Hi Vijitha, You can export the server certificate via the browser. Then import it into the client-truststore.jks as mentioned by Malaka. To configure SSL on Tomcat you may use this [1]. Are you calling the HTTPS endpoint of the proxy service. The issue seems to be between the client and the proxy service. Could you please use '-k' insecure option with curl client to invoke the HTTPS endpoint of the proxy service and try this out again.
[1] http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore Thanks & Regards, On Mon, Dec 15, 2014 at 9:48 PM, Vijitha Ekanayake <[email protected]> wrote: > > Hi all, > > Thanks for the responses. > > @malaka: tried importing certificate using the mentioned command. but > still getting the same results. > > @waruna : i have debugged the sslhandshake. as i understood when server > asked for an RSA or DSS certificate signed by CA authorities, and the > client replied by sending an empty certificate chain. is that mean, my > keystore doesn't have required certificates? is there a way overcome such > issue? or please correct me if i got it wrong. > > **** CertificateRequest* > > *Cert Types: RSA, DSS* > > *Cert Authorities:* > > *<OU=Equifax Secure Certificate Authority, O=Equifax, C=US>* > > *<CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) > 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, > O="VeriSign, Inc.", C=US>* > > *<CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US>* > > *etc .......* > > > *handshake get failed from here* > > *HTTPS-Listener I/O dispatcher-2, READ: TLSv1 Handshake, length = 141* > > **** Certificate chain* > > ***** > > *HTTPS-Listener I/O dispatcher-2, fatal error: 42: null cert chain* > > *javax.net.ssl.SSLHandshakeException: null cert chain* > > *HTTPS-Listener I/O dispatcher-2, SEND TLSv1 ALERT: fatal, description = > bad_certificate* > > *CONNECTION KEYGEN:* > > *Client Nonce:* > > *HTTPS-Listener I/O dispatcher-2, WRITE: TLSv1 Alert, length = 2* > > *0000: 54 8E A6 25 36 17 43 5B 94 05 AC E9 17 DC E5 DE T..%6.C[........* > > *0010: 7E C2 HTTPS-Listener I/O dispatcher-2, fatal: engine already > closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain* > > *7A 22 1F 51 39 BE AC 9D 4C 90 DC 34 34 C2 ..z".Q9...L..44.* > > *Server Nonce:* > > *0000: 54 8E A6 25 EA 6F 85 0F AE 7E 35 DC 7D E3 14 BA T..%.o....5.....* > > *0010: A6 AE E6 9D 07 BC 51 5D 05 4C DB 2B 4E 51 61 93 ......Q].L.+NQa.* > > *Master Secret:* > > *0000: CD 52 6A A6 A1 88 E7 13 5E 3A 5C CF D2 4A 35 E7 .Rj.....^:\..J5.* > > *0010: 7D A0 36 66 2E 91 06 79 B7 EC AE 8D 0C 7B AB 38 ..6f...y.......8* > > *0020: E9 23 6C 6F 83 DF 94 FD AF 62 25 B6 67 0A 29 9F .#lo.....b%.g.).* > > *Client MAC write Secret:* > > *0000: 94 B6 13 8C D1 D6 1B D9 C9 53 0C A6 D2 E4 C6 F4 .....[2014-12-15 > 14:43:09,400] ERROR - SourceHandler I/O error: null cert chain* > > *javax.net.ssl.SSLHandshakeException: null cert chain* > > * at > com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015)* > > * at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485)* > > * at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1108)* > > * at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1080)* > > > Thanks. > > On Mon, Dec 15, 2014 at 6:43 PM, Malaka Silva <[email protected]> wrote: >> >> Hi Vijitha, >> >> Try importing the keystore into client truststore using the following >> command. >> >> Similar is also done in [1] >> >> 1. >> >> keytool -importcert -file <certificate file> -keystore >> <ESB>/repository/resources/security/client-truststore.jks -alias >> "TrustCertImport" >> >> 2. >> >> Restart the server. >> >> [1] >> https://github.com/wso2-dev/esb-connectors/blob/master/basecamp/basecamp-connector/basecamp-connector-1.0.0/README.txt >> >> On Mon, Dec 15, 2014 at 11:37 AM, Waruna Perera <[email protected]> wrote: >>> >>> Hi Vijitha, >>> >>> Pls try debug using *-Djavax.net.debug=all* and see the output. >>> >>> Thanks, >>> >>> On Mon, Dec 15, 2014 at 11:34 AM, Vijitha Ekanayake <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> i was trying to invoke a HTTPS endpoint using ESB proxy service. it >>>> gives following SSLHandShakeException. If i call the endpoint directly >>>> from advanced rest client tool provided by google chrome, I am able to get >>>> the successful response. i used [1] as a reference material. >>>> >>>> Steps i followed >>>> 1. generated a custom certificate using keytool >>>> 2. configured web server (tomcat) with created keystore. >>>> 3. exported public certificate to .crt file >>>> 4. added .crt to wso2carbon.jks and client-truststore.jks >>>> 5. change axis2.xml parameter as <parameter >>>> name="HostnameVerifier">AllowAll</parameter> >>>> >>>> Can anyone help me to sort out this issue? >>>> >>>> following exception printed out in the terminal >>>> >>>> [2014-12-15 08:40:04,243] ERROR - SourceHandler I/O error: null cert >>>> chain >>>> >>>> javax.net.ssl.SSLHandshakeException: null cert chain >>>> >>>> at >>>> com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015) >>>> >>>> at >>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485) >>>> >>>> at >>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1108) >>>> >>>> at >>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1080) >>>> >>>> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452) >>>> >>>> at >>>> org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:220) >>>> >>>> at >>>> org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:254) >>>> >>>> at >>>> org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:380) >>>> >>>> at >>>> org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118) >>>> >>>> at >>>> org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:160) >>>> >>>> at >>>> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:342) >>>> >>>> at >>>> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:320) >>>> >>>> at >>>> org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:280) >>>> >>>> at >>>> org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) >>>> >>>> at >>>> org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604) >>>> >>>> at java.lang.Thread.run(Thread.java:695) >>>> >>>> Caused by: javax.net.ssl.SSLHandshakeException: null cert chain >>>> >>>> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) >>>> >>>> at >>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1447) >>>> >>>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:243) >>>> >>>> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:231) >>>> >>>> at >>>> com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1372) >>>> >>>> at >>>> com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:160) >>>> >>>> at >>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) >>>> >>>> at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533) >>>> >>>> at java.security.AccessController.doPrivileged(Native Method) >>>> >>>> at >>>> com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952) >>>> >>>> at >>>> org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:238) >>>> >>>> at >>>> org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:270) >>>> [1] >>>> http://sahanlm.blogspot.com/2013/10/wso2-esb-exposing-secure-backend.html >>>> >>>> -- >>>> Vijitha Ekanayake >>>> Software Engineer*, *WSO2, Inc.; http://wso2.com/ >>>> Mobile : +94 777 24 73 39 | +94 718 74 44 08 >>>> lean.enterprise.middleware >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> -- >>> Waruna Perera >>> Senior Software Engineer - Test Automation >>> Mobile: +94 77 3867037 >>> WSO2, Inc.; http://wso2.com/ >>> lean . enterprise . middlewear. >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> -- >> >> Best Regards, >> >> Malaka Silva >> Senior Tech Lead >> M: +94 777 219 791 >> Tel : 94 11 214 5345 >> Fax :94 11 2145300 >> Skype : malaka.sampath.silva >> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 >> Blog : http://mrmalakasilva.blogspot.com/ >> >> WSO2, Inc. >> lean . enterprise . middleware >> http://www.wso2.com/ >> http://www.wso2.com/about/team/malaka-silva/ >> <http://wso2.com/about/team/malaka-silva/> >> >> Save a tree -Conserve nature & Save the world for your future. Print this >> email only if it is absolutely necessary. >> > > > -- > Vijitha Ekanayake > Software Engineer*, *WSO2, Inc.; http://wso2.com/ > Mobile : +94 777 24 73 39 | +94 718 74 44 08 > lean.enterprise.middleware > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Ravindra Ranwala Software Engineer WSO2, Inc: http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> Mobile: +94714198770
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
