_keystore files to the data directories of my agents. I then copy the user_keystore* files to my PC where I am running Oracle Java 8.. I have multiple versions, and OpenJDK I can use. With V9.3+ you can point to a specific Java in the client.properties file. I like having debug on all the time in that file. 
    There is a lot of confusion over the location. The docs have some discrepencies, but I figured it out. Support was helpful with it too. 
    It needs to be in your  c:\Users\<user id>\Appworx directory. Not the one with the dot, this a a new one. And with V9.3.1 you created a directory for each instance  so it's C:\Users\<user>\Appworx\<instance>    For me I have a AMUPGD, AMTEST, and AMPROD.  The socket error is what you get with this. 

    It is important to note that before we upgraded from V9.1.1 to V9.3.1 we had Oracle Java 8 on the Linux systems. And my PC had less than JAva 8 201. When you upgrade to 201 or higher it adds some cypher exclusions for ANON, and NULL. This is what stops it from working. So then you need the certs. But then we had users upgrading there PC's to 201 or higher, and they got it connecting to V9.1.1. You can actually have them drill into the Java on there PC and update the java.security file.  Remove the anon, and NULL.. then it started to work. This was the workaround. 

    I hope you all stay healthy, the panicking is getting to me. Stores, work, media. 

    Rich