Post request for https URL in Headless client

The forum to discuss the Headless version of Servoy. Web, Java and Servlet development questions can all be posted here.

Post request for https URL in Headless client

Postby chaitanyas » Mon Jun 27, 2016 4:54 am

Hi All,

Very recently we have set up https for our customers and it's working for both Smart client and webclient. But, there is a problem with Headless client, we are doing a post request for https URL at headless client using http plugin but it's not working fine, it always returns error like below,

Couldn't connect to https://xxx.com, please make sure that the ssl certificates of that site are added to the java keystore.Download the keystore in the browser and update the java cacerts file in jre/lib/security: keytool -import -file downloaded.crt -keystore cacerts

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:437)
at com.servoy.extensions.plugins.http.HttpClient$1.connectSocket(HttpClient.java:105)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at com.servoy.extensions.plugins.http.BaseRequest.executeRequest(BaseRequest.java:212)
at com.servoy.extensions.plugins.http.BaseRequest.js_executeRequest(BaseRequest.java:138)
at sun.reflect.GeneratedMethodAccessor307.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:158)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:312)
at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1774)
at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:837)
at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:158)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:406)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3204)
at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:156)
at com.servoy.j2db.scripting.ScriptEngine.executeFunction(ScriptEngine.java:628)
at com.servoy.j2db.plugins.ClientPluginAccessProvider$MethodExecutor.run(ClientPluginAccessProvider.java:551)
at com.servoy.j2db.server.headlessclient.SessionClient.invokeAndWait(SessionClient.java:1318)
at com.servoy.j2db.server.headlessclient.SessionClient.doInvokeLater(SessionClient.java:1308)
at com.servoy.j2db.ClientState.invokeLater(ClientState.java:1720)
at com.servoy.j2db.plugins.ClientPluginAccessProvider$1.run(ClientPluginAccessProvider.java:463)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)



I have imported the ssl certificate to the java cacerts file but no luck. Can you please share what I have missed here.
chaitanyas
 
Posts: 70
Joined: Tue Jul 26, 2011 8:28 am

Re: Post request for https URL in Headless client

Postby Andrei Costescu » Mon Jun 27, 2016 11:37 am

Maybe check that you are not using a different JRE or JDK for running Servoy then then one you added the certificate to. You are using a self-signed certificate right?
So the cacerts file that you modified should be the one from [your_JRE_path]/lib/security (or if you use JDK it's [your_JDK_path]/jre/lib/security) folder of the JRE that you run Servoy with.

You can check the contents of cacerts using something like - of course after changing [your_JRE_path] to your real path: (this is for windows and it writes output in 1.txt file, for Mac/Linux you need to change it to match shell syntax)
Code: Select all
keytool -list -v -keystore "[your_JRE_path]/lib/security/cacerts" 1>1.txt

The default password is "changeit" - it will ask for the password.
Andrei Costescu
Servoy
Andrei Costescu
 
Posts: 861
Joined: Tue Jun 26, 2007 3:14 pm

Re: Post request for https URL in Headless client

Postby chaitanyas » Mon Jun 27, 2016 12:09 pm

Hi Andrei,

Thanks for the prompt reply and I am sure there is only one jre running in the machine and I am using a valid third party certificate provided by Symantec Corporation. I did check the certificates in the cacerts and our certificate exist in cacerts keystore file, still, we can't get it open https url using http plugin (In headless client). Please share if I missed anything.
chaitanyas
 
Posts: 70
Joined: Tue Jul 26, 2011 8:28 am

Re: Post request for https URL in Headless client

Postby Andrei Costescu » Mon Jun 27, 2016 2:45 pm

If it's a valid 3rd party certificate (and not working out-of-the-box) then you could I guess add in there the root CA certificate instead (the one that is top-most/self-signed in that certificate chain). But that is not relevant to why it didn't work... it should have worked with adding your own cert. directly as well.

Can I try to access that URL or is it private? I remember doing what you did a couple of years back and then it worked for me, but I didn't try it again since then.
Andrei Costescu
Servoy
Andrei Costescu
 
Posts: 861
Joined: Tue Jun 26, 2007 3:14 pm

Re: Post request for https URL in Headless client

Postby Andrei Costescu » Mon Jun 27, 2016 2:53 pm

For other ppl. that might be reading this and wondering what it is about: https://wiki.servoy.com/display/public/ ... certs+file
Andrei Costescu
Servoy
Andrei Costescu
 
Posts: 861
Joined: Tue Jun 26, 2007 3:14 pm

Re: Post request for https URL in Headless client

Postby chaitanyas » Tue Jun 28, 2016 2:12 pm

Hi Andrei,

Sorry, I couldn't share the URL. I did export the certificate from firebox browser and imported the same to cacerts but no luck. Do I need to import the keystore file
(Which I have used to set up https) to cacerts ?
chaitanyas
 
Posts: 70
Joined: Tue Jul 26, 2011 8:28 am

Re: Post request for https URL in Headless client

Postby Andrei Costescu » Tue Jun 28, 2016 3:20 pm

The one from the browser should be enough I think.
There must be some random sites out there that use not out-of-the-box valid certificates. You could try the same on such a site to do the same and just get the page contents through the http plugin to see if it works.

For example I found now:
- ok certificate, but using uncommon CA https://www.vulcano.cl/
- self signed https://rover.secure64.com/
Andrei Costescu
Servoy
Andrei Costescu
 
Posts: 861
Joined: Tue Jun 26, 2007 3:14 pm

Re: Post request for https URL in Headless client

Postby Harjo » Tue Jun 28, 2016 4:28 pm

I think something else is happening here.
He tells, that it is a valid certificate from Symantec
I am using a valid third party certificate provided by Symantec Corporation

Maybe we are mixing stuff up.

on which server do you have installed that certificate?
on the running server, that run's the headless-client? and the headless client is trying to get an url from another server with ssl??

So please explain a little bit more, the whole setup.
Harjo Kompagnie
Direct ICT / Servoy Hosting / ServoyCamp
Servoy Certified Developer
Servoy Valued Professional
SAN Developer
User avatar
Harjo
 
Posts: 4259
Joined: Fri Apr 25, 2003 11:42 pm
Location: DEN HAM OV, The Netherlands

Re: Post request for https URL in Headless client

Postby chaitanyas » Wed Jun 29, 2016 1:48 am

Hi Harjo,

Please see my answers below,

"on which server do you have installed that certificate?
on the running server, that run's the headless-client?
-> Yes, I have installed certificate on the running server where the headless client running.

" the headless client is trying to get an url from another server with ssl??, -> Actually, I am doing auto solution update in the headless client for the same running server and tried to access the solution update method by accessing the https url of the running server, like, "https://xxx.com/servoy-admin/solutions/import", which causes the problem and asking to import the certificate to the java/cacerts though the certificate is existed already in cacerts. Hope it's clear.
chaitanyas
 
Posts: 70
Joined: Tue Jul 26, 2011 8:28 am

Re: Post request for https URL in Headless client

Postby Harjo » Wed Jun 29, 2016 8:50 am

oke, that's clear now.

Strange that Java does not know the CA of Symantec...
Which Java version are you using, and are you 100% sure, that there is only 1 Java instance on the server?

Else, I would'nt know what is going on. You need than a consultant, I think, to have an in-depth look, what is going on..
Harjo Kompagnie
Direct ICT / Servoy Hosting / ServoyCamp
Servoy Certified Developer
Servoy Valued Professional
SAN Developer
User avatar
Harjo
 
Posts: 4259
Joined: Fri Apr 25, 2003 11:42 pm
Location: DEN HAM OV, The Netherlands


Return to Servoy Headless Client

Who is online

Users browsing this forum: No registered users and 1 guest

cron