1 Reply Latest reply on Mar 2, 2005 8:00 PM by 666705

    web services https with mutual athentication

    666705
      I'm tryng to call a web service on BEA WLS 8.1 via HTTPS with mutual athentication.

      An alert is sent from the server when the client tries to authenticate to the server.

      On the server I get the following error:

      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: Certificate>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <validationCallback: validateErr = 16>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Required peer certificates not supplied by peer>
      ####<Feb 15, 2005 10:38:39 AM MET> <Warning> <Security> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel
      .Default'> <<WLS Kernel>> <> <BEA-090508> <Certificate chain received from flanders - 172.22.4.61 was incomplete.>
      ####<Feb 15, 2005 10:38:39 AM MET> <Warning> <Security> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel
      .Default'> <<WLS Kernel>> <> <BEA-090477> <Certificate chain received from flanders - 172.22.4.61 was not trusted causing SSL handsh
      ake failure.>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Validation error = 20>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Certificate chain is incomplete>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Certificate chain is untrusted>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <User defined JSSE trustmanagers not allowed to override>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <SSLTrustValidator returns: 84>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Trust failure (84): CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@13a252a Severity: 2 Type: 40
      java.lang.Throwable: Stack trace
      at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
      at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
      at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
      at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)
      at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
      >



      On the client I get the following error:

      <Feb 15, 2005 10:20:15 AM MET> <Info> <WebService> <BEA-220094> <An IOException was thrown trying to access the WSDL at the given U
      L.>
      <Feb 15, 2005 10:20:15 AM MET> <Info> <WebService> <BEA-220034> <A stack trace associated with message 220094 follows:

      javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from flanders - 172.22.4.61. Check both side
      of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification
      ettings.
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
      at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
      at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
      at com.certicom.tls.record.WriteHandler.write(Unknown Source)
      at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
      at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown Source)
      at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLConnection.java:216)
      at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(DefinitionFactory.java:87)
      at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:76)
      at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:108)
      at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:84)
      at weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:79)
      at com.etnoteam.timvas.srsv.interfaces.in.csp.activate.client.Activate_Impl.<init>(Activate_Impl.java:22)
      at clientPep1.main(clientPep1.java:149)
      >