Java开发网 - ssl connection error

Topic: ssl connection error

1.ssl connection error	Copy to clipboard
Posted by: roy_nixping Posted on: 2003-10-31 14:37 我连一下URL时出现这样的错误 conncetion to URL https://161.88.246.152/RosettaNet failed with following error: peer sent alert :Alart falter :bad certificate java.io.IOException:java.net.SocketException:Connection reset by peer:socket close. 请问盖怎样解决？

2.Re:ssl connection error [Re: roy_nixping]	Copy to clipboard
Posted by: floater Posted on: 2003-10-31 23:18 please provide your info, otherwise people can't help you? Are you using a browser, or use java, don't assume everyone knows anthing you do.

3.Re:ssl connection error [Re: roy_nixping]

Copy to clipboard

Posted by: roy_nixping
Posted on: 2003-11-03 09:36

我是在调试两个web服务器对连时出现了上面的问题。(双方不清楚对方的web服务器是何类型）

两个服务器用https连接。我们都有对方的client ceritificate.root certificate.

本地服务器在执行send data to https://161.88.xx.xx:8443/RosettaNet时出现错误，send data是本地服务器提供的一个service。

是否因为在SSL握手时本地服务器送出的client certificate不对或对方没有把我的client certificate放在可信任客户列表(我猜测）.导致不能建立连接。

4.Re:ssl connection error [Re: roy_nixping]

Copy to clipboard

Posted by: floater
Posted on: 2003-11-03 23:56

That's what I suspect, however there are some info:
1. When the client cert is not right, you should get this:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2. When the server's cert is not trusted by the client, you should get this:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Couldn't find trusted certificate

In your case, if we read the error literally, the cert is bad! But we don't know which cert, the server side or the client side. You need to check both.
Maybe the format is not right, see below.

Some info for you reference:
When URLConnection is used for HTTP(S) connection:
1. We can specify the truststore and keystore like this:


System.setProperty("javax.net.ssl.trustStore", "<name here>");
System.setProperty("javax.net.ssl.keyStore", "<name here>");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");

The truststore is used by the client to trust server's cert, so put server's cert or its CA cert in there. Use keytool to create this store and import the cert.
The keystore is used to store client's cert. KEEP IN MIND, in keystore, the store's password has to be the same as the private key's password, otherwise you will get wield errors(not clear enough). The password can NOT be null or empty. Further more, the keystore has to be in JKS format. So if you have p12, pfx, write a simple class to convert it.
2. Here is the way to setup proxy/firewall, if you have to go through firewalls.
For https:


System.setProperty("https.proxySet", "true");
System.setProperty("https.proxyHost", "<proxy server here>");
System.setProperty("https.proxyPort", "80");

String tmp = "name" + ":" + "password";
String encodedpswd = "Basic " + new sun.misc.BASE64Encoder().encode(tmp.getBytes());
if (conn != null)
{
     conn.setRequestProperty("Proxy-Authorization", encodedpswd);
}

For http, just replace https with http in the above.