What do I do about SSLExceptions?

Hi,

I'm using WebLogic 9.2.2 on Solaris and trying to connect to an EJB service from my client using https. While I have confirmed the EJB is running on the remote machine, upon trying to connect from the WebLogic container, I get the exception

javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from orma4 - 147.191.71.16 was not trusted causing SSL handshake failure.

(complete stack trace below). How do I begin to debug this problem? What do I need to configure on the remote machine in order to make the secure connection successfully?

Thanks, - Dave



weblogic.application.ModuleException: [HTTP:101216]Servlet: "HistoryInitServlet" failed to preload on startup in Web application: "nps_history_gui.war".

Error: Client Delegate Exception in queryApplicationConfig Error: Error: Exception while creating the Initial Context for URL=t3s://orma3:7020,orma4:7020. The Exception is:Error: Exception while creating the Initial Context. The Exception is:javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://orma3,orma4:7020: Destination unreachable; nested exception is:

javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from orma4 - 147.191.71.16 was not trusted causing SSL handshake failure.; No available router to destination]Error: Error: Exception while creating the Initial Context for URL=t3s://orma3:7020,orma4:7020. The Exception is:Error: Exception while creating the Initial Context. The Exception is:javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://orma3,orma4:7020: Destination unreachable; nested exception is:

javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from orma4 - 147.191.71.16 was not trusted causing SSL handshake failure.; No available router to destination]

at com.comcast.nps.config.client.NPSConfigClientDelegate.queryApplicationConfig(NPSConfigClientDelegate.java:209)

at com.comcast.nps_history.utils.NPSHistoryUIPropertiesMgr.readParameters(NPSHistoryUIPropertiesMgr.java:31)

at com.comcast.nps_history.utils.NPSHistoryUIPropertiesMgr.<init>(NPSHistoryUIPropertiesMgr.java:23)

at com.comcast.nps_history.utils.NPSHistoryUIPropertiesMgr.getInstance(NPSHistoryUIPropertiesMgr.java:78)

at com.comcast.nps_history.servlets.HistoryInitServlet.init(HistoryInitServlet.java:18)

at javax.servlet.GenericServlet.init(GenericServlet.java:256)

at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:278)

at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)

at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)

at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)

at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48)

at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:507)

at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1715)

at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1692)

at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1612)

at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:2750)

at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:889)

at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:333)

at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)

at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)

at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)

at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)

at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:117)

at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:204)

at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)

at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:60)

at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:26)

at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:635)

at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)

at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)

at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:154)

at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:80)

at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:566)

at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:136)

at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:104)

at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:320)

at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:815)

at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1222)

at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:433)

at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:161)

at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:181)

at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:12)

at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:67)

at weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run(ServerWorkManagerImpl.java:518)

at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)

at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)

Do you have an SSL certificate set up? There's hints for debugging SSL on that page too.

Dave,

Make sure the parameters you are passing like https, host, port, query string in your client method match the certificate that you have installed on your server. During the initial attempt to connect and create the ssl connection there is a handshake between the server and client where your SSL cert. public keys are exchanged and then verified by passing the data encrypted with the public key and then the data is decrypted with your clients or server's private key. If during the initial hanshake when this connection is being established one of the sides does not have a valid cert configured this will fail. Also note a secure random number is passed during the sllcontext.init() before a socket is created, this is created by default if one is not passed but sometimes creates a delay in the sll connection on the server side if it wasn't configured..

When debugging anything you can start with checking the top of your stacktrace for exceptions and then googling what those exceptions mean. Also try to follow the code through the stack trace to see if any assumptions that you have made about variables being set or null are not false. Check that all of your database and server connections are setup correctly and the keystore and certificates are correctly installed. Try putting print statements in likely places where the code is failing to pinpoint the exact place that the code generates the exception. Although the stacktrace also usually provides line numbers if these are not hitting in the wrong spots they can be helpful.

Good luck.

-Nate