In SSL Handshake : failed extension check error

Similar Messages

• SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr

  Getting following error while invoking webservice over ssl.
  "SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr"
  We generated webservice java stub using JDeveloper based on wsdl provided to us from 3rd party. We are able to test this webservice successfully without ssl . Once ssl is enabled by the 3rd party webservice provider we faced
  "java.lang.UnsatisfiedLinkError: no njssl9 in java.library.path" error in JDeveloper.
  In JDeveloper we were able to resolve this by following details provided at
  Lehmann's web log on "Securing a Web Service - Client SSL" (http://radio.weblogs.com/0132036/2004/02/13.html ).
  We then run the same java stub from oracle application server 9iAS 1.0.2.2.2. This is when we get error
  "SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr"
  Debugging further we see that in 9iAS we have following in our class path.
  ..iAS/jlib/jssl-1_1.jar:..iAS/jlib/javax-ssl-1_1.jar:..iAS/soap/webapps/soap/WEB-INF/lib/soap.jar
  we took the same files and added to libraries in JDeveloper and are able to reproduce the same error in JDeveloper. We turned on Debug on oracle.jssl.debug and with that we see following details
  instantiate the hashtable
  SocketTable write Enter fdin 1
  SocketTable write offset 0 length 72
  SocketTable write: 72 bytes
  SocketTable read Enter
  SocketTable read: 1 bytes
  SocketTable read Enter
  SocketTable read: 2 bytes
  SSLSocketImpl close Thread:main
  In close removing fd 1Thread main
  [SOAPException: faultCode=SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr...
  Any suggestions on how to resolve this error in oracle application server 9iAS ?
  Note: We run Oracle E-Business Suite on this same 9iAS so any change we make should not impact the oracle applications running on this server.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  hi,
  thi sis very simple soloution for this. open the wsdl into the internet explorer. when wsdl file open save this wsdl with the .xml extension. when u want to make dat contorl or web sekelton or proxy dont use the hhtps:// ????????/ url give the path there for the .xml file which u save for this. i am sure u will invoke all the services which is provoider by the web service.
  have nice day
  best regards

• SSL handshake failed: X509CertChainIncompleteErr - How to call secure WS?

  Hi all, I'm trying to use a third party web service over SSL. I'm using jdk 1.5.0_11 and jDev 10.1.3.0.4.
  Here is what I've done so far:
  1 - I generated a web service proxy using jDev's wizard.
  2 - I created a simple keystore with keytool with the following cmd:
  keytool -genkey -keystore techdspc.keystore -storepass ****** . I copied the .keystore file in my project under the src directory.
  3 - I used the wizard "Secure Proxy" on my web service with the following options:
  - "Use x509 to authenticate"
  - I specified my newly created keystore file as the keystore path as well as the password.
  - I left the default choice to all the other options.
  Once the files were all created by the wizard, I tried out the proxy and got the following error:
  ATTENTION: Unable to connect to URL: https://test.eai.adpclaims.com/WSProxy/WS_Proxy.asmx due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
  java.rmi.RemoteException: ; nested exception is:
       HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
       at audatex3.runtime.WSProxySoap_Stub.transmit(WSProxySoap_Stub.java:679)
       at audatex3.WSProxySoapClient.transmit(WSProxySoapClient.java:83)
       at audatex3.WSProxySoapClient.main(WSProxySoapClient.java:43)
  The owner of the Web Service told me that the error is without a doubt on the proxy side. Si my question is: What am I doing wrong?
  Your help will be greatly appreciated.
  thanks!

  I tried generating an other keystore with a slightly different cmd and I still get the same error so this does not seem to be the problem...
  Any ideas?¸
  Thanks

• SSL handshake failed: X509CertChainIncompleteErr

  I am trying to send name-value pairs using https and JSSE. I am using JDev 9i, and first I create a war file and bundle JSSE with it, then deploy it to an ear file, and use Enterprise Manager of 9iAS Rel2 to deploy the ear file to the server (on Windows 2000).
  I get the following error (please excuse the test output lines):
  Response: xxx test000+ test0+ test1+ test2+ test3+ test4+ test4a+
  javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
  Here's my code:
  import java.net.*;
  import java.io.*;
  import com.sun.net.ssl.*;
  public class testsend {
  public testsend()
  public String myTest () throws Exception {
  String endresult = "xxx ";
  String url = "https://www.mysite.com/myfile.php?" ;
  endresult = endresult + "test000+ ";
  // actual name-value pairs are sent out, this is just an example
  String data = "name1=value1&name2=value2";
  URL server = null;
  try {
  server = new URL(url);
  endresult = endresult + "test0+ ";
  catch(MalformedURLException e) {
  endresult = endresult + e.getMessage();
  ObjectInputStream myresponse = null;
  Object result = null;
  try {
  URLConnection con = server.openConnection();
  endresult = endresult + "test1+ ";
  con.setDoOutput(true);
  con.setUseCaches(false);
  con.setRequestProperty("Content-Type", "application/octet-stream");
  endresult = endresult + "test2+ ";
  ObjectOutputStream request = new ObjectOutputStream(new BufferedOutputStream(con.getOutputStream()));
  endresult = endresult + "test3+ ";
  request.writeObject(data);
  endresult = endresult + "test4+ ";
  request.flush();
  endresult = endresult + "test4a+ ";
  request.close();
  endresult = endresult + "test4b+ ";
  // get the result input stream
  myresponse = new ObjectInputStream(new BufferedInputStream(con.getInputStream()));
  endresult = endresult + "test6+ ";
  // read response back from the server
  result = myresponse.readObject();
  endresult = endresult + result.toString();
  catch(Exception e) {
  endresult = endresult + e.getMessage();
  return endresult;
  I've searched for the error message on the web but did not have much luck finding a solution. It obviously won't open a input stream.
  Any one have any thoughts? Thanks.
  jv

  Hi Francisco,
  I am(Oracle 9iAS) sending SOAP messages over SSL to a remote server(Microsoft IIS) hosting the web services. The remote HTTPS site is up and I can view the certificate. It has a 3 level chain. user certificate, intermediate and a root CA.
  Through my application when I try to establish handshake, I have some code to display the certificate chain of the remote server. Here I see only the user and the intermediate certificate. I donot see the root CA. I understand that this is the reason for the Incomplete cert chain error. Is this something the remote server hosting the web services should do with their configuration?? Or can I do something at my end??
  Please let me know,
  Thank you

• Ssl-handshake fails with scandinavian chars in client certificate

  Hello,
  We've run into a problem with 2-way-ssl and certificates that have scandinavian
  characters in the subject. The problem cert is used as client-certificate for
  authentication and it goes like this:
  1. Client surfs with http in our site, until clicks https-link that will immediately
  start the ssl-handshake
  2. Server presents it's trusted cert-list fine
  3. PIN is being asked fine
  4. Next the request processing stops on the exception below and nothing will happen
  on the client side.
  Certs without these äöå -chars work fine, so our guess is that they cause it,
  but the certs ought to be according to specs: name-fields encoding is UTF-8 according
  to RFC 2459 from year 1999. A failing example-cert is also below.
  Would this be a problem with the certificate rather than BEA-implementation?
  Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
  sp2 + CASE_ID_NUM: 501454 hotfix).
  Best Regards,
  Igor Styrman
  <avalable(): 20303264 : 0 + 0 = 0>
  <write ALERT offset = 0 length = 2>
  <SSLIOContextTable.removeContext(ctx): 1765100>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
  SSLSocket>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
  6487148>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
  be Muxing>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
  11153746>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL Version 2 with no padding>
  <21647856 SSL3/TLS MAC>
  <21647856 received SSL_20_RECORD>
  <HANDSHAKEMESSAGE: ClientHelloV2>
  <write HANDSHAKE offset = 0 length = 58>
  <write HANDSHAKE offset = 0 length = 1789>
  <Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
  <Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
  <Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <Converting principal: [email protected], CN=Thawte Personal
  Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte Personal
  Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
  <Converting principal: [email protected], CN=Thawte Server
  CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
  Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte Personal
  Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte Premium
  Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
  Town, ST=Western Cape, C=ZA>
  <Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
  Inc.", C=US>
  <Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
  C=IE>
  <Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
  <Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
  O=Baltimore, C=IE>
  <Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <write HANDSHAKE offset = 0 length = 2409>
  <write HANDSHAKE offset = 0 length = 4>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL3/TLS MAC>
  <21647856 received HANDSHAKE>
  <HANDSHAKEMESSAGE: Certificate>
  PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
  'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
  java.lang.NullPointerException: Could not set value for ASN.1 string object..
  java.lang.NullPointerException: Could not set value for ASN.1 string object.
       at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
       at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
       at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
       at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
       at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
       at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
       at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
       at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
       at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
  Source)
       at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  -----BEGIN CERTIFICATE-----
  MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
  MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
  IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
  VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
  ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
  ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
  Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
  C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
  YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
  HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
  IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
  A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
  bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
  MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
  cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
  VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
  KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
  3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
  JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
  0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
  SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
  tvrGCMOrvrb5QTxVtLNr
  -----END CERTIFICATE-----

  BMPString is another asn1 type that can be used for certificate attributes with
  non-ascii characters. The workaround is simply to use the BMPString instead of
  UTF8String for that subject name attribute in the certificate request. This off-course
  assumes that you can replace the certificate, and have control over what asn1
  type is used for the subject name attributes in the certificate request (via a
  tool options, or by generating the request yourself), so it is probably not applicable.
  Pavel.
  "Ari Räisänen" <[email protected]> wrote:
  >
  Thanks again, Pavel!
  I'm filing a support case about this. You talked about a workaround (BMPString).
  Could you be more spesific? I haven't talked about this issue with Igor
  yet.
  Regards,
  Ari
  "Pavel" <[email protected]> wrote:
  Sounds like a bug in certicom code. It should support UTF8String.
  I'd file a support case.
  You might be able to use BMPString instead as a workaround.
  Pavel.
  "Igor Styrman" <[email protected]> wrote:
  Hello,
  We've run into a problem with 2-way-ssl and certificates that have
  scandinavian
  characters in the subject. The problem cert is used as client-certificate
  for
  authentication and it goes like this:
  1. Client surfs with http in our site, until clicks https-link thatwill
  immediately
  start the ssl-handshake
  2. Server presents it's trusted cert-list fine
  3. PIN is being asked fine
  4. Next the request processing stops on the exception below and nothing
  will happen
  on the client side.
  Certs without these äöå -chars work fine, so our guess is that they
  cause it,
  but the certs ought to be according to specs: name-fields encoding
  is
  UTF-8 according
  to RFC 2459 from year 1999. A failing example-cert is also below.
  Would this be a problem with the certificate rather than BEA-implementation?
  Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
  (and with
  sp2 + CASE_ID_NUM: 501454 hotfix).
  Best Regards,
  Igor Styrman
  <avalable(): 20303264 : 0 + 0 = 0>
  <write ALERT offset = 0 length = 2>
  <SSLIOContextTable.removeContext(ctx): 1765100>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
  JSSE
  SSLSocket>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
  6487148>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
  will
  be Muxing>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
  11153746>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL Version 2 with no padding>
  <21647856 SSL3/TLS MAC>
  <21647856 received SSL_20_RECORD>
  <HANDSHAKEMESSAGE: ClientHelloV2>
  <write HANDSHAKE offset = 0 length = 58>
  <write HANDSHAKE offset = 0 length = 1789>
  <Converting principal: OU=Class 4 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
  <Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
  Solutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
  C=FI>
  <Converting principal: OU=Class 1 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <Converting principal: [email protected], CN=Thawte
  Personal
  Basic CA, OU=Certification Services Division, O=Thawte Consulting,
  L=Cape
  Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte
  Personal
  Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
  L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: OU=Class 3 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
  <Converting principal: [email protected], CN=Thawte
  Server
  CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
  Town, ST=Western
  Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte
  Personal
  Premium CA, OU=Certification Services Division, O=Thawte Consulting,
  L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte
  Premium
  Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
  L=Cape
  Town, ST=Western Cape, C=ZA>
  <Converting principal: OU=Secure Server Certification Authority, O="RSA
  Data Security,
  Inc.", C=US>
  <Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
  C=IE>
  <Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
  C=FI>
  <Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
  O=Baltimore, C=IE>
  <Converting principal: OU=Class 2 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <write HANDSHAKE offset = 0 length = 2409>
  <write HANDSHAKE offset = 0 length = 4>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL3/TLS MAC>
  <21647856 received HANDSHAKE>
  <HANDSHAKEMESSAGE: Certificate>
  PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
  for queue:
  'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
  failed
  java.lang.NullPointerException: Could not set value for ASN.1 string
  object..
  java.lang.NullPointerException: Could not set value for ASN.1 string
  object.
       at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
       at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
       at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
       at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
       at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
       at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
       at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
  Source)
       at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
       at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
  Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
       at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
  Source)
       at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  -----BEGIN CERTIFICATE-----
  MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
  MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
  IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
  VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
  ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
  ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
  Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
  C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
  YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
  HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
  IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
  A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
  bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
  MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
  cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
  VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
  KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
  3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
  JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
  0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
  SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
  tvrGCMOrvrb5QTxVtLNr
  -----END CERTIFICATE-----

• Can't connect to OID using SSL (handshake failed NZerr 29039)

  Hi!
  I'm trying to set up OID running on Windows Server 2003 for testing purposes.
  I have downloaded the files as_windows_x86_oim_oif_101401_disk(1/2) and installed Oracle Internet Directory only.
  I'm able to connect using standard clear text and using Oracle Directory Manager.
  I have followed the instructions on this page (chapter 17):
  [http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/ssl.htm]
  Using Oracle Wallet Manager I have generated a certificate request with the key size of 2048.
  I'm unsure what I was supposed to enter into the subject name of the request so I entered just "oid_idm", it looks like this now: "CN=oid_idm,C=US".
  I then used my Novell eDirectory CA to sign the request and to generate the certificate. I exported the CA certificate from eDirectory and imported it into the wallet, it's listed under Trusted Certificates as "META-TREE", I then imported my signed certificate into the wallet and it says Certificate:Ready now.
  The wallet is saved into C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETS.
  Auto Login is enabled.
  Using Directory Manager I right-clicked Configuration Set1 and selected "Create Like"
  I configured the new set to listen on non-SSL port 1389 and SSL port 1636,
  SSL Authentication: No SSL Authentication
  SSL Enable: SSL only
  SSL Wallet URL: file:C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETSSSL Port: 1636
  Then I changed the OracleServiceORCL
  to run as Administrator. Restarted the server, started the new instance (2).
  Using this command on the OID server I can connect:
  ldapsearch -D cn=orcladmin -w secret -U 1 -h 192.168.0.101 -p 1636 -b dc=lab -s base "objectclass=*"
  Trying to connect from my Linux server using it's own ldapsearch it doesn't work, I get the error: ldap_bind: Can't contact LDAP server
  Trying to connect using Apache Directory Studio or LDAP Browser\Editor also doesn't work (SSL connection).
  I can see the following in the log no matter which of the tree tools above I try to use:
  2008/10/12:13:01:09 * SSLthread:19 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed Source address: 192.168.0.15(WINDESK)
  * (NZerr 29039)
  Any ideas what I can do to solve this issue?
  Thanks!

  If you are using openldap commands in your linux machine, you can get some issues with OID. Try with oracle ldap client command if you have it installed in your linux machine. Also try to use a ldapbrowser java client to confirm that your installation is fine it is the better choice to test your environment from remote machines.

• SSL handshake error when calling Web Service

  Hi Grant,
  I am using your example here:
  http://groundside.com/blog/GrantRonald.php?title=calling_a_web_service_from_oracle_forms__2&more=1&c=1&tb=1&pb=1
  to call a web service from forms 10g on a machine with no proxies set up.
  I get to the point where I click the button that calls this code:
  DECLARE
       jo ora_java.jobject;
       xo ora_java.jobject;
       rv varchar2(100);
       --rv number;
       ex ora_java.jobject;
  BEGIN
       jo := SendServiceSoapClient.new;
       rv := SendServiceSoapClient.sendMessage(jo,'07000000000', 'Test text message from Forms', xo, xo);
  --     rv := SendServiceSoapClient.sendMessage(jo,:block6.number_to_text, :block6.text_msg, xo, xo);
  EXCEPTION
       WHEN ORA_JAVA.JAVA_ERROR then
                      message('Unable to call out to Java, ' ||ORA_JAVA.LAST_ERROR);
       WHEN ORA_JAVA.EXCEPTION_THROWN then
                      ex := ORA_JAVA.LAST_EXCEPTION;
       --     message(Exception_.toString(ex));
       --     message(Exception_.toString(ex));
       :block6.item11 := Exception_.toString(ex);
  END;
  I then get the message:
  java.rmi.RemoteException: ; nested exception is:
       HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
  My Jinitiator box says:
  Loading http://xpjdev11g.uk.conde-nast.biz:8889/forms/java/frmall_jinit.jar from JAR cache
  Loading http://xpjdev11g.uk.conde-nast.biz:8889/forms/java/wsarchive3.jar from JAR cache
  proxyHost=null
  proxyPort=0
  connectMode=HTTP, native.
  Forms Applet version is : 10.1.2.0
  Please note additional steps:
  I have tried to sign my JAR file (called wsarchive3.jar) - not sure if I have it done it correctly??
  I have added the JAR file in the system CLASSPATH
  I have added the JAR file to formsweb.cfg
  If you could help with the SSL error, I'd greatly appreciate it. Thanks.

  Let me check - have you got the "HOW TO" I created working when you use the following WSDL
  http://www.esendex.com/secure/messenger/soap/SendService.asmx?wsdl
  Does this work ok from Forms?
  The reason I ask is there is an HTTP web service (which is what the how to documents) but there is also and HTTPS versions - if you are getting errors about SSL it might be you are using the HTTPS version
  I just want to make sure I understand what you have and have not working so far.
  Grant

• Write Channel Closed, possible SSL handshaking or trust failure

  Hi,
  I Have a problem while working with Two-way SSL. I get Write Channel Closed, possible
  SSL handshaking or trust failure error while contacting the server for invoking
  a webservice secured by SSL.
  I could figure out that the error is happening on client side while validating
  the server certificate.
  One more observation that i was able to find is, it works fine if the Server certificate
  and the client certificate are signed by the same (root) CA.
  I tried various options but couldn't find my luck. The BEA documentation in this
  regards is not at all sufficient.
  If i give strict checking false on my client end, the application works fine.
  But for my scenario i want strict checking to be happend (otherwise there is no
  point in going for SSL itself).
  I am using WLSSLAdapter on my client side. The client application is a standalone
  java class running out of weblogic (ideally running on JRun).
  The way i have coded in my java class is:
  String certificatePath = "C:/Cerificates/cert.pem";
            String caCertificatePath = "C:/Cerificates/clientca.pem";
            String targetURL = "https://localhost:443/feedservice/FeedService";
            //set weblogic ServiceFactory
            System.setProperty( "javax.xml.rpc.ServiceFactory",
            "weblogic.webservice.core.rpc.ServiceFactoryImpl" );
            System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
            System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
            SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
            WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
            adapter.setProtocolVersion("SSL3");
            adapter.setStrictChecking(true);
            adapter.setVerbose(true);
            FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
            String pwd = "password";
            System.out.println("Loding Certificate from ........"+certificatePath);
            adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
            System.out.println("Loding CA Certificate from ........"+caCertificatePath);
            adapter.setTrustedCertificatesFile(caCertificatePath);
            // optionally set the Adapter factory to use this instance always.
            sslFactory.setDefaultAdapter(adapter);
            sslFactory.setUseDefaultAdapter(true);               
            // Webservice invocation code..
            call.setTargetEndpointAddress(targetURL);
            call.setProperty("weblogic.webservice.client.ssladapter",adapter);               
            Object result = call.invoke(new Object[]{"test.xml"});
  The error that i get :
  java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
  at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
  Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
  at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
  at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
  at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
  at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
  at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
  at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
  at com.chase.userspace.aceclient.Client.main(Client.java:253)
  Exception in handler's handleRequest().
  Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write Channel
  Closed, possible SSL handshaking or trust fail
  ure
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
  at com.chase.userspace.aceclient.Client.main(Client.java:253)
  Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...

  The signature validation failure means your trusted CA certificate is not the issuer
  of the identity certificate. The identity certificate issuer name can match to
  the trusted CA certificate name, but the signature check really determines whether
  it is the issuer.
  Pavel.
  "Chandra Sekhar Rao" <[email protected]> wrote:
  >
  Hi payal,
  I have the issuer of the server identity certificate in the trust file
  on client
  side. The problem is with signature validation
  "Pavel" <[email protected]> wrote:
  It looks like your client does not trust the server certificate. Make
  sure the
  certificate you pass in adapter.setTrustedCertificatesFile(caCertificatePath);
  is the issuer of the server's identity certificate.
  Pavel.
  "Chandra Sekhar Rao" <[email protected]> wrote:
  Hi,
  I Have a problem while working with Two-way SSL. I get Write Channel
  Closed, possible
  SSL handshaking or trust failure error while contacting the server
  for
  invoking
  a webservice secured by SSL.
  I could figure out that the error is happening on client side whilevalidating
  the server certificate.
  One more observation that i was able to find is, it works fine if the
  Server certificate
  and the client certificate are signed by the same (root) CA.
  I tried various options but couldn't find my luck. The BEA documentation
  in this
  regards is not at all sufficient.
  If i give strict checking false on my client end, the application works
  fine.
  But for my scenario i want strict checking to be happend (otherwisethere
  is no
  point in going for SSL itself).
  I am using WLSSLAdapter on my client side. The client application is
  a standalone
  java class running out of weblogic (ideally running on JRun).
  The way i have coded in my java class is:
  String certificatePath = "C:/Cerificates/cert.pem";
            String caCertificatePath = "C:/Cerificates/clientca.pem";
            String targetURL = "https://localhost:443/feedservice/FeedService";
            //set weblogic ServiceFactory
            System.setProperty( "javax.xml.rpc.ServiceFactory",
            "weblogic.webservice.core.rpc.ServiceFactoryImpl" );
            System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
            System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
            SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
            WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
            adapter.setProtocolVersion("SSL3");
            adapter.setStrictChecking(true);
            adapter.setVerbose(true);
            FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
            String pwd = "password";
            System.out.println("Loding Certificate from ........"+certificatePath);
            adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
            System.out.println("Loding CA Certificate from ........"+caCertificatePath);
            adapter.setTrustedCertificatesFile(caCertificatePath);
            // optionally set the Adapter factory to use this instance always.
            sslFactory.setDefaultAdapter(adapter);
            sslFactory.setUseDefaultAdapter(true);               
            // Webservice invocation code..
            call.setTargetEndpointAddress(targetURL);
            call.setProperty("weblogic.webservice.client.ssladapter",adapter);
            Object result = call.invoke(new Object[]{"test.xml"});
  The error that i get :
  java.io.IOException: Write Channel Closed, possible SSL handshakingor
  trust failure
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
  at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
  Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
  Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
  at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
  at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
  at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
  at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
  at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
  at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
  at com.chase.userspace.aceclient.Client.main(Client.java:253)
  Exception in handler's handleRequest().
  Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write
  Channel
  Closed, possible SSL handshaking or trust fail
  ure
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
  at com.chase.userspace.aceclient.Client.main(Client.java:253)
  Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...

• OCS SSL handshake

  Hi !
  I have a server running OCS 10G Release 1, in a single box layout.
  I have the OCS running in SSL mode and i have the same server acting as a Certificate Authority.
  I'm able of logging using SSL in the workspaces,calendar,real time conference, but in the real time conference , if i try to upload a document i have this error :
  SSL Handshake Failed.
  The certificate submitted by the site has either expired or is not trusted by the iMeeting server.
  Please request your iMeeting server administrator to update the Trusted Signer Certificates Database with the certificate for the site you are visiting.
  Any tips?
  Best regards,
  Bruno Sousa

  Hi there,
  We are currently migrating to OCS.
  We have a postfix+clam+spamassassin working instalation, and we are keeping it.
  The OCS in my company will be more for having one interface that is standard to alot of things, like calendar, personal and shared ones, workspaces, webdav acess from anywhere, with a Windows application or with some internet browser.
  For now i will have OCS doing relay to my postfix server , so the postfix will be my SMTP gateway with all the advantages of it.
  Best regards,
  Bruno Sousa

• EAP-TLS or PEAP authentication failed during SSL handshake error

  I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.
  The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:
  Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?
  Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?
  Thanks for the help

  My experience suggests that the problem is the certificate.
  I'm running ACS 3.3.
  I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.
  Correctly following the instructions led to a successful connection and no more error message.

• EAP-TLS or PEAP authentication failed during SSL handshake

  Hi Pros,
                 I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
  When I check my log in the failed attemps, there is what I found:
  Date
  Time
  Message-Type
  User-Name
  Group-Name
  Caller-ID
  Network Access Profile Name
  Authen-Failure-Code
  Author-Failure-Code
  Author-Data
  NAS-Port
  NAS-IP-Address
  Filter Information
  PEAP/EAP-FAST-Clear-Name
  EAP Type
  EAP Type Name
  Reason
  Access Device
  Network Device Group
  06/23/2010
  17:39:51
  Authen failed
  000e.9b6e.e834
  Default Group
  000e.9b6e.e834
  (Default)
  EAP-TLS or PEAP authentication failed during SSL handshake
  1101
  10.111.22.24
  25
  MS-PEAP
  wbr-1121-zozo-test
  Office Networ
  06/23/2010
  17:39:50
  Authen failed
  [email protected]
  Default Group
  000e.9b6e.e834
  (Default)
  EAP-TLS or PEAP authentication failed during SSL handshake
  1098
  10.111.22.24
  25
  MS-PEAP
  wbr-1121-zozo-test
  Office Network
  [email protected] = my windows active directory name
  1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
  2. Why sometimes it just shows the MAC of the client for username?
  3. Why  it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
  2. Secondly, When I check in pass authentications... there is what i saw
  Date
  Time
  Message-Type
  User-Name
  Group-Name
  Caller-ID
  NAS-Port
  NAS-IP-Address
  Network Access Profile Name
  Shared RAC
  Downloadable ACL
  System-Posture-Token
  Application-Posture-Token
  Reason
  EAP Type
  EAP Type Name
  PEAP/EAP-FAST-Clear-Name
  Access Device
  Network Device Group
  06/23/2010
  17:30:49
  Authen OK
  groszozo
  NOC Tier 2
  10.11.10.105
  1
  10.111.22.24
  (Default)
  wbr-1121-zozo-test
  Office Network
  06/23/2010
  17:29:27
  Authen OK
  groszozo
  NOC Tier 2
  10.11.10.105
  1
  10.111.22.24
  (Default)
  wbr-1121-zozo-test
  Office Network
  In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
  Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did  check ENABLE EAP-TLS machine authentication.
  Thanks in advance for your help,
  Crazy---

  Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my  attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
  My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
  Let's brain storm together to figure out this guys.
  Thanks in advance,
  ----Paul

• Error Message: The attempt to connect to the report server failed. Check your connection information and that the report server is a compatible version. The request failed with HTTP status 404: Not Found.

  I have a web page that contains a ReportViewer control.  I am trying to display a report, which is an .rdl file located on the SSRS server, in this ReportViewer control.  I have set the ReportPath and ReportServerUrl correctly.  I am
  getting an error message.
  Am I suppose to use an .rdlc file rather than a .rdl file?  Does the web server configuration need to use a certain account?
   I am getting the following error message:
  The attempt to connect to the report server failed. Check your connection information and that the report server is a compatible version.
  The request failed with HTTP status 404: Not Found.

  Hi bucaroov,
  The error "The request failed with HTTP status 404: Not Found." means the ReportServerURL configured in the ReportViewer control is invalid.
  Please follow these steps to solve the issue:
  Logon the Report Server machine.
  Open the Reporting Services Configuration Manager.
  Copy the Report Server URL from 'Web Services URL'.
  Logon the application server(in this case, it is the server that host the web page), check if we can use the URL we got from step 3 to access the Report Server. If so, please replace the ReportServerURL in the ReportViewer control with this URL. If it is
  not available, could you please post the error message.
  Additionaly, we don't need to provide the extension for a server report. The ReportPath should be like: /<reports folder>/<report name>
  For more information, please see:
  Walkthrough: Using the ReportViewer Control in Remote Mode:
  http://msdn.microsoft.com/en-us/library/ms251669(VS.80).aspx
  If you have any more questions, please feel free to ask.
  Thanks,
  Jin Chen
  Jin Chen - MSFT

• SSPI handshake failed with error code 0x8009030c and Login failed for user''

  I got the following error when tried to connect to local machine in the
  non-domain environment with Windows Authentication by SSMS.
  "SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security."
  "Login failed for user''. the user is nothing associated with a trusted SQL server connection."
  questions
  1,if I saw the "SSPI handshake failed ", does it means it must used Kerberos but failed? or it is also possible used the NTLM but failed?
  2,Any ideas for this issue?
  Please click the Mark as Answer button if a post solves your problem!

  Hi Michael,
  Firstly, "SSPI Handshake Failed" error happens usually when connection failed between the server and domain controllers or failed Kerberos authentication. For more details about "SSPI Handshake Failed" error, please review this
  FAQ.
  Secondly, regarding to your error message, it could be caused by loopback check. To resolve the issue, please set the DisableLoopbackCheck registry entry to 1 by performing the following steps.
  1.Click Start, click Run, type regedit, and then click OK.
  2.Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3.Right-click Lsa, point to New, and then click DWORD Value.
  4.Type DisableLoopbackCheck, and then press ENTER.
  5.Right-click DisableLoopbackCheck, and then click Modify.
  6.In the Value data box, type 1, and then click OK.
  7.Exit Registry Editor.
  8.Restart the computer.
  There is a similar blog about your scenario for your reference.
  http://www.bhcblog.com/2009/10/08/fix-for-login-failed-for-user-the-user-is-not-associated-with-a-trusted-sql-server-connection/
  Thanks,
  Lydia Zhang
  If you have any feedback on our support, please click
  here.
  Lydia Zhang
  TechNet Community Support

• EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake

  Hi All ,
               I am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of  EAP_TLS under golbal authentication setup .
               I have downloaded client supplicant certficate file for my windows XP machine .
  When i tried to authenticated i am finding following error message under  failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .
  Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
  Suggest me whether i need to enable all corresponding CA certficate undercertficate trust list , Kindly let me know were i am doing wrong on this ..

  Hello,
  I am NO expert on certificates but I have seen your error dozens of times from wireless clients on my Cisco ACS 4.2 Radius server.
  Through trial and error I wrote up this procedure for our Helpdesk for installing certs in Windows XP and Windows 7. These steps haven't failed me yet and the Helpdesk doesn't bother me as much anymore so see if this helps you:
  -          Manually install the Global CA under BOTH Trusted Root Certification Authorities\Certificates AND Intermediate Certification                      Authorities\Certificates
  -          Manually install the Intermediate CA under JUST the Intermediate Certification Authorities\Certificates
  -          Delete the wireless network from the computer
  -          REBOOT!!
  -          Open the Microsoft Management Console, “mmc”.
  -          Go FILE\Add Remove SnapIn. Select Certificates ..
  -          If promoted, do it for “My User Account”.
  -          Make sure the certificates are where you put them. 
  -          If you see any of these exact certificates out of place in either Trusted Root Certification Authorities\Certificates or Intermediate Certification                      Authorities\Certificates, remove them.
  -          Redo wireless network setup again
  I hope this helps you.
  Mike

• EAP-TLS or PEAP authentication failed during SSL handshake to the ACS serve

  We are running the LWAPP (2006 wlc's and 1242 AP's) and using the ACS 4.0 for authentication. Our users are
  experiencing an issue, where they are successfully authenticated the first time, however as the number of them is increasing, they're starting to drop the connections and being prompted to re-authenticate. At this point, they are not being able to authenticate again.
  We're using PEAP for the authentication and Win XP SP2 clients as the supplicants. The error message that we are seeing on the ACS for that controller is "EAP-TLS or PEAP authentication failed during SSL handshake to the ACS server"...Not sure if this error msg is relevant since we have other WLC's that are working OK and still generating the same error msg on the ACS...
  Thanks..

  Here are some configs you can try:
  config advanced eap identity-request-timeout 120
  config advanced eap identity-request-retries 20
  config advanced eap request-timeout 120
  config advanced eap request-retries 20
  save config