-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SHA1 /SHA2 TLS certificate issue at Remote AP OR Java 7 issue while sending document to Peppol network #261
Comments
#260 was related to this as well. We solved it by using Java8 instead of 7. |
OK, that means upgrade to Java 8 is only option. Were you also facing same issue while sending to this particular AP? Or Was it different AP. |
Same ap. There might be other solutions but we landed on Java8.
|
im the guy behind AP in question. here is our env if that may be some sort of incompatibility issue:
previously reported issues where both SHA2 upgrade related, we went for it too early and there was likely very poor java support for it. for 2017 certificates there is no more SHA1 option. for now I can only suspect oxalis or java version incompatibility. |
I guess this is because that GoDaddy root CA was not available in earlier Java versions. So if you use an old Java 7 og old Java 8 runtime you will not be able to verify these HTTPS certs without adding GoDaddy root CA to the trust store manually. I would recommend to upgrade to a more recent Java 7 runtime (or go with Java 8). |
Yes @teedjay . Thanks for confirming. That was something I was expecting. So java 7 or Java 8 latest upgrade is solution. |
Let us keep this issue open until concerned parties confirm it. |
Concerned parties reopens the issue if @teedjay is not correct. |
We are getting following error, while sending document to peppol network:
Unexpected error during execution of http POST to https://atworklogin.com:8443/oxalis/as2 : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Remote AP have certificate from GoDaddy.
There certificate is set with connection encryption: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits, TLS 1.2.
Additionally I see problem in the way SSL/TLS certificate created:
Additionally, I found that we are getting this error only with Java 7 at our end. If I set java version to 8, document goes perfectly fine. But if Java 7 is the case, then why we are not getting error while sending document to other AP.
P.S. There are related issue #168 and #173
The text was updated successfully, but these errors were encountered: