Cannot connect using webserviceclient+ssl.jar

Hello!
I installed Verisign test certificate on my server and I am able to connect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded from getcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136)

Michael,
I guess the getcacert.cer, which is on the client side, should have the
server's certificate followed by the root CA certificate in .pem format.
I have it working with this format.
Could you please try this out and let us know.
Regards,
Anurag
"Michael Jouravlev" <[email protected]> wrote in message
news:[email protected]...
Hello!
I installed Verisign test certificate on my server and I am able toconnect
to the server using Web Service client with JSSE adapter class. Funnily
enough, I cannot connect using WebLogic SSL library, I get an exception.
Could someone help me understand, why I cannot connect using WebLogic SSL
implementation?
To connect using JSSE I use following system properties:
java^
-classpath
.;abcconnect-client.jar;webserviceclient.jar;..\lib\jcert.jar;..\lib\jnet.ja
r;..\lib\jsse.jar;^
-Dweblogic.webservice.client.ssl.adapterclass=com.xxx.yyy.webservice.ssl.AB
CJSSEAdapter^
-Djavax.net.ssl.trustStore=abc.keystore^
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
where abcconnect-client.jar is the client jar file, and abc.keystore
contains getcacert.cer root CA, which I downloaded from Verisign from this
page: https://digitalid.verisign.com/server/trial/trialStep4.htm,
ABCJSSEAdapter is the adapter class, implementing SSLAdapter. JSSE test
works fine.
To connect using WebLogic SSL implementation I use following system
properties:
java^
-classpath .;abcconnect-client.jar;webserviceclient+ssl.jar;^
-Dweblogic.webservice.client.ssl.trustedcertfile=getcacert.cer^
-Dweblogic.webservice.client.ssl.strictcertchecking=false^
-Dweblogic.webservice.security.verbose=true^
-Dweblogic.webservice.client.verbose=true^
-Dbea.home=.^
-Djava.protocol.handler.pkgs=com.certicom.net.ssl^
Client https://MyServer:7002/webservice/ABCConnectService?WSDL
I converted binary format of the certificate to PEM, but it did not help.
I am getting this exception:
[BaseWLSSLAdapter] : SSLAdapter verbose output enabled
[BaseWLSSLAdapter] : Strict cert checking disabled by default
[BaseWLSSLAdapter] : Trusted certificates will be loaded fromgetcacert.cer
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@73a7ab
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@4faf8
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@78c6df
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Loaded local trusted certificates from
java.io.FileInputStream@57c2bd
[BaseWLSSLAdapter] : Disabling strict checking on adapter
weblogic.webservice.client.WLSSLAdapter@323210
[BaseWLSSLAdapter] : Set TrustManager to
weblogic.webservice.client.BaseWLSSLAdapter$NullTrustManager@74f44a
[WLSSLAdapter] : Set HostnameVerifier to
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[BaseWLSSLAdapter] : Got new socketfactory
javax.net.ssl.impl.SSLSocketFactoryImpl@18c56d
[WLSSLAdapter] :
openConnection(https://MyServer:7002/webservice/ABCConnectService?WSDL)
returning
weblogic.webservice.client.https.HttpsURLConnection:https://MyServer:7002/we
bservice/ABCConnectService?WSDL
[WLSSLAdapter] : -- using HostnameVerifier
weblogic.webservice.client.WLSSLAdapter$NullVerifier@4ac00c
[WLSSLAdapter] : -- loaded certs from getcacert.cer
java.io.IOException: Write Channel Closed, possible SSL handshaking ortrust
failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(UnknownSource)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
known Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
nknown Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.net.ssl.HttpsClient.doHandshake(Unknown Source)
at
com.certicom.net.ssl.internal.HttpURLConnection.getInputStream(Unknown
Source)
at
weblogic.webservice.client.https.HttpsURLConnection.getInputStream(HttpsURLC
onnection.java:216)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:71)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:62)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
106)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
82)
at
weblogic.webservice.core.rpc.ServiceImpl.<init>(ServiceImpl.java:67)
at Client.main(Client.java:136)

Similar Messages

  • HT201320 when trying to set up my email account, i enter add account tap in my details for my virgin media email account, after going through the veryfying, it comes back with cannot connect using ssl.

    when trying to set up my personal email account, following the on screen instructions, it comes back with CANNOT CONNECT USING SSL, do you want to try setting up the account without ssl? Yes or No

    Since Thunderbird does not run on iPads, what does this have to do with Thunderbird?

  • When I try to set up my Optimum account email I get a message saying Cannot Connect Using SSL.

    When I try to set up my Optimum email account I get an error message saying Cannot Connect Using SSL. 

    What mail provider is it?
    Have you Googled for: setup XXX email on iPhone
    where xxx is the provider
    You can try going to Mail>the accounts>Advanced and turn Use SSL on or off, the opposite of what it is now.

  • Im trying to set up email on my iphone4 and it is saying "cannot connect using SSL" what does this mean?? what am i doing wrong because i cannot set up email??

    how do i set up email on my iphone??? it says "cannot connect using ssl" whats this mean, i cant recieve or send emails coz of this

    Try just choosing yes when it says that.  And yes if you get it a second time.  Lots of mail providers don't use SSL.

  • New gmail account on iPhone cannot connect using SSL

    Hi,
    I was having problems accessing the gmail server on my iphone so i deleted the account settings on the iphone and am creating a new one. However, the iphone tells me that it cannot connect using SSL. Has anyone had a similar problem? I don't want to setup the account without this basic security.

    Hey milos321,
    I'm not sure what caused the issue. I believe account may have been automatically locked because abnormal activity.
    You can find more detailed information here:
    http://mail.google.com/support/bin/answer.py?answer=61805
    http://mail.google.com/support/
    Jason

  • HT201320 I m trying to add my gmail acoount to mail app but when i click on next button it is showing following message, cannot connect using ssl, what to do???

    I m trying to add my gmail acoount to mail app but when i click on next button it is showing following message, cannot connect using ssl, what to do???

    Some of the following may help:
    How to enable imap: https://support.google.com/mail/troubleshooter/1668960?rd=1
    For your username, did you enter the full name including "@gmail.com"
    Do you have gMail 2-step verification turned on? If so, you need to use an application-specifc password instead of your normal password if using a mail app: https://support.google.com/mail/answer/1173270?hl=en

  • HT201320 having problems setting up email for a tiscali email address - after trying to verify ipda comes up saying cannot connect using SSL

    trying to set up my tiscali email address on an ipad mini, after trying to verify, message comes up stating "cannot connect using SSL"

    Not sure what the shortcut is. I'm just going, Settings > Mail > Add Account > Gmail
    That is the GMail shortcut. That should work. Just for testing, use the "Other" shortcut.
    Settings / Mail / Add Account / Other
    Name: <put your name>
    Email [email protected]
    Incoming server: pop.gmail.com
    Login: [email protected]
    Password: yourpassword
    Outgoing server: smtp.gmail.com
    Login: [email protected]
    Password: yourpassword
    Hit SAVE.
    It should set itself up correctly without you having to specify anything else. Try that.

  • Vulnerabilities in webserviceclient+ssl.jar in Weblogic 10gR3 server

    Hi,
    I am using Weblogic server 10gR3. While checking for the vulnerabilities in project, came across CVE-2007-0417,CVE-2003-0640,CVE-2001-0098,CVE-2000-0681,CVE-2007-4618,CVE-2007-4617,CVE-2007-0425,CVE-2007-0418,CVE-2007-0408,CVE-2005-4757,CVE-2005-4756 all high vulnerabilities present in webserviceclient+ssl.jar. The description of these vulnerabilities says that they should be present in previous versions of Weblogic and should work fine in 10gR3.
    I am not sure, may be I have missed something while understanding as I am new to this.
    Please suggest me the way to resolve these security concerns.
    Thanks in Advance!

    Hi,
    For a tutorial with source on how to create and deploy a simple quickstart JEE5 JPA enterprise 3-tier application on your Oracle WebLogic 10.3 server - see the following example that uses the EclipseLink JPA provider. You should be able to transition all of your mapping information (the @ManyToOne and table/column overrides and named queries for example) using either JPA via entity annotations or native extensions if you do not want to implement EJB3.
    see...
    http://wiki.eclipse.org/EclipseLink/Examples/JPA/WebLogic_Web_Tutorial
    We also have a similar version for Tomcat 6 except the JPA entity beans run outside a container-managed JTA transaction on the web container - for reference.
    http://wiki.eclipse.org/EclipseLink/Examples/JPA/Tomcat_Web_Tutorial
    thank you
    /michael
    www.eclipselink.org

  • HT201320 CANNOT CONNECT USING SLL

    I have a new Ipad 3rd generation, and I cannot setup my verizon email account on ADD ACCOUNT, does anyone know how to proceed? I am receiving the message "cannot connect using SSL" - My ipad is connected to AT&T for wifi service.
    Thanks,
    It's just Ducky2U

    Gmail accounts can be set up as either IMAP or POP. Each refers to the email protocol. POP is the older of the two and is typically a simple mail delivery with minimal interaction with the server. It pretty much sends the email to your client device and accepts outgoing for delivery processing. IMAP includes a synchronized folder structure and usually an email tagging/classification setup to allow for for flexible management of the the account through the client device. That's a bit of a simplistic description, but should give you an idea.
    For anyone using the same account on multiple devices, IMAP is generally the preferred type.

  • Cannot connect using FaceTime on my IMAC with an iPhone 5

    Cannot connect using FaceTime on my IMAC with an iPhone 5.

    sry, but you posted this in the wrong forum
    this is the PowerPC forum, which is for machines built before about 2001.
    post it in the INTEL forum

  • Clients cannot connect using afp running lion 10.7.1, worked ok before upgrade from 10.7 to 10.7.1

    I am running a macminiserver on ahome newtwork.  Original running snow leopard and then upgraded to 10.7 lion on all machine and everything was working fine.  Clients coul connected to shared drives on the server using afp.  However, after upgrading to 10.7.1 on the server and client machines, they can no lnger connect to the drives using afp, however you can connect using smb.
    I ahve tried stopping and starting the afp server, rebuilding permissions on the server - still cannot connect using afp.
    Any ideas?

    Be sure the correct Lion afp port is open on your router, even if you are using an Airport (port 548 tcp). Just do a search on "Mac OS X Lion ports".
    Also, if this is outside of the network, use the full server name in the Finder's Connect to Server, afp://server.com; when it prompts for a username, enter your first name and last name (not your short name) and then you also need to enter your password. If you don't have a fqdn, then you can use the static ip for "server.com"
    It should work, working for me inside and outside of the network. Admittedly, I don't think you need the port on the router for internal use, but you can test both ways.
    When working outside of the network a vpn is not required.

  • Error: The chosen certificate was not exported and cannot be used for SSL

    Hello there,
    when I try to configure the profilemanager in OS X Server and it comes to choose a certificate i get the following message:
    The chosen certificate cannot be used.
    The chosen certificate was not exported and cannot be used for SSL.
    I chose our Wildcard certificate we received from Thawte.
    It is completely imported in the Keychain from the Mac.
    (Sorry if any sentence is wrong, I translated it from german to english)
    Best regards,
    Christoph

    Is this a regular web ssl cert or a code signing cert?

  • HT201320 When i try to set up my mail account and get to save/verifying - I get a notice saying Cannot Connect Using SSl-

    When i try to set up my mail acct. and get6 to save/verifying - I get a notice saying Cannot connect to SSL.

    What mail provider is it?
    Have you Googled for: setup XXX email on iPhone
    where xxx is the provider
    You can try going to Mail>the accounts>Advanced and turn Use SSL on or off, the opposite of what it is now.

  • Applet using webservice+ssl.jar

    how to configure a webservice ssl connection from an applet?
    webservice+ssl.jar is setting in my classpath,
    but i can't use System.setProperty... in an applet.
    Is there an example?
    JM

    Hello,
    Try the clientauth example [1] and see if it doesn't answer most of your
    questions.
    Regards,
    Bruce
    [1]
    http://webservice.bea.com/clientauth.zip
    Jean-Marie Patard wrote:
    >
    how to configure a webservice ssl connection from an applet?
    webservice+ssl.jar is setting in my classpath,
    but i can't use System.setProperty... in an applet.
    Is there an example?
    JM

  • NSS 324 iSCSI ready status, cannot connect using MS iSCSI Initiator

    I have an NSS 324 (firmware: 1.0.4) which has been running a Microsoft iSCSI target without any problems for months, until the last 7 days.  I'm now to the point where I cannot access the iSCSI target at all when I try and connect using the iSCSI Initiator, the Quick Connect window comes up with "Target Error" in the bottom of the window.
    Attached are screencaps of the three (3) tabs from the 'Disk Management, iSCSI' section on the NSS 324 management portal.
    iSCSI, Portal Management:
    iSCSI, Target Management:
    iSCSI, Advanced ACL:
    I've also attached screencaps of the six (6) tabs from the iSCSI Initiator Object.
    1.
    1a.
    2.
    3.
    4.
    5.
    6.
    Thank you for any help you may be able to offer.  I have a ton of miscellaneous files on this iSCSI target and I'd hate to try and recreate all of it again.

    Thank you very much for the reply. 
    The IP address of the NSS324 is still 192.168.0.133
    clindoan wrote:Hi John,     Is it possible that the NSS324 may have the new IP address ? The iSCSI initiator failed to communicate to 192.168.0.133 with target error. I would check following:- NSS326 IP address on each LAN port- If NSS is run single LAN port, make sure the default gateway set to that LAN port- If the RAID volume should not be full for iSCSI target to be functional While waiting for resolve the root cause of this issue, you can use the WinSCP to get data (google and download the open source version). With WinSCP, you can see all your data just like it is on the Windows PC. 1, Install WinSCP2. Login with "admin" account and password (The local account with username= admin) 3. Path to iSCSI image is /root/share/external/sdwa1/  (all you folders and files are resided in this path)4. Backup all data to your local drives.Regards,-Clint
    When I launch WinSCP is the following connection information correct, or should I be using a different username, port number, etc. 
    Again, thank you very much for your help!

Maybe you are looking for

  • Laptop-TV: HOW TO CONNECT T400 with the TV (not HD)?

    Hello guys, I would like to connect my three years old Lenovo T400 ( with VGA)  with the TV (I will use the same connection with the DVD player...with my PC was OK because I used a video card ...well...is  impossible with the laptop...) No ideea what

  • Limitation on Alias length

    Hi, Is there a limitation on the length of Alias in Essbase 9.3 ? Thanks

  • Converting between types in Web Dynpro

    Is it possible to convert between data types in web dynpro?  I am trying to covert a string to another data type (int, BigDecimal, etc.)?  I have found no documentation on how to do this? Any help will be greatly appreciated.  Thanks

  • How to store selections of multiple comboBox in to Array

    Mine only store the last comboBox's selection which is really wierd. Who could give some suggestion pls? Besides anyone know how to display different contents in different comboBox within one column of the table pls? Help!!!

  • Fix:  Portal Server on Linux (Start-up JVM Crash Error!)

    A Long problem with the Sun JVM for Linux is the implementation of the Hotspot Server. I just ran into this problem on Service Pack1 of Portal Server on Linux and I am sure more will. So I offer this advise. On Linux your Sun JVM will crash with the