Certificate chaining error when connection GCM Server using https
418 views
Skip to first unread message
Shiva kumar Reddy
Aug 20, 2013, 11:50:15 AM8/20/13
to andro...@googlegroups.com, sivakum...@fmr.com, Rajendra....@fmr.com, Kumarasam...@fmr.com, Eric...@fmr.com
We were in production for more than 4 weeks for android push notifications, everything was working fine until yesterday. Yesterday we noticed that it was throwing certificate chaining error for some notifications, it was happening intermittently, we were already using GoogleInternetAuthority certificate for SSL communication.
We received the below error .Then we identified that there is one more ceritificate was recently inttroduced/created , then we imported it into our truststore and it started working in our non prod environment . Did anyone face this issue ? how frequently new certificates will be issue by Google, is there a way that we can get notified so that we can import the certificates ahead of Google failing the notifications . Let us know how did you resolve these issues if you faced it .
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImp
l could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.o.a(o.java:22)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:423)
at com.ibm.jsse2.kb.a(kb.java:192)
at com.ibm.jsse2.kb.a(kb.java:176)
at com.ibm.jsse2.lb.a(lb.java:53)
at com.ibm.jsse2.lb.a(lb.java:464)
at com.ibm.jsse2.kb.s(kb.java:545)
at com.ibm.jsse2.kb.a(kb.java:530)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:79)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:98)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:13)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1024)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:25)
at com.google.android.gcm.server.Sender.post(Sender.java:479)
at com.google.android.gcm.server.Sender.post(Sender.java:458)
at com.google.android.gcm.server.Sender.sendNoRetry(Sender.java:170)
at com.google.android.gcm.server.Sender.send(Sender.java:121)
at com.fiw.mobile.push.GCMPushNotificationSystem.pushNotificationToGoogle(GCMPushNotificationSystem.java:111)
at com.fiw.mobile.push.GCMPushNotificationSystem.pushNotification(GCMPushNotificationSystem.java:231)
at com.fiw.mobile.push.GCMPushNotificationSystem.pushNotification(GCMPushNotificationSystem.java:1)
at com.fiw.formatengine.messageprocessor.PNMobileTokenProcessor.process(PNMobileTokenProcessor.java:107)
at com.fiw.formatengine.messageprocessor.JMSMessageProcessor.process(JMSMessageProcessor.java:65)
at com.fiw.formatengine.util.DefaultMessageListener.onMessage(DefaultMessageListener.java:40)
at org.springframework.jms.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:560)
at org.springframework.jms.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:498)
at org.springframework.jms.listener.AbstractMessageListenerContainer.doExecuteListener(AbstractMessageListenerContainer.java:467)
at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.doReceiveAndExecute(AbstractPollingMessageListenerContainer.java:323)
at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.receiveAndExecute(AbstractPollingMessageListenerContainer.java:261)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.invokeListener(DefaultMessageListenerContainer.ja
va:1056)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.executeOngoingLoop(DefaultMessageListenerContaine
r.java:1048)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:947)
at java.lang.Thread.run(Thread.java:769)
Caused by: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid
CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.util.f.b(f.java:113)
at com.ibm.jsse2.util.f.b(f.java:61)
at com.ibm.jsse2.util.e.a(e.java:22)
at com.ibm.jsse2.pc.a(pc.java:100)
at com.ibm.jsse2.pc.checkServerTrusted(pc.java:15)
at com.ibm.jsse2.pc.b(pc.java:76)
at com.ibm.jsse2.lb.a(lb.java:104)
... 30 more
Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:411)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
at com.ibm.jsse2.util.f.b(f.java:98)
... 36 more
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trust
ed; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:737)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:357)
... 38 more
Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
... 44 more
l could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.o.a(o.java:22)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:423)
at com.ibm.jsse2.kb.a(kb.java:192)
at com.ibm.jsse2.kb.a(kb.java:176)
at com.ibm.jsse2.lb.a(lb.java:53)
at com.ibm.jsse2.lb.a(lb.java:464)
at com.ibm.jsse2.kb.s(kb.java:545)
at com.ibm.jsse2.kb.a(kb.java:530)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:79)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:98)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:13)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1024)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:25)
at com.google.android.gcm.server.Sender.post(Sender.java:479)
at com.google.android.gcm.server.Sender.post(Sender.java:458)
at com.google.android.gcm.server.Sender.sendNoRetry(Sender.java:170)
at com.google.android.gcm.server.Sender.send(Sender.java:121)
at com.fiw.mobile.push.GCMPushNotificationSystem.pushNotificationToGoogle(GCMPushNotificationSystem.java:111)
at com.fiw.mobile.push.GCMPushNotificationSystem.pushNotification(GCMPushNotificationSystem.java:231)
at com.fiw.mobile.push.GCMPushNotificationSystem.pushNotification(GCMPushNotificationSystem.java:1)
at com.fiw.formatengine.messageprocessor.PNMobileTokenProcessor.process(PNMobileTokenProcessor.java:107)
at com.fiw.formatengine.messageprocessor.JMSMessageProcessor.process(JMSMessageProcessor.java:65)
at com.fiw.formatengine.util.DefaultMessageListener.onMessage(DefaultMessageListener.java:40)
at org.springframework.jms.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:560)
at org.springframework.jms.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:498)
at org.springframework.jms.listener.AbstractMessageListenerContainer.doExecuteListener(AbstractMessageListenerContainer.java:467)
at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.doReceiveAndExecute(AbstractPollingMessageListenerContainer.java:323)
at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.receiveAndExecute(AbstractPollingMessageListenerContainer.java:261)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.invokeListener(DefaultMessageListenerContainer.ja
va:1056)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.executeOngoingLoop(DefaultMessageListenerContaine
r.java:1048)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:947)
at java.lang.Thread.run(Thread.java:769)
Caused by: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid
CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.util.f.b(f.java:113)
at com.ibm.jsse2.util.f.b(f.java:61)
at com.ibm.jsse2.util.e.a(e.java:22)
at com.ibm.jsse2.pc.a(pc.java:100)
at com.ibm.jsse2.pc.checkServerTrusted(pc.java:15)
at com.ibm.jsse2.pc.b(pc.java:76)
at com.ibm.jsse2.lb.a(lb.java:104)
... 30 more
Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:411)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
at com.ibm.jsse2.util.f.b(f.java:98)
... 36 more
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trust
ed; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:176)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:737)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:649)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:595)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:357)
... 38 more
Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
... 44 more
Reply all
Reply to author
Forward
0 new messages