You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've switched from a Mac to an Unbuntu 14/04 LTS box. However, I am now getting an exception stating that an unknown CA was encountered:
Picked up JAVA_TOOL_OPTIONS: -javaagent:/usr/share/java/jayatanaag.jar
2015-06-02 17:05:06,357 INFO o.m.p.d.DirectProxy MockServer proxy started on port: 8123 connected to remote server: sel3530-0030a704c3ba.ad.selinc.com:80
2015-06-02 17:05:09,682 WARN i.n.c.DefaultChannelPipeline An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: unknown_ca
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:346) ~[mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:229) ~[mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:847) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137) [mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_80]
Caused by: javax.net.ssl.SSLException: Received fatal alert: unknown_ca
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.7.0_80]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639) ~[na:1.7.0_80]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1607) ~[na:1.7.0_80]
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1776) ~[na:1.7.0_80]
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1068) ~[na:1.7.0_80]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:890) ~[na:1.7.0_80]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764) ~[na:1.7.0_80]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[na:1.7.0_80]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1114) ~[mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:981) ~[mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:934) ~[mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:315) ~[mockserver-netty-3.9.12-jar-with-dependencies.jar:na]
... 12 common frames omitted
I started Mock Server Proxy (MSP) with the following command line:
The version of the JDK that I am using is javac 1.7.0_80.
I have also installed the CA certificates by running install_ca_certificate.sh from mockserver/scripts, receiving the following output:
./install_ca_certificate.sh
--2015-06-02 16:59:46-- https://raw.githubusercontent.com/jamesdbloom/mockserver/master/mockserver-core/src/main/resources/org/mockserver/socket/CertificateAuthorityCertificate.pem
Resolving wall.ad.selinc.com (wall.ad.selinc.com)... 10.100.0.240
Connecting to wall.ad.selinc.com (wall.ad.selinc.com)|10.100.0.240|:8080... connected.
Proxy request sent, awaiting response... 200 OK
Length: 1330 (1.3K) [text/plain]
Saving to: ‘CertificateAuthorityCertificate.pem’
100%[======================================>] 1,330 --.-K/s in 0s
2015-06-02 16:59:47 (283 MB/s) - ‘CertificateAuthorityCertificate.pem’ saved [1330/1330]
Picked up JAVA_TOOL_OPTIONS: -javaagent:/usr/share/java/jayatanaag.jar
deleting certificate
Picked up JAVA_TOOL_OPTIONS: -javaagent:/usr/share/java/jayatanaag.jar
keytool error: java.lang.Exception: Keystore file does not exist: /home/USER/.keystore
Picked up JAVA_TOOL_OPTIONS: -javaagent:/usr/share/java/jayatanaag.jar
Certificate was added to keystore
[Storing /home/USER/.keystore]
==========================================================================================
Ensure your JVM is using the correct keystore as follows: -Djavax.net.ssl.trustStore=added
==========================================================================================
The scenario that I am trying to set up has MSP running on box A (listening at localhost:8123) and proxying all requests to box B (sel3530-0030a704c3ba, local to my LAN). Using Firefox, I connect to https://localhost:8123, which results in the exception shown previously.
I must be missing something here; could you please verify that I am using MSP correctly?
Thanks,
Roger Alexander.
P.S. Any chance of getting a user forum setup?
The text was updated successfully, but these errors were encountered:
A user forum is not a bad idea, do you have any suggestions for setting one up?
The script install_ca_certificate.sh is actually incorrect and I havn't had a chance to fix it. It should point as the truststore and not the keystore. On my Mac for example the truststore is /Library/Java/JavaVirtualMachines/jdk1.8.0_05.jdk/Contents/Home/jre/lib/security/cacerts.
The script you mentioned incorrect adds the CA certificate to the keystore and so it is not by default trusted by java. In addition on a mac I tend to add the PEM file to the keychain Access application, that way Chrome and other apps like Mail will also trust the CA cert which is helpful when you're using the proxy (particularly in SOCKS mode which catches all traffic).
I'll leave this issue open until I update the script.
Hi,
I've switched from a Mac to an Unbuntu 14/04 LTS box. However, I am now getting an exception stating that an unknown CA was encountered:
I started Mock Server Proxy (MSP) with the following command line:
The version of the JDK that I am using is
javac 1.7.0_80
.I have also installed the CA certificates by running
install_ca_certificate.sh
frommockserver/scripts
, receiving the following output:The scenario that I am trying to set up has MSP running on box A (listening at
localhost:8123
) and proxying all requests to box B (sel3530-0030a704c3ba
, local to my LAN). Using Firefox, I connect tohttps://localhost:8123
, which results in the exception shown previously.I must be missing something here; could you please verify that I am using MSP correctly?
Thanks,
Roger Alexander.
P.S. Any chance of getting a user forum setup?
The text was updated successfully, but these errors were encountered: