Announcement Announcement Module
Collapse
No announcement yet.
Invoking webservice from a spring-ws client deployed in weblogic: HANDSHAKE_FAILURE Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Invoking webservice from a spring-ws client deployed in weblogic: HANDSHAKE_FAILURE

    Context: I have an application (consumer) deployed in EAR mode in weblogic server. This application invokes several external webservices (provider) in http mode. Now we need the application to invoke a new webservice in https/ssl mode.

    Issue: I used following piece of code to attach the required certs to the JVM before the client invokes a webservice call.

    System.setProperty("javax.net.debug", "ssl");

    System.setProperty("javax.net.ssl.trustStore", "foo.jks");

    System.setProperty("javax.net.ssl.trustStorePasswo rd", "pwdt");

    System.setProperty("javax.net.ssl.keyStore", "soo.jks");

    System.setProperty("javax.net.ssl.keyStorePassword ", "pwd");
    It's working fine when the code is run from eclipse - outside of weblogic. However when I deploy the same code in weblogic, it fails with following error.

    Caused by: javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from sxgtest.nordstrom.net - 10.16.216.30. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.

    I have verified that everything thing is same - code/certs etc in the both the cases. The only difference is it works if executed as a normal java client outside of weblogic and it fails if dexcuted from an ear deployed in weblogic.

    I have very minimal idea of weblogic. Is there any setting or configuration in weblogic that needs to be turned on? If not what am I missing?

    Thanks

  • #2
    Do your trustStore and your jre cacerts have last verisign certificates ?

    I had a problem with a provider since first days of july because Verisign added new certificates you have to add in your cacerts.

    Since i had it in my cacerts file, it worked.
    Last edited by pilerou; Aug 2nd, 2011, 05:21 AM.

    Comment

    Working...
    X