Send audit message via TLS

66 views
Skip to first unread message

Mark

unread,
Apr 5, 2016, 4:52:30 AM4/5/16
to dcm4che
Hi All,

I want to send an audit message via tls using the following command (with toolkit dcm4che-3.3.7):

./syslog -c ip_server:port_server --key-store keystore.jks --key-store-pass changeit XXX.xml
 
jks file contains a valid certificate (the file has been successfully used in other applications), but in the product log by the command I find

10:47:10,817 INFO  - Initiate connection from 0.0.0.0/0.0.0.0:0 to
ip_server:port_server
syslog: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1439)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:878)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:814)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
    at org.dcm4che3.net.Connection.createTLSSocket(Connection.java:1130)
    at org.dcm4che3.net.Connection.connect(Connection.java:1023)
    at org.dcm4che3.net.audit.AuditLogger$TCPConnection.connect(AuditLogger.java:1192)
    at org.dcm4che3.net.audit.AuditLogger$TCPConnection.sendMessage(AuditLogger.java:1201)
    at org.dcm4che3.net.audit.AuditLogger.sendMessage(AuditLogger.java:779)
    at org.dcm4che3.net.audit.AuditLogger.write(AuditLogger.java:762)
    at org.dcm4che3.tool.syslog.Syslog.sendFiles(Syslog.java:305)
    at org.dcm4che3.tool.syslog.Syslog.main(Syslog.java:233)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1421)
    ... 15 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
    ... 21 more


I can not find the problem...

zaka

unread,
Apr 6, 2016, 3:09:42 PM4/6/16
to dcm4che
You didn't include your truststore with proper truststore password with server certificate in it.

вторник, 5 апреля 2016 г., 13:52:30 UTC+5 пользователь Mark написал:

Anuj Aneja

unread,
Apr 7, 2016, 4:38:23 AM4/7/16
to dcm4che
Dear Mark,

I want to do the similar kind of ATNA stuff but want this to be done using the TCP Listener. Do you know the configuration/steps to set this up.

 Regards,

Anuj Aneja

Mark

unread,
Apr 7, 2016, 9:52:15 AM4/7/16
to dcm4che
Hi zaka,

thanks to the indication, I use:

./syslog -c ip_server:port_server --key-store keystore.jks --key-store-pass changeit --key-pass changeit --trust-store cacerts.jks --trust-store-pass changeit XXX.xml

and it works!

Mark

unread,
Apr 7, 2016, 10:01:03 AM4/7/16
to dcm4che
Hi Anuj,

I only tried the reception via UDP, using the following command:

./syslogd --udp -b 1514 --directory dir_to_store_message
Reply all
Reply to author
Forward
0 new messages