1

I'm trying to run a Java application which makes a https call to a server, but keep getting the following SSL error:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:882)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
    at java.io.BufferedOutputStream.write(BufferedOutputStream.java:105)
    at org.apache.commons.httpclient.HttpConnection.write(HttpConnection.java:974)
    at org.apache.commons.httpclient.HttpConnection.write(HttpConnection.java:942)
    at org.apache.commons.httpclient.HttpConnection.print(HttpConnection.java:1032)
    at org.apache.commons.httpclient.HttpMethodBase.writeRequestLine(HttpMethodBase.java:2077)
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1918)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
        ...
        ...
        ...
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:462)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)

I read on other posts that I need to add the certificate in lib/security/cacerts. So I downloaded the certificate file from the server using Firefox, and ran the following command:

sudo keytool -import -keystore cacerts -storepass changeit -alias samplecert-root -trustcacerts -file VeriSignClass3SecureServerCA.crt 
Certificate was added to keystore

However, I still keep getting the error. What is the problem? Did I add the certificate properly to the keystore?

Tiny
  • 27,221
  • 105
  • 339
  • 599
drunkenfist
  • 2,958
  • 12
  • 39
  • 73
  • 3
    Please paste your relevant `-Djavax.net.debug=ssl` output into the question. Have you read the [oracle example](http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html)? – eis Apr 28 '15 at 05:35
  • 3
    It's probably asking for a certificate that you aren't sending. Can you run your client with `-Djavax.net.debug=ssl,handshake` and post the output here? – user207421 Apr 28 '15 at 05:51

1 Answers1

1

In my case, the cause of the error was that I was using a certificate as a client certificate that was a server-only certificate.

jdex
  • 1,279
  • 1
  • 13
  • 20