E-IB: Getting "HttpTargetConnector:ExternalSystemContactException RSA premaster secret error" on Accessing Third-Party Node over HTTPS (Doc ID 1329572.1)

Last updated on DECEMBER 23, 2015

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.49 and later
Information in this document applies to any platform.
***Checked for relevance on 16-OCT-2013***

Symptoms

Applies to Tools 8.4x, 8.5x

When implementing Intregration Broker based communication with third party vendor, the certificate provided by the third party has been imported to the {PS_HOME}/webserv/{domain}/keystore/pskey keystore file. The path and password for the keystore file have been verified to be correct in the gateway properties (file integrationGateway.properties"). However, when trying to ping the vendor node or send a request to it, get:

a) Online error message on the page:

    Integration Gateway - External System Contact Error (158,10721)


b) Exception in the gateway error log (file "errorLog.html") with stack trace as follows:

HttpTargetConnector:ExternalSystemContactException RSA premaster secret error
158,10721 : IOException: The host couldn't be resolved.

 

javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:86)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:514)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
at psft.pt8.pshttp.https.HttpsClient.doConnect(HttpsClient.java:220)
at sun.net.NetworkClient.openServer(NetworkClient.java:118)
at psft.pt8.pshttp.https.HttpClient.openServer(HttpClient.java:514)
at psft.pt8.pshttp.https.HttpClient.<init>(HttpClient.java:335)
at psft.pt8.pshttp.https.HttpsClient.<init>(HttpsClient.java:61)
at psft.pt8.pshttp.https.HttpsClient.newClient(HttpsClient.java:117)
at psft.pt8.pshttp.https.HttpsClient.newClient(HttpsClient.java:85)
at psft.pt8.pshttp.https.HttpsURLConnection.connect(HttpsURLConnection.java:447)
at psft.pt8.pshttp.https.HttpsURLConnection.getOutputStream(HttpsURLConnection.java:493)
at psft.pt8.pshttp.PSHttp.createOutputStream(PSHttp.java:299)
at psft.pt8.pshttp.PSHttp.send(PSHttp.java:289)
at com.peoplesoft.pt.integrationgateway.targetconnector.HttpTargetConnector.send(HttpTargetConnector.java:386)
at com.peoplesoft.pt.integrationgateway.service.BasicConnectorInvocator.execute(BasicConnectorInvocator.java:116)
at com.peoplesoft.pt.integrationgateway.framework.GatewayManager.invokeService(GatewayManager.java:127)
at com.peoplesoft.pt.integrationgateway.framework.GatewayManager.connect(GatewayManager.java:171)
at com.peoplesoft.pt.integrationgateway.listeningconnector.PeopleSoftListeningConnector.doPost(PeopleSoftListeningConnector.java:149)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:225)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:127)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at com.peoplesoft.pt.integrationgateway.common.IBFilter.doFilter(IBFilter.java:69)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3212)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:1983)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1890)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1344)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at com.sun.net.ssl.internal.ssl.RSACipher.encryptInit(RSACipher.java:40)
at com.sun.net.ssl.internal.ssl.PreMasterSecret.<init>(PreMasterSecret.java:83)
... 40 more

 On a different occasion,  when outbound integration transactions to a 3rd party failed,   the 3rd party was using stronger cipher suites such as TLS_RSA_WITH_AES_256_CBC_SHA (256), the gateway log only showed the generic error: Integration Gateway: No Response received from Gateway(158, 10829) .   The Weblogic log however contained the ‘Cipher not initialized ‘ as outlined below.

####<Apr 30, 2013 2:00:55 PM PDT> <Error> <Kernel> <MY-SERVER> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1367355655238> <BEA-000802> <ExecuteRequest failed
 java.lang.IllegalStateException: Cipher not initialized.
java.lang.IllegalStateException: Cipher not initialized
    at javax.crypto.Cipher.c(DashoA13*..)
    at javax.crypto.Cipher.update(DashoA13*..)
    at com.certicom.tls.provider.Cipher.update(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
    at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
    at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms