Hi Dilini,
The reason for not being able to access the portal is the self signed
certificate of the server is not being trusted. If you need to access the
portal with this configuration, you can export the public certificate of
the server and import it to the cacerts of the JVM.
Here's the command to export the public certificate.
*keytool -export -alias wso2carbon -file <file name> -keystore
<CARBON_HOME>/repository/resources/security/wso2carbon.jks -storepass
wso2carbon*
Here's the command to import the public certificate of the server into the
cacerts of JVM.
*keytool -import -trustcacerts -keystore
<JDK_PATH>/jre/lib/security/cacerts -storepass changeit -noprompt -alias
wso2carbon -file <public certificate file path>*
After doing this, you should be able to access the portal.
The startup error can be avoided by commenting out only the "tcpSSL"
property in the H2 database configuration in carbon.xml file.
* <!--property name="tcpSSL" /-->*
This is the detailed error printed when SSL debug logs are enabled.
[2016-02-09 12:12:35,942] INFO
{org.wso2.carbon.h2.osgi.console.ConsoleService} - Starting H2 TCP
server...
org.h2.server.TcpServerThread@58e793e4 Connect
[2016-02-09 12:12:35,945] INFO
{org.wso2.carbon.h2.osgi.console.ConsoleService} - Starting H2 PG server...
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Connect
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Disconnect
Close
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
H2 TCP Server (ssl://127.0.1.1:9092) thread, received EOFException: error
H2 TCP Server (ssl://127.0.1.1:9092) thread, handling exception:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
H2 TCP Server (ssl://127.0.1.1:9092) thread,* SEND TLSv1 ALERT: fatal,
description = handshake_failure*
H2 TCP Server (ssl://127.0.1.1:9092) thread, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
H2 TCP Server (ssl://127.0.1.1:9092) thread, called closeSocket()
javax.net.ssl.SSLException: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1496)
at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1508)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:70)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at org.h2.value.Transfer.flush(Transfer.java:85)
at org.h2.server.TcpServerThread.sendError(TcpServerThread.java:197)
at org.h2.server.TcpServerThread.run(TcpServerThread.java:129)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed
connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:889)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read(BufferedInputStream.java:254)
at java.io.DataInputStream.readInt(DataInputStream.java:387)
at org.h2.value.Transfer.readInt(Transfer.java:145)
at org.h2.server.TcpServerThread.run(TcpServerThread.java:71)
... 1 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
... 9 more
org.h2.server.TcpServerThread@58e793e4 Disconnect
org.h2.server.TcpServerThread@58e793e4 Close
>From the above log, according to [1] and [2] it seems the server cannot
deal with the ciphers suite (i.e TLSv1).
Hope this helps.
[1]
http://stackoverflow.com/questions/21245796/javax-net-ssl-sslhandshakeexception-remote-host-closed-connection-during-handsh
[2]
http://stackoverflow.com/questions/31883713/i-received-javax-net-ssl-sslhandshakeexception-remote-host-closed-connection-du
Regards,
TharinduE
On Mon, Feb 8, 2016 at 9:48 PM, Imesh Gunaratne <[email protected]> wrote:
>
>
> On Wed, Feb 3, 2016 at 1:46 AM, Vishanth Balasubramaniam <
> [email protected]> wrote:
>
>> Hi Dilini,
>>
>> Try commenting out the rest of the properties in H2DatabaseConfiguration
>> in carbon.xml.
>>
>> <H2DatabaseConfiguration>
>>> <property name="web" />
>>> <property name="webPort">8082</property>
>>> <property name="webAllowOthers" />
>>>
>>> * <!--property name="webSSL" />*
>>> *<property name="tcp" />*
>>> *<property name="tcpPort">9092</property>*
>>> *<property name="tcpAllowOthers" />*
>>> *<property name="tcpSSL" />*
>>> *<property name="pg" />*
>>> *<property name="pgPort">5435</property>*
>>> *<property name="pgAllowOthers" />*
>>> *<property name="trace" />*
>>> *<property name="baseDir">${carbon.home}</property-->*
>>> </H2DatabaseConfiguration>
>>
>>
>> Can you please explain the reason for this?
>
> Thanks
>
>
>> Regards,
>> Vishanth
>>
>> On Tue, Feb 2, 2016 at 5:37 PM, Dilini Gunatilake <[email protected]>
>> wrote:
>>
>>> Hi Carbon Team,
>>>
>>> I wanted to browse the H2 repository and followed the blog in [1] and
>>> configured the carbon.xml file accordingly. But, when I started the pack, I
>>> observed the following error. What could be the reason for this?
>>>
>>> This issue was observed in WSO2 ESB 4.10.0-Milestone 2 and DS 2.0.0 Beta
>>> 2 packs. (carbon 4.4.3)
>>>
>>> ubuntu@ds-long-n1:~/releases/wso2ds-2.0.0-SNAPSHOT/bin$ sh wso2server.sh
>>> JAVA_HOME environment variable is set to
>>> /home/ubuntu/software/jdk1.8.0_51
>>> CARBON_HOME environment variable is set to
>>> /home/ubuntu/releases/wso2ds-2.0.0-SNAPSHOT
>>> Using Java memory options: -Xms256m -Xmx1024m
>>>
>>> [2016-02-02 11:26:27,394] INFO
>>> {org.wso2.carbon.h2.osgi.console.ConsoleService} - Starting H2 Web
>>> server...
>>> [2016-02-02 11:26:28,006] INFO
>>> {org.wso2.carbon.h2.osgi.console.ConsoleService} - Starting H2 TCP
>>> server...
>>> [2016-02-02 11:26:28,030] INFO
>>> {org.wso2.carbon.h2.osgi.console.ConsoleService} - Starting H2 PG server...
>>> org.h2.server.TcpServerThread@273ec7dc Connect
>>> Connect
>>> Disconnect
>>> Close
>>> javax.net.ssl.SSLException: Connection has been shutdown:
>>> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
>>> handshake
>>> at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1541)
>>> at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1553)
>>> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71)
>>> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
>>> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
>>> at java.io.DataOutputStream.flush(DataOutputStream.java:123)
>>> at org.h2.value.Transfer.flush(Transfer.java:85)
>>> at org.h2.server.TcpServerThread.sendError(TcpServerThread.java:197)
>>> at org.h2.server.TcpServerThread.run(TcpServerThread.java:129)
>>> at java.lang.Thread.run(Thread.java:745)
>>> Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed
>>> connection during handshake
>>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
>>> at
>>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
>>> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
>>> at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
>>> at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
>>> at java.io.BufferedInputStream.read(BufferedInputStream.java:265)
>>> at java.io.DataInputStream.readInt(DataInputStream.java:387)
>>> at org.h2.value.Transfer.readInt(Transfer.java:145)
>>> at org.h2.server.TcpServerThread.run(TcpServerThread.java:71)
>>> ... 1 more
>>> Caused by: java.io.EOFException: SSL peer shut down incorrectly
>>> at sun.security.ssl.InputRecord.read(InputRecord.java:505)
>>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
>>> ... 9 more
>>> org.h2.server.TcpServerThread@273ec7dc Disconnect
>>> org.h2.server.TcpServerThread@273ec7dc Close
>>> [2016-02-02 11:26:29,170] INFO
>>> {org.wso2.carbon.core.internal.CarbonCoreActivator} - Starting WSO2
>>> Carbon...
>>> [2016-02-02 11:26:29,177] INFO
>>> {org.wso2.carbon.core.internal.CarbonCoreActivator} - Operating System :
>>> Linux 3.13.0-36-generic, amd64
>>> [2016-02-02 11:26:29,177] INFO
>>> {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Home :
>>> /home/ubuntu/software/jdk1.8.0_51/jre
>>> [2016-02-02 11:26:29,178] INFO
>>> {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Version :
>>> 1.8.0_51
>>> [2016-02-02 11:26:29,181] INFO
>>> {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java VM :
>>> Java HotSpot(TM) 64-Bit Server VM 25.51-b03,Oracle Corporation
>>>
>>>
>>> [1]
>>> http://www.vitharana.org/2012/04/how-to-browse-h2-database-of-wso2.html
>>>
>>>
>>> Thank you.
>>>
>>> Regards,
>>>
>>> --
>>>
>>> *Dilini GunatilakeSoftware Engineer - QA Team*
>>> Mobile : +94 (0) 771 162518
>>> [email protected]
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Vishanth Balasubramaniam*
>> Committer & PMC Member, Apache Stratos,
>> Software Engineer, WSO2 Inc.; http://wso2.com
>>
>> mobile: *+94 77 17 377 18*
>> about me: *http://about.me/vishanth <http://about.me/vishanth>*
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Imesh Gunaratne*
> Senior Technical Lead
> WSO2 Inc: http://wso2.com
> T: +94 11 214 5345 M: +94 77 374 2057
> W: http://imesh.gunaratne.org
> Lean . Enterprise . Middleware
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Tharindu Edirisinghe
Software Engineer | WSO2 Inc
Platform Security Team
Blog : tharindue.blogspot.com
mobile : +94 775181586
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
