Getting error javax.net.ssl.SSLHandshakeException Received fatal alert: bad_certificate
search cancel

Getting error javax.net.ssl.SSLHandshakeException Received fatal alert: bad_certificate

book

Article ID: 74446

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Getting the error "javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate", when executing a web service step, but  the same certificate works onSOAP UI.


Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)

Environment

All supported DevTest Environments

Cause

Possible cause with DevTest : 

1. The client keystore being used is not the correct one.

Verify if the target service is requesting a certificate - 2-way SSL authentication.

You can see the SSL handshake steps using the HTTP/SSL Debug Viewer.

If the target service is configured for 2-way authentication, we will see something like "CertificateRequest" in the debug viewer in the ServerHello step.

More information regarding the HTTP/SSL Debug Viewer in the link below:

How to collect SSL debugging information with DevTest?

 

2.The keystore path configured in the local.properties is incorrect.  
ssl.client.cert.path=C:/Users/somepath/xyz.jks  
ssl.client.cert.pass=

ssl.client.key.pass=

ssl.client.alias=

 

3. The TLS versions used in the client side is incorrect. 

Usually the ClientHello is using TLSv1 and the server requires TLSv1.2.

 

You can verify in the HTTP/SSL Debug Viewer what is the TLS version the client is using.

More information regarding the HTTP/SSL Debug Viewer in the link below:

How to collect SSL debugging information with DevTest?

Resolution

1. Have a valid keystore configured in the test step or local.properties file to authenticate the client side against the target service.


2. Provide the correct information for the ssl.client.* properties in the local.properties file:

ssl.client.cert.path=C:/Users/somepath/xyz.jks  ( "/" slash used in the path) 
ssl.client.cert.pass=

ssl.client.key.pass=

ssl.client.alias=


3. Change the TLS version in the local.properties of the component you are running as client side.

The property below is setting TLS version to 1.2.

https.protocols=TLSv1.2