SSL Handshake Failure

Hi,
Our Weblogic 8.1 SP2 application server communicates with a remote server using SSL. We had to perform a system reboot  today but soon after the service began to fail with the error "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"

We compared the certificates in the keystore on both servers and they are the same.. The last time anyone messed around these keystores was about 8 months ago but since then everything was perfectly working.

We ran a openssl test from another machine against our Application server and came up with the following:

openssl s_client -debug -showcerts -state -host 192.168.5.10 -port 7013

 

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0814FE10 [08150448] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 08 3d 21 c6 .............=!.
0060 - 82 8c 2a 19 45 05 fd b8-4b b7 35 96 ef 85 1c 03 ..*.E...K.5.....
0070 - 22 6c a2 b4 00 b1 a4 c1-ae b3 9e 71 "l.........q
SSL_connect:SSLv2/v3 write client hello A
read from 0814FE10 [081559A8] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28 ......(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
7370:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:455

Any ideas of what could be wrong and suggestions to resolve this ?

thnx
sg
sgauchoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CEHJCommented:
Make sure the cert hasn't expired
0
sgauchoAuthor Commented:
nope.. thats not it.. and as per what I posted above, the error is occuring even before the HandShake ! - "SSL23_GET_SERVER_HELLO"
0
sgauchoAuthor Commented:
Valid from: Wed May 04 11:54:10 WEST 2005 until: Sun Apr 27 11:39:10 WEST 2008
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

CEHJCommented:
OK. Sure you haven't started the server with a different runtime?
0
sgauchoAuthor Commented:
sorry.. didnt get that.. u mean a different JVM ? If Yes, no.. its the same old JVM..

thnx
0
sands76Commented:
hi,

Add the following to your weblogic startup script ->
-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true. This should help debug your ssl connection. Also check whether you have all the certificates in your server the same as in the remote server.

see http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1174543 for more info
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CEHJCommented:
What did the above reveal?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java App Servers

From novice to tech pro — start learning today.