000016862 - RSA Access Manager SSLHandshakeException when using Auth SSL

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016862
Applies ToRSA Access Manager version 6.2
This issue occurs due to an issue in the JAVA 1.6 or 1.7 crypto libraries when doing certain actions on PKCS 12 keystores.  The issue did not occur in earlier versions of RSA Access Manger because we used older library calls.  The issue specifically occurs when trying to retrieve objects from a PKCS keystore that contains both trusted certificates and private keys.
IssueRSA Access Manager SSLHandshakeException when using Auth SSL 
Error in dispatcher.log or lserver.log file:
23,1axm-dispatcher,2014-01-09 16:51:27:397 EST,0,Error, , ,{error=javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found   description=Error handling client connection from 10.10.10.10/10.10.10.10:33188},10.

Error in dispatcher standard output file when in debug mode:
ClientConnection-21, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
ResolutionThis issue can be avoided by using JKS keystores when using Auth SSL mode. 
Alternately you can use separate JKS keystores for the truststore and the keystore files used for Auth SSL. 
Legacy Article IDa63834

Attachments

    Outcomes