Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

SOAP SSL error when connecting in with java

Hi,

We are trying to make a simple application that makes requests to the CCM via the AXL SOAP interface to get personal address book information. When we do the request it errors out with a SSL handshake problem, I have pasted some of the exact error output below: Any help or ideas would be appreciated !!!

at java.lang.Thread.run(Unknown Source)

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_

failure

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Un

known Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Sou

rce)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Sou

rce)

at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect

(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown S

ource)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unk

nown Source)

Full logs attached, I have imported the CCM cert into the Java keystore and still no luck. The only way I can get this to work by testing is to have CCM in VM and web deployed on actual physical machine and that's only for a single user dev. environment.

Rob

4 REPLIES

Re: SOAP SSL error when connecting in with java

By default, the ssl certificate from the ccm is untrusted - so you get a verification error. There are two ways to work around this.. one is importing the certificate to the trusted store (google it), the other is writing your code so that it automatically accepts untrusted certs.

For the latter, you could have a method like this (which I stole from the axlsql application)

:

public void init() throws InitializationException

{

X509TrustManager xtm = new MyTrustManager();

TrustManager[] mytm = { xtm };

SSLContext ctx;

try

{

ctx = SSLContext.getInstance("SSL");

ctx.init(null, mytm, null);

SSLSocketFactory sf = ctx.getSocketFactory();

HttpsURLConnection.setDefaultSSLSocketFactory(sf);

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()

{

public boolean verify(String hostname, SSLSession session)

{

return true;

}

}

);

}

catch (NoSuchAlgorithmException ex)

{

throw new InitializationException("SSL Algorithm not found: " + ex.getMessage());

}

catch (KeyManagementException ex)

{

throw new InitializationException("Key management exception: " + ex.getMessage());

}

}

New Member

Re: SOAP SSL error when connecting in with java

When looking at the keystore today I noticed the path for the CCM cert was wrong creating a unique keystore. When adding the CCM cert to the \lib\security\cacerts keystore so it's trusted it worked. I listed the keystore to verify that its there, I still get an error although the logs seem to spit out more. Any ideas?

Please see fulllogs2 attached for logs

Re: SOAP SSL error when connecting in with java

I'm afraid I never actually did keystore imports (had for ssl ldap but never for https).. but unless you have a pressing concern why you only want your software to work if the cert has been imported (can't really imagine there could be.. in the end you either decide to trust the ccm or not.. and whether you do that by configuring address&credentials or the same plus importing the cert that seems mostly semantics to me), I can only recommend that you try my approach - it gives you ssl support without all the certificate hassle.

Re: SOAP SSL error when connecting in with java

are you sure tomcat/spring is using the correct keystore file?

Try to force it to use a specific file, i.e.

System.setProperty("javax.net.ssl.keyStore", "c:\mykeystore");

and some example code could be useful too

396
Views
0
Helpful
4
Replies
CreatePlease to create content