Reputation: 26077
SSL Handshake Failure
There is 3rd Party webservices hosted over HTTPS, while consuming webservice i am facing SSL handshake failure error.
For security reasons we do no have access to 3rd party url or service, its only our client can access from there environment.
I have done enough hit and trial but still not succeeded.
Our application is running on Weblogic 9.2.
3rd party have provided the certificate (.p7b format). I have imported these certificates in the javakeystore (cacerts), even in the weblogic keystores (demotrust.jks), but still same error. I have tried different combination of importing the certificate in keystore, i can see the entry of teh certificate in the keystore as well.
Even the stubs we have asked the client to generate in there environment(since we cannot acces from our environment), using HTTP stubs are getting generated but using HTTPS, it gives SSL handshake failure.
I think if we resolve this issue, then application will also run.
Application runs fine on http, but on https it gives SSL handshake failure error.
I have properly converted from (.p7b to .cer format and then imported), even used .p7b to .pem to .der format and then imported in the java keystore, demotrust.jks, but still does not work.
Am i missing any steps, please let me know.
Upvotes: 0
Views: 4662
Answers (2)
Reputation: 632
We were also facing same issue. We were trying to connect 3rd party server installed with SSL certificate of 256encryption. When we were trying to connect it from java(v1.7) we were getting handshake_failure error.
We followed below steps to resolve issue:
Download valid SSL certificate chain from 3rd party server and install it in your jdk keystore cacerts (located at C:\Program Files\Java\jdk1.7.0_79\jre\lib\security) in windows. used following opensource Java class to extract certificate from 3rd party URL
To install certificate in your keystore you can use following command keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias helloroot -file hello.cer
After doing above steps issue was persists then we come to know about TLSv1.1, TLSv1.2 after communitcating with 3rd party server team. 3rd party server was using and forcing client to connect over only TLSv1.1 and newer version.
We were using java 1.7 and Grails 2.3.1. We forced grails to use TLSv1.1 while making connection to HTTPS URL. There are following ways to force grails to use TLSv1.1 or newer
By configuring BuildConfig.groovy file and added jvmArgs: ['-Dhttps.protocols=TLSv1.1']
grails.project.fork = [ ... run : [maxMemory: 1280, minMemory: 128, debug: false, maxPerm: 256, forkReserve: true, jvmArgs: ['-Dhttps.protocols=TLSv1.1']], ... ]
You can pass -Dhttps.protocol param while running your grails app
grails run-app -Dhttps.protocols=TLSv1.1
Upvotes: 1
Reputation: 26077
The same was resolved by adding the certificates to cacerts file and pointing the same to weblogic. Intially certificates chain was not properly imported into cacerts file.
Upvotes: 0
Related Questions
- SSL HandShake exception
- Java webservice checking for SSL handshake alert: handshake_failure
- Webservice access with client auth: handshake_failure
- Java connect to SOAP web service using SSL handshake failure
- SSLHandshakeException : Remote host closed connection during handshake
- SSL handshake failed when calling WebService
- SSL handshake exception while connecting over https
- SSL handshaking problem in webservice with Java and Tomcat
- ssl handShake failure soap
- HANDSHAKE_FAILURE alert received