Current situation. There are 2 nodes on the same internal network (let's call them Bus and Broker). The internal CA has signed a request made 2 weeks ago. This signed certificate has been inserted correctly into the Broker's "keystore" as well as the Bus's "truststore". It has been verified that both nodes' software use the appropriate stores.
When trying to setup a secure connection using JMS (or AMQP) the Bus's output is as follows:
TID: [] [] [2021-06-16 11:47:08,949] ERROR {org.wso2.andes.transport.network.mina.MinaNetworkHandler} - Exception caught by Mina {org.wso2.andes.transport.network.mina.MinaNetworkHandler}
javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
The error on the broker side is:
ERROR {org.wso2.andes.transport.network.mina.MinaNetworkHandler} - Exception caught by Mina but without protocol engine to handle it
java.lang.NullPointerException
Things we've excluded so far:
- The certificate is valid, as well as it's chain (and it still before expiry date)
- The serial numbers of the entries in truststore and keystore match
- The passwords used on the software to decrypt the entries are correct
- The actual correct stores are being in use (there is another key in the store matching another service which does work)
- The keystore entry is for the exact right domain (and has 2 alternatives)
- The duplicates of the certificates were all removed from the truststore
The verification of the certificates using openssl tooling was also done. The MD5 hashes of the CRT/Key/CSR all match.
Any hint/clue is appreciated.
