Troubleshooting
Problem
AWS S3 Client Service is not able to connect to AWS S3 due to Certificate chaining error.
Symptom
noapp.log
[2021-02-23 15:51:01.98] ALL 000000000000 GLOBAL_SCOPE com.amazonaws.SdkClientException: Unable to execute HTTP request: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
[2021-02-23 15:51:01.98] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1207)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1153)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5259)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.getBucketRegionViaHeadRequest(AmazonS3Client.java:6220)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.fetchRegionFromCache(AmazonS3Client.java:6193)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5244)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5206)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5200)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:920)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:894)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.services.integration.AwsListService.operation(AwsListService.java:29)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.services.integration.AWSS3ClientService.processData(AWSS3ClientService.java:53)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.activity.engine.ActivityEngineHelper.invokeService(ActivityEngineHelper.java:1826)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.activity.engine.ActivityEngineHelper.nextMainLogic(ActivityEngineHelper.java:631)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.activity.engine.ActivityEngineHelper.next(ActivityEngineHelper.java:362)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.WorkFlowQueueListener.doWork(WorkFlowQueueListener.java:459)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.WorkFlowQueueListener.run(WorkFlowQueueListener.java:240)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.WorkFlowQueueListener.onMessage(WorkFlowQueueListener.java:197)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.WorkFlowQueueListener.onMessage(WorkFlowQueueListener.java:184)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.wfTransporter.run(wfTransporter.java:447)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.BasicExecutor$Worker.run(BasicExecutor.java:508)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at java.lang.Thread.run(Thread.java:811)
java.security.cert.CertPathValidatorException: The certificate issued by CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
[2021-02-23 15:51:01.98] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1207)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1153)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5259)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.getBucketRegionViaHeadRequest(AmazonS3Client.java:6220)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.fetchRegionFromCache(AmazonS3Client.java:6193)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5244)
[2021-02-23 15:51:02.018] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5206)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:5200)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:920)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.amazonaws.services.s3.AmazonS3Client.listObjects(AmazonS3Client.java:894)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.services.integration.AwsListService.operation(AwsListService.java:29)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.services.integration.AWSS3ClientService.processData(AWSS3ClientService.java:53)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.activity.engine.ActivityEngineHelper.invokeService(ActivityEngineHelper.java:1826)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.activity.engine.ActivityEngineHelper.nextMainLogic(ActivityEngineHelper.java:631)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.activity.engine.ActivityEngineHelper.next(ActivityEngineHelper.java:362)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.WorkFlowQueueListener.doWork(WorkFlowQueueListener.java:459)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.WorkFlowQueueListener.run(WorkFlowQueueListener.java:240)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.WorkFlowQueueListener.onMessage(WorkFlowQueueListener.java:197)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.WorkFlowQueueListener.onMessage(WorkFlowQueueListener.java:184)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.wfTransporter.run(wfTransporter.java:447)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at com.sterlingcommerce.woodstock.workflow.queue.BasicExecutor$Worker.run(BasicExecutor.java:508)
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE
[2021-02-23 15:51:02.019] ALL 000000000000 GLOBAL_SCOPE at java.lang.Thread.run(Thread.java:811)
Cause
The issue happens then B2BI uses authentication_policy.LDAP_SECURITY_TRUSTSTORE.
Diagnosing The Problem
Packet capture and SSL debug trace analysis concluded that B2BI look for AWS root certificate in LDAP_SECURITY_TRUSTSTORE.
Resolving The Problem
The issue is resolved by adding AWS Root cert into LDAP_SECURITY_TRUSTSTORE.
Instructions:
1) List certificates in JDK Trust store.
cd <si_install_dir>/jdk/bin
./keytool -list -v -keystore ../jre/lib/security/cacerts -alias baltimorecybertrustca -storepass changeit -storetype jks
2) Export AWS root certificate.
./keytool -export -v -alias baltimorecybertrustca -keystore ../jre/lib/security/cacerts -storepass changeit -storetype jks -file aws_root.cer
3) Import AWS root cert into LDAP_SECURITY_TRUSTSTORE configured in B2BI.
./keytool -importcert -keystore <ldap-trust-store.jks> -alias baltimorecybertrustca -storepass <lap-store-password> -file <location-of-aws-root-cert> -storetype jks
4) Make sure that the certificate is properly added to LDAP_SECURITY_TRUSTSTORE
./keytool -list -v -keystore <ldap-trust-store.jks> -alias baltimorecybertrustca -storepass <lap-store-password> -storetype jks
5) Restart B2BI.
Document Location
Worldwide
[{"Type":"SW","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"ARM Category":[{"code":"a8m0z00000007GRAAY","label":"Protocol->AWS S3 Client"}],"ARM Case Number":"TS004883662","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.0;6.0.1;6.0.2;6.0.3;6.1.0"}]
Product Synonym
Sterling B2B Integrator
Was this topic helpful?
Document Information
Modified date:
26 April 2021
UID
ibm16447241