Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Write Channel Closed, possible SSL handshaking or trust failure

15 views
Skip to first unread message

Chandra Sekhar Rao

unread,
Jan 2, 2004, 6:04:30 PM1/2/04
to

Hi,

I Have a problem while working with Two-way SSL. I get Write Channel Closed, possible
SSL handshaking or trust failure error while contacting the server for invoking
a webservice secured by SSL.

I could figure out that the error is happening on client side while validating
the server certificate.

One more observation that i was able to find is, it works fine if the Server certificate
and the client certificate are signed by the same (root) CA.

I tried various options but couldn't find my luck. The BEA documentation in this
regards is not at all sufficient.

If i give strict checking false on my client end, the application works fine.
But for my scenario i want strict checking to be happend (otherwise there is no
point in going for SSL itself).

I am using WLSSLAdapter on my client side. The client application is a standalone
java class running out of weblogic (ideally running on JRun).

The way i have coded in my java class is:

String certificatePath = "C:/Cerificates/cert.pem";
String caCertificatePath = "C:/Cerificates/clientca.pem";

String targetURL = "https://localhost:443/feedservice/FeedService";


//set weblogic ServiceFactory
System.setProperty( "javax.xml.rpc.ServiceFactory",
"weblogic.webservice.core.rpc.ServiceFactoryImpl" );

System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");

System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");


SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();

adapter.setProtocolVersion("SSL3");

adapter.setStrictChecking(true);

adapter.setVerbose(true);

FileInputStream clientCredentialFile = new FileInputStream (certificatePath);


String pwd = "password";

System.out.println("Loding Certificate from ........"+certificatePath);
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());

System.out.println("Loding CA Certificate from ........"+caCertificatePath);
adapter.setTrustedCertificatesFile(caCertificatePath);

// optionally set the Adapter factory to use this instance always.
sslFactory.setDefaultAdapter(adapter);
sslFactory.setUseDefaultAdapter(true);


......
........
.........

// Webservice invocation code..

call.setTargetEndpointAddress(targetURL);

call.setProperty("weblogic.webservice.client.ssladapter",adapter);

Object result = call.invoke(new Object[]{"test.xml"});


The error that i get :

java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Exception in handler's handleRequest().
Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write Channel
Closed, possible SSL handshaking or trust fail
ure
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)


Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...

Pavel

unread,
Jan 6, 2004, 10:45:19 AM1/6/04
to

It looks like your client does not trust the server certificate. Make sure the
certificate you pass in adapter.setTrustedCertificatesFile(caCertificatePath);
is the issuer of the server's identity certificate.

Pavel.

Chandra Sekhar Rao

unread,
Jan 8, 2004, 9:36:24 PM1/8/04
to

Hi payal,

I have the issuer of the server identity certificate in the trust file on client
side. The problem is with signature validation

Pavel

unread,
Jan 9, 2004, 11:13:36 AM1/9/04
to

The signature validation failure means your trusted CA certificate is not the issuer
of the identity certificate. The identity certificate issuer name can match to
the trusted CA certificate name, but the signature check really determines whether
it is the issuer.
0 new messages