SANJAY HALDAR
asked on
getting SSLHandshakeException during https call from weblogic 10.3.6 server to iplanet webserver
Our requirement is that Application deployed in APP tier – i.e. weblogic 10.3.6 is required to call HTTPS URL to an application which is deployed in iplanet 7 webserver. Both weblogic and iplanet are installed in same server/same LAN .
Now when we are trying to call the web application which is deployed on web server from app server through https url, we are getting SSLHandshakeException as below,
javax.net.ssl.SSLHandshake Exception: sun.security.validator.Val idatorExce ption: PKIX path building failed: sun.security.provider.cert path.SunCe rtPathBuil derExcepti on: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.ge tSSLExcept ion(Alerts .java:192)
at sun.security.ssl.SSLSocket Impl.fatal (SSLSocket Impl.java: 1916)
at sun.security.ssl.Handshake r.fatalSE( Handshaker .java:279)
at sun.security.ssl.Handshake r.fatalSE( Handshaker .java:273)
at sun.security.ssl.ClientHan dshaker.se rverCertif icate(Clie ntHandshak er.java:14 69)
at sun.security.ssl.ClientHan dshaker.pr ocessMessa ge(ClientH andshaker. java:213)
at sun.security.ssl.Handshake r.processL oop(Handsh aker.java: 913)
at sun.security.ssl.Handshake r.process_ record(Han dshaker.ja va:849)
at sun.security.ssl.SSLSocket Impl.readR ecord(SSLS ocketImpl. java:1035)
at sun.security.ssl.SSLSocket Impl.perfo rmInitialH andshake(S SLSocketIm pl.java:13 44)
at sun.security.ssl.SSLSocket Impl.start Handshake( SSLSocketI mpl.java:1 371)
at sun.security.ssl.SSLSocket Impl.start Handshake( SSLSocketI mpl.java:1 355)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)
at java.net.HttpURLConnection .getRespon seCode(Htt pURLConnec tion.java: 468)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
we used explicit hostname verification and sun http handler instead of weblogic, but still same problem.
After going through blogs and references, found that we need to add identity certificate of weblogic server to trusted certificates list of iplanet web server. But we don't know how to import the identity certificate of weblogic server to webserver. Advise is greatly appreciated.
Now when we are trying to call the web application which is deployed on web server from app server through https url, we are getting SSLHandshakeException as below,
javax.net.ssl.SSLHandshake
at sun.security.ssl.Alerts.ge
at sun.security.ssl.SSLSocket
at sun.security.ssl.Handshake
at sun.security.ssl.Handshake
at sun.security.ssl.ClientHan
at sun.security.ssl.ClientHan
at sun.security.ssl.Handshake
at sun.security.ssl.Handshake
at sun.security.ssl.SSLSocket
at sun.security.ssl.SSLSocket
at sun.security.ssl.SSLSocket
at sun.security.ssl.SSLSocket
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)
at java.net.HttpURLConnection
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
we used explicit hostname verification and sun http handler instead of weblogic, but still same problem.
After going through blogs and references, found that we need to add identity certificate of weblogic server to trusted certificates list of iplanet web server. But we don't know how to import the identity certificate of weblogic server to webserver. Advise is greatly appreciated.
Weblogic keeps the certificates in BEA_HOME/wlserver_<version >/server/l ib/cacerts file. What happens if you copy this file in the folder where iPlanet looks for the certificates?
ASKER
problem is we don't know where iplanet keeps all the trust certificates. And moreover, actually we imported the webserver's identity certificate to JVM's truststore and it seems its working fine in local environment. mean while waiting for production result.
Still i have doubt how the handshake happens between client and server i.e. whether client requests first server's identity certificate or vice-versa.
Still i have doubt how the handshake happens between client and server i.e. whether client requests first server's identity certificate or vice-versa.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.