Jersey SSL handshake issue

[Darren H]

Hi all, 

We are calling 2 fairly high profile SAAS service REST APIs (hubspot and shopify) using the Jersey 2.x client library. In glassfish 3 with Jersey 1.x it used to work without any issues however since porting to Payara 5 and upgrading to Jersey 2.x it now won't connect due to an SSL handshake issue. 

We've tried taking the same code and putting it into a jar file run from the commandline using the same version of Java (1.8.151) and that runs without the same problem so we then took that jar and made it into a Payara 5 micro project, again using the same Java version, and that also runs fine. We then made the code into a standalone war and run that on an out of the box install of Payara 5, and that fails with same handshake issue we get within our enterprise app.

It seems that something is different about the call if done within Payara 5 but having spent a lot of time trying to diagnose the issue we haven't yet managed to get to the bottom of it. I've attached the source code for the servlet and the pom.xml file, everything else just relies on a stock install of Payara 5.192 as we've made no changes to that since installing other than to add the -Djavax.net.debug=ssl:handshake option to see what's happening with SSL. Basically we see 

Any suggestions would be most welcome.

Kind regards,

Darren

[Ondro Mihályi]

Hi,

Payara Server uses a different key and trust stores than the default ones in the JDK. You probably need to add the public certificates of Hubspot and Shopify to Payara Servers trust store - tehcacerts.jks file. See this blog post how to do it: https://blog.payara.fish/securing-payara-server-with-custom-ssl-certificate

If that doesn't help, please post the SSL handshake error message here.

All the best,

Ondro