Closed dstenger closed 6 years ago
@dstenger
[1] : https://wfst.axl.aero/AxlRest/wfs?service=WFS&version=2.0.0&request=GetCapabilities
This issue is occurring due to the service URL [1]. I have tested this service URL[1] it is failing with SSL error but it worked with other RI.
I think the issue is with the server not with the wfs test.
I agree, the error does not occur with all services.
Following Java property can be used to enhance SSL logging:
-Djavax.net.debug=SSL,handshake,data,trustmanager
Following is the snippet which is having the exact cause of this issue. The DOM parser is not able to detect the valid SSL certificate
After adding the Java property we debug log: log.txt
@dstenger
SUT: https://wfst.axl.aero/AxlRest/wfs?service=WFS&version=2.0.0&request=GetCapabilities
Tested on: OS: Windows 8.1 JAVA:
java version "1.8.0_162"
Java(TM) SE Runtime Environment (build 1.8.0_162-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.162-b12, mixed mode)
I have manually added a certificate to the Java Keystore but the same error has occurred.
I have tried with the above two certificates.
Tested on: OS: Ubuntu 14.04 LTS JAVA:
java version "1.8.0_73"
Java(TM) SE Runtime Environment (build 1.8.0_73-b02)
Java HotSpot(TM) 64-Bit Server VM (build 25.73-b02, mixed mode)
The same issue is produced in the Linux environment.
Opinion:
After adding the JAVA debugging property we got some certificate. According to the SSL debug log the JAVA is not able to find or maybe the server is not returning valid Certificate.
Here is the reference link for (How to check the client-server SSL certificate communication) I think the server is not returning the trusted certificate that is the reason for client failure.
According to the SSL debug log the server is not returned the trusted Certificate, maybe the issue is with the server so we need to configure the server.
I checked the HTTPS connection with several tools. E.g.
All tools confirm that the intermediate certificate is missing.
This certificate should be provided by the requested server. Thus, an installation error of the SSL certificates could be the cause of this problem.
Executed test:
keytool -import -file DigiCertSHA2SecureServerCA.crt -keystore cacerts -storepass changeit
Nevertheless, this bug should be resolved on the server side as intermediate certificates should not be added to trust store.
Further reading:
As far as I see the same problem is described in https://github.com/opengeospatial/teamengine/issues/312. Validation with the three tools listed above seems to be fine.
Maintainer of [1] installed intermediate certificate on SUT.
Now, the error does not occur any more and [1] can successfully be validated by [2].
--> Issue is solved.
[1] https://wfst.axl.aero/AxlRest/wfs?service=WFS&version=2.0.0&request=GetCapabilities [2] http://cite.opengeospatial.org/teamengine/
SUT: https://wfst.axl.aero/AxlRest/wfs?service=WFS&version=2.0.0&request=GetCapabilities
Environments (error occurs on all environments):
TEAM Engine displays following error:
Log shows following (snipped):
Complete error log is attached: log.txt