Avatar of david_m_jacobson
david_m_jacobson
Flag for Afghanistan asked on

uninitialized keystore error with SSL connection

I wish I could award 1,000,000 points to anyone that can help me figure out an intermittent problem.  We have a system interface to an external company's server.  The connection uses SSL.  We have a key in our keystore and a certificate from the company.  In some cases the interface works fine.  In other cases we get a handshake failure.  The error message is "Uninitialized keystore." The code is written in Java.  We are using Java 1.6. I have SSL debug output where I can see the handshake failure.  But I don't know enough to understand why we are getting the handshake failure.  Can you help me track down the source of this intermittent problem?
SSL / HTTPSJavaLinux

Avatar of undefined
Last Comment
david_m_jacobson

8/22/2022 - Mon
CEHJ

We have a system interface to an external company's server.  
It's conceivable they are the source of the error, and that it doesn't reside in your code
david_m_jacobson

ASKER
They have many, many customers accessing their system and they say that we are the only one running into this error.  The strange thing is that sometimes it works and sometimes it does not work. The problem seems to be on our side.
CEHJ

Might be worthwhile posting an obfuscated ssl debug log

Have you tried a different runtime?
Does it happen on different boxes on your side or just one?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
vkphoenixfr

Sure an ssl debug log would definitely help.
Hard to help without this.

It would also help to know which kind of cases work and which do not.

Also you could use this class to test your SSL connection.
Using it with your keystore to access your secured server would show you if the SSL connection is ok or not. And it would show you the certificate sent by the server.

Here is the class : http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java

May be you could try it and show us the result.

Another thing i'm wondering.
Do you configure your keystore in the code and actually load it? Something like :
keyStore.load(...) ?
Is there a line of code before the load call that could raise an exception, causing the load method not being executed ?
yats

Are you getting this problem in some particular scenario?
I use to get Handshake problem while using Https url's, but I think this is not the case with you.

If you are using Distributed system then there might be the chance that it is failing for one particular server.

If the same certificate is used by other application on the same server, then there might be chances that it is getting initialized because of other application.

Are you facing this problem after restarting the application/server or it is coming intermittently without restarting it.
david_m_jacobson

ASKER
This is still an issue.  Is it possible that using the Url class is overwriting the values of the java.ssl session variables?  Our code is using the session variables to set the keystore and certificate file names. Is there another class that would overwrite these session variable values?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
vkphoenixfr

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
david_m_jacobson

ASKER
Is there a way to send you the ssl debug log privately? I am very reluctant to post the log file to the public as this file belongs to my client.
vkphoenixfr

I don't know if it's allowed by the site policy, but i didn't see this in the rules.
So send it to darkgixxer (at) yahoo dot fr
david_m_jacobson

ASKER
I did not resolve this yet.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23