Invoke Secured (https) REST API endpoint from WSO2 Integration Studio/Micro Integrator

Question

I am trying to invoke a secured endpoint (https) from wso2 integration studio8.0/MI 4.0. Created integration project, created an endpoint with the url with secured endpoint address, provided on header with the transport scope as required for the secured endpoint. I got the public key certificate (.p7b/.cer) and imported to the trust store using key tool utility. keytool -import -alias aliasName -file public-key-from-browser.cer -keystore client-truststore.jks -storepass password . Provided the truststore file path in deployment.toml in integration studio/MI4.0 but getting the following exception. Please let me know how to resolve the exception.

[2022-01-17 10:28:09,696] ERROR {TargetHandler} - I/O error: General SSLEngine problem javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
    at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
    at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
    at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:270)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:316)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:541)
    at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
    at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
    at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
    at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:1015)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:1012)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1504)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:288)
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:356)
    ... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:450)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:317)
    at sun.security.validator.Validator.validate(Validator.java:262)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:289)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1675)

Answer 1

Make sure that you have imported the chain of certificates. If you have already done that better to enable ssl debug logs [1] and analyse the ssl logs to identify what is the exact cause of the issue.

[1]-https://dilsichandrasena.medium.com/how-to-enable-ssl-debug-logs-for-wso2-products-6de7276ffe10