Recently I came across a problem that seems to plague various people in different incarnations. My particular incarnation looked the following way: Sybase Unwired Workspace cannot connect to Sybase Unwired Server (SUP) though server is up and running.
The situation can be described in the following way:
- I tried to connect to a server configured with default settings on ports 2000 (HTTP) and 2001 (HTTPS). Server is not under my control so jiggling port numbers was out of question.
- SUP server is definitely reachable. That was checked by using “telnet <name of the server>:<port>” command.
- I tried to connect to port 2000 (standard SUP setting) over HTTP protocol. Sybase Unwired Workspace simply hung without any error message. Very disturbing.
- I tried to connect to port 2001 (standard SUP setting) over HTTPS protocol. In that case I received a message “
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.”Cryptic though it’s obvious that something is wrong with the certificate.
- The connectivity was provided over VPN with Cisco AnyConnect Mobility Client.
Search on the Internet finally came back with a piece of useful information: “After reviewing network traces between workstation and server, we were made aware that TCP 2000 is a reserved port for CISCO VOIP services. We changed the SUP management port to 2002 in SCC and the problem was resolved.” That lit the bulb and gave an idea that maybe I should not spend more time attempting to connect to port 2000.
That left port 2001 and HTTPS. Investigation has shown that the certificate error sprung from the fact that the server uses self-signed certificate. The only solution that came to mind is to declare that certificate as trusted. The following article provided the basis for the solution: http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/ and Google code provided the necessary code http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java
So here is your simple and quick solution:
- “Install” the offending certificate into file jssecacerts using InstallCert.java.
- Copy jssecacerts to UnwiredPlatform\JDK1.6.0_26\jre\lib\security folder (or equivalent)
Voila! Now you can avoid port 2000 and you are good to go with port 2001 and secure (HTTPS) connection.