This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
JacquesAdankon
Beginner
Beginner
‎2020-11-20 04:55 AM

SSLHandshakeException on RSA IG&L 7.1.1

Jump to solution

Hello,

 

I'm trying to configure the Generic REST Connector on RSA IG&L 7.1.1 to implement a provisioning to Wallix endpoint.

When I run the test suite for the "login" capability, I get the error below.

 

Do you know how to solve this problem?

Thank you in advance for your help.

 

Login
Total number of processing errors = 1
Iteration 0
Parameter NameValue
Error code = -1
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Cause:     


Stack Trace:
org.mule.transport.http.HttpClientMessageDispatcher.execute(HttpClientMessageDispatcher.java:151)
org.mule.transport.http.HttpClientMessageDispatcher.doSend(HttpClientMessageDispatcher.java:279)
org.mule.transport.AbstractMessageDispatcher.process(AbstractMessageDispatcher.java:84)
org.mule.transport.AbstractConnector$DispatcherMessageProcessor.process(AbstractConnector.java:2637)
org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:58)
org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:44)
org.mule.processor.chain.SimpleMessageProcessorChain.doProcess(SimpleMessageProcessorChain.java:43)
org.mule.processor.chain.AbstractMessageProcessorChain.process(AbstractMessageProcessorChain.java:67)
org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:44)
org.mule.processor.AbstractInterceptingMessageProcessorBase.processNext(AbstractInterceptingMessageProcessorBase.java:102)
org.mule.endpoint.outbound.OutboundResponsePropertiesMessageProcessor.process(OutboundResponsePropertiesMessageProcessor.java:35)
org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.java:58)
org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:44)
org.mule.processor.chain.SimpleMessageProcessorChain.doProcess(SimpleMessageProcessorChain.java:43)
org.mule.processor.chain.AbstractMessageProcessorChain.process(AbstractMessageProcessorChain.java:67)
org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
org.mule.execution.MessageProcessorExecutionTemplate.execute(MessageProcessorExecutionTemplate.java:44)
org.mule.processor.AbstractInterceptingMessageProcessorBase.processNext(AbstractInterceptingMessageProcessorBase.java:102)
org.mule.processor.EndpointTransactionalInterceptingMessageProcessor$1.process(EndpointTransactionalInterceptingMessageProcessor.java:46)
org.mule.processor.EndpointTransactionalInterceptingMessageProcessor$1.process(EndpointTransactionalInterceptingMessageProcessor.java:43)
org.mule.execution.ExecuteCallbackInterceptor.execute(ExecuteCallbackInterceptor.java:16)
org.mule.execution.BeginAndResolveTransactionInterceptor.execute(BeginAndResolveTransactionInterceptor.java:54)
org.mule.execution.ResolvePreviousTransactionInterceptor.execute(ResolvePreviousTransactionInterceptor.java:44)
org.mule.execution.SuspendXaTransactionInterceptor.execute(SuspendXaTransactionInterceptor.java:50)
org.mule.execution.ValidateTransactionalStateInterceptor.execute(ValidateTransactionalStateInterceptor.java:40)
org.mule.execution.IsolateCurrentTransactionInterceptor.execute(IsolateCurrentTransactionInterceptor.java:41)
org.mule.execution.ExternalTransactionInterceptor.execute(ExternalTransactionInterceptor.java:48)
org.mule.execution.TransactionalExecutionTemplate.execute(TransactionalExecutionTemplate.java:65)
org.mule.processor.EndpointTransactionalInterceptingMessageProcessor.process(EndpointTransactionalInterceptingMessageProcessor.java:52)
org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
org.mule.execution.MessageProcessorNotificationExecutionInterceptor.execute(MessageProcessorNotificationExecutionInterceptor.ja...
0 Likes
Reply
1 Solution

Accepted Solutions
JacquesAdankon
Beginner
Beginner
In response to IanStaines
‎2020-12-03 05:45 AM

Jump to solution

Hello Ian,

 

As suggested, I have opened a support case to get some help. We have captured and analyzed SSL negotiation packets  with the tcpdump tool.

By comparing with RSA 7.2.0 SSL packets, we noticed that the connection required more secured encryption algorithms, so we updated java jdk version and it solved the problem. 

 

Thank you again.

View solution in original post

Reply
10 Replies
IanStaines
Moderator Moderator
Moderator
‎2020-11-23 03:40 PM

Jump to solution

This looks like an RSA Identity Governance & Lifecycle question.   I will move it one of the RSA Identity & Lifecycle groups so it gets more visibility. 

Reply
IanStaines
Moderator Moderator
Moderator
In response to IanStaines
‎2020-11-23 03:51 PM

Jump to solution

This is likely an SSL issue similar to the following.

 

000037971 - RSA Identity Governance & Lifecycle ServiceNow connector fails with "handshake_fail... hi

 

This is an active failure where the endpoint is refusing the connection from IG&L because the java security settings on the server do not adhere to current standards.    It is unlikely the endpoint will reduce security to allow this connection so you must increase the security on RSA IG&L.

 

Likely you are running an older version of Java on this server.  Upgrade java according to the method appropriate for the type of appliance you are using.  


Note that there are also dependencies between the version of Java that you use and the RSA IG&L version.  

Reply
AhmedNofal
Moderator Moderator
Moderator
‎2020-11-24 06:10 AM

Jump to solution

did you import the Wallix certificates to the java truststore that the AFX server is running on?

Reply
JacquesAdankon
Beginner
Beginner
In response to AhmedNofal
‎2020-11-24 11:02 AM

Jump to solution

Yes I did it but I got the same issue.

0 Likes
Reply
IanStaines
Moderator Moderator
Moderator
In response to JacquesAdankon
‎2020-11-24 01:23 PM

Jump to solution

I recommend you get more detail about the actual SSL failure.  This can be done in either of two ways.

 

  • Turning on SSL debugging in the JVM using -Djavax.net.debug=ssl  (Internal KB article 000033388)
  • Capturing a tcpdump packet capture of the SSL negotiation on the REST port.

 

Both of these are advanced techniques so if you need assistance with gathering or analyzing this information I recommend you open a Support case and quote this discussion. 

Reply
JacquesAdankon
Beginner
Beginner
In response to IanStaines
‎2020-11-30 04:28 AM

Jump to solution

Hello Ian,


After I turn on the SSL debugging, which file should I look for to get detailed information?

0 Likes
Reply
JacquesAdankon
Beginner
Beginner
In response to AhmedNofal
‎2020-11-30 04:31 AM

Jump to solution

Hello Ahmed,

 

I have added the chain of certificates in the file $JAVA_HOME/jre/lib/security/cacerts. 

Is it the right file?

0 Likes
Reply
IanStaines
Moderator Moderator
Moderator
In response to JacquesAdankon
‎2020-11-30 02:34 PM

Jump to solution

It depends on the application server, but SSL debug output goes to the aveksaserver.log file on Wildly.  Be aware the output will be massive.  Do not do this in production or it will bring your system down. 

Reply
JacquesAdankon
Beginner
Beginner
In response to IanStaines
‎2020-12-03 05:45 AM

Jump to solution

Hello Ian,

 

As suggested, I have opened a support case to get some help. We have captured and analyzed SSL negotiation packets  with the tcpdump tool.

By comparing with RSA 7.2.0 SSL packets, we noticed that the connection required more secured encryption algorithms, so we updated java jdk version and it solved the problem. 

 

Thank you again.

View solution in original post

Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.