How to troubleshoot SSL handshake failures with JAVA debugging option.
2 years ago
Originally Published: 2009-03-09
Article Number
000045191
Applies To
RSA Access Manager 6.0
Java Runtime Environment 1.5
Issue
How to troubleshoot SSL handshake failures with JAVA debugging option.

Example of SSL error exception:

Thread-16, READ: TLSv1 Alert, length = 2 Thread-16, RECV TLSv1 ALERT:  fatal, certificate_unknown Thread-16, called closeSocket() Thread-16, Exception while waiting for close
javax.net.ssl.SSLHandshakeException: Received fatal alert:
certificate_unknown
Thread-16, handling exception: javax.net.ssl.SSLHandshakeException:
Received fatal alert: certificate_unknown MuxWorker-9, handling exception: javax.net.ssl.SSLHandshakeException:
Received fatal alert: certificate_unknown


Cause
Trusted certificate is incorrect.
Resolution

Add the following line to the java startup command for the RSA Access Manager servers:

 -Djavax.net.debug=all

If you are using a runtimeAPI or adminAPI program you can set the system property in your code with the following line:

System.setProperty("javax.net.ssl.debug", "all");

This will enable debug mode for the JSSE showing all the SSL certificates and handshake information:


Ensure that the correct LDAP SSL Server certificate is trusted in the JKS or PKS keystore for Mutual SSL Authentication.
Notes

See the Sun Java documentation for JSSE debugging: 

http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#Debug


Related Articles

Trending Articles

Don't see what you're looking for?