Mule SOAP call over SSL results in "unable to find valid certification path to requested target"

Question

I am running into a problem with activating a mule flow that uses the web service consumer to hit a SOAP service running over HTTPs. Here is my configuration:

<https:connector name="httpsConnector" doc:name="HTTP-HTTPS">
    <https:tls-key-store path="keystore.jks" keyPassword="****" storePassword="****"/>
</https:connector>
<ws:consumer-config name="Web_Service_Consumer" wsdlLocation="https://sm1.actions.aclu.org:7443/sm/services/mailing/v2?wsdl" service="MailingService" port="MailingServicePort" serviceAddress="https://sm1.actions.aclu.org:7443/sm/services/mailing/v2"  doc:name="Web Service Consumer" connector-ref="httpsConnector">
    <ws:security>
        <ws:wss-username-token username="muleapi" password="k%t5mSZRgWsAjGwq" passwordType="TEXT" addCreated="true" addNonce="true"/>
    </ws:security>
</ws:consumer-config>
<flow name="soaptestFlow">
    <poll doc:name="Poll">
        <ws:consumer config-ref="Web_Service_Consumer" operation="list" doc:name="Web Service Consumer" />
    </poll>
    <mulexml:xml-to-object-transformer mimeType="application/java" doc:name="XML to Obj"/>
    <logger message="extracted data: #[payload]" level="INFO" doc:name="Logger"/>
</flow>

The keystore has been generated and placed in the resource directory of the project. I've also imported the cert for the server I am attempting to reach.

The error I receive is:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[?:1.7.0_80]
    at java.security.cert.CertPathBuilder.build(Unknown Source) ~[?:1.7.0_80]
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[?:1.7.0_80]
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[?:1.7.0_80]
    at sun.security.validator.Validator.validate(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.7.0_80]
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.7.0_80]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) ~[?:1.7.0_80]
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) ~[?:1.7.0_80]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) ~[?:1.7.0_80]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) ~[?:1.7.0_80]
    at java.net.URL.openStream(Unknown Source) ~[?:1.7.0_80]
    at com.ibm.wsdl.util.StringUtils.getContentAsInputStream(StringUtils.java:158) ~[wsdl4j-1.6.3.jar:1.6.3]
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2270) ~[wsdl4j-1.6.3.jar:1.6.3]
    at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2239) ~[wsdl4j-1.6.3.jar:1.6.3]
    at org.mule.module.ws.consumer.WSConsumer.parseWsdl(WSConsumer.java:356) ~[mule-module-ws-3.7.2.jar:3.7.2]
    at org.mule.module.ws.consumer.WSConsumer.initialise(WSConsumer.java:91) ~[mule-module-ws-3.7.2.jar:3.7.2]
    at org.mule.endpoint.DefaultInboundEndpoint.createMessageProcessorChain(DefaultInboundEndpoint.java:172) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.endpoint.AbstractEndpoint.getMessageProcessorChain(AbstractEndpoint.java:521) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.endpoint.DefaultInboundEndpoint.start(DefaultInboundEndpoint.java:100) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.construct.AbstractFlowConstruct.startIfStartable(AbstractFlowConstruct.java:325) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.construct.AbstractPipeline.doStart(AbstractPipeline.java:353) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.construct.Flow.doStart(Flow.java:90) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.construct.AbstractFlowConstruct$2.onTransition(AbstractFlowConstruct.java:136) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.construct.AbstractFlowConstruct$2.onTransition(AbstractFlowConstruct.java:132) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.lifecycle.AbstractLifecycleManager.invokePhase(AbstractLifecycleManager.java:138) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.construct.FlowConstructLifecycleManager.fireStartPhase(FlowConstructLifecycleManager.java:92) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.construct.AbstractFlowConstruct.start(AbstractFlowConstruct.java:131) ~[mule-core-3.7.2.jar:3.7.2]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_80]
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:1.7.0_80]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:1.7.0_80]
    at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.7.0_80]
    at org.mule.lifecycle.phases.DefaultLifecyclePhase.applyLifecycle(DefaultLifecyclePhase.java:237) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.lifecycle.RegistryLifecycleCallback.doApplyLifecycle(RegistryLifecycleCallback.java:91) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.lifecycle.RegistryLifecycleCallback.onTransition(RegistryLifecycleCallback.java:67) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.lifecycle.RegistryLifecycleManager.invokePhase(RegistryLifecycleManager.java:140) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.lifecycle.RegistryLifecycleManager.fireLifecycle(RegistryLifecycleManager.java:111) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.registry.AbstractRegistryBroker.fireLifecycle(AbstractRegistryBroker.java:88) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.registry.MuleRegistryHelper.fireLifecycle(MuleRegistryHelper.java:141) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.lifecycle.MuleContextLifecycleManager$MuleContextLifecycleCallback.onTransition(MuleContextLifecycleManager.java:91) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.lifecycle.MuleContextLifecycleManager$MuleContextLifecycleCallback.onTransition(MuleContextLifecycleManager.java:87) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.lifecycle.MuleContextLifecycleManager.invokePhase(MuleContextLifecycleManager.java:69) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.lifecycle.MuleContextLifecycleManager.fireLifecycle(MuleContextLifecycleManager.java:61) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.DefaultMuleContext.start(DefaultMuleContext.java:294) ~[mule-core-3.7.2.jar:3.7.2]
    at org.mule.module.launcher.application.DefaultMuleApplication.start(DefaultMuleApplication.java:134) ~[mule-module-launcher-3.7.2.jar:3.7.2]

Answer 1

If your app is the consumer you don't need to define the keystore, instead define the truststore or just add the server certificate in your JRE cacert which is the default truststore.

You can get some help with this posts: Unable to find valid certification path to requested target - error even after cert imported

What is difference between cacerts and keystore

Cheers,