Databases
StackOverflow2013
Postsdbo
POWeblogic REST Client with Jersey HTTPS: Handshake failure
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWeblogic REST Client with Jersey HTTPS: Handshake failure
    primarykey
    data
    text
    <p>Setup: WL 9.2 + Jersey 1.1.5.1 on WL's Jrockit. Picked Jersey 1.1.5.1 because newer versions require Java 6, I believe. Weblogic EJB acts as REST Client and keeps getting this error:</p> <blockquote> <p>ClientHandlerException: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from svcpoint.restprovider.com - xx.xxx.xxx.xx was not trusted causing SSL handshake failure.</p> </blockquote> <p>As this just a POC implementation, Weblogic is setup with various flags to ignore cert verification just to make this error go away:</p> <pre><code>-Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.enforceConstraints=off -Dweblogic.webservice.client.ssl.strictcertchecking=false </code></pre> <p>Also, the Jersey config setup includes this bit:</p> <pre><code>SSLContext ctx = SSLContext.getInstance("SSL"); HTTPSProperties prop = new HTTPSProperties( new HostnameVerifier () { public boolean verify(String hostname, SSLSession session) { System.out.println("\n\nFAKE_Verifier: " + hostname+"\n\n"); return true; } }, ctx); config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, prop); </code></pre> <p>Finally, the sole WL server, technically the admin srv, was configured in the admin console SSL.Advanced settings to not use Hostname Verification.</p> <p>Now, I'm pretty sure my fake validator setup for Jersey is not actually involved, as I see this error from SSL debug:</p> <pre><code>&lt;SecuritySSL&gt; &lt;000000&gt; &lt;weblogic user specified trustmanager validation status 16&gt; &lt;Security&gt; &lt;BEA-090477&gt; &lt;Certificate chain received from svcpoint.restprovider.com - xx.xxx.xxx.xx was not trusted causing SSL handshake failure.&gt; &lt;SecuritySSL&gt; &lt;000000&gt; &lt;Validation error = 16&gt; &lt;SecuritySSL&gt; &lt;000000&gt; &lt;Certificate chain is untrusted&gt; &lt;SecuritySSL&gt; &lt;000000&gt; &lt;SSLTrustValidator returns: 16&gt; &lt;SecuritySSL&gt; &lt;000000&gt; &lt;Trust status (16): CERT_CHAIN_UNTRUSTED&gt; &lt;SecuritySSL&gt; &lt;000000&gt; &lt;NEW ALERT with Severity: FATAL, Type: 42 java.lang.Exception: New alert stack at com.certicom.tls.record.alert.Alert.&lt;init&gt;(Unknown Source) </code></pre> <p>I've googled and looked at other similar issues here on SO, but I'm probably missing something. Also, from what I can judge the cert seems valid, showing it's for CN=*.restprovider.com, expiring in Nov 2011.</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USKaroy
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POWeblogic REST Client with Jersey HTTPS: Handshake failure
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POWeblogic REST Client with Jersey HTTPS: Handshake failure
      1. USaregnier
      1. VTFavorite
    3. VO
      singulars
      1. POWeblogic REST Client with Jersey HTTPS: Handshake failure
      1. USTilo
      1. VTFavorite
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload