[ebxmlms-general] SSLHandshakeException (SSL PROBLEM)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello, I hope someone out there would be kind enough to help me out - I have
been struggling with this problem for a couple weeks now.

I am running Hermes 1.0 on a Windows 2003 Server using Java 1.5.0_03
runtime.  Every time I attempt to send a message to "othercompany"'s MSH
server (not hermes, Cyclone I think) I receive the SSLHandshakeException.  I
have all the necessary trusted certs installed in my cacerts file that
Hermes is using as it's TrustedAnchor.  I am able to sign messages with the
test09 private key with no problem from the Monitor app.

"othercompany"'s MSH server requires that I send my certificate for
authentication.  I have tested the authentication process in a browser with
no problems.

I have also tried the 9.31 version of Hermes with the same result.  My
private key originally came in a .pfx file - I was able to sign messages
from the Monitor application using the .pfx file, but when I put that as my
keystore in the config file for SSL, it would always say "Cannot load the
keystore on SSL client authentication : Cannot load keystore : Invalid
keystore format".  So I programmatically put the private key into the JKS
format.

Is there a good way to debug the whole SSL handshaking process, I've seen
posts about "-Djavax.net.debug=all" - but can somebody elaborate and be more
specific about what I need to do?

Please help - I've included as much pertinent information below as I can
think of!!!!!! 

-Rob

-- from log ----------

Add SSL Client Authentication entry : https://othercompany/msh/
\hermes\test.keystore

Sending message to https://othercompany/msh/

Connection class : class
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl

Instance of HttpsURLConnection : true

Configuration to a HTTPS connection

use key manager for url : https://othercompany/msh/

[10505] Cannot send SOAP message Exception:
javax.net.ssl.SSLHandshakeException Message: Received fatal alert:
handshake_failure

------------------------------------

-- from config file -------

<SSL>

      <!-- Optional property specifying the implementation class name of

           com.sun.net.ssl.HostnameVerifier from JSSE 1.0 which handle the
case

           when the URL's hostname and the server's identification hostname

           mismatch-->

      <!-- <HostnameVerifier>Verifier</HostnameVerifier> -->

      <TrustedAnchor>

        <!-- Trust keystore for SSL Server Authentication -->

        <KeyStore>

          <Path>/hermes</Path>

          <File>cacerts</File>

          <Password>changeit</Password>

        </KeyStore>

      </TrustedAnchor>

      <ClientAuth>

        <URL>https://othercompany/msh/</URL>

        <KeyStore>

          <Path>/hermes</Path>

          <File>test.keystore</File>

          <Alias>test09</Alias>

          <Password>password</Password>

        </KeyStore>

      </ClientAuth>

</SSL>

------------------------------------

-- from keytool ------

D:\jdk1.5.0_03\bin>keytool -list -keystore test.keystore

Enter keystore password:  password

Keystore type: jks

Keystore provider: SUN

Your keystore contains 1 entries

test09, Jun 13, 2005, keyEntry,

Certificate fingerprint (MD5):
5D:69:75:75:7C:6D:4A:E9:C6:82:4B:9F:A8:E6:52:05

------------------------------------