-1

Recently, started getting "javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate" after upgrades and such and using TLSv1.3 now I think. Safari, opera and Firefox seem to work fine but Chrome causes exceptions in the server

javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

Anyone know why this is? This doesn't make sense to me.

Steps to reproduce in case you are curious

  1. git clone https://github.com/deanhiller/webpiecesexample-all.git
  2. cd webpiecesexample-all
  3. git checkout -t origin/testChromeSsl
  4. ./gradlew assembleDist
  5. cd webpiecesexample/output/distributions
  6. unzip webpiecesexample.zip
  7. Run ./bin/webpiecesexample
  8. Check logs/server.log
  9. Safari works, chrome to causes server to spit out bad_certificate

Ok, I just upgraded a build to gradle 5.3.1 then jdk11. To upgrade to jdk11, I had to upgrade self signed certificate for tests to RSA instead of DES since TLSv1.3 does not support DES anymore. I seem to get this new error

None of the stuff in this post seemed to work

Calling WebService and having SSL / cert issue

Dean Hiller
  • 19,235
  • 25
  • 129
  • 212

1 Answers1

0

Oh, wow, I have this half figured out. Chrome is starting to use the SSL field for the reason of why it is closing down the SSL socket(it did not do that a year or two ago) and SSLEngine just barfs with an exception and the reason that chrome gave to us for closing the ssl connection then the socket.

Then Chrome prompts the user "Are sure you want to proceed, this is not a good certificate, blah blah"

I do feel like there is still too many of these going on though. It's quite weird.

Dean Hiller
  • 19,235
  • 25
  • 129
  • 212