SSL alert number 46

Tue, 07 Sep 2004 22:00:02 -0700

I start up my Tomcat server with a keystore, truststore and clientAuth=true, and tried connecting it via "openssl s_client" and everything works well.

Setting up my OC4J (Oracle 9ias) using the same keystore, truststore and needs-client-auth=true, I get the following error when I try to connect to it using "openssl s_client":

1893:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:964:SSL alert number 46
1893:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:

If I turn off client-authentication on my OC4J server, it works fine. This makes me think there's something wrong with my client certificate, but I use the same client certificate when testing with Tomcat and it works fine. =(

Btw, if you're not familiar with the "openssl s_client" testing utility and it's error messages, I conducted the same tests using a standalone JAVA client, and the error I received (for the same scenario as above) is:

javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)

at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(DashoA6275)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon
nection.java:574)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Dash
oA6275)
at java.net.URL.openStream(URL.java:960)
at sendHTTPs.send(sendHTTPs.java:72)
at sendHTTPs.main(sendHTTPs.java:109)

Thanks for any help!

Liam

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to