I was about creating an API in Integration Studio which will call a WSO2 API Endpoint .
My code below :
<?xml version="1.0" encoding="UTF-8"?>
<api context="/backend" name="Backend" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="GET">
<inSequence>
<call>
<endpoint>
<http method="get" uri-template="https://localhost:9443/api/am/publisher/v3/apis">
<suspendOnFailure>
<initialDuration>-1</initialDuration>
<progressionFactor>-1</progressionFactor>
<maximumDuration>0</maximumDuration>
</suspendOnFailure>
<markForSuspension>
<retriesBeforeSuspension>0</retriesBeforeSuspension>
</markForSuspension>
</http>
</endpoint>
</call>
<respond/>
</inSequence>
<outSequence/>
<faultSequence/>
</resource>
</api>
But i got this error in the console :
[2023-04-05 09:55:18,582] WARN {TargetHandler} - ERROR_CODE = 101500, STATE_DESCRIPTION = Exception occurred when Server establishing a connection to the backend, INTERNAL_STATE = REQUEST_READY, DIRECTION = REQUEST, CAUSE_OF_ERROR = I/O exception : General SSLEngine problem, TARGET_HOST = 127.0.0.1, TARGET_PORT = 9443, TARGET_CONTEXT = https://localhost:9443/api/am/publisher/v3/apis, HTTP_METHOD = GET, TRIGGER_TYPE = api, TRIGGER_NAME = Backend, REMOTE_ADDRESS = localhost/127.0.0.1:9443, CONNECTION = http-outgoing-2
[2023-04-05 09:55:18,582] ERROR {TargetHandler} - I/O error: General SSLEngine problem javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:237)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:271)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:1015)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:1012)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1504)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:255)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:293)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:380)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:285)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:289)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1675)
... 17 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
.
.
.
Caused by: java.security.SignatureException: Signature does not match.
How to resolve this General SSLEngine problem with Integration Studio ?
There can be multiple reasons for this error. It indicates that the server was unable to validate the certificate of the API Manager server. For example, the Certificate could be invalid(If you changed the default keystores), and your system time could be off making the certificate expire etc.
Having said that, the most common reason could be missing the Public Cert in the client-trustore. Inorder to resolve this, if you just want to resolve this in your local setup the easiest solution is to Copy <APIM_HOME>/repository/resources/security/client-truststore.jks and <APIM_HOME>/repository/resources/security/wso2carbon.jks to <INTEGRATION_STUDIO_HOME>/runtime/microesb/repository/resources/security. (Replace the existing ones, make sure you back them up).
The proper solution is to import the public cert of API Manager to Micro Integrator as described here.
Export from APIM
keytool -export -alias certalias -keystore newkeystore.jks -file <public key name>.pem
Import to MI
keytool -import -alias certalias -file <public key name>.pem -keystore client-truststore.jks -storepass wso2carbon