Dss rest SSLHandshakeException post namespace upgrade to selectapi.datascope.refinitiv.com

I am trying to connect to recently updated dss rest url "selectapi.datascope.refinitiv.com" and encountered the following error:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Solution tried: Although, I have tried steps mentioned in below Q&A post but din't work, and I also observed that certificate issuer is different. https://community.developers.refinitiv.com/questions/43909/dss-rest-api-ssl-handshake-error.html
It was working earlier with url hosted.datascopeapi.reuters.com, in addition to that it also works in case ssl verification is disabled.
Could you please help resolving this issue?
Best Answer
-
From the output, the Issuer of "CN=selectapi1.datascope.refinitiv.com, O=REFINITIV US LLC, STREET=3 Times Square, L=New York, ST=New York, OID.2.5.4.17=10036, C=US" has been changed to "CN=org Primary Proxy SSL Interception Service, OU=org, O=org, L=Sheffield, ST=Yorkshire, C=GB".
chain [0] = [
[
Version: V3
Subject: CN=selectapi1.datascope.refinitiv.com, O=REFINITIV US LLC, STREET=3 Times Square, L=New York, ST=New York, OID.2.5.4.17=10036, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: ....
public exponent: 65537
Validity: [From: Thu Feb 25 00:00:00 GMT 2021,
To: Fri Feb 25 23:59:59 GMT 2022]
Issuer: CN=org Primary Proxy SSL Interception Service, OU=org, O=org, L=Sheffield, ST=Yorkshire, C=GB
SerialNumber: [ a398486d 01000000]Typically, for selectapi.datascope.refinitiv.com the issuer should be "COMODO RSA Organization Validation Secure Server CA".
I assume that it is a certificate of your internal proxy. You may need to contact your local IT support to verify the problem or you need to install the certificate file for "CN=org Primary Proxy SSL Interception Service".
0
Answers
-
Certificate I see on hitting padlock in url bar
0 -
Hello @xds-support,
I can confirm that I am able to run a java example against:
private String urlHost = "https://selectapi.datascope.refinitiv.com/RestApi/v1";
In order to better understand the issue that you are facing:
- Could you please test with the attached plain Java example, outside any app server/web server, see how this works?DSS2OnDemandIntraDayNew_20210521.zip
- What version of Java do you run?
- Please see this previous discussion thread on certs, make sure the cert is present
0 -
I was using jdk1.8.0_66 earlier but I have upgraded to jdk1.8.0_221. Still facing same old issue.
However, I have checked the discussion thread, there are a number of certificates on link but it is not clearly mentioned which certificate to install.
0 -
You may run the application with the following option.
-Djavax.net.debug=all
Then, share the output. We may be able to verify the problem from the output log.
0 -
I had added below certificates besides the default cert in jdk
- adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Fri Nov 10 00:00:00 GMT 2006 until Mon Nov 10 00:00:00 GMT 2031
- adding as trusted cert:
Subject: CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x69e1db77fcf1dfba97af5e5c9a24037
Valid from Fri Mar 08 12:00:00 GMT 2013 until Wed Mar 08 12:00:00 GMT 2023
- adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Fri Nov 10 00:00:00 GMT 2006 until Mon Nov 10 00:00:00 GMT 2031
- adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Fri Nov 10 00:00:00 GMT 2006 until Mon Nov 10 00:00:00 GMT 2031
0 -
0
-
0
Categories
- All Categories
- 3 Polls
- 6 AHS
- 36 Alpha
- 166 App Studio
- 6 Block Chain
- 4 Bot Platform
- 18 Connected Risk APIs
- 47 Data Fusion
- 34 Data Model Discovery
- 690 Datastream
- 1.4K DSS
- 629 Eikon COM
- 5.2K Eikon Data APIs
- 11 Electronic Trading
- 1 Generic FIX
- 7 Local Bank Node API
- 3 Trading API
- 2.9K Elektron
- 1.4K EMA
- 255 ETA
- 559 WebSocket API
- 39 FX Venues
- 15 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 25 Messenger Bot
- 3 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 60 Open Calais
- 279 Open PermID
- 45 Entity Search
- 2 Org ID
- 1 PAM
- PAM - Logging
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 23 RDMS
- 2K Refinitiv Data Platform
- 716 Refinitiv Data Platform Libraries
- 4 LSEG Due Diligence
- LSEG Due Diligence Portal API
- 4 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.2K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 12 World-Check Customer Risk Screener
- 1K World-Check One
- 46 World-Check One Zero Footprint
- 45 Side by Side Integration API
- 2 Test Space
- 3 Thomson One Smart
- 10 TR Knowledge Graph
- 151 Transactions
- 143 REDI API
- 1.8K TREP APIs
- 4 CAT
- 27 DACS Station
- 121 Open DACS
- 1.1K RFA
- 106 UPA
- 194 TREP Infrastructure
- 229 TRKD
- 918 TRTH
- 5 Velocity Analytics
- 9 Wealth Management Web Services
- 95 Workspace SDK
- 11 Element Framework
- 5 Grid
- 19 World-Check Data File
- 1 Yield Book Analytics
- 48 中文论坛