New certificates are not working with DevTest 10.7.2 :Warning: no suitable certificate found
search cancel

New certificates are not working with DevTest 10.7.2 :Warning: no suitable certificate found

book

Article ID: 251982

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

The ABC team just received a new certificate. The team cannot get the cert working with DevTest. 

I checked in the local.properties for this server and see the following:

ssl.client.cert.path=C:/Users/SSL_Certs/abc-appCredentials.jks
ssl.client.cert.pass=username
ssl.client.key.pass=password

The team confirmed that the new cert is in the correct path and is using the correct passwords.

Please help troubleshoot why DevTest is not working with the new cert.

[   1] ProcDlgThreadCallbk@1a48dad4, RECV TLSv1.2 ALERT:  fatal, handshake_failure
[   1] %% Invalidated:  [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
[   1] ProcDlgThreadCallbk@1a48dad4, called closeSocket()
[   1] ProcDlgThreadCallbk@1a48dad4, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Environment

Release : 10.7

Cause

 We are seeing the Certificate chain as <Empty> .  The client is not able to see the entire certificate Chain. 

1] Supported Signature Algorithms: SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
[   1] Cert Authorities:
[   1] <Empty>
[   1] ProcDlgThreadCallbk@1a48dad4, READ: TLSv1.2 Handshake, length = 4
[   1] *** ServerHelloDone
[   1] Warning: no suitable certificate found - continuing without client authentication
[   1] *** Certificate chain
[   1] <Empty>

 

Note : This keystore was created with multiple Alias names.   

Since the properties in local.properties did not have the right Alias name to use,  it did not find the full Certificate Chain. 

Resolution

Added 'ssl.client.alias'=<alias name>  to the local.properties

ssl.client.cert.path=
ssl.client.cert.pass=
ssl.client.key.pass=
ssl.client.alias=

 

We are now able to get a valid response.