0 Replies Latest reply on Dec 7, 2007 5:39 AM by erace

    javax.net.ssl.SSLHandshakeException: null cert chain

    erace
    erace Dec 7, 2007 5:39 AM

      Hi,

      How can I find out what is the reason for the exception the "javax.net.ssl.SSLHandshakeException: null cert" chain when https connector is set to clientAuth="true"?

      I have managed to make it work with self singed certs. The problem occurs when I receive a client certificate signed by some other CA than mine.

      The CA that has signed client cert is different than the CA that signed server cert but they have common RootCA. It looks as following:

      RootCA
^
|
SomeOtherCA
^ ^
| |
ServerCA ClientCA


      All CA's are imported into the truststore and used during configuration. Works the same via -Djavax.net.ssl.trustStore=/some.truststore and via truststoreFile="" as Connector's attribute.

      I have imported PKCS#12 cert in web browser (Firefox 2.0 Linux).

      The only strange thing I can see in the logs is this : 

      11:07:26,454 INFO [STDOUT] http-127.0.0.1-8443-1, READ: TLSv1 Handshake, length = 109
11:07:26,454 INFO [STDOUT] *** Certificate chain
11:07:26,454 INFO [STDOUT] ***
11:07:26,462 INFO [STDOUT] http-127.0.0.1-8443-1
11:07:26,462 INFO [STDOUT] , SEND TLSv1 ALERT:
11:07:26,462 INFO [STDOUT] fatal,
11:07:26,462 INFO [STDOUT] description = bad_certificate
11:07:26,462 INFO [STDOUT] http-127.0.0.1-8443-1, WRITE: TLSv1 Alert, length = 2
11:07:26,462 INFO [STDOUT] [Raw write]: length = 7


      After that I receive: 

      *11:07:26,463 INFO [STDOUT] http-127.0.0.1-8443-1, called closeSocket()
11:07:26,463 INFO [STDOUT] http-127.0.0.1-8443-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
11:07:26,463 DEBUG [JIoEndpoint] Handshake failed
javax.net.ssl.SSLHandshakeException: null cert chain
 at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
 at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:177)
 at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1206)
 at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:148)
 at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
 at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
 at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:156)
 at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:628)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Thread.java:619)
11:07:26,464 INFO [STDOUT] http-127.0.0.1-8443-1, called close()
11:07:26,464 INFO [STDOUT] http-127.0.0.1-8443-1, called closeInternal(true)


      I am pretty stuck with this. Any hints?

      /p

      • 4854 Views
      • Tags: