Hi Everyone,
I have certificate can any one tell me how to add and apply to use ssl connection with java class.I am facing javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found exception.
hello everyone i got the ans of my question after a long struggle.
1.For my first exception i used this link http://www.mkyong.com/webservices/jax-ws/java-security-cert-certificateexception-no-name-matching-localhost-found/
2.For my second exception i did not import that my certificate to keystore for that this is the command sudo /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/keytool -import -file "give full path of certificate" -keystore "/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts" -alias "certificate"
Related
I am using JMeter to run some POST requests to CloudRun for my API. When I run the process, the POST returns the error:
javax.net.ssl|DEBUG|12|Single Insert 1-1|2022-04-22 17:39:28.479 BST|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "unexpected_message"
}
)
javax.net.ssl|ERROR|12|Single Insert 1-1|2022-04-22 17:39:28.479 BST|TransportContext.java:363|Fatal (UNEXPECTED_MESSAGE): Received fatal alert: unexpected_message (
"throwable" : {
javax.net.ssl.SSLProtocolException: Received fatal alert: unexpected_message
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:129)
...etc...
I have created a certificate with:
keytool -keystore clientkeystore -genkey -alias client -keyalg RSA
then copied the file clientkeystore under the bin folder and added in the system.properties file:
javax.net.ssl.keyStore=clientkeystore
javax.net.ssl.keyStorePassword=mypassword
but nothing changes when it run versus a GCP/CloudRun instance. Any idea?
If your application requires a client-side certificate you need to get the appropriate one and not to generate a new random one so if this is the case you will need to import the relevant certificate into keystore
keytool -import -alias your-certificate-alias -file /path/to/your/certificate.cer -keystore clientkeystore.p12-storepass mypassword
and change the javax.net.ssl.keyStore to include the file extension:
javax.net.ssl.keyStore=clientkeystore.p12
More information: How to Set Your JMeter Load Test to Use Client Side Certificates
If your application can be accessed by anyone without having to provide the client-side certificate just remove the properties as you don't need them.
I am trying to configure WSO2 API Manager tooling in eclipse luna, as per https://apim.docs.wso2.com/en/latest/Learn/APIGateway/MessageMediation/pass-a-custom-authorization-token-to-the-backend/, however I keep getting javax.net.ssl.SSLHandshakeException when I try to connect to API manager instance. I have added the public certificate in the java trust store, also tried pointing eclipse to custom truststore where the public cert is added, still no luck. I have java 8 installed on Mojave. Not sure, if it is related to new version of the API manager. Here is the error message and stack trace.
Error Message
Getting WS Feature Available in Regisrty check failed Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
https://pastebin.com/5bSpKJ4x Stack trace link
This is a ssl Handshake error, which usually occurs if you don't have trusted certificates in your trust store. Do the following
Download the certificate from what ever back-end service you are trying to hit.
Add it to the client-truststore.jks file in < apim-home >/repository/resources/security using the following command in cmd.
Open cmd from \jdk\bin
keytool -keystore "< apim-home >\repository\resources\security\client-truststore.jks" -storepass wso2carbon -importcert -file "< certFile-loction >"
I think this is more of a server setup issue?
As the subject says, when I "embed" images to a cfmail, using cfmailparam, if the image is called over https, the email fails. The error I get in mail.log is
javax.mail.MessagingException: IOException while sending message;
nested exception is: java.net.SocketException: Connection reset
Any ideas?
Thx!
Check the {cf_root}/logs/exception.log to see if there is anything more informative.
Sounds like CF isn't liking the SSL certificate. I know some CF versions and using CFHTTP, etc. don't like wildcard or SAN certificates and you have to import those to the keystore.
You have to grab the certificate then use the keytool to import it. This will require a CF restart after.
keytool -import -trustcacerts -keystore ./cacerts -alias myCert -file myCert.cer
Adobe has a write up on how-to: How to import certificates to ColdFusion's truststore
The problem could be because your Java version which is running ColdFusion is not supporting new TLS versions. You can solve this by upgrading Java to 1.8 or later or you can add the following to the JVM config in the ColdFusion Administrator.
-Dhttps.protocols=TLSv1.1,TLSv1.2
I am using Liberty 16.0.0.4
I am trying to call xxxx SOAP services, but i got the following errors
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=xxxx, was sent from the target host. The signer might need to be added to local trust store serverHome/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I used next command to generate certificate
openssl s_client -connect xxxxURL:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > xxx.cert
Then injecting it into liberty jks default file with next command
keytool -import -trustcacerts -alias xxxSigner -file xxx.cert -keystore *pathToHomeServer/resources/security/key.jks* -storepass Liberty -storetype jks
Also this is my server.xml tags related to that
<featureManager>
<feature>webProfile-7.0</feature>
<feature>jaxb-2.2</feature>
<feature>concurrent-1.0</feature>
<feature>javaMail-1.5</feature>
<feature>localConnector-1.0</feature>
<feature>jaxws-2.2</feature>
<feature>apiDiscovery-1.0</feature>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="defaultKeyStore" location="${server.config.dir}/resources/security/key.jks" password="{xor}EzY9Oi0rJg==" type="jks" />
<keyStore id="defaultTrustStore" location="${server.config.dir}/resources/security/key.jks" password="{xor}EzY9Oi0rJg==" type="jks" />
<sslDefault sslRef="defaultSSLConfig" />
<ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" sslProtocol="TLSv1.2"/>
<httpEndpoint id="defaultHttpEndpoint" httpPort="9080" httpsPort="9443">
<sslOptions sslRef="defaultSSLConfig"></sslOptions>
</httpEndpoint>
So what is the problem my side which
Not sure why your approach is not working, but another way to go about it is to use a browser to retrieve the certificate and then keytool to add it, as described here (see the 8/5/2015 comment at the bottom of the article): developer.ibm.com/wasdev/docs/single-sign-google-liberty
Does it work if you explicitly add the signer itself, shown at the bottom of the stack of certs when you append -showcerts to your openssl command?
I'm installed WSO2 DAS Server on my LAN network, but I can't create new Dashboard because this error:
javax.net.ssl.SSLException: hostname in certificate didn't match:
<192.168.3.27> != localhost
in log file here.
Please help and thanks
It happens due to certificate is for localhost not for the domain that we run. For that we need to generate new certificate with specific domain and configuration changes with correct .jks file and correct password.
It will resolve the certificate didn't match. We need to replace all the localhost in the portal folder. If I have worked like these and fixed with gaudiness. For more refernce please visit
http://www.vitharana.org/2012/12/how-to-add-new-keystore-to-carbon-4_3.html
Above error log happens due to certificate is for localhost not for the host (192.168.3.27). You can fix this by importing KeyStore file to the trustore by using following commands in the terminal.
keytool -export -alias <HostName> -file mycert.crt -keystore myjks.jks -storepass <pwd>
keytool -import -alias <HostName> -file /usr/local/app/wso2/wso2das-3.0.0/repository/resources/security/mycert.crt -keystore cacerts -storepass changeit
Please refer following articles for more details [1]. On the other hand for a quick test you can access dashboard portal in http by using following URL
http://localhost:9763/portal/
[1] https://medium.com/#dunithd/wso2-das-how-to-fix-javax-net-ssl-sslexception-160c13bc8fe7#.npua5d4nf