RSA premaster secret error connecting to Oracle through Websphere over SSL

Question

Our project moving to use SSL in all our database connections, we have successfully done this for our Java based batch processing system using this guide to SSL and JDBC thin driver. We are now tasked with configuring our webapp, running in Websphere, to use these SSL connections to the database.

Having followed the step by step instructions layed out in this blog post we get an error when running the test connection (-Djavax.net.debug=all is set for the jvm):

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O Default : 2, READ: TLSv1 Handshake, >length = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** ServerHelloDone 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [read] MD5 and SHA1 hashes:  len = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00     00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O ClientHandshaker: KeyManager      com.ibm.jsse2.hd 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** Certificate chain     [06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using KeyGenerator     IbmTlsRsaPremasterSecret from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using cipher      RSA/SSL/PKCS1Padding from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, handling exception:     javax.net.ssl.SSLKeyException: RSA premaster secret error 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O %% Invalidated:  [Session-23,     SSL_RSA_WITH_RC4_128_MD5] 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [Raw read]: length = 4 
 [06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00     00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O Default : 2, READ: TLSv1 Handshake, length = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** ServerHelloDone 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O [read] MD5 and SHA1 hashes:  len = 4 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O 0000: 0e 00 00 00                                        .... 

[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O ClientHandshaker: KeyManager com.ibm.jsse2.hd 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** Certificate chain 
[06/11/13 06:17:44:042 GMT] 00000024 SystemOut     O *** 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using KeyGenerator IbmTlsRsaPremasterSecret from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O JsseJCE:  Using cipher RSA/SSL/PKCS1Padding from provider TBD via init 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, handling exception: javax.net.ssl.SSLKeyException: RSA premaster secret error 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O %% Invalidated:  [Session-23, SSL_RSA_WITH_RC4_128_MD5] 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, SEND TLSv1 ALERT:  fatal, description = unexpected_message 
[06/11/13 06:17:44:043 GMT] 00000024 SystemOut     O Default : 2, WRITE: TLSv1 Alert, length = 2 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O [Raw write]: length = 7 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O 0000: 15 03 01 00 02 02 0a                               ....... 

[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called closeSocket() 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called close() 
[06/11/13 06:17:44:044 GMT] 00000024 SystemOut     O Default : 2, called closeInternal(true) 
[06/11/13 06:17:44:045 GMT] 00000024 DSConfigurati W   DSRA8201W: DataSource  Configuration: DSRA8040I: Failed to connect to the DataSource.  Encountered java 
.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002. 
java.sql.SQLException: Io exception: RSA premaster secret errorDSRA0010E: SQL State = null, Error Code = 17,002 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112) 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:146) 
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:255) 
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:387) 
        at oracle.jdbc.driver.PhysicalConnection.(PhysicalConnection.java:441) 
        at oracle.jdbc.driver.T4CConnection.(T4CConnection.java:165) 
        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:35) 
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:801) 
        at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:297) 
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:221) 
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:157) 
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:94) 
        at com.ibm.ws.rsadapter.DSConfigurationHelper$2.run(DSConfigurationHelper.java:1687) 
        at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5343) 
        at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5431) 
        at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255) 
        at com.ibm.ws.rsadapter.DSConfigurationHelper$3.run    (DSConfigurationHelper.java:1703) 
        at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1715) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getPooledConnection(DSConfigurationHelper.java:1610) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:3242) 
    at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionForGUI(DSConfigurationHelper.java:3918) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource2(DataSourceConfigHelperMBean.java:556) 
    at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnection(DataSourceConfigHelperMBean.java:484) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:49) 
    at sun.reflect.GeneratedMethodAccessor51.invoke(Unknown Source) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) 
    at java.lang.reflect.Method.invoke(Method.java:611) 
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:256) 
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1085) 
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:966) 
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:848) 
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:773) 
    at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1331) 
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) 
    at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1224) 
    at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181) 
    at com.ibm.ws.management.connector.ipc.CallRouter.route(CallRouter.java:242) 
    at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink.doWork(IPCConnectorInboundLink.java:353) 
    at com.ibm.ws.management.connector.ipc.IPCConnectorInboundLink$IPCConnectorReadCallback.complete(IPCConnectorInboundLink.java:595) 
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784) 
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) 
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) 
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) 
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) 
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) 
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) 
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) 
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1604)

This shows that the underlying error is RSA premaster secret error, which I have googled and searched on SO; unfortunately non of the results have helped so far.

This is on Websphere version 7.
We are using a PKCS12 certificate.
We are using IBM java 1.6.0 on our Linux Websphere server.
I know that the certificates are good as they can be used to connect in our batch process.
I also know that the webapp should be able to handle these connections as using JNDI and an SSL datasource in Tomcat works fine.

Does anything appear wrong in what I am doing? Does anyone have suggestions on resolving this error or getting further to the root cause of it?

RSA premaster secret error connecting to Oracle through Websphere over SSL

Answers (1)

Related Questions