Share via

How to fix error in getToken() call for scopes https://management.core.windows.net/.default?

Ai, MingYu-MY 0 Reputation points
2023-05-26T06:57:47.23+00:00

When I use Intellij Idea's AzureExplorer, it's found that we can't connect to our Azure Subscription and error below found in Intellij Idea's log. In fact, last week, we still can get "2023-05-17 14:14:16,204 [789437911] INFO - y.InteractiveBrowserCredential - Azure Identity => getToken() result for scopes [https://management.core.windows.net//.default]: SUCCESS". Do you have any suggestions for error below?

2023-05-26 10:17:54,290 [  71328]  ERROR - y.InteractiveBrowserCredential - Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Failed to acquire token with Interactive Browser Authentication. 
2023-05-26 10:17:54,290 [  71328]   WARN - .http.client.HttpClientConnect - [ceb13e24, L:/10.6.250.15:65138 ! R:login.microsoftonline.com/20.190.144.162:443] The connection observed an error 
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1898)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:822)
	at java.base/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:522)
	at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1039)
	at io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:925)
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1407)
	at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1245)
	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285)
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
	... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
	at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:276)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
	at io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:234)
	at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:748)
	at io.netty.internal.tcnative.CertificateVerifierTask.runTask(CertificateVerifierTask.java:36)
	at io.netty.internal.tcnative.SSLTask.run(SSLTask.java:48)
	at io.netty.internal.tcnative.SSLTask.run(SSLTask.java:42)
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine$TaskDecorator.run(ReferenceCountedOpenSslEngine.java:1465)
	at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1547)
	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1393)
	... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
	... 34 more
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-05-29T11:54:09.61+00:00

    Hi
    Ai, MingYu-MY

    Thanks for reaching out.

    The error you are getting is due to SSL handshake while acquiring the token with Interactive Brower Authentication when trying to access the subscription.

    This message means that the certificate is not trusted by the JRE used by IntelliJ. It's likely that traffic from your system connects to the Azure via a proxy and the proxy is rewriting the certificate.

    To resolve it, you must add the certificate to the Truststore that IntelliJ is using.

    Find the folder where the IntelliJ Java is installed.

    Open a Command Prompt window and change to the above path till bin.

    Use the keytool command to add the certificate to the Truststore

    keytool -import -file <the cert file> -alias <some meaningful name> -keystore <path to cacerts file>

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.