Application Code gets bad_certificate Error When Using SSL Client and Server Authentication Code (Doc ID 1305106.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Containers for J2EE - Version 10.1.3.0.0 to 10.1.3.5.0 [Release AS10gR3]
Information in this document applies to any platform.
***Checked for relevance on 28-Sep-2015***

Symptoms

Submitting a Web Service request to a Server that has two way SSL
authentication enabled (server auth and client auth) fails with error:


Exception while waiting for close javax.net.ssl.SSLHandshakeException:
Received fatal alert: bad_certificate
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal
alert: bad_certificate
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1650)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1428)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:591)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:698)




This issue could occur with any application code implementing SSL connections using these methods, it may not be a Web Service based application.



TESTCASE

=========


import java.io.*;
import java.net.URL;

import java.security.*;
import java.security.cert.*;

import javax.net.ssl.*;

public class TestSSL1 {

public static void main(String[] args) throws Exception {
String host;
int port;
if (args.length == 1) {
String[] c = args[0].split(":");
host = c[0];
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
} else {
System.out.println("Usage: java TestSSL <host>[:port] ");
return;
}

SSLContext context = SSLContext.getInstance("SSLv3");
//SSLContext context = SSLContext.getInstance("TLSv1");
context.init(null, null, null);


SSLSocketFactory factory = context.getSocketFactory();

//SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();

System.out.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);

socket.setSoTimeout(10000);
try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
System.out.println("SSL handshake started...");
socket.close();
System.out.println();
System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}

}

}

 

Changes

N/A

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms