search cancel

Could not establish trust relationship for the SSL/TLS secure channel with authority

book

Article ID: 103876

calendar_today

Updated On:

Products

CA Application Test CA Continuous Application Insight (PathFinder) Service Virtualization

Issue/Introduction

The .Net client application is not able to connect to the HTTPS VSM deployed to VSE.

Different client applications are working fine.

The exception displayed is:

Could not establish trust relationship for the SSL/TLS secure channel with authority 'VSE Server:port'

Cause

The signing authorities may not be trusted by the client end.  The root and intermediate certification authorities need to the imported in the client application.

Environment

All supported DevTest releases.

Resolution

By adding the SSL debug property, -Djavax.net.debug=ssl, in the VSE vmoptions file, we could verify the VSE was receiving the request and the SSL handshake looked fine.

After the handshake is completed, it seemed that the client application closed the connection.

We can see the following in the VSE log file:

PortServer:0.0.0.0/0.0.0.0:8000, called closeInbound() 
PortServer:0.0.0.0/0.0.0.0:8000, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? 
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? 
%% Invalidated: [Session-43, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 
PortServer:0.0.0.0/0.0.0.0:8000, SEND TLSv1 ALERT: fatal, description = internal_error 
 
The root and intermediate certification authorities need to the imported in the client application.

Additional Information

For more information regarding the SSL handshake, look at the links below:

SSL, Java and DevTest

How to collect SSL debug information to help debugging SSL handshake issue