SSL exception.

[Sami]

We have some EJBs and Web Services running on WLS8.1 SP1. Our client sent us a
new ssl public cert that we need to include in our keystore. We inserted the
intermediary and root certs into the WLS 8.1 cacerts keystore and the client's
new pub cert + the intermediate cert into our keystore, which we're pointing to
in our console. However, when we did, the log started giving an SSLKeyException
failure and an error message stating that: Certificate chain is incomplete.

We also found the following exception in the log:

B02B425A> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@1a666bf Sever
ity: 2 Type: 42
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69
)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
ava:98)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.
java:288)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection
.java:697)
at com.gmacfs.routeone.transport.RouteOneHTTPSSender.send(RouteOneHTTPSS
ender.java:135)
at com.gmacfs.routeone.transport.RouteOneSenderBean.onMessage(RouteOneSe
nderBean.java:87)
at weblogic.ejb20.internal.MDListener.execute(MDListener.java:382)
at weblogic.ejb20.internal.MDListener.transactionalOnMessage(MDListener.
java:316)
at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:281)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:2596)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:2516)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)

Then, we realized we had a duplicate copy of the same intermediate cert in our
keystore, so we reverted back to our old keystore and we re-inserted only one
but we left cacerts the same way it was.

But even after we reverted, we still get a similar exception to the above in our
logs (notice the difference in severity.

B02B425A> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@1ff5160 Sever
ity: 1 Type: 0
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Un
known Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source
)
at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
at weblogic.net.http.HttpClient.closeServer(HttpClient.java:385)
at weblogic.net.http.HttpClient.closeServer(HttpClient.java:372)
at weblogic.net.http.HttpURLConnection.disconnect(HttpURLConnection.java
:522)
at weblogic.net.http.HttpsURLConnection.disconnect(HttpsURLConnection.ja
va:234)
at com.gmacfs.routeone.transport.RouteOneHTTPSSender.send(RouteOneHTTPSS
ender.java:156)
at com.gmacfs.routeone.transport.RouteOneSenderBean.onMessage(RouteOneSe
nderBean.java:87)
at weblogic.ejb20.internal.MDListener.execute(MDListener.java:382)
at weblogic.ejb20.internal.MDListener.transactionalOnMessage(MDListener.
java:316)
at weblogic.ejb20.internal.MDListener.onMessage(MDListener.java:281)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:2596)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:2516)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)

Any help would appreciated.

Thanks

Sami

[Pavel]

The second alert is a normal CLOSE_NOTIFICATION alert that the ssl socket sends
to the peer when it is closed.

Pavel.