SSL client authentication failing with SSLHandshakeException
Hi all,
I’m working on an application that requires authentication based on (TLS) client certifcates for its webservices. I’ve been strugging for days to get this to work with SoapUI - I keep getting SSLHandshakeExceptions. :-(
I’ve followed the tips on the link below:
https://www.eviware.com//forum/viewtopi ... tls#p15224
So far, I’ve:
1. added the line ‘-Dsun.security.ssl.allowUnsafeRenegotiation=true’ to the file ‘soapUI-3.6.1.vmoptions’.
2. Imported and exported the client certificate with it’s private key and the CA certifcate chain to a PFX file.
3. Installed the PFX-file as keystore on both global and project level, selected PFX as SSL keystore on the Request Properties. The certifcate shows ‘OK’ on the ‘Security Configurations -> Keystores/Certifcates’ tab, so SoapUI is able to access the certificate.
4. I also tried with a JKS keystore, including the private client key, but similair results.
I have correctly installed the CA certifcate that was used to certify the client certificate on the webserver. I’m pretty sure that this config is OK, since i can use a browser (with the client certificate installed) to get to the WSDL, hence, TLS client authentication is working.
Furthermore, SoapUI can connect without any problems over HTTPS when i disable the requirement for client authentication on the server.
I’m really pulling my hair out over this issue; any help is greatly appreciated. :-)
Thijs
Stack trace:
Tue Feb 08 12:15:04 CET 2011:ERROR:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
at com.eviware.soapui.impl.wsdl.support.http.SoapUIMultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(SoapUIMultiThreadedHttpConnectionManager.java:1735)
at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1735)
at com.eviware.soapui.impl.wsdl.submit.transports.http.support.methods.ExtendedPostMethod.readResponse(ExtendedPostMethod.java:80)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:202)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
I’m working on an application that requires authentication based on (TLS) client certifcates for its webservices. I’ve been strugging for days to get this to work with SoapUI - I keep getting SSLHandshakeExceptions. :-(
I’ve followed the tips on the link below:
https://www.eviware.com//forum/viewtopi ... tls#p15224
So far, I’ve:
1. added the line ‘-Dsun.security.ssl.allowUnsafeRenegotiation=true’ to the file ‘soapUI-3.6.1.vmoptions’.
2. Imported and exported the client certificate with it’s private key and the CA certifcate chain to a PFX file.
3. Installed the PFX-file as keystore on both global and project level, selected PFX as SSL keystore on the Request Properties. The certifcate shows ‘OK’ on the ‘Security Configurations -> Keystores/Certifcates’ tab, so SoapUI is able to access the certificate.
4. I also tried with a JKS keystore, including the private client key, but similair results.
I have correctly installed the CA certifcate that was used to certify the client certificate on the webserver. I’m pretty sure that this config is OK, since i can use a browser (with the client certificate installed) to get to the WSDL, hence, TLS client authentication is working.
Furthermore, SoapUI can connect without any problems over HTTPS when i disable the requirement for client authentication on the server.
I’m really pulling my hair out over this issue; any help is greatly appreciated. :-)
Thijs
Stack trace:
Tue Feb 08 12:15:04 CET 2011:ERROR:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.java:1116)
at com.eviware.soapui.impl.wsdl.support.http.SoapUIMultiThreadedHttpConnectionManager$HttpConnectionAdapter.readLine(SoapUIMultiThreadedHttpConnectionManager.java:1735)
at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.java:1735)
at com.eviware.soapui.impl.wsdl.submit.transports.http.support.methods.ExtendedPostMethod.readResponse(ExtendedPostMethod.java:80)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1098)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:202)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
