For a deeper look into our DataScope Select REST API, look into:

Overview |  Quickstart |  Documentation |  Downloads |  Tutorials

question

Upvotes
Accepted
5 1 1 1

Dss rest SSLHandshakeException post namespace upgrade to selectapi.datascope.refinitiv.com

I am trying to connect to recently updated dss rest url "selectapi.datascope.refinitiv.com" and encountered the following error:

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


Solution tried: Although, I have tried steps mentioned in below Q&A post but din't work, and I also observed that certificate issuer is different. https://community.developers.refinitiv.com/questions/43909/dss-rest-api-ssl-handshake-error.html

It was working earlier with url hosted.datascopeapi.reuters.com, in addition to that it also works in case ssl verification is disabled.

Could you please help resolving this issue?

dss-rest-apidatascope-selectdss
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
78.2k 246 52 72

@xds-support

From the output, the Issuer of "CN=selectapi1.datascope.refinitiv.com, O=REFINITIV US LLC, STREET=3 Times Square, L=New York, ST=New York, OID.2.5.4.17=10036, C=US" has been changed to "CN=org Primary Proxy SSL Interception Service, OU=org, O=org, L=Sheffield, ST=Yorkshire, C=GB".

chain [0] = [
[
  Version: V3
  Subject: CN=selectapi1.datascope.refinitiv.com, O=REFINITIV US LLC, STREET=3 Times Square, L=New York, ST=New York, OID.2.5.4.17=10036, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: ....
  public exponent: 65537
  Validity: [From: Thu Feb 25 00:00:00 GMT 2021,
               To: Fri Feb 25 23:59:59 GMT 2022]
  Issuer: CN=org Primary Proxy SSL Interception Service, OU=org, O=org, L=Sheffield, ST=Yorkshire, C=GB
  SerialNumber: [    a398486d 01000000]

Typically, for selectapi.datascope.refinitiv.com the issuer should be "COMODO RSA Organization Validation Secure Server CA".

I assume that it is a certificate of your internal proxy. You may need to contact your local IT support to verify the problem or you need to install the certificate file for "CN=org Primary Proxy SSL Interception Service".


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
5 1 1 1

Certificate I see on hitting padlock in url bar


cert.png (62.7 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
32.2k 40 11 19

Hello @xds-support,

I can confirm that I am able to run a java example against:

private String urlHost = "https://selectapi.datascope.refinitiv.com/RestApi/v1";

In order to better understand the issue that you are facing:



icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
5 1 1 1

Hi @zoya.farberov


I was using jdk1.8.0_66 earlier but I have upgraded to jdk1.8.0_221. Still facing same old issue.

However, I have checked the discussion thread, there are a number of certificates on link but it is not clearly mentioned which certificate to install.


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@xds-support

You may run the application with the following option.

-Djavax.net.debug=all 

Then, share the output. We may be able to verify the problem from the output log.

Please find the logs attached, let me know if you need anything else.

logs.txt


logs.txt (61.3 KiB)
Upvotes
5 1 1 1

I had added below certificates besides the default cert in jdk


  • adding as trusted cert:

Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039

Valid from Fri Nov 10 00:00:00 GMT 2006 until Mon Nov 10 00:00:00 GMT 2031

  • adding as trusted cert:

Subject: CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US

Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Algorithm: RSA; Serial number: 0x69e1db77fcf1dfba97af5e5c9a24037

Valid from Fri Mar 08 12:00:00 GMT 2013 until Wed Mar 08 12:00:00 GMT 2023


  • adding as trusted cert:

Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a

Valid from Fri Nov 10 00:00:00 GMT 2006 until Mon Nov 10 00:00:00 GMT 2031

  • adding as trusted cert:

Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577

Valid from Fri Nov 10 00:00:00 GMT 2006 until Mon Nov 10 00:00:00 GMT 2031

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@xds-support

Refer to the SSL Check, it uses COMODO.


1621838523496.png (167.9 KiB)

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.