1 Reply Latest reply on Sep 26, 2005 11:57 AM by 666705

    web services https with mutual athentication

    666705
      I'm tryng to call a web service on BEA WLS 8.1 via HTTPS with mutual athentication.

      An alert is sent from the server when the client tries to authenticate to the server.

      On the server I get the following error:

      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <HANDSHAKEMESSAGE: Certificate>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <validationCallback: validateErr = 16>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Required peer certificates not supplied by peer>
      ####<Feb 15, 2005 10:38:39 AM MET> <Warning> <Security> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel
      .Default'> <<WLS Kernel>> <> <BEA-090508> <Certificate chain received from flanders - 172.22.4.61 was incomplete.>
      ####<Feb 15, 2005 10:38:39 AM MET> <Warning> <Security> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel
      .Default'> <<WLS Kernel>> <> <BEA-090477> <Certificate chain received from flanders - 172.22.4.61 was not trusted causing SSL handsh
      ake failure.>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Validation error = 20>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Certificate chain is incomplete>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Certificate chain is untrusted>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <User defined JSSE trustmanagers not allowed to override>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <SSLTrustValidator returns: 84>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <Trust failure (84): CERT_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
      ####<Feb 15, 2005 10:38:39 AM MET> <Debug> <TLS> <flanders> <ConsensoServer> <ExecuteThread: '14' for queue: 'weblogic.kernel.Defaul
      t'> <<WLS Kernel>> <> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@13a252a Severity: 2 Type: 40
      java.lang.Throwable: Stack trace
      at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
      at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
      at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
      at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown Source)
      at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
      >



      On the client I get the following error:

      <Feb 15, 2005 10:20:15 AM MET> <Info> <WebService> <BEA-220094> <An IOException was thrown trying to access the WSDL at the given U
      L.>
      <Feb 15, 2005 10:20:15 AM MET> <Info> <WebService> <BEA-220034> <A stack trace associated with message 220094 follows:

      javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from flanders - 172.22.4.61. Check both side
      of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification
      ettings.
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
      at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
      at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
      at com.certicom.tls.record.WriteHandler.write(Unknown Source)
      at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
      at com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown Source)
      at weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLConnection.java:216)
      at weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(DefinitionFactory.java:87)
      at weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:76)
      at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:108)
      at weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:84)
      at weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:79)
      at com.etnoteam.timvas.srsv.interfaces.in.csp.activate.client.Activate_Impl.<init>(Activate_Impl.java:22)
      at clientPep1.main(clientPep1.java:149)
      >
        • 1. Re: web services https with mutual athentication
          666705
          I have a similar problem now. Did you find out the cause? The server reports "Certificate chain is incomplete", but I checked the the client certificate. It's ok.

          Running Weblogic Server 8.1, SP4 + Patch CR210310_81sp4

          ####<Sep 26, 2005 1:53:01 PM MEST> <Debug> <TLS> <h00962.pnet.ch> <node1> <ExecuteThread: '29' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Certificate chain is incomplete>
          ####<Sep 26, 2005 1:53:01 PM MEST> <Debug> <TLS> <h00962.pnet.ch> <node1> <ExecuteThread: '29' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <User defined JSSE trustmanagers not allowed to override>
          ####<Sep 26, 2005 1:53:01 PM MEST> <Debug> <TLS> <h00962.pnet.ch> <node1> <ExecuteThread: '29' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLTrustValidator returns: 68>
          ####<Sep 26, 2005 1:53:01 PM MEST> <Debug> <TLS> <h00962.pnet.ch> <node1> <ExecuteThread: '29' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Trust failure (68): CERT_CHAIN_INCOMPLETE>
          ####<Sep 26, 2005 1:53:01 PM MEST> <Debug> <TLS> <h00962.pnet.ch> <node1> <ExecuteThread: '29' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <NEW ALERT with Severity: FATAL, Type: 40
          java.lang.Exception: New alert stack
          at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
          at com.certicom.tls.record.handshake.ServerStateSentHelloDone.handle(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
          at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
          at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
          at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
          at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
          at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
          at javax.net.ssl.impl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:340)
          at com.bea.sslplus.CerticomSSLContext.forceHandshakeOnAcceptedSocket(Unknown Source)
          at weblogic.security.utils.SSLContextWrapper.forceHandshakeOnAcceptedSocket(SSLContextWrapper.java:128)
          at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:484)
          at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
          at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
          >
          ####<Sep 26, 2005 1:53:01 PM MEST> <Debug> <TLS> <h00962.pnet.ch> <node1> <ExecuteThread: '29' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <write ALERT, offset = 0, length = 2>
          ####<Sep 26, 2005 1:53:01 PM MEST> <Debug> <TLS> <h00962.pnet.ch> <node1> <ExecuteThread: '29' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <close(): 7080341>
          ####<Sep 26, 2005 1:53:01 PM MEST> <Debug> <TLS> <h00962.pnet.ch> <node1> <ExecuteThread: '29' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <SSLIOContextTable.removeContext(ctx): 5413348>