-1

My application invokes a web service request. The provider of this web service is requesting for a certificate based authentication.

Unfortunately while making the handshake, the certificate is not being returned as part of the CertificateRequest step. Below is the log trace

Cert Authorities:
<Empty>
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client
authentication

I have placed the keystore and the truststore using the below properties which is being picked up during the handshake (logged in the logs)

-Djavax.net.ssl.keyStore=$CMX_SSL_KEY_STORE
-Djavax.net.ssl.keyStorePassword=123456 
-Djavax.net.debug=ssl 
-Djavax.net.ssl.keyStoreType=pkcs12  

JAVA_OPTS= JAVA_OPTS="-D$PS_TOKEN$ENV_TOKEN $LOCAL_MEM_OPTS $GC_OPTS
$CMAX_OPTS $JMX_OPTS $CMX_SSL_TRUST_STORE_OPT $MQ_OPTS 
$ADDITIONAL_JVM_OPTS $LOCAL_JVM_OPTS $CMX_SSL_KEY_STORE_OPT"

I don't have a private key as part of the keystore, as the vendor who provided the certificate refused to provide the private key. As part of the keystore, I have the whole chain of the certificate, but still its not working

Error seen in the logs is as below 

 Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

Need some guidance to resolve this issue

I looked at

why doesn't java send the client certificate during SSL handshake?

which is on the same problem, but the solution provided by Bruno is failing. Not able to attach the certificate to the private key using the same alias

madhu
  • 43
  • 1
  • 7
  • **No private key -> no HTTPS certificate authentication.** You need a proper client certificate including private key for HTTPS certificate base client auth. – Robert Mar 30 '18 at 14:08

1 Answers1

0

I don't have a private key as part of the keystore

Then you don't have a keystore: you have a truststore.

as the vendor who provided the certificate refused to provide the private key.

Of course he did. None of your beeswax.

You're supposed to provide your own private key and certificate in your own keystore.

You have a serious misunderstanding here.

user207421
  • 305,947
  • 44
  • 307
  • 483