APIMAN with client auth

[haozhen3513]

I had made a simple program using spring which required the present of X509 certificate. But i alwasy hit 500 with message of Received fatal alert: bad_certificate

I am able to call the api without going through the APIMAN, but when i add it to APIMAN then it no longer work.

Following are the configuration on my spring project

Tomcat configuration
server.port=50001
server.tomcat.accept-count=100
server.tomcat.max-connections=100
server.tomcat.max-threads=150
server.tomcat.min-spare-threads=10
server.servlet.context-path=/try1/r/obw

server.ssl.enabled=true
server.ssl.key-store=keystore.jks
server.ssl.key-store-password=admin123
server.ssl.key-store-type=JKS
server.ssl.key-alias=localhost
server.ssl.client-auth=need
server.ssl.trust-store=truststore.jks
server.ssl.trust-store-password=admin123
server.ssl.trust-store-type=JKS

I had imported the CA into the truststore.jks and using the CA to sign my .CRS and finally convert in to keystore and truststore for my apiman.

Following is the command i use to start up the APIMAN

standalone.bat -c standalone-apiman.xml -Dapiman.auth.url=https://localhost:8444/ -Djavax.net.debug=all -Djavax.net.ssl.trustStore=D:/APIMAN/wildfly-23.0.2.Final/standalone/configuration/new2.jks -Djavax.net.ssl.trustStorePassword=admin123 -Djavax.net.ssl.keyStore=D:/APIMAN/wildfly-23.0.2.Final/standalone/configuration/new2.jks -Djavax.net.ssl.keyStorePassword=admin123

Following are the log when I call the Api.

16:03:34,690 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E3|default task-1|2023-12-04 16:03:34.690 SGT|CertificateRequest.java:692|Consuming CertificateRequest handshake message (
16:03:34,690 ERROR [stderr] (default task-1) "CertificateRequest": {
16:03:34,690 ERROR [stderr] (default task-1) "certificate types": [ecdsa_sign, rsa_sign, dss_sign]
16:03:34,690 ERROR [stderr] (default task-1) "supported signature algorithms": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
16:03:34,690 ERROR [stderr] (default task-1) "certificate authorities": [EMAILADDRESS=[email protected], CN=spring, OU=Java, O=localhost, L=KL, ST=KL, C=MY, EMAILADDRESS=[email protected], CN=ca, OU=ca, O=ca, L=ca, ST=local, C=MY]
16:03:34,690 ERROR [stderr] (default task-1) }
16:03:34,690 ERROR [stderr] (default task-1) )
16:03:34,691 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.691 SGT|X509Authentication.java:246|No X.509 cert selected for EC
16:03:34,691 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.691 SGT|CertificateRequest.java:809|Unavailable authentication scheme: ecdsa_secp256r1_sha256
16:03:34,691 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.691 SGT|X509Authentication.java:246|No X.509 cert selected for EC
16:03:34,691 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.691 SGT|CertificateRequest.java:809|Unavailable authentication scheme: ecdsa_secp384r1_sha384
16:03:34,692 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.692 SGT|X509Authentication.java:246|No X.509 cert selected for EC
16:03:34,692 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.692 SGT|CertificateRequest.java:809|Unavailable authentication scheme: ecdsa_secp521r1_sha512
16:03:34,692 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.692 SGT|CertificateRequest.java:767|Unable to produce CertificateVerify for signature scheme: ed25519
16:03:34,692 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.692 SGT|CertificateRequest.java:767|Unable to produce CertificateVerify for signature scheme: ed448
16:03:34,692 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.692 SGT|X509Authentication.java:246|No X.509 cert selected for RSA
16:03:34,692 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.692 SGT|CertificateRequest.java:809|Unavailable authentication scheme: rsa_pss_rsae_sha256
16:03:34,693 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.693 SGT|X509Authentication.java:246|No X.509 cert selected for RSA
16:03:34,693 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.693 SGT|CertificateRequest.java:809|Unavailable authentication scheme: rsa_pss_rsae_sha384
16:03:34,693 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.693 SGT|X509Authentication.java:246|No X.509 cert selected for RSA
16:03:34,693 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.693 SGT|CertificateRequest.java:809|Unavailable authentication scheme: rsa_pss_rsae_sha512
16:03:34,693 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.693 SGT|CertificateRequest.java:796|Unsupported authentication scheme: rsa_pss_pss_sha256
16:03:34,693 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.693 SGT|CertificateRequest.java:753|Unsupported authentication scheme: rsa_pss_pss_sha384
16:03:34,694 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.693 SGT|CertificateRequest.java:753|Unsupported authentication scheme: rsa_pss_pss_sha512
16:03:34,694 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.694 SGT|X509Authentication.java:246|No X.509 cert selected for RSA
16:03:34,694 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.694 SGT|CertificateRequest.java:809|Unavailable authentication scheme: rsa_pkcs1_sha256
16:03:34,694 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.694 SGT|X509Authentication.java:246|No X.509 cert selected for RSA
16:03:34,694 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.694 SGT|CertificateRequest.java:809|Unavailable authentication scheme: rsa_pkcs1_sha384
16:03:34,694 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.694 SGT|X509Authentication.java:246|No X.509 cert selected for RSA
16:03:34,695 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.695 SGT|CertificateRequest.java:809|Unavailable authentication scheme: rsa_pkcs1_sha512
16:03:34,695 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.695 SGT|X509Authentication.java:246|No X.509 cert selected for DSA
16:03:34,695 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.695 SGT|CertificateRequest.java:809|Unavailable authentication scheme: dsa_sha256
16:03:34,695 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.695 SGT|X509Authentication.java:246|No X.509 cert selected for EC
16:03:34,695 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.695 SGT|CertificateRequest.java:809|Unavailable authentication scheme: ecdsa_sha1
16:03:34,695 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.695 SGT|X509Authentication.java:246|No X.509 cert selected for RSA
16:03:34,696 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.696 SGT|CertificateRequest.java:809|Unavailable authentication scheme: rsa_pkcs1_sha1
16:03:34,696 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.696 SGT|X509Authentication.java:246|No X.509 cert selected for DSA
16:03:34,696 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.696 SGT|CertificateRequest.java:809|Unavailable authentication scheme: dsa_sha1
16:03:34,697 ERROR [stderr] (default task-1) javax.net.ssl|WARNING|E3|default task-1|2023-12-04 16:03:34.696 SGT|CertificateRequest.java:819|No available authentication scheme
16:03:34,697 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E3|default task-1|2023-12-04 16:03:34.697 SGT|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message (
16:03:34,697 ERROR [stderr] (default task-1)
16:03:34,697 ERROR [stderr] (default task-1) )
16:03:34,698 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E3|default task-1|2023-12-04 16:03:34.698 SGT|CertificateMessage.java:299|No X.509 certificate for client authentication, use empty Certificate message instead
16:03:34,698 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E3|default task-1|2023-12-04 16:03:34.698 SGT|CertificateMessage.java:330|Produced client Certificate handshake message (
16:03:34,698 ERROR [stderr] (default task-1) "Certificates":
16:03:34,698 ERROR [stderr] (default task-1) )

In my log also contain

2023-12-04 16:03:34,533 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E3|default task-1|2023-12-04 16:03:34.533 SGT|SSLContextImpl.java:1088|keyStore is : D:/APIMAN/wildfly-23.0.2.Final/standalone/configuration/new2.jks
2023-12-04 16:03:34,534 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E3|default task-1|2023-12-04 16:03:34.534 SGT|SSLContextImpl.java:1089|keyStore type is : pkcs12
2023-12-04 16:03:34,534 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E3|default task-1|2023-12-04 16:03:34.534 SGT|SSLContextImpl.java:1091|keyStore provider is :
2023-12-04 16:03:34,535 ERROR [stderr] (default task-1) javax.net.ssl|ALL|E3|default task-1|2023-12-04 16:03:34.534 SGT|SSLContextImpl.java:1126|init keystore
2023-12-04 16:03:34,535 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E3|default task-1|2023-12-04 16:03:34.535 SGT|SSLContextImpl.java:1149|init keymanager of type SunX509
2023-12-04 16:03:34,536 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E3|default task-1|2023-12-04 16:03:34.536 SGT|SunX509KeyManagerImpl.java:164|found key for : andynew (
2023-12-04 16:03:34,536 ERROR [stderr] (default task-1) "certificate" : {
2023-12-04 16:03:34,537 ERROR [stderr] (default task-1) "version" : "v1",
2023-12-04 16:03:34,537 ERROR [stderr] (default task-1) "serial number" : "00 F7 68 5B E7 7F EC 2E 9C",
2023-12-04 16:03:34,537 ERROR [stderr] (default task-1) "signature algorithm": "SHA256withECDSA",
2023-12-04 16:03:34,537 ERROR [stderr] (default task-1) "issuer" : "EMAILADDRESS=[email protected], CN=ca, OU=ca, O=ca, L=ca, ST=local, C=MY",
2023-12-04 16:03:34,537 ERROR [stderr] (default task-1) "not before" : "2023-12-04 15:54:44.000 SGT",
2023-12-04 16:03:34,537 ERROR [stderr] (default task-1) "not after" : "2024-12-03 15:54:44.000 SGT",
2023-12-04 16:03:34,537 ERROR [stderr] (default task-1) "subject" : "EMAILADDRESS=[email protected], CN=andy, OU=DEV, O=Finexus, L=KL, ST=Kuala Lumpur, C=MY",
2023-12-04 16:03:34,538 ERROR [stderr] (default task-1) "subject public key" : "RSA"}
2023-12-04 16:03:34,538 ERROR [stderr] (default task-1) )

and

2023-12-04 11:06:06,069 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E5|default task-1|2023-12-04 11:06:06.069 SGT|TrustStoreManager.java:112|trustStore is: D:/APIMAN/wildfly-23.0.2.Final/standalone/configuration/truststore.jks
2023-12-04 11:06:06,070 ERROR [stderr] (default task-1) trustStore type is: pkcs12
2023-12-04 11:06:06,070 ERROR [stderr] (default task-1) trustStore provider is:
2023-12-04 11:06:06,070 ERROR [stderr] (default task-1) the last modified time is: Fri Dec 01 17:57:05 SGT 2023
2023-12-04 11:06:06,071 ERROR [stderr] (default task-1) javax.net.ssl|DEBUG|E5|default task-1|2023-12-04 11:06:06.071 SGT|X509TrustManagerImpl.java:79|adding as trusted certificates (
2023-12-04 11:06:06,071 ERROR [stderr] (default task-1) "certificate" : {
2023-12-04 11:06:06,072 ERROR [stderr] (default task-1) "version" : "v1",
2023-12-04 11:06:06,072 ERROR [stderr] (default task-1) "serial number" : "01",
2023-12-04 11:06:06,072 ERROR [stderr] (default task-1) "signature algorithm": "SHA256withRSA",
2023-12-04 11:06:06,072 ERROR [stderr] (default task-1) "issuer" : "EMAILADDRESS=[email protected], CN=spring, OU=Java, O=localhost, L=KL, ST=KL, C=MY",
2023-12-04 11:06:06,072 ERROR [stderr] (default task-1) "not before" : "2023-12-01 17:55:44.000 SGT",
2023-12-04 11:06:06,073 ERROR [stderr] (default task-1) "not after" : "2033-11-28 17:55:44.000 SGT",
2023-12-04 11:06:06,073 ERROR [stderr] (default task-1) "subject" : "EMAILADDRESS=[email protected], CN=andy, OU=DEV, O=Finexus, L=KL, ST=Kuala Lumpur, C=MY",
2023-12-04 11:06:06,073 ERROR [stderr] (default task-1) "subject public key" : "RSA"},
2023-12-04 11:06:06,073 ERROR [stderr] (default task-1) "certificate" : {
2023-12-04 11:06:06,073 ERROR [stderr] (default task-1) "version" : "v3",
2023-12-04 11:06:06,073 ERROR [stderr] (default task-1) "serial number" : "00 E0 04 6B 47 C6 25 12 EF",
2023-12-04 11:06:06,073 ERROR [stderr] (default task-1) "signature algorithm": "SHA256withRSA",
2023-12-04 11:06:06,074 ERROR [stderr] (default task-1) "issuer" : "EMAILADDRESS=[email protected], CN=localhost, OU=DEV, O=Finexus, L=KL, ST=Kuala Lumpur, C=MY",
2023-12-04 11:06:06,074 ERROR [stderr] (default task-1) "not before" : "2023-09-12 14:15:12.000 SGT",
2023-12-04 11:06:06,074 ERROR [stderr] (default task-1) "not after" : "2033-09-09 14:15:12.000 SGT",
2023-12-04 11:06:06,074 ERROR [stderr] (default task-1) "subject" : "EMAILADDRESS=[email protected], CN=localhost, OU=DEV, O=Finexus, L=KL, ST=Kuala Lumpur, C=MY",
2023-12-04 11:06:06,074 ERROR [stderr] (default task-1) "subject public key" : "RSA",
2023-12-04 11:06:06,074 ERROR [stderr] (default task-1) "extensions" : [
2023-12-04 11:06:06,075 ERROR [stderr] (default task-1) {
2023-12-04 11:06:06,075 ERROR [stderr] (default task-1) ObjectId: 2.5.29.35 Criticality=false
2023-12-04 11:06:06,075 ERROR [stderr] (default task-1) AuthorityKeyIdentifier [
2023-12-04 11:06:06,075 ERROR [stderr] (default task-1) KeyIdentifier [
2023-12-04 11:06:06,075 ERROR [stderr] (default task-1) 0000: 0A 1F 10 E0 B8 0B 70 EA D8 1F 46 E2 76 51 43 54 ......p...F.vQCT
2023-12-04 11:06:06,075 ERROR [stderr] (default task-1) 0010: D3 16 A1 A4 ....
2023-12-04 11:06:06,076 ERROR [stderr] (default task-1) ]
2023-12-04 11:06:06,076 ERROR [stderr] (default task-1) ]
2023-12-04 11:06:06,076 ERROR [stderr] (default task-1) },
2023-12-04 11:06:06,076 ERROR [stderr] (default task-1) {
2023-12-04 11:06:06,076 ERROR [stderr] (default task-1) ObjectId: 2.5.29.19 Criticality=false
2023-12-04 11:06:06,076 ERROR [stderr] (default task-1) BasicConstraints:[
2023-12-04 11:06:06,077 ERROR [stderr] (default task-1) CA:true
2023-12-04 11:06:06,077 ERROR [stderr] (default task-1) PathLen:2147483647
2023-12-04 11:06:06,077 ERROR [stderr] (default task-1) ]
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) },
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) {
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) ObjectId: 2.5.29.14 Criticality=false
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) SubjectKeyIdentifier [
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) KeyIdentifier [
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) 0000: 0A 1F 10 E0 B8 0B 70 EA D8 1F 46 E2 76 51 43 54 ......p...F.vQCT
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) 0010: D3 16 A1 A4 ....
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) ]
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) ]
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) }
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) ]},
2023-12-04 11:06:06,078 ERROR [stderr] (default task-1) "certificate" : {
2023-12-04 11:06:06,079 ERROR [stderr] (default task-1) "version" : "v1",
2023-12-04 11:06:06,079 ERROR [stderr] (default task-1) "serial number" : "00 D6 E8 9C 1E AA A0 73 A2",
2023-12-04 11:06:06,079 ERROR [stderr] (default task-1) "signature algorithm": "SHA256withRSA",
2023-12-04 11:06:06,079 ERROR [stderr] (default task-1) "issuer" : "EMAILADDRESS=[email protected], CN=localhost, OU=DEV, O=Finexus, L=KL, ST=Kuala Lumpur, C=MY",
2023-12-04 11:06:06,079 ERROR [stderr] (default task-1) "not before" : "2023-11-24 15:43:06.000 SGT",
2023-12-04 11:06:06,079 ERROR [stderr] (default task-1) "not after" : "2024-11-23 15:43:06.000 SGT",
2023-12-04 11:06:06,080 ERROR [stderr] (default task-1) "subject" : "EMAILADDRESS=[email protected], CN=andy, OU=DEV, O=Finexus, L=KL, ST=Kuala Lumpur, C=MY",
2023-12-04 11:06:06,080 ERROR [stderr] (default task-1) "subject public key" : "RSA"}
2023-12-04 11:06:06,080 ERROR [stderr] (default task-1) )

Following are the response in the postman

{
"responseCode": 500,
"message": "Received fatal alert: bad_certificate",
"trace": "io.apiman.gateway.engine.beans.exceptions.ConnectorException: Received fatal alert: bad_certificate\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.handler.ErrorHandler.handleConnectionError(ErrorHandler.java:40)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.connectors.HttpApiConnection.handleConnectionError(HttpApiConnection.java:401)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.connectors.HttpApiConnection.connect(HttpApiConnection.java:203)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.connectors.HttpApiConnection.(HttpApiConnection.java:114)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory$1.connect(HttpConnectorFactory.java:119)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.lambda$execute_$4(ApiRequestExecutorImpl.java:282)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.policy.Chain.handleHead(Chain.java:238)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:152)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.lambda$execute_$5(ApiRequestExecutorImpl.java:298)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.loadPolicies(ApiRequestExecutorImpl.java:639)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.lambda$execute_$6(ApiRequestExecutorImpl.java:410)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.SecureRegistryWrapper$2.handle(SecureRegistryWrapper.java:189)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.SecureRegistryWrapper$2.handle(SecureRegistryWrapper.java:171)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.jdbc.CachingJdbcRegistry.getContract(CachingJdbcRegistry.java:102)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.SecureRegistryWrapper.getContract(SecureRegistryWrapper.java:171)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.execute_(ApiRequestExecutorImpl.java:376)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.lambda$execute$1(ApiRequestExecutorImpl.java:229)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:123)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:112)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.jdbc.CachingJdbcRegistry.getApi(CachingJdbcRegistry.java:116)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.SecureRegistryWrapper.getApi(SecureRegistryWrapper.java:112)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.execute(ApiRequestExecutorImpl.java:225)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewayServlet.java:178)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.GatewayServlet.service(GatewayServlet.java:79)\r\n\tat [email protected]//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)\r\n\tat [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)\r\n\tat [email protected]//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)\r\n\tat [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\r\n\tat [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)\r\n\tat [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)\r\n\tat [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)\r\n\tat [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\r\n\tat [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)\r\n\tat [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)\r\n\tat [email protected]//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)\r\n\tat [email protected]//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)\r\n\tat [email protected]//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)\r\n\tat [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)\r\n\tat [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\r\n\tat [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)\r\n\tat [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\r\n\tat [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)\r\n\tat [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)\r\n\tat [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)\r\n\tat [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)\r\n\tat [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)\r\n\tat [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)\r\n\tat [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)\r\n\tat [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)\r\n\tat [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)\r\n\tat [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)\r\n\tat [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)\r\n\tat [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)\r\n\tat [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)\r\n\tat [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)\r\n\tat [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)\r\n\tat [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)\r\n\tat [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)\r\n\tat [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)\r\n\tat java.base/java.lang.Thread.run(Thread.java:829)\r\nCaused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate\r\n\tat java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)\r\n\tat java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)\r\n\tat java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:340)\r\n\tat java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)\r\n\tat java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)\r\n\tat java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)\r\n\tat java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)\r\n\tat java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1416)\r\n\tat java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456)\r\n\tat java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427)\r\n\tat deployment.apiman-gateway.war//com.squareup.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)\r\n\tat deployment.apiman-gateway.war//com.squareup.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)\r\n\tat deployment.apiman-gateway.war//com.squareup.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)\r\n\tat deployment.apiman-gateway.war//com.squareup.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)\r\n\tat deployment.apiman-gateway.war//com.squareup.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)\r\n\tat deployment.apiman-gateway.war//com.squareup.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)\r\n\tat deployment.apiman-gateway.war//com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)\r\n\tat deployment.apiman-gateway.war//com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.connectors.ok.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:443)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.connectors.ok.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:115)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.connectors.ok.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:91)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.connectors.ok.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:27)\r\n\tat deployment.apiman-gateway.war//io.apiman.gateway.platforms.servlet.connectors.HttpApiConnection.connect(HttpApiConnection.java:200)\r\n\t... 66 more\r\n"
}

Attached the log for investigation.

server.zip

[msavy]

Please provide all the information from the bug report

https://github.com/apiman/apiman/issues/new?assignees=&labels=T%3A+Bug%2CS%3A+Triage&projects=&template=bug.yml

[haozhen3513]

Hi, I already open a bug report.
#2628