Two way SSL outbound calls from RHPAM to external party fails

Solution Verified - Updated -

Issue

  • 2 way SSL fails with following exception, where RHPAM is acting as client configured with keystore, truststore using system properties :
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:340)
        at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:186)
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:154)
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1279)
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1188)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:401)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373)
  • Even after the javax.net.ssl.keystore is configured as system property, the client certificate is not shared to the server during the handshake. Following message is observed in ssl debug logs:
 javax.net.ssl|FINE|B9|EE-ManagedThreadFactory-default-Thread-1|2021-06-01 09:02:14.313 UTC|CertificateMessage.java:328|Produced client Certificate handshake message (
(EE-ManagedThreadFactory-default-Thread-1) "Certificates": <empty list>
  • Calling external service through RESTWorkItemHandler fails, if 2 way SSL is configured

Environment

  • Red Hat Process Automation Manager (RHPAM)
    • 7.9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content