Unable to connect to virtual service deployed in server via https - javax.net.ssl.SSLException:Unrecognized SSL message, plaintext connection
book
Article ID: 186507
calendar_today
Updated On:
Products
CA Cloud Test MobileCA Application Test
Issue/Introduction
When we access the virtual service modified to use SSL/Keystore and deployed in server via HTTPS, receiving “javax.net.ssl.SSLException:Unrecognized SSL message, plaintext connection?
When the same service url is accessed via browser receiving “This site can’t provide a secure connection” error.
When using the HTTP call, able to get the response back.
Environment
Release : 10.x
Component : CA Service Virtualization
Cause
During investigation of the issue, it was found that there were multiple other services running on same PORT with different base paths with HTTP protocol. Since this service was using the same PORT but was configured to use SSL/HTTPS, it was not able to pick up the relevant changes of SSL and responded from HTTP call as other services.
Resolution
The basic resolution of this issue is to use a different PORT for HTTP and HTTPS calls. Multiple services can use same port with different base paths only if they are using same protocol - either HTTP or HTTPS.
Additional Information
Based on the version of Java being used, there are few steps that you may need to take in order to make the virtual service works property on https.
- Firstly, make sure that the CN(common name) for the certificate issued is matching the VSE server hostname or get the hostname added to the SAN(Subject Alternative Names) list.
- Next you would need to get the public certs of intermediate and root CA( Certification Authorities) and import them into the DevTest of any other client that runs on Java SSL implementation.
You can download below tool to work with the keystores and certificates. https://sourceforge.net/projects/portecle/