Two way SSL outbound calls from RHPAM to external party fails
Issue
- 2 way SSL fails with following exception, where RHPAM is acting as client configured with keystore, truststore using system properties :
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:340)
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:154)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1279)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1188)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:401)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373)
- Even after the javax.net.ssl.keystore is configured as system property, the client certificate is not shared to the server during the handshake. Following message is observed in ssl debug logs:
javax.net.ssl|FINE|B9|EE-ManagedThreadFactory-default-Thread-1|2021-06-01 09:02:14.313 UTC|CertificateMessage.java:328|Produced client Certificate handshake message (
(EE-ManagedThreadFactory-default-Thread-1) "Certificates": <empty list>
- Calling external service through RESTWorkItemHandler fails, if 2 way SSL is configured
Environment
- Red Hat Process Automation Manager (RHPAM)
- 7.9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.