AnsweredAssumed Answered

SSL-MA error: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

Question asked by Konfu on Jan 5, 2017
Latest reply on Jan 11, 2017 by Konfu

We have virtualized a public 3rd party application which is talking SSL-MA with the company's gateway.

Whenever our service receives a request, it also needs to send back a feedback request.

When we try to send the feedback request (from a Staging Test in workstation), we receive the error below:

 

Our virtual service is running on a dedicated server which has it's own certificate and private key.

I have added this certificate and private key to our java keystore.

I have added the certificates from the gateway (rca and ica) to the DevTest's default truststore cacerts

 

1.   Am i doing something wrong? What does this error mean?

The below result comes from the workstation output during a "staging test".

Where are these results kept on the server? I checked the vse logs on the DevTest server but I cannot retrieve anything.

 

2.   Putting on the SSL debug in the workstation during the staging test, does not show anything.

How can i trace the SSL information when the test is running to see where it goes wrong?

 

 

============================================================================
| javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
============================================================================
| Step:        Raw SOAP Request
----------------------------------------------------------------------------
| Message:     Received fatal alert: bad_certificate
----------------------------------------------------------------------------
| Trapped Exception: Received fatal alert: bad_certificate
| Trapped Message:   javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
----------------------------------------------------------------------------
STACK TRACE
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
 at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
 at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
 at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
 at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
 at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
 at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
 at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:1015)
 at com.itko.lisa.test.CommTrans.send(CommTrans.java:811)
 at com.itko.lisa.test.CommTrans.sendPOST(CommTrans.java:789)
 at com.itko.lisa.ws.RawSOAPNode.execute(RawSOAPNode.java:231)
 at com.itko.lisa.test.TestNode.executeNode(TestNode.java:981)
 at com.itko.lisa.test.TestCase.execute(TestCase.java:1280)
 at com.itko.lisa.test.TestCase.execute(TestCase.java:1195)
 at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1180)
 at com.itko.lisa.test.TestCase.executeTest(TestCase.java:1124)
 at com.itko.lisa.coordinator.Instance.run(Instance.java:204)
============================================================================

Outcomes