Getting javax.net.ssl.SSLHandshakeException on DEVTEST 10.7.2 Workstation when trying to connect to SSL enabled Registry Service
search cancel

Getting javax.net.ssl.SSLHandshakeException on DEVTEST 10.7.2 Workstation when trying to connect to SSL enabled Registry Service

book

Article ID: 278852

calendar_today

Updated On: 02-05-2024

Products

Service Virtualization

Issue/Introduction

Trying to connect DEVTEST 10.7.2 Workstation to SSL enabled Registry Service 

2024-02-01 21:43:45,872Z (15:43) [ActiveMQ Transport: ssl://<RegistryHost>:2010] INFO  handling exception: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2024-02-01 21:43:45,872Z (15:43) [TcpSocketClose: java.util.concurrent.ThreadPoolExecutor$Worker@42bfe35b[State = -1, empty queue]] INFO  System.out                     - TcpSocketClose: java.util.concurrent.ThreadPoolExecutor$Worker@42bfe35b[State = -1, empty queue], called close()
2024-02-01 21:43:45,872Z (15:43) [TcpSocketClose: java.util.concurrent.ThreadPoolExecutor$Worker@42bfe35b[State = -1, empty queue]] INFO  System.out                     - TcpSocketClose: java.util.concurrent.ThreadPoolExecutor$Worker@42bfe35b[State = -1, empty queue], called closeInternal(true)
2024-02-01 21:43:45,873Z (15:43) [ProcDlgThreadCallbk@39196fad] INFO  com.itko.lisa.net.ClientBase   - No response from remote server

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Environment

DevTest 10.7.2 and above

Cause

Cause: Whenever Java attempts to connect to another application over SSL, it will be able to connect to that application if it can trust it.

The way trust is handled in the Java is that you have a truststore, typically $JAVA_HOME/lib/security/cacerts, that contains a list of all known Certificate Authority (CA) certificates, and Java will trust certificates that are signed/ issued by one of those CAs that exist within this truststore.

Resolution


Resolution:  For Workstation to connect to Registry on SSL protocol, create a truststore. 
And configure the below properties in local.properties.

lisa.net.trustStore={{LISA_HOME}}yourtruststore.jks
lisa.net.trustStore.password=yourpassword


** alternatively, if you still get the Handshake errors,  you may try to import the full chain- root and intermediate certificate into the DEVTEST_HOME/jre/lib/security/cacerts keystore.

Powered by Wolken Software