Our
Java Swing + Visual Basic APP let users authenticate against server with SSL connection. Now two user in the same entity client sharing a smart card suddenly encounter a problem: they cannot connect to the server with Java part, but with VB modules it is normal.
This error occurs suddenly; I suspect some server modifications; but only Java part cannot connect, VB part works normally. (VB modules connect to same URL)
This error only occurs with certs of one issuer.
I use these lines to configure my keystore and the context: (I don't use cacert as the truststore; I have my own)
At the end of ssl debug information, I see these lines:
Thread-7, READ: TLSv1.1 Alert, length = 2
Thread-7, RECV TLSv1.1 ALERT: fatal, bad_certificate
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
Thread-7, called closeSocket()
Thread-7, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
At server side, I see this line in the log:
[07/Jul/2017:13:33:18] failure ( 3354): HTTP3068: Error receiving request from xx.xxx.xx.xxx (SEC_ERROR_REUSED_ISSUER_AND_SERIAL: Attempting to import a cert which conflicts with issuer/serial of existing cert.)
I have searched a lot, but found only related issues with Firefox, not Java. They normally delete cert8.db to fix this in FF, but my case is different.
Where can I start to find the cause of it? I don't understand the part of "importing", import what? Into where? Where is the conflict? May I have a book explaining this thoroughly?