Drinkwater, GJ (Glen) wrote:
> Hi
>
> I am trying to setup SSL mutual authentication using JAX-WS with
> glassfish UR1. I have set up everything correctly and generated a key
> pair using keytool and the web service picks up the certificate fine
> and everything works ok.
>
> Now, if I convert my pem files into jks keystore format and use this,
> the handshake fails. I have imported the root cert into the trusted
> cacerts of glassfish and everything looks fine with the keystore with
> 'keytool -list -keystore mykeystore.jks -v'
>
Can you send the steps you used with keytool to generate the keypair
> Has anybody managed to get this working with a converted pem credential?
>
And what command did you use for converting pem.
Thanks.
> On the serverside I get :
>
> SSL Error getting client Certs
> javax.net.ssl.SSLHandshakeException: null cert chain
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:172)
> at
> com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1206)
>
> at
> com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:148)
>
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
>
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:679)
>
> at
> com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
>
> And on the client side I get:
>
> ***
> [write] MD5 and SHA1 hashes: len = 16
> 0000: 14 00 00 0C 24 53 01 2B EB A8 C6 98 9F 10 F9 CC ....$S.+........
> Padded plaintext before ENCRYPTION: len = 32
> 0000: 14 00 00 0C 24 53 01 2B EB A8 C6 98 9F 10 F9 CC ....$S.+........
> 0010: EF 68 74 7D 7B E6 54 80 E5 7C DD 52 E4 90 3B 66 .ht...T....R..;f
> main, WRITE: TLSv1 Handshake, length = 32
> main, waiting for close_notify or alert: state 3
> main, Exception while waiting for close java.net.SocketException:
> Software caused connection abort: recv failed
> main, handling exception: java.net.SocketException: Software caused
> connection abort: recv failed
> %% Invalidated: [Session-3, SSL_RSA_WITH_RC4_128_MD5]
> main, SEND TLSv1 ALERT: fatal, description = unexpected_message
> Padded plaintext before ENCRYPTION: len = 18
> 0000: 02 0A ED AE 45 78 72 A0 27 0C D3 2B B4 21 DA DE ....Exr.'..+.!..
> 0010: BA DB ..
> main, WRITE: TLSv1 Alert, length = 18
> main, Exception sending alert: java.net.SocketException: Software
> caused connection abort: socket write error
> main, called closeSocket()
> main, called close()
> main, called closeInternal(true)
> javax.xml.ws.WebServiceException: javax.xml.ws.WebServiceException:
> java.net.SocketException: Software caused connection abort: recv failed
>
> Thanks glen
>