How to troubleshoot SSL handshake failures with JAVA debugging option.

3 years ago

Originally Published: 2009-03-09

Article Number

000045191

Applies To

RSA Access Manager 6.0
Java Runtime Environment 1.5

Issue

How to troubleshoot SSL handshake failures with JAVA debugging option.

Example of SSL error exception:

Thread-16, READ: TLSv1 Alert, length = 2 Thread-16, RECV TLSv1 ALERT: fatal, certificate_unknown Thread-16, called closeSocket() Thread-16, Exception while waiting for close
javax.net.ssl.SSLHandshakeException: Received fatal alert:
certificate_unknown
Thread-16, handling exception: javax.net.ssl.SSLHandshakeException:
Received fatal alert: certificate_unknown MuxWorker-9, handling exception: javax.net.ssl.SSLHandshakeException:
Received fatal alert: certificate_unknown

Cause

Trusted certificate is incorrect.

Resolution

Add the following line to the java startup command for the RSA Access Manager servers:

-Djavax.net.debug=all

If you are using a runtimeAPI or adminAPI program you can set the system property in your code with the following line:

System.setProperty("javax.net.ssl.debug", "all");

This will enable debug mode for the JSSE showing all the SSL certificates and handshake information:

Ensure that the correct LDAP SSL Server certificate is trusted in the JKS or PKS keystore for Mutual SSL Authentication.

Notes

See the Sun Java documentation for JSSE debugging:

http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Debug

Don't see what you're looking for?

Related Articles

Trending Articles