I am having issues connecting a client to a secure server. I can get both servers in the mirror group talking to each other, but I get an exception when connecting the client.
I get the following exception:
Caused by: java.lang.IllegalStateException: Looks like the secret is still null ?! Was it ever fetched ?
at com.terracotta.toolkit.DelegatingSecretProvider$DefaultSecretProvider.getSecret(DelegatingSecretProvider.java:65)
at com.terracotta.toolkit.DelegatingSecretProvider.getSecret(DelegatingSecretProvider.java:29)
at com.terracotta.management.security.SecretProvider.getSecret(SecretProvider.java:16)
at com.tc.net.core.security.TCSecurityManagerImpl.initSecretProvider(TCSecurityManagerImpl.java:79)
at com.tc.net.core.security.TCClientSecurityManager.fetchSecret(TCClientSecurityManager.java:24)
at com.tc.client.EnterpriseClientFactory.createClientSecurityManager(EnterpriseClientFactory.java:70)
... 115 more
I have the ehcache.xml configuration as follows:
<terracottaConfig url="client1username@127.0.0.1:9510" />
The local keychain for the appserver was created with:
\dev\servers\TerracottaEE\bin\keychain.bat -c keychain.tkc tc://server1username@127.0.0.1:9510
I got past this by specifying the following as a system property.
-DSecretProvider.secret=server1pass
But I'm still having issues. My WebLogic 10.3.4 app server is now getting this:
Caused by: java.lang.ClassCastException: weblogic.net.http.SOAPHttpsURLConnection cannot be cast to javax.net.ssl.HttpsURLConnection
at com.tc.util.io.ServerURL.openStream(ServerURL.java:64)
at com.tc.config.schema.setup.sources.ServerConfigurationSource.getInputStream(ServerConfigurationSource.java:39)
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.trySource(StandardXMLFileConfigurationCreator.java:361)
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.getConfigDataSourceStrean(StandardXMLFileConfigurationCreator.java:307)
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.loadConfigDataFromSources(StandardXMLFileConfigurationCreator.java:240)
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.loadConfigAndSetIntoRepositories(StandardXMLFileConfigurationCreator.java:129)
at com.tc.config.schema.setup.StandardXMLFileConfigurationCreator.createConfigurationIntoRepositories(StandardXMLFileConfigurationCreator.java:111)
at com.terracotta.express.StandaloneL1Boot.resolveEmbedded(StandaloneL1Boot.java:193)
at com.terracotta.express.StandaloneL1Boot.resolveConfig(StandaloneL1Boot.java:138)
... 115 more
I would need a patch from the Terracotta side to change the code in com.tc.util.io.ServerURL.openStream where the URL is constructed. I do not know for sure if it would fix the problem.
2012-12-05 07:39:30,008 WARN - We couldn't load configuration data from the server at '127.0.0.1:9510'; retrying. (Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.)