Could not establish trust relationship for the SSL/TLS secure channel with authority
search cancel

Could not establish trust relationship for the SSL/TLS secure channel with authority

book

Article ID: 103876

calendar_today

Updated On:

Products

CA Application Test CA Continuous Application Insight (PathFinder) Service Virtualization

Issue/Introduction

The .Net client application is not able to connect to the HTTPS VSM deployed to VSE.

Different client applications are working fine.

The exception displayed is:

Could not establish trust relationship for the SSL/TLS secure channel with authority 'VSE Server:port'

Environment

All supported DevTest releases.

Cause

The signing authorities may not be trusted by the client end.  The root and intermediate certification authorities need to the imported in the client application.

Resolution

Add SSL debug property, -Djavax.net.debug=ssl, in the VSE vmoptions file,  verify that VSE was receiving the request and the SSL handshake looked fine.

After the handshake is completed, it seemed that the client application closed the connection.

 VSE log file shows:

PortServer:0.0.0.0/0.0.0.0:8000, called closeInbound() 
PortServer:0.0.0.0/0.0.0.0:8000, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? 
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? 
%% Invalidated: [Session-43, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 
PortServer:0.0.0.0/0.0.0.0:8000, SEND TLSv1 ALERT: fatal, description = internal_error 
 
The root and intermediate certification authorities must be imported into the client application.

Additional Information

For more information regarding the SSL handshake, look at the links below:

SSL, Java and DevTest

How to collect SSL debug information to help debugging SSL handshake issue

Powered by Wolken Software