This discussion is archived
13 Replies Latest reply: May 20, 2010 8:43 PM by 727065 RSS

SSLHandshake failure : Calling external SSL webservice from WL10.3

727065 Newbie
Currently Being Moderated
Hi ,


I need to call an external SSL enabled webservice XXX . I have the certificate from webservice provider.
My client is deployed on Weblogic 10.3 . This client works fine from standalone as am using java ssl settings . But it fails when deployed on WL. I have used standard java ssl setting ..javax.net.ssl.trustStore etc.

Weblogic probably overrides java ssl settings and thus am getting below exception. I have tried by setting java ssl in JAVA_OPTIONS but still get the same error. Am not well versed with trustore and keystore and thus unable to understand the problem fundamentally .. I have a dev.pem and dev.pfx file given by XXX . WL in my case acts as a client and I want it as one way SSL configuration ie. client(WL) should not check server (XXX) certification

I have imported the certificate in DemoTrust.jks and not sure what should be imported in DemoIdentiy.jks..

Can someone help me to understand how can I configure my application deployed in weblogic to use keystore and trustore. Its kind of urgent and am struggling it with quite some time ...

Caused by: javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from tseiod-dev.xxx.com - 62.109.62.19. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
     at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
     at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.


This one is from weblogic console with ssl debug on ..


May 19, 2010 11:49:13 AM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 9879252>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 SSL3/TLS MAC>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 received HANDSHAKE>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 SSL3/TLS MAC>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 received HANDSHAKE>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 72465856653933152398554388484605014177
Issuer:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Subject:C=SE, O=XXX Server e-Invoice Test System, CN=tseiod-dev.xxx.com
Not Valid Before:Wed Aug 26 18:01:33 IST 2009
Not Valid After:Fri Aug 26 18:21:33 IST 2011
Signature Algorithm:SHA1withRSA
>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 8156897441280436316327587821418687967
Issuer:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Subject:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Not Valid Before:Tue Oct 10 17:26:39 IST 2006
Not Valid After:Sun Oct 10 17:46:39 IST 2021
Signature Algorithm:SHA1withRSA
>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 0>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 72465856653933152398554388484605014177
Issuer:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Subject:C=SE, O=XXX Server e-Invoice Test System, CN=tseiod-dev.xxx.com
Not Valid Before:Wed Aug 26 18:01:33 IST 2009
Not Valid After:Fri Aug 26 18:21:33 IST 2011
Signature Algorithm:SHA1withRSA
>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 8156897441280436316327587821418687967
Issuer:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Subject:C=SE, O=XXX Server e-Invoice Test System, CN=XXX Server e-Invoice Test System XXX Server CA
Not Valid Before:Tue Oct 10 17:26:39 IST 2006
Not Valid After:Sun Oct 10 17:46:39 IST 2021
Signature Algorithm:SHA1withRSA
>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: tseiod-dev.xxx.com>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 SSL3/TLS MAC>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 received HANDSHAKE>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <No suitable identity certificate chain has been found.>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm SHA>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm AES/CBC/NoPadding>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 134>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm AES/CBC/NoPadding>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HMACSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 SSL3/TLS MAC>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <9878982 received ALERT>
<May 19, 2010 11:49:14 AM IST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
java.lang.Exception: New alert stack
     at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
     at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Sou
  • 1. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    sandeep_singh Pro
    Currently Being Moderated
    Try using the Following Options:
    -Djavax.net.ssl.keyStore=keyStore ---------------This should be the DemoTrust.jks as per your case.
    -Djavax.net.ssl.keyStorePassword=keyStorePassword -------------This is : DemoTrustKeyStorePassPhrase
    -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol ---------For using Sun Implementation.

    thanks,
    Sandeep
  • 2. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    727065 Newbie
    Currently Being Moderated
    Thanks Sandeep .. but it isnt working yet.

    I have set these settings but same stacktrace.
    set JAVA_OPTIONS=%JAVA_OPTIONS% -Djavax.net.ssl.keyStore=C:\bea10.3\wlserver_10.3\server\lib\DemoTrust.jks
    set JAVA_OPTIONS=%JAVA_OPTIONS% -Djavax.net.ssl.keyStorePassword=DemoTrustKeyStorePassPhrase
    set JAVA_OPTIONS=%JAVA_OPTIONS% -Djavax.net.ssl.keyStoreType=JKS
    set JAVA_OPTIONS=%JAVA_OPTIONS% -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
    set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.security.SSL.enforceConstraints=off

    Could this be coz of "<No suitable identity certificate chain has been found.>" ?

    I have some fundamental questions about certificates and how WL picks up the correct one .Pls exceuse my silly dumb questions but am totally blank in this area .

    1 - I have seen DemoTrust.jks and it has 5 certificate , one of which is what I have imported
    How does this happens at runtime ? I supose only my certificate should be received by webservice XXX and thus WL has to pick up my certificate from store & send it to XXX ..Am I correct ? How would WL knows what certificate to pick ? Am sure am "grossily" missing something .. !

    2- the exception says "HANDSHAKE_FAILURE alert received from tseiod-dev.XXX.com - 62.109.62.19. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.

    Is it possible that its kind of 2 way SSL happening here ? WL is trying to trust the certificate receriived from XXX ..as the error message says "*from tseiod-dev.XXX.com - 62.109.62.19*" , so its kind of ok from webservice but some missing configuration in my WL ?


    Any other settings on WL Admin console which mite help? I have also tried setting system properties with .. weblogic.server.CustomTrustKeyStoreFileName=Store
    weblogic.server.CustomTrustKeyStoreType=JKS
    weblogic.server.CustomTrustKeystorePassPhrase=castore

    How can I specify WL to use java ssl settings which works wonderfully as standalone not override it with its own !!!
  • 3. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    sandeep_singh Pro
    Currently Being Moderated
    Hi,

    In case of One Way SSL following happens in a broader way:
    1: Client(WLS) Initiates the Handshake with the server ( your web service server).
    2: Server (Web Service server ) will present its certificate to the Client( WLS)
    3: Client( WLS) will verify the certificate by looking into the Trust Keystore.
    That is why there is a need of import the Web service Certificate here into WLS DemoTrust.jks because WLS by default uses this DemoTrust.jks to verify the Server Certificate.
    4: Then Client will send the list of Ciphers to be used for encryption over the network.
    5: If the Server supports some of the cipher present by the Client then Handshake is successful and SSL communication will happen and if there is no common ciphers between the Client( WLS) and the Server then SSL will not happen.

    In case of Two Way SSL only Client also has to present its certificate to the Server and this is done by reading the DemoIdentity.jks file by WLS and the runtime pick of the certificate is made from the alias name that is configured on the SSL tab of the Admin Server Console.

    Now what is happening in UR case is may be there is no common cipher present between the WLS and the Web Service Server.

    We can try debugging this issue with following steps:
    1: Are you using the same JDK and JRE for running the standalone class which is being used by WLS server?
    2: If no then try testing the service with standalone class after setting the environment by using the setWLSenv.cmd file present in the Domain/bin directory. This will make sure that the standalone class is also using the same JDK/JRE and the classes that is being used by the WLS server.

    Let me know the result of the above test.

    Thanks,
    Sandeep
  • 4. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    727065 Newbie
    Currently Being Moderated
    Well its slowly getting clear now .. am gonna test standalone client now . Am not using jrockit for standalone so I think its different.
    But what I would really want is that (Is it a valid , sensible .. scenerio ? )

    In my case WLS is actually the client and Webservice server(XXX) should trust the certificate received from WLS , not other way round .. i.e WLS should send the certificate and let webservice server verify the certificate by looking into its own trustkeystore . So I am confused ,how WLS will send correct certificate ?

    Thanks !
    Himadri
  • 5. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    sandeep_singh Pro
    Currently Being Moderated
    Hi Himadri,

    I think you are still confused.

    I have clearly mentioned previously that it is the Server Which sends the certificate and it is the Client which validates the certificate.

    SO in your case WLS----Client
    Remote Server --- Server
    Hence Remote Server will send its certificate and WLS being the Client will validate the Certificate.

    What is happening in your case is a valid secnario because it happening exactly in the same manner as explained by me.

    Edited by: sandeep_singh on May 19, 2010 5:56 PM
  • 6. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    727065 Newbie
    Currently Being Moderated
    Ok .. I did it. I have used jrockit_160_05 and it works in Junit. WLS is also pointing to same jrockit_160_05 but doesnt work. WL continues to give me headache and the same stacktrace !

    Edited by: Himadri on May 19, 2010 7:40 PM
  • 7. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    sandeep_singh Pro
    Currently Being Moderated
    ok you can try using the following flag:

    -Dweblogic.security.SSL.nojce=true
  • 8. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    727065 Newbie
    Currently Being Moderated
    Nope same result .. sligtly trace changed to

    May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 0>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 0>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (0): NONE>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Performing hostname validation checks: tseiod-dev.trustweaver.com>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <16021143 SSL3/TLS MAC>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <16021143 received HANDSHAKE>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: CertificateRequest>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHelloDone>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <No suitable identity certificate chain has been found.>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 7>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm SHA>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm AES>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm RSA/ECB/PKCS1Padding>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 134>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write CHANGE_CIPHER_SPEC, offset = 0, length = 1>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm AES>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HMACSHA1>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 16>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <16021143 SSL3/TLS MAC>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <16021143 received ALERT>
    <May 20, 2010 3:51:19 PM IST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)


    What does this implies ----- "No suitable identity certificate chain has been found".

    The console does show certificate is loaded from DemoTrust.jks and it prints the details also on console . Is there anything missing from admin console. Will importing certificate to jrockit BEA_HOME\JROCKI~1\jre\lib\security\cacerts help ?
  • 9. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    sandeep_singh Pro
    Currently Being Moderated
    what is your weblogic Sever SSL configuration :
    Is it Custom Identity and Custom Trust or DemoIdentity and DemoTrust.

    Check it from Admin Console >>> Admin Server >>> Keytores Tab :
    Keystores: value

    If it is DemoIdentity and DemoTrust then try to import the Web Service certificate into the Jrockit/ jre /lib / security /cacerts file.

    Thanks,
    Sandeep
  • 10. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    727065 Newbie
    Currently Being Moderated
    Its DemoIdentity and DemoTrust. I have now imported the certificate in all the possible certs in my system like JAVA_HOME\cacert ,jrockit\cacert.., DemoIdentiy.jks .. DemoKeyStore.jks
    But still the same stacktrace. :(

    I have removed all JAVA_OPTIONS now ..
  • 11. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    sandeep_singh Pro
    Currently Being Moderated
    I think at this point of time you can open a support request with oracle and they might help you.
    I think we have tried all possible ways to debug this issue.

    Thanks,
    Sandeep
  • 12. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    727065 Newbie
    Currently Being Moderated
    Done that but no change. Same stacktrace. I have imported certificate into all the cacerts in my system , JROCKIT , JAVA_HOME , WLS etc .

    I have removed JAVA_OPTIONS for SSL settings of JAVA but still have it in code as system.properties. What else could be wrong ?
  • 13. Re: SSLHandshake failure : Calling external SSL webservice from WL10.3
    727065 Newbie
    Currently Being Moderated
    Well thanks a lot for you time and help in understanding the issue .. Will check with Oracle/Webservice provider for further action.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points