Java Security

Also here is debug information........also i am using certificates/keys generated by Keytool provided by jdk1.4..i have imported the server certificate into the trusted store of client and i have imported the client certificate into the server keystore. I am using the same keystore for trusted store incase of server.

I would like to give more information if desired...

Regards
akhil


D:\bea\weblogic700\samples\server\src\examples>java -Djavax.net.debug=ssl,handshake com.sds.kb.cm.https.TestClass
***
found key for : client-cert
chain [0] = [
[
Version: V1
Subject: CN=AK, OU=AK, O=AK, L=AK, ST=AK, C=AK
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@ffffff44
Validity: [From: Tue Apr 08 13:05:58 GMT+09:00 2003,
To: Mon Jul 07 13:05:58 GMT+09:00 2003]
Issuer: CN=AK, OU=AK, O=AK, L=AK, ST=AK, C=AK
SerialNumber: [ 3e924aa6]

]
Algorithm: [MD5withRSA]
Signature:
0000: D2 00 E4 94 89 C9 5C 85 A6 CD 2A 71 6D A8 13 1C ......\...*qm...
0010: BB 76 3A 75 29 36 78 F2 8F 17 6D 4F 3A CF 08 92 .v:u)6x...mO:...
0020: 43 4E 73 99 F1 56 27 75 CD 48 D3 F0 6A 9B C7 97 CNs..V'u.H..j...
0030: C5 52 09 B5 C9 AB 1A 42 3F 90 8C 4F EE A8 B1 DE .R.....B?..O....
0040: 40 76 E8 50 D8 37 7F 18 EA 13 7D C9 B0 74 F4 1A @v.P.7.......t..
0050: 42 41 09 0F 5C E6 4B 58 83 FA FC D8 AE FA 3C 3F BA..\.KX......<?
0060: A1 32 A6 E3 F0 0D D0 98 4C A2 42 46 2E 78 F0 9E .2......L.BF.x..
0070: FB 5C F4 29 42 5F 8B E5 8A BA ED 6E 2F 4E 62 84 .\.)B_.....n/Nb.

]
***
adding as trusted cert: [
[
Version: V1
Subject: CN=sds, OU=sds, O=sds, L=sds, ST=sds, C=sds
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffc77
Validity: [From: Mon Apr 07 10:53:00 GMT+09:00 2003,
To: Sun Jul 06 10:53:00 GMT+09:00 2003]
Issuer: CN=sds, OU=sds, O=sds, L=sds, ST=sds, C=sds
SerialNumber: [ 3e90d9fc]

]
Algorithm: [MD5withRSA]
Signature:
0000: 86 32 A9 76 90 7E 26 C7 4E A6 32 86 F3 0D 03 67 .2.v..&.N.2....g
0010: 2D D3 AC C2 4A E0 13 C1 F7 A6 03 C3 0B 49 8E F2 -...J........I..
0020: 45 F7 FF C0 B1 14 01 B8 7E 82 15 38 FD 37 A2 65 E..........8.7.e
0030: 8C 37 C3 6B 97 9E D2 2F C0 50 A9 65 B4 45 FD 55 .7.k.../.P.e.E.U
0040: D8 B3 4E 12 D6 E7 BB 4D FD 05 B2 AD CC 1D E2 42 ..N....M.......B
0050: FC B4 69 D8 FB D3 E8 57 CA 89 D1 45 DB 82 E1 84 ..i....W...E....
0060: DF F6 4E 0B B1 F1 72 DB EC CC 11 8B D3 CD 5C F7 ..N...r.......\.
0070: 24 FD 33 B9 BF 93 8F DA 2D 1D 50 86 D9 DC CD 65 $.3.....-.P....e

]
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1033000569 bytes = { 236, 145, 59, 30, 61, 19, 173, 66, 25, 209, 102, 248, 69, 204, 105, 210, 2, 127, 128, 252, 191, 193
, 113, 147, 70, 212, 64, 107 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RS
A_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 59
main, WRITE: SSLv2 client hello message, length = 77
main, READ: TLSv1 Handshake, length = 2691
*** ServerHello, TLSv1
RandomCookie: GMT: 1033000569 bytes = { 218, 196, 164, 251, 113, 149, 138, 92, 172, 109, 47, 59, 134, 244, 132, 132, 121, 194, 54, 40, 238,
237, 2, 89, 166, 78, 70, 50 }
Session ID: {62, 146, 86, 121, 76, 97, 33, 198, 102, 213, 60, 222, 53, 199, 78, 61, 104, 85, 254, 121, 98, 224, 92, 231, 68, 201, 191, 253,
133, 168, 113, 63}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=sds, OU=sds, O=sds, L=sds, ST=sds, C=sds
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffc77
Validity: [From: Mon Apr 07 10:53:00 GMT+09:00 2003,
To: Sun Jul 06 10:53:00 GMT+09:00 2003]
Issuer: CN=sds, OU=sds, O=sds, L=sds, ST=sds, C=sds
SerialNumber: [ 3e90d9fc]

]
Algorithm: [MD5withRSA]
Signature:
0000: 86 32 A9 76 90 7E 26 C7 4E A6 32 86 F3 0D 03 67 .2.v..&.N.2....g
0010: 2D D3 AC C2 4A E0 13 C1 F7 A6 03 C3 0B 49 8E F2 -...J........I..
0020: 45 F7 FF C0 B1 14 01 B8 7E 82 15 38 FD 37 A2 65 E..........8.7.e
0030: 8C 37 C3 6B 97 9E D2 2F C0 50 A9 65 B4 45 FD 55 .7.k.../.P.e.E.U
0040: D8 B3 4E 12 D6 E7 BB 4D FD 05 B2 AD CC 1D E2 42 ..N....M.......B
0050: FC B4 69 D8 FB D3 E8 57 CA 89 D1 45 DB 82 E1 84 ..i....W...E....
0060: DF F6 4E 0B B1 F1 72 DB EC CC 11 8B D3 CD 5C F7 ..N...r.......\.
0070: 24 FD 33 B9 BF 93 8F DA 2D 1D 50 86 D9 DC CD 65 $.3.....-.P....e

]
***
stop on trusted cert: [
[
Version: V1
Subject: CN=sds, OU=sds, O=sds, L=sds, ST=sds, C=sds
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffc77
Validity: [From: Mon Apr 07 10:53:00 GMT+09:00 2003,
To: Sun Jul 06 10:53:00 GMT+09:00 2003]
Issuer: CN=sds, OU=sds, O=sds, L=sds, ST=sds, C=sds
SerialNumber: [ 3e90d9fc]

]
Algorithm: [MD5withRSA]
Signature:
0000: 86 32 A9 76 90 7E 26 C7 4E A6 32 86 F3 0D 03 67 .2.v..&.N.2....g
0010: 2D D3 AC C2 4A E0 13 C1 F7 A6 03 C3 0B 49 8E F2 -...J........I..
0020: 45 F7 FF C0 B1 14 01 B8 7E 82 15 38 FD 37 A2 65 E..........8.7.e
0030: 8C 37 C3 6B 97 9E D2 2F C0 50 A9 65 B4 45 FD 55 .7.k.../.P.e.E.U
0040: D8 B3 4E 12 D6 E7 BB 4D FD 05 B2 AD CC 1D E2 42 ..N....M.......B
0050: FC B4 69 D8 FB D3 E8 57 CA 89 D1 45 DB 82 E1 84 ..i....W...E....
0060: DF F6 4E 0B B1 F1 72 DB EC CC 11 8B D3 CD 5C F7 ..N...r.......\.
0070: 24 FD 33 B9 BF 93 8F DA 2D 1D 50 86 D9 DC CD 65 $.3.....-.P....e

]
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Tow
n, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
<OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE>
<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE>
<EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape To
wn, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape
Town, ST=Western Cape, C=ZA>
<CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=West
ern Cape, C=ZA>
*** ServerHelloDone
*** Certificate chain
***
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 153, 29, 125, 205, 175, 10, 18, 191, 221, 79, 145, 133, 113, 244, 217, 230, 68, 180, 20, 205, 138, 164, 96, 47, 93,
222, 117, 192, 56, 50, 0, 18, 231, 153, 244, 238, 130, 1, 148, 74, 80, 53, 250, 109, 250, 14 }
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 99 1D 7D CD AF 0A 12 BF DD 4F 91 85 71 F4 ...........O..q.
0010: D9 E6 44 B4 14 CD 8A A4 60 2F 5D DE 75 C0 38 32 ..D.....`/].u.82
0020: 00 12 E7 99 F4 EE 82 01 94 4A 50 35 FA 6D FA 0E .........JP5.m..
CONNECTION KEYGEN:
Client Nonce:
0000: 3E 92 56 79 EC 91 3B 1E 3D 13 AD 42 19 D1 66 F8 >.Vy..;.=..B..f.
0010: 45 CC 69 D2 02 7F 80 FC BF C1 71 93 46 D4 40 6B E.i.......q.F.@k
Server Nonce:
0000: 3E 92 56 79 DA C4 A4 FB 71 95 8A 5C AC 6D 2F 3B >.Vy....q..\.m/;
0010: 86 F4 84 84 79 C2 36 28 EE ED 02 59 A6 4E 46 32 ....y.6(...Y.NF2
Master Secret:
0000: 14 E5 00 82 0E 5A 2B A1 E0 7D A2 E4 E3 45 D7 4F .....Z+......E.O
0010: FB FC D3 BD 13 7B A6 FA B4 C0 77 85 9E 9E 7F B1 ..........w.....
0020: A7 2C E0 E1 AE EE 1A 88 EF 5C 5A 42 F9 6A FD E1 .,.......\ZB.j..
Client MAC write Secret:
0000: B4 30 2E 92 FA FA 3C D0 2D 39 39 1D FD AE E3 94 .0....<.-99.....
Server MAC write Secret:
0000: 97 41 BC E9 D6 DD 15 14 A4 AB 58 3E 6F 6B 85 AA .A........X>ok..
Client write key:
0000: 41 F0 EA A2 27 4D A8 25 89 A1 3B 4A CA C5 06 DD A...'M.%..;J....
Server write key:
0000: 80 35 21 44 76 85 24 D2 D9 47 C1 92 DE A2 A5 C6 .5!Dv.$..G......
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data: { 110, 99, 151, 5, 176, 135, 226, 37, 154, 239, 151, 89 }
***
main, WRITE: TLSv1 Handshake, length = 32
waiting for close_notify or alert: state 1
Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 18
Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
main, called close()
main, called closeInternal(true)
Exception in thread "main" java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:528)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA6275)
at com.sds.kb.cm.https.CMHttpsClient.sendMultiParameters(CMHttpsClient.java:99)
at com.sds.kb.cm.https.TestClass.main(TestClass.java:27)

HI Thanks folks..
i could make it work..:)
Akhil

Hi All,

I think I get the same problem as you got, one month ago, can you please help me.
Thanks in Advance. Lucinda

I am trying to access an Apache server on ssl. For this i have created a certificate/key using the keytool of jdk1.4. I am able to access this from my standalone client when not using the client-authentication.That is it works fine without client-authentication but when i use the client authentication it throws the exception pasted below..

exception while waiting for close java.net.SocketException: Connection reset

main, handling exception: java.net.SocketException: Connection reset

%% Invalidated: [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]

main, SEND TLSv1 ALERT: fatal, description = unexpected_message

main, WRITE: TLSv1 Alert, length = 24

Exception sending alert: java.net.SocketException: Software caused connection abort: socket write java.net.SocketException: Connection reset

at java.net.SocketInputStream.read(SocketInputStream.java:168)

at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

error

main, called closeSocket()

main, called close()

main, called closeInternal(true)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)

at java.io.BufferedInputStream.fill(BufferedInputStream.java:183)

at java.io.BufferedInputStream.read1(BufferedInputStream.java:222)

at java.io.BufferedInputStream.read(BufferedInputStream.java:277)

at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:741)

at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:702)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:583)

at sun.net.www.protocol.http.HttpURLConnection.getHeaderFieldKey(HttpURLConnection.java:1208)

at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getHeaderFieldKey(DashoA6275)

at com.meterware.httpunit.HttpWebResponse.loadHeaders(HttpWebResponse.java:201)

at com.meterware.httpunit.HttpWebResponse.readHeaders(HttpWebResponse.java:183)

at com.meterware.httpunit.HttpWebResponse.<init>(HttpWebResponse.java:53)

at com.meterware.httpunit.WebConversation.newResponse(WebConversation.java:61)

at com.meterware.httpunit.WebWindow.getResource(WebWindow.java:162)

at com.meterware.httpunit.WebWindow.getSubframeResponse(WebWindow.java:125)

at com.meterware.httpunit.WebWindow.getResponse(WebWindow.java:118)

at com.meterware.httpunit.WebClient.getResponse(WebClient.java:113)

at com.csg.cs.cch.test.ServletTest.execRequest(ServletTest.java:108)

at com.csg.cs.cch.test.CustomerTemplateTest.getContractsTest(CustomerTemplateTest.java:128)

at com.csg.cs.cch.test.CustomerTest.testUser1_IVR(CustomerTest.java:53)

at com.csg.cs.cch.test.CustomerTest.init(CustomerTest.java:27)

at com.csg.cs.cch.test.CustomerTest.main(CustomerTest.java:21)

Exception in thread "main"

Are you making sure that the client authenticates itself?

Make sure you set client mode to false in the client. That should make it authenticate.

What was the fix?

Hi,
Thanks for the tip!
But can you be more explicit.
Thanks. Lucinda

Did you ever find a solution to this problem?

Please post it here!

Sjur

I got the same problem after Client and Server Hello are Done.
I have JDK1.4 and Tomcat4.1 on my Windows 2000 Server.

Here is the last few error messages:

PreMaster Secret:
0000: 03 01 29 63 06 8B B3 77 D9 44 F5 CC D7 DA FE A4 ..)c...w.D......
0010: 8B 55 DA CA 63 72 7C 34 E7 30 14 38 A0 FC A1 54 .U..cr.4.0.8...T
0020: 36 38 58 72 D1 B1 53 90 8E A0 F3 6E 8D FE BC 71 68Xr..S....n...q
CONNECTION KEYGEN:
Client Nonce:
0000: 3F BD 5E 57 9B 2D 2F 11 5C 9B 76 56 DF 06 37 3C ?.^W.-/.\.vV..7<
0010: 1E F4 E0 B1 0B 7E DC E4 89 29 49 CB 55 86 68 1D .........)I.U.h.
Server Nonce:
0000: 3F BD 5E 57 A3 0C 14 7E 4C 1C 45 C8 FD 92 F3 B6 ?.^W....L.E.....
0010: BF 27 66 2E A0 30 50 62 C1 5B 68 62 DD 1F 4F 81 .'f..0Pb.[hb..O.
Master Secret:
0000: 49 17 66 1E D6 A4 F6 2D 43 42 2C 4D F2 C5 F3 75 I.f....-CB,M...u
0010: D2 BA A5 B0 40 77 C2 EE A6 86 55 F1 43 DE 3C 35 ....@w....U.C.<5
0020: 0D 43 9B 14 E3 8D 4E 76 39 BA E7 1D CB C9 BF 67 .C....Nv9......g
Client MAC write Secret:
0000: 30 77 5D 42 CF 12 E9 A5 59 94 AF 14 13 63 08 CE 0w]B....Y....c..
Server MAC write Secret:
0000: 2E A2 A0 1F 09 37 24 58 79 D9 CB C1 B7 55 9A 5F .....7$Xy....U._
Client write key:
0000: 5F 3D 39 21 A5 24 C7 AA 36 54 9E E1 66 41 CB BB _=9!.$..6T..fA..
Server write key:
0000: AE 6F DE 74 E5 59 9C 06 52 57 92 0C 5D C9 F3 24 .o.t.Y..RW..]..$
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data: { 153, 64, 27, 204, 31, 38, 210, 95, 79, 233, 62, 133 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 99 40 1B CC 1F 26 D2 5F 4F E9 3E 85 .....@...&._O.>.
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C 99 40 1B CC 1F 26 D2 5F 4F E9 3E 85 .....@...&._O.>.
0010: 74 D7 F9 42 6A E4 FB 50 7F E3 DD 5E 4D AE CA E3 t..Bj..P...^M...
main, WRITE: TLSv1 Handshake, length = 32
waiting for close_notify or alert: state 1
Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
Plaintext before ENCRYPTION: len = 18
0000: 02 0A BD C3 E6 64 F4 D0 40 8F B5 33 9E F6 EC 5F .....d..@..3..._
0010: E0 42 .B
main, WRITE: TLSv1 Alert, length = 18
Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()

Thanks

B.T

P.S
I have no problem like this on my Linux machine.

I figured out the problem is with the import of the client's certificate. Here is a portion of my server.xml that I turn on the clientAuth parameter to true:

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="true" protocol="TLS"
keystoreFile="conf/Keystore/server.ks"
keystorePass="mypass"/> />

I have to import client certificate to JAVA_HOME/jre/lib/security/cacerts as following:

keytool -keystore cacerts -storepass mystorepass -file myclient.cer -import -alias myclient -trustcacerts

Where myclient.cer is the certificate that I export (using the keytool to export) it from my client keystore file.

B.T

In addition to this, another thing which you might need to do is to self-certify the certificates being used (if they have not been obtained from a CA, in which case the procedure is different).

From Sun's documentation:
To generate a self-signed certificate, use the -selfcert command, as in
keytool -selfcert -alias dukeNew -keypass b92kqmp
-dname "cn=Duke Smith, ou=Purchasing, o=BlueSoft, c=US"

The generated certificate is stored as a single-element certificate chain in the keystore entry identified by the specified alias (in this case "dukeNew"), where it replaces the existing certificate chain.

Also see http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html?page=5
(especially pinwu's comment )

I was facing the same problem as you all were facing, and B.T.'s solution was not working either. However, that in conjunction to the two step process of keytool -selfcert solved the problem.

~Phoenix.

Thank you, thank you, THANK YOU !!!

I have been struggling with this problem for 48 hours now - trying to find a solution. I thougt there where some error in my code or in my certificates or in... but your solution made it WORK !!!

And to those who write manuals (JWDSP -tutorial) - GET SERIOUS !!!

Test your solutions before you ship them !!! Or at least, check out the forums and contribute to help people out when they get stuck ! And why don't you add some common problem-solving tips to the manuals
? (is that to much to ask for ?).

Not sure if this is relevant. I got a similar error when I was trying to make a https communication via a wrongly set proxy server and proxy port. I was using axis and tomcat server. It took me over 48 hours of sweating to figure this out so I thought I would post it.

Good Luck !

- Bosco