Service Virtualization

  • Private Community

  • 1.  SSL-MA error: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

    Posted Jan 05, 2017 05:24 AM

    We have virtualized a public 3rd party application which is talking SSL-MA with the company's gateway.

    Whenever our service receives a request, it also needs to send back a feedback request.

    When we try to send the feedback request (from a Staging Test in workstation), we receive the error below:

     

    Our virtual service is running on a dedicated server which has it's own certificate and private key.

    I have added this certificate and private key to our java keystore.

    I have added the certificates from the gateway (rca and ica) to the DevTest's default truststore cacerts

     

    1.   Am i doing something wrong? What does this error mean?

    The below result comes from the workstation output during a "staging test".

    Where are these results kept on the server? I checked the vse logs on the DevTest server but I cannot retrieve anything.

     

    2.   Putting on the SSL debug in the workstation during the staging test, does not show anything.

    How can i trace the SSL information when the test is running to see where it goes wrong?

     

     

    ============================================================================
    | javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    ============================================================================
    | Step:        Raw SOAP Request
    ----------------------------------------------------------------------------
    | Message:     Received fatal alert: bad_certificate
    ----------------------------------------------------------------------------
    | Trapped Exception: Received fatal alert: bad_certificate
    | Trapped Message:   javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    ----------------------------------------------------------------------------
    STACK TRACE
    javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
     at sun.security.ssl.Alerts.getSSLException(Unknown Source)
     at sun.security.ssl.Alerts.getSSLException(Unknown Source)
     at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
     at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
     at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
     at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
     at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
     at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
     at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
     at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
     at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
     at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
     at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
     at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
     at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:1015)
     at com.itko.lisa.test.CommTrans.send(CommTrans.java:811)
     at com.itko.lisa.test.CommTrans.sendPOST(CommTrans.java:789)
     at com.itko.lisa.ws.RawSOAPNode.execute(RawSOAPNode.java:231)
     at com.itko.lisa.test.TestNode.executeNode(TestNode.java:981)
     at com.itko.lisa.test.TestCase.execute(TestCase.java:1280)
     at com.itko.lisa.test.TestCase.execute(TestCase.java:1195)
     at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1180)
     at com.itko.lisa.test.TestCase.executeTest(TestCase.java:1124)
     at com.itko.lisa.coordinator.Instance.run(Instance.java:204)
    ============================================================================



  • 2.  Re: SSL-MA error: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

    Posted Jan 05, 2017 11:03 AM

    Make sure to load the jks file on the DevTest step and validated it , where you are sending the feedback request. 



  • 3.  Re: SSL-MA error: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

    Broadcom Employee
    Posted Jan 10, 2017 11:58 PM

    Hi,
    Entering the keystore file and password, and then checking with the 'Verify...' button in the step that is being used, should be the first thing you try.
    For example for a live invocation step from a VSM:

     


    If you want more SSL debug information, then add the following line to the appropriate vmoptions file.
    For example if you run ITR, then add this to Workstation.vmoptions in the bin folder:
    -Djavax.net.debug=ssl

     

    After restarting the workstation and reproducing the problem, the workstation.log should have all the SSL debug information.

    Regards,

    John



  • 4.  Re: SSL-MA error: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    Best Answer

    Posted Jan 11, 2017 07:44 AM

    Hi John,

     

    Thanks for the info.

     

    In the meantime, we have been verifying the SSL handshake directly from OpenSSL.

    It looks like the company's gateway did not trust our certificate on their end, therefor we got the bad certificate error.