3 Replies Latest reply on Jun 2, 2013 7:16 PM by Sham HC

    Receiving a SSL Exception warning even though a valid certificate exists for the instance

    Ravi Teja Surampudi Level 1

      Hi All,

      I am getting the following exception as soon as i installed a sertificate via the Keytool in our client environment. The instance is running and is accessible over https

       

      However, the browser is throwing a security warning and the server log is printing out this exception

       

      *WARN * servletengine: I/O error in execution: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

       

      Any suggestions on resolving this?

       

      Thanks,

      Ravi

        • 1. Re: Receiving a SSL Exception warning even though a valid certificate exists for the instance
          Sham HC Level 7

          Hi Ravi,

           

          From the log seems SSL handshake was failing. Could you please verify the certificates. The underlying failure cannot be pinpointed from logs, Could you enable debugging of the SSL connection by adding [1] into startup script. With the debug switched on, you can pinpoint what activity in the handshake has failed.

           

          [1] -Djavax.net.debug=all

           

          Thanks,

          Sham

          • 2. Re: Receiving a SSL Exception warning even though a valid certificate exists for the instance
            Ravi Teja Surampudi Level 1

            Hi Sham,

            The ccertificates are generated and signed by our client organization itself, So i dont see any reason why they are invalid. I have enabled the remote debugging and it is spitting out the following message in the log

             

            Is initial handshake: true

            Is secure renegotiation: false

            1. 10.76.16.249 [1369757396071] <parse>, received EOFException: error
            2. 10.76.16.249 [1369757396071] <parse>, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
            3. 10.76.16.249 [1369757396071] <parse>, SEND TLSv1 ALERT:  fatal, description = handshake_failure
            4. 10.76.16.249 [1369757396071] <parse>, WRITE: TLSv1 Alert, length = 2

            [Raw write]: length = 7

            0000: 15 03 01 00 02 02 28 ......(

            1. 10.76.16.249 [1369757396071] <parse>, called closeSocket()
            2. 10.76.16.249 [1369757396071] <parse>, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
            3. 10.76.16.249 [1369757396073] <closing>, called close()
            4. 10.76.16.249 [1369757396073] <closing>, called closeInternal(true)

            Allow unsafe renegotiation: false

            Allow legacy hello messages: true

             

             

            Now what interested me was the line highlighed in bold saying is secure-renegotiation false. I have passed this on to the client netsec team as well. But have you come across this anytime??

             

            Thanks,

            Ravi

            • 3. Re: Receiving a SSL Exception warning even though a valid certificate exists for the instance
              Sham HC Level 7

              Hi Ravi,

               

              I do not know much about internals. The initial status of secure renegotiation to false should be ok.  After a few handshake message the renegotiation will turn into "true" Once both sides support exchange. Check on other side why server is closing the connection during SSL setup.

               

              Thanks,

              Sham