Mule - 'unable to find valid certification path to requested target' when trying to send a message over HTTPS

Question

I have a Mule flow (Mule CE 3.4.0, Studio 3.5.0) that is processing some XML and posting it to a web service using an HTTPS endpoint like so:

<flow>
    <!-- Process XML -->
    <https:outbound-endpoint address="https://admin:password@localhost:8081/hello" exchange-pattern="request-response" contentType="text/xml" method="POST" doc:name="HTTP"/>
    <!-- Evaluate response -->
</flow>

In production, this will hit a web service exposed by a different platform but in order to test locally, I have created a completely seperate Mule application (seperate workspace, project file etc) that exposes an HTTPS endpoint to consume the message:

<spring:beans>
    <security:authentication-manager alias="MyManager">
        <security:authentication-provider>
            <security:user-service id="UserService">
                <security:user name="admin" password="password" authorities="ROLE_ADMIN"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager> 
</spring:beans>

<spring-security:security-manager>
    <spring-security:delegate-security-provider name="InMemory" delegate-ref="MyManager"/>
</spring-security:security-manager>

<https:connector name="httpsConnector">
    <https:tls-key-store path="test.jks" keyPassword="test1234" storePassword="test1234"/>
</https:connector>

<flow name="httpTestFlow" doc:name="httpTestFlow">
    <https:inbound-endpoint exchange-pattern="one-way" host="localhost" port="8081" doc:name="HTTP" connector-ref="httpsConnector">
        <spring-security:http-security-filter realm="mule-realm" securityProviders="InMemory"/>
    </https:inbound-endpoint>
    <object-to-string-transformer doc:name="Object to String"/>
    <logger level="INFO" message="The XML message received is: #[payload]" doc:name="Logger"/>
</flow>

I get the following error inside my Mule application (the one sending the XML) when I try to run this:

********************************************************************************
Message               : Failed to route event via endpoint: DefaultOutboundEndpoint{endpointUri=https://admin:<password>@localhost/hello, connector=HttpsConnector
{
  name=connector.https.mule.default
  lifecycle=start
  this=7cc4f42c
  numberOfConcurrentTransactedReceivers=4
  createMultipleTransactedReceivers=true
  connected=true
  supportedProtocols=[https]
  serviceOverrides=<none>
}
,  name='endpoint.https.localhost.8081.hello', mep=REQUEST_RESPONSE, properties={http.method=POST, Content-Type=text/xml}, transactionConfig=Transaction{factory=null, action=INDIFFERENT, timeout=0}, deleteUnacceptedMessages=false, initialState=started, responseTimeout=10000, endpointEncoding=UTF-8, disableTransportTransformer=false}. Message payload is of type: PostMethod
Code                  : MULE_ERROR--2
--------------------------------------------------------------------------------
Exception stack is:
1. unable to find valid certification path to requested target (sun.security.provider.certpath.SunCertPathBuilderException)
  sun.security.provider.certpath.SunCertPathBuilder:196 (null)
2. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (sun.security.validator.ValidatorException)
  sun.security.validator.PKIXValidator:385 (null)
3. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (javax.net.ssl.SSLHandshakeException)
  sun.security.ssl.Alerts:192 (http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/net/ssl/SSLHandshakeException.html)
4. Failed to route event via endpoint: DefaultOutboundEndpoint{endpointUri=https://admin:<password>@localhost/hello, connector=HttpsConnector
{
  name=connector.https.mule.default
  lifecycle=start
  this=7cc4f42c
  numberOfConcurrentTransactedReceivers=4
  createMultipleTransactedReceivers=true
  connected=true
  supportedProtocols=[https]
  serviceOverrides=<none>
}
,  name='endpoint.https.localhost.8081.hello', mep=REQUEST_RESPONSE, properties={http.method=POST, Content-Type=text/xml}, transactionConfig=Transaction{factory=null, action=INDIFFERENT, timeout=0}, deleteUnacceptedMessages=false, initialState=started, responseTimeout=10000, endpointEncoding=UTF-8, disableTransportTransformer=false}. Message payload is of type: PostMethod (org.mule.api.transport.DispatchException)
  org.mule.transport.http.HttpClientMessageDispatcher:155 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/transport/DispatchException.html)
--------------------------------------------------------------------------------
Root Exception stack trace:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
    + 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************

And this error inside my other application receiving the message:

ERROR 2014-06-05 15:58:05,380 [[test-webservice].http.request.dispatch.8081.01] org.mule.exception.DefaultSystemExceptionStrategy: Caught exception in Exception Strategy: Received fatal alert: certificate_unknown
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:818)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:50)
    at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
    at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
    at org.mule.transport.http.HttpServerConnection.readLine(HttpServerConnection.java:243)
    at org.mule.transport.http.HttpServerConnection.getRequestLine(HttpServerConnection.java:509)
    at org.mule.transport.http.HttpRequestDispatcherWork.run(HttpRequestDispatcherWork.java:70)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
    at java.lang.Thread.run(Thread.java:695)

Can anyone identify what may be going wrong here, or suggest an alternative way to test my outbound endpoint locally? Thanks in advance.

Answer 1

Are you sure your separate application is actually running? It looks like it's not: maybe it just fails to start?