Question

javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake

  • 10 August 2023
  • 8 replies
  • 7198 views
Y
Rank
Badge +1

Hi @dsj 

For one of our integration requirements we are using Mutual Authentication from IFS cloud to another third party application for that using openssl we generated the .csr and provided to the signing authority and got the .cer file and we generated the .pfx file using .cer and .key file and uploaded into IFS cloud.

we created the routing address in that we provided the ssl:KeyStoreId as well.

Here is the attachment how we did it. below is the error message we are getting could place have look and suggest where we are wrong. The version i am using here 23R1 SU3

 

Error :

ExecutionException from Sender thread 
Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Exception while sending data 
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake 
Caused by: java.io.EOFException: SSL peer shut down incorrectly

 

 

1 Attachment

8 replies

ashen_malaka_ranasinghe
Rank
Userlevel 3
Badge +10

Hi @y.veerabrahmam,

SSLHandshakeException: Remote host terminated the handshake is an error that occurs when the client and the server fail to establish a secure connection. Check whether you have whitelisted the relevant IP addresses.

Find me on LinkedIn as Ashen Malaka: https://www.linkedin.com/in/ashen-malaka-ranasinghe/
ashen_malaka_ranasinghe
Rank
Userlevel 3
Badge +10

Check this article as well:

 

Find me on LinkedIn as Ashen Malaka: https://www.linkedin.com/in/ashen-malaka-ranasinghe/
Y
Rank
Badge +1

Hi @ashen_malaka_ranasinghe 

In this scenario IFS is client calling  FortiWeb(Host,Reverse proxy) end point.

We are doing this POC using IFS build place Dev environment and Fortiweb whitelisted the IP of IFS Dev environment.

 

Regards

Veera.

 

 

 

 

dsj
Rank
Userlevel 7
Badge +20

Hi @y.veerabrahmam 

Sorry for the late reply. Here are the steps I followed to make the ssl works with routing address

 

* generate pfx file using openssl

openssl pkcs12 -export -in cert.pem -inkey "privateKey.pem" -certfile cert.pem -out myProject_keyAndCertBundle.p12

Give a password

* Create a new keystore (Import keystore file), provide same password as you added above

 

In the routing address, add the additional parameters pointing to the keystore

ssl:KeyStoreId=test
ssl:KeyStoreType=PKCS12

 

Hope it will help to go through your setup and identify any missing steps.

 

Cheers!

Damith

DSJ - https://dsj23.me
Y
Rank
Badge +1

Hi Damith,

thanks for the reply

below are the commands for generating the .pfx file.

openssl genrsa -out /<path>/ifsdev.key 4096 

openssl req -new -sha256 -key /<path>/ifsdev.key -out /<path>/ifsdev.csr

the .csr file we provided to the sigigng authoirty and we got the .cer file from host team and we used the below command to geneate the .pfx file.

openssl pkcs12 -export -out <path>/ifsdev.pfx -inkey <path>/ifsdev.key -in <path>/certnew.cer

While we generating the .pfx file it asks for the password and we provided and used the same password while importing the keystore file.

 

The IFS cloud version which we are using is 23R1SU3.

 

 

 

it results into the same error.

Error report -
ORA-20105: PlsqlapServer.ERRINV: ExecutionException from Sender thread 
Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Exception while sending data 
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake 
Caused by: java.io.EOFException: SSL peer shut down incorrectly

 

Regards

Veera.

dsj
Rank
Userlevel 7
Badge +20

@y.veerabrahmam 

Does your certificate has a certificate chain?

If yes, can you try to add all certificates to the keystore and see if it makes a difference?

 

Regards,

Damith

 

DSJ - https://dsj23.me
Y
Rank
Badge +1

Hi Damith,

Thanks for the quick reply , Now I am checking that with the Host team regarding the certificate chain.

currently the host team whitelist list the correct IP now i am getting below error.

ORA-20105: PlsqlapServer.ERRINV: ExecutionException from Sender thread 
Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Exception while sending data 
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Regards

Veera.

 

Y
Rank
Badge +1

Hi Damith,

I checked with the host team there was no certificate chain.

Now after they did some setups in there Host system now we are getting the below error. Now Host system is claiming depending on there logs is that Server can present its certificate but the client (IFS) can't able to present its certificate.

Is there any where we can see the logs from IFS as well when initiate the call to Other application as part of outbound?

Do you have any idea about  exact reason for the below error

ORA-20105: PlsqlapServer.ERRINV: ExecutionException from Sender thread 
Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Exception while sending data 
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required.

 

It could be really helpful if you reply soon thanks in advance.

 

Regards

Veera.

 

Reply


Terms & ConditionsCookie settings