The ABC team just received a new certificate. The team cannot get the cert working with DevTest.
I checked in the local.properties for this server and see the following:
ssl.client.cert.path=C:/Users/SSL_Certs/abc-appCredentials.jks
ssl.client.cert.pass=username
ssl.client.key.pass=password
The team confirmed that the new cert is in the correct path and is using the correct passwords.
Please help troubleshoot why DevTest is not working with the new cert.
[ 1] ProcDlgThreadCallbk@1a48dad4, RECV TLSv1.2 ALERT: fatal, handshake_failure
[ 1] %% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
[ 1] ProcDlgThreadCallbk@1a48dad4, called closeSocket()
[ 1] ProcDlgThreadCallbk@1a48dad4, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Release : 10.7
We are seeing the Certificate chain as <Empty> . The client is not able to see the entire certificate Chain.
1] Supported Signature Algorithms: SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
[ 1] Cert Authorities:
[ 1] <Empty>
[ 1] ProcDlgThreadCallbk@1a48dad4, READ: TLSv1.2 Handshake, length = 4
[ 1] *** ServerHelloDone
[ 1] Warning: no suitable certificate found - continuing without client authentication
[ 1] *** Certificate chain
[ 1] <Empty>
Note : This keystore was created with multiple Alias names.
Since the properties in local.properties did not have the right Alias name to use, it did not find the full Certificate Chain.
Added 'ssl.client.alias'=<alias name> to the local.properties
ssl.client.cert.path=
ssl.client.cert.pass=
ssl.client.key.pass=
ssl.client.alias=
We are now able to get a valid response.