0

I'am running Appium java test cases to fetch some api but the api doesn't accessible and return an error

javax.mail.MessangingException: Connect Failed; nested exception is: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

I've created a certificate for my website www.example.com from here.

openssl req \
  -x509 -nodes -days 365 -sha256 \
  -newkey rsa:2048 -keyout mycert.pem -out mycert.pem

then try to import mycert.pem to jre via

$JAVA_HOME/bin/keytool -import -alias mycertificate -keystore path_to_keystore -file certificate_file

but got another error keytool input not an x.509 certificate i've check the certificate is not corrupted with

openssl x509 -in mycert.pem -text
Andronicus
  • 25,419
  • 17
  • 47
  • 88
mzaifquraishi
  • 86
  • 1
  • 7
  • I can't say what the problem is here exactly, but what I would do is just try a different tutorial for generating/importing the SSL certs. There are a bunch out there. For example: https://www.baeldung.com/spring-boot-https-self-signed-certificate – crig Aug 31 '21 at 21:34
  • curiosity got me.. looks like your command is combining the private key and the certificate into the same file. That's why java keytool is rejecting it. See here for an openssl command that separates the two: https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl – crig Aug 31 '21 at 21:43
  • @crig+ however, `keytool -import[cert]` can't handle a privatekey at all, which an HTTPS server needs; there are dozens of Qs on this already, please look at some of them. That said, javax.mail (aka javamail now jakarta-mail) does not connect to any webserver either with HTTPS (SSL/TLS) or HTTP; it connects only to _mail servers_ and this problem looks like dupe https://stackoverflow.com/questions/68262963/ and https://stackoverflow.com/questions/67899129 (mine) and cross https://superuser.com/questions/1649382/ – dave_thompson_085 Sep 01 '21 at 02:49
  • There are two parts to it - the server side presenting the certificate (the service being accessed). The server side needs the certificate and private key (which should be kept safe/protected). Then there is the client side. If your Java client calls a web service which presents a certificate, does it trust that certificate or not? Importing the cert using the java keytool utility is addressing the client trust side of things only. The client does not need/should not have the private key. – crig Sep 07 '21 at 21:56

0 Answers0