1 Reply Latest reply on Sep 25, 2003 3:41 PM by 3004

    SSL Failure

    3004

      Hello,

      We are running into a strange situtation while trying to submit an SSL request
      using a certificate keystore that we point to through our Weblogic 8.1 SP1 console.
      However, when we make the request, we get the following exception:

      --- Cut ---
      2003-09-23 13:42:34,777 RouteOneHTTPSSender ERROR com.gmacfs.routeone.transport.RouteOneHTTPSSender
      javax.net.ssl.SSLKeyException: [Security:090508]Certificate chain received from
      messaging.routeone.net - 205.141.198.240 was incomplete.
           at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
           at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
           at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
           at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
           at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
      Source)
           at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
      Source)
           at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
      Source)
           at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
           at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
           at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
           at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
      Source)
           at com.certicom.tls.record.WriteHandler.write(Unknown Source)
           at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
           at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
           at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
           at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:98)
           at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:288)
           at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:697)
           at com.gmacfs.routeone.transport.RouteOneHTTPSSender.send(RouteOneHTTPSSender.java:112)
           at com.gmacfs.routeone.transport.RouteOneSenderBean.onMessage(RouteOneSenderBean.java:99)
           at weblogic.ejb20.internal.MDListener.execute(MDListener.java:382)
           at weblogic.ejb20.internal.MDListener.transactionalOnMessage(MDListener.java:316)
           at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:281)
           at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:2596)
           at weblogic.jms.client.JMSSession.execute(JMSSession.java:2516)
           at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
           at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
      2003-09-23 13:42:34,787 RouteOneHTTPSSender INFO in Finally

      --- Cut ---


      We tried going through a standalone client (i.e not through WLS) that submits
      the same request but using WLSSLAdapter as follows:

      (using weblogic.net.http.HttpsURLConnection)

                String protType = (String) props.get("protocolType");
                String destUrl = (String) props.get("targetURL");

                log.info("protType= "+protType);
                log.info("destUrl= "+destUrl);

                System.setProperty("bea.home",(String)props.get("bea.home"));
                System.setProperty("java.protocol.handler.pkgs",(String)props.get("java.protocol.handler.pkgs"));

                System.setProperty("weblogic.security.SSL.ignoreHostnameVerification",(String)props.get("weblogic.security.SSL.ignoreHostnameVerification"));
                System.setProperty("ssl.debug",(String)props.get("ssl.debug"));
                System.setProperty("weblogic.StdoutDebugEnabled",(String)props.get("weblogic.StdoutDebugEnabled"));
                System.setProperty("sun.net.client.defaultConnectTimeout",(String)props.get("sun.net.client.defaultConnectTimeout"));
                System.setProperty("sun.net.client.defaultReadTimeout",(String)props.get("sun.net.client.defaultReadTimeout"));

                log.info("After setting system properties");

                try{

                     log.info("before getting url object");
                     URL url = new URL(destUrl);
                     HttpsURLConnection connection = null;
                     log.info("before getting httpsurlconnection object");
                     connection = new HttpsURLConnection(url);

                     log.info("before setting connection properties");
                     connection.setRequestMethod("POST");
                     connection.setDoOutput(true);
                     connection.setRequestProperty("Content-Type","text/xml");

                     if (hdrs!=null){
                          Iterator hdrIter = hdrs.getAllHeaders();

                          log.info("before setting request headers");
                          while (hdrIter.hasNext()){
                               MimeHeader hdr = (MimeHeader) hdrIter.next();
                               connection.setRequestProperty(hdr.getName(),hdr.getValue());
                          }
                     }

                     log.info("before connecting");
                     connection.connect();

                     log.info("before getting output stream");
                     OutputStream outStream = connection.getOutputStream();

                     log.info("before getting output stream writere");
                     OutputStreamWriter outStreamWriter = new OutputStreamWriter(outStream);
                     log.info("before getting string from document object");
                     String message = XMLUtil.document2String(soapMsg);
                     log.info("before writing string message to writer");
                     outStreamWriter.write(message);
                     log.info("before flush ");
                     outStreamWriter.flush();
                     log.info("before close");
                     outStreamWriter.close();

                     //Logic for writing the outgoing Credit Decision/Fault Message to the application
      logs
                     log.info("BEGIN WRITING OUTBOUND CD MESSAGE TO OUTBOUND");
                     log.info("The SOAP Message sent to RouteOne is "+message);
                     log.info("FINISH WRITING OUTBOUND CD MESSAGE TO OUTBOUND");

                     log.info("before getting response code");
                     int respCode = connection.getResponseCode();



      The above behaved the same way.


      Finally, we tried using the Java APIs (javax.net.ssl.HttpsURLConnection)


      THIS WORKED....

      Since we have our service, which submits that SSL request, deployed on WLS8.1SP1,
      we need to get that working. Could you please verify if we've missed something
      in our usage of the Weblogic API? We are wondering why the Java API worked while
      the weblogic one did not.


      Thanks

      Sam



        • 1. Re: SSL Failure
          3004

          The error message: "Certificate chain received from messaging.routeone.net - 205.141.198.240
          was incomplete" on the SSL client might be caused by its trust not being properly
          configured. As a result the client cannot complete the cert chain received from
          the SSL server. If Sun's implementation is configured to take its trust from a
          different keystore this would explain the difference. You can set default trust
          keystore for SSL client on WLS server by starting the server with this command
          line property:
          -Dweblogic.security.SSL.trustedCAKeyStore=<keystorefile>

          Also try running client and server with ssl debug properties on:
          -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
          This should output some more information.


          "sam T" <samititi@yahoo.com> wrote:
          >
          Hello,

          We are running into a strange situtation while trying to submit an SSL
          request
          using a certificate keystore that we point to through our Weblogic 8.1
          SP1 console.
          However, when we make the request, we get the following exception:

          --- Cut ---
          2003-09-23 13:42:34,777 RouteOneHTTPSSender ERROR com.gmacfs.routeone.transport.RouteOneHTTPSSender
          javax.net.ssl.SSLKeyException: [Security:090508]Certificate chain received
          from
          messaging.routeone.net - 205.141.198.240 was incomplete.
               at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown
          Source)
               at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
          Source)
               at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
          Source)
               at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
          Source)
               at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
          Source)
               at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
          Source)
               at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
          Source)
               at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
               at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
               at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
          Source)
               at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
          Source)
               at com.certicom.tls.record.WriteHandler.write(Unknown Source)
               at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
               at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
               at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
               at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:98)
               at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:288)
               at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:697)
               at com.gmacfs.routeone.transport.RouteOneHTTPSSender.send(RouteOneHTTPSSender.java:112)
               at com.gmacfs.routeone.transport.RouteOneSenderBean.onMessage(RouteOneSenderBean.java:99)
               at weblogic.ejb20.internal.MDListener.execute(MDListener.java:382)
               at weblogic.ejb20.internal.MDListener.transactionalOnMessage(MDListener.java:316)
               at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:281)
               at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:2596)
               at weblogic.jms.client.JMSSession.execute(JMSSession.java:2516)
               at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
               at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
          2003-09-23 13:42:34,787 RouteOneHTTPSSender INFO in Finally

          --- Cut ---


          We tried going through a standalone client (i.e not through WLS) that
          submits
          the same request but using WLSSLAdapter as follows:

          (using weblogic.net.http.HttpsURLConnection)

                    String protType = (String) props.get("protocolType");
                    String destUrl = (String) props.get("targetURL");

                    log.info("protType= "+protType);
                    log.info("destUrl= "+destUrl);

                    System.setProperty("bea.home",(String)props.get("bea.home"));
                    System.setProperty("java.protocol.handler.pkgs",(String)props.get("java.protocol.handler.pkgs"));

                    System.setProperty("weblogic.security.SSL.ignoreHostnameVerification",(String)props.get("weblogic.security.SSL.ignoreHostnameVerification"));
                    System.setProperty("ssl.debug",(String)props.get("ssl.debug"));
                    System.setProperty("weblogic.StdoutDebugEnabled",(String)props.get("weblogic.StdoutDebugEnabled"));
                    System.setProperty("sun.net.client.defaultConnectTimeout",(String)props.get("sun.net.client.defaultConnectTimeout"));
                    System.setProperty("sun.net.client.defaultReadTimeout",(String)props.get("sun.net.client.defaultReadTimeout"));

                    log.info("After setting system properties");

                    try{

                         log.info("before getting url object");
                         URL url = new URL(destUrl);
                         HttpsURLConnection connection = null;
                         log.info("before getting httpsurlconnection object");
                         connection = new HttpsURLConnection(url);

                         log.info("before setting connection properties");
                         connection.setRequestMethod("POST");
                         connection.setDoOutput(true);
                         connection.setRequestProperty("Content-Type","text/xml");

                         if (hdrs!=null){
                              Iterator hdrIter = hdrs.getAllHeaders();

                              log.info("before setting request headers");
                              while (hdrIter.hasNext()){
                                   MimeHeader hdr = (MimeHeader) hdrIter.next();
                                   connection.setRequestProperty(hdr.getName(),hdr.getValue());
                              }
                         }

                         log.info("before connecting");
                         connection.connect();

                         log.info("before getting output stream");
                         OutputStream outStream = connection.getOutputStream();

                         log.info("before getting output stream writere");
                         OutputStreamWriter outStreamWriter = new OutputStreamWriter(outStream);
                         log.info("before getting string from document object");
                         String message = XMLUtil.document2String(soapMsg);
                         log.info("before writing string message to writer");
                         outStreamWriter.write(message);
                         log.info("before flush ");
                         outStreamWriter.flush();
                         log.info("before close");
                         outStreamWriter.close();

                         //Logic for writing the outgoing Credit Decision/Fault Message to
          the application
          logs
                         log.info("BEGIN WRITING OUTBOUND CD MESSAGE TO OUTBOUND");
                         log.info("The SOAP Message sent to RouteOne is "+message);
                         log.info("FINISH WRITING OUTBOUND CD MESSAGE TO OUTBOUND");

                         log.info("before getting response code");
                         int respCode = connection.getResponseCode();



          The above behaved the same way.


          Finally, we tried using the Java APIs (javax.net.ssl.HttpsURLConnection)


          THIS WORKED....

          Since we have our service, which submits that SSL request, deployed on
          WLS8.1SP1,
          we need to get that working. Could you please verify if we've missed
          something
          in our usage of the Weblogic API? We are wondering why the Java API
          worked while
          the weblogic one did not.


          Thanks

          Sam