Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

MSE Context Aware Notifications:Failed to send event to the destination. Error in connectivity and/or destination parameters.

Getting error when Context Aware Notifications are being sent from our Cisco MSE to our cloud Service. It looks to be a ssl error from the logs. The cert is valid from what I can tell, tested it at https://www.sslshopper.com/ssl-checker.html and it says:

   

The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).

 

The certificate was issued by GoDaddy. 

Write review of GoDaddy

 

The certificate will expire in 127 days. 

Remind me

 

The hostname is correctly listed in the certificate.

 

Here is an error message that download from the Cisco MSE Logs (cfx.log):

 

 

javax.net.ssl.SSLException: java.lang.RuntimeException: Failed to throw Invalid Parameter Spec exception due to invalid parameter type.

  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1617)

  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:105)

  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

  at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)

  at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:146)

  at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)

  at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)

  at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)

  at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)

  at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)

  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)

  at com.aes.common.net.HttpsTransportProvider.sendMessage(HttpsTransportProvider.java:168)

  at com.aes.location.intf.track.AesEventGen.fireEventNow(AesEventGen.java:705)

  at com.aes.location.intf.track.DestinationHandler$EventProcessor.send(DestinationHandler.java:843)

  at com.aes.location.intf.track.DestinationHandler$EventProcessor.retrySend(DestinationHandler.java:827)

  at com.aes.location.intf.track.DestinationHandler$EventProcessor.watchDest(DestinationHandler.java:774)

  at com.aes.location.intf.track.DestinationHandler$EventProcessor.run(DestinationHandler.java:688)

  at java.lang.Thread.run(Thread.java:662)

Caused by: java.lang.RuntimeException: Failed to throw Invalid Parameter Spec exception due to invalid parameter type.

  at com.cisco.ciscossl.provider.ciscojce.trust.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:370)

  at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627)

  at com.sun.net.ssl.internal.ssl.ECDHCrypt.<init>(ECDHCrypt.java:58)

  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:568)

  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:198)

  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)

  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)

  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)

  ... 18 more

Everyone's tags (1)
3 REPLIES
Community Member

More Info:  INFO com.cisco

More Info:

 

 

INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEFirewall - allowing EC because CISCOJ_PERMIT_UNIMPLEMENTED_KEYFACTORY_EC set

INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEFirewall - allowing EC because CISCOJ_PERMIT_UNIMPLEMENTED_KEYFACTORY_EC set

INFO com.cisco.ciscossl.provider.ciscojce.trust.ECKeyFactory - CiscoJCE creating EC public key based on ECPublicKeySpec

INFO com.cisco.ciscossl.provider.ciscojce.trust.ECKeyFactory - CiscoJCE Find curve name: checking prime curves.

INFO com.cisco.ciscossl.provider.ciscojce.trust.ECKeyFactory - CiscoJCE Find curve name: checking sec curves.

INFO com.cisco.ciscossl.provider.ciscojce.trust.FECPublicKeySpec - CiscoJCE assigning EC public key with curve secp384r1

INFO com.cisco.ciscossl.provider.ciscojce.trust.ECKeyPairGenerator - Separate source of randomness not supported.

ERROR com.cisco.ciscossl.provider.ciscojce.trust.ECKeyPairGenerator - Invalid parameter type.  Only ECGenParameterSpec supported

ERROR com.cisco.ciscossl.provider.ciscojce.trust.ECKeyPairGenerator - Failed to throw Invalid Parameter Spec exception due to invalid parameter type.

CauseThe JVM cannot find the

Cause

The JVM cannot find the javax.net.ssl.trustStore required for SSL, or it does not contain the required certificates.

For standard installations, we do not recommend this JVM argument is used, and rather your certificates are added to the JVM's default keystore, which is typically located in $JAVA_HOME/jre/lib/security/cacerts or the keystore used by your Tomcat, as in our Running JIRA over SSL or HTTPS documentation.

Resolution

Follow our Connecting to SSL services documentation. This will guide you through obtaining the certificate of the service you're accessing and importing it into the recommended Java keystore.

(warning) If you're using a non-standard keystore, such as the one specified in Tomcat, please import the certificate into that keystore.

 

 

for more detail please see the below link

https://confluence.atlassian.com/display/JIRAKB/Unable+to+Access+SSL+Services+due+to+java.security.InvalidAlgorithmParameterException

Community Member

 Well I am trying to do try

 

Ok following this is what I have found, $JAVA_HOME is set from the shell script that is starting the process that is writing the log file that I found the error in. The JRE that it is using has a cacerts in the path $JAVA_HOME/lib/security/. What this tells me that it should be working.

There error you are referencing somes different than the error I am seeing.

After following the cmd from the link :

 

openssl s_client -connect google.com:443 < /dev/null sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

<JAVA_HOME>/keytool -import -alias <server_name> -keystore <JAVA_HOME>/lib/security/cacerts -file public.crt

 

 

I get the following error message:

[root@localhost bin]# keytool -import -alias "service" -keystore ../lib/security/cacerts -file public.crt

Exception in thread "main" java.lang.UnsatisfiedLinkError: /opt/mse/framework/jre/lib/ext/libCiscoJCEJNI.so: libCiscoJSafeC_mem.so: cannot open shared object file: No such file or directory
        at java.lang.ClassLoader$NativeLibrary.load(Native Method)
        at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1807)
        at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1716)
        at java.lang.Runtime.loadLibrary0(Runtime.java:823)
        at java.lang.System.loadLibrary(System.java:1028)
        at com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider.loadGlue(CiscoJCEProvider.java:166)
        at com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider.<clinit>(CiscoJCEProvider.java:126)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:357)
        at java.lang.Class.newInstance(Class.java:310)
        at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
        at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
        at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
        at sun.security.jca.ProviderList.getService(ProviderList.java:313)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:140)
        at java.security.Security.getImpl(Security.java:659)
        at java.security.KeyStore.getInstance(KeyStore.java:584)
        at sun.security.tools.KeyTool.doCommands(KeyTool.java:594)
        at sun.security.tools.KeyTool.run(KeyTool.java:172)
        at sun.security.tools.KeyTool.main(KeyTool.java:166)

 

 

336
Views
0
Helpful
3
Replies
CreatePlease to create content