One Star

Connecting via tRestClient to endpoint with self-signed certificate

Hello!
(Currently using Talend OS Big Data, 6.1.1)
I am struggling to connect to a RESTful API using the tRestClient, which has a self-signed root certificate. Is it possible for me to set my Talend environment up to trust the certificate? (i tried creating a truststore from the certificate and using tSetKeystore, but haven't had any luck).

Alternatively, is there a way I can set my job to disableCNCheck? I've seen some JIRA issues requesting this functionality, but I'm looking for a workaround if at all posible. 
3 REPLIES
One Star

Re: Connecting via tRestClient to endpoint with self-signed certificate

Error Message:
Exception in component tRESTClient_3
javax.ws.rs.ProcessingException: javax.net.ssl.SSLProtocolException: SSLProtocolException invoking https://<url-replaced-for-talendforge-post> actiondefinitions: handshake alert:  unrecognized_name
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:582)
at org.apache.cxf.jaxrs.client.AbstractClient.preProcessResult(AbstractClient.java:564)
at org.apache.cxf.jaxrs.client.WebClient.doResponse(WebClient.java:1144)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1094)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:894)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:865)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:428)
at org.apache.cxf.jaxrs.client.WebClient.get(WebClient.java:611)
at eai.vrealizeops_0_1.vRealizeOps.tRESTClient_3Process(vRealizeOps.java:509)
at eai.vrealizeops_0_1.vRealizeOps.runJobInTOS(vRealizeOps.java:770)
at eai.vrealizeops_0_1.vRealizeOps.main(vRealizeOps.java:627)
Caused by: javax.net.ssl.SSLProtocolException: SSLProtocolException invoking https://<url-replaced-for-talendforge-post>: handshake alert:  unrecognized_name
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1376)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1360)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:651)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:649)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1093)
... 7 more
Caused by: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1676)
at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1674)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1672)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.getResponseCode(URLConnectionHTTPConduit.java:332)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.processRetransmit(HTTPConduit.java:1424)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRetransmits(HTTPConduit.java:1411)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1545)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1347)
... 13 more
Caused by: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name
at sun.security.ssl.ClientHandshaker.handshakeAlert(ClientHandshaker.java:1380)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1972)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderFields(HttpURLConnection.java:2714)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getHeaderFields(HttpsURLConnectionImpl.java:283)
at org.apache.cxf.transport.http.Headers.readFromConnection(Headers.java:257)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.updateCookiesBeforeRetransmit(URLConnectionHTTPConduit.java:297)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRetransmits(HTTPConduit.java:1409)
... 15 more
disconnected
Job vRealizeOps ended at 13:44 18/07/2016.

Re: Connecting via tRestClient to endpoint with self-signed certificate

Hi Gabby,
I'm trying to do exactly the same... without success :-/
To share a little more, I also tried to put the URL of the WS directly in Chrome, entering login/pwd as asked and it worked. I got the JSON response.
I guess that Chrome automatically does the SSL handshake.
When I get the response I have tryed to export the SSL certificate in Chrome to use it with the Talend tSetKeystore with no luck because it is a different format.
I think that the thing that we need is how to deal with the SSL handshake in Talend.
If someone could help us about this, it could be nice!

Re: Connecting via tRestClient to endpoint with self-signed certificate

Hi Gabby,
I have found the solution by my self (with google help Smiley Wink).
I got a better understanding of the subject after reading this article:
add-list-certficates-java-keystore.html on javarevisited.blogspot.fr (2012/03)
(the forum does not want me to post link directly)
So I did the adding on my local Java KeyStore.
Put a tRESTClient on my Talend job.
Enterer parameters (Trustore path's and password).
Linked it to the tRESTClient component.
Launched the job and it worked!!! 
Solved for me Smiley Happy
So let's thank Javin Paul for his excelent post!