ssl - Mule ESB 3.2.x: HTTPS Transport bad_certificate error? -
i have need use self-signed (or unsigned) certificate certificate https listener inbound endpoint 1 of flows. have tried several methods generate certificates, error when listener attempts read request:
javax.net.ssl.sslhandshakeexception: received fatal alert: bad_certificate
google seems think bad_certificate
message has trust store. continue see same error or without mule tls-server
configuration supposed define trust store.
i've used several different mechanisms create certificate:
- the method using keytool in mule documentation https transport
- a method described weblogic, using keytool
- a method described apache, using openssl, imported java keystore using keytool
- a variety of other mechanisms variations of above.
i have tried both , without tls-server
, tls-client
elements configured, described in mule documentation.
i @ wit's end trying determine key types acceptable mule, , root cause of issue is. advise appreciated.
my configurations , error logs follow (omitting various boilerplate content)
mule-config.xml
<https:connector name="connectorname"> <!-- 1 key, alias 'mule' --> <https:tls-key-store path="/opt/mule/keys/keystore.jks" keypassword="thepassword" storepassword="thepassword"/> <!-- i've tried following, same error occurs both or without parameter --> <https:tls-server path="/opt/mule/keys/keystore.jks storepassword="thepassword"/> </https:connector> <flow name="theflow"> <https:inbound-endpoint host="0.0.0.0" port="8081" connector-ref="connectorname"/> <!-- stuff: not important, works http --> </flow>
this configuration loads correctly, when attempt post request using same method works http (but using https:// instead) following error, , no response (not 500 error, or anything, connection closed). specific run key generated using instructions on mulesoft documentation https transport, not different error using other method.
error listing
[error] org.mule.exception.defaultsystemexceptionstrategy - caught exception in exception strategy: received fatal alert: bad_certificate javax.net.ssl.sslhandshakeexception: received fatal alert: bad_certificate @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:174) @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:136) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.recvalert(sslsocketimpl.java:1822) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:1004) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.waitforclose(sslsocketimpl.java:1571) @ com.sun.net.ssl.internal.ssl.handshakeoutstream.flush(handshakeoutstream.java:103) @ com.sun.net.ssl.internal.ssl.handshaker.sendchangecipherspec(handshaker.java:689) @ com.sun.net.ssl.internal.ssl.serverhandshaker.sendchangecipherandfinish(serverhandshaker.java:1279) @ com.sun.net.ssl.internal.ssl.serverhandshaker.clientfinished(serverhandshaker.java:1239) @ com.sun.net.ssl.internal.ssl.serverhandshaker.processmessage(serverhandshaker.java:225) @ com.sun.net.ssl.internal.ssl.handshaker.processloop(handshaker.java:593) @ com.sun.net.ssl.internal.ssl.handshaker.process_record(handshaker.java:529) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:943) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.performinitialhandshake(sslsocketimpl.java:1188) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.readdatarecord(sslsocketimpl.java:818) @ com.sun.net.ssl.internal.ssl.appinputstream.read(appinputstream.java:75) @ com.sun.net.ssl.internal.ssl.appinputstream.read(appinputstream.java:50) @ org.apache.commons.httpclient.httpparser.readrawline(httpparser.java:78) @ org.apache.commons.httpclient.httpparser.readline(httpparser.java:106) @ org.mule.transport.http.httpserverconnection.readline(httpserverconnection.java:219) @ org.mule.transport.http.httpserverconnection.readrequest(httpserverconnection.java:185) @ org.mule.transport.http.httpmessagereceiver$httpworker.run(httpmessagereceiver.java:155) @ org.mule.work.workercontext.run(workercontext.java:310) @ java.util.concurrent.threadpoolexecutor$worker.runtask(threadpoolexecutor.java:895) @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:918) @ java.lang.thread.run(thread.java:662)
finally, time reading far.
update
i've started different stack trace, same error. change? key , keystore have different passwords.
javax.net.ssl.sslhandshakeexception: received fatal alert: bad_certificate @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:174) @ com.sun.net.ssl.internal.ssl.alerts.getsslexception(alerts.java:136) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.recvalert(sslsocketimpl.java:1822) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:1004) @ com.sun.net.ssl.internal.ssl.sslsocketimpl.readdatarecord(sslsocketimpl.java:820) @ com.sun.net.ssl.internal.ssl.appinputstream.read(appinputstream.java:75) @ com.sun.net.ssl.internal.ssl.appinputstream.read(appinputstream.java:50) @ org.apache.commons.httpclient.httpparser.readrawline(httpparser.java:78) @ org.apache.commons.httpclient.httpparser.readline(httpparser.java:106) @ org.mule.transport.http.httpserverconnection.readline(httpserverconnection.java:219) @ org.mule.transport.http.httpserverconnection.readrequest(httpserverconnection.java:185) @ org.mule.transport.http.httpmessagereceiver$httpworker.run(httpmessagereceiver.java:155) @ org.mule.work.workercontext.run(workercontext.java:310) @ java.util.concurrent.threadpoolexecutor$worker.runtask(threadpoolexecutor.java:895) @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:918) @ java.lang.thread.run(thread.java:662)
update 2
i added key .../jre/lib/security/cacerts file trusted certificate. no change.
the method creating self-signed certificate shown in mule doc works: i've used several times. tried again , works configuration, except removed https:tls-server
, useless.
here steps followed:
- create keystore with:
keytool -genkey -alias mule -keyalg rsa -keystore keystore.jks
(i used "thepassword" both keystore , key passwords). configured mule this:
<https:connector name="connectorname"> <https:tls-key-store path="...path.../keystore.jks" keypassword="thepassword" storepassword="thepassword" /> </https:connector> <flow name="theflow"> <https:inbound-endpoint host="0.0.0.0" port="8081" connector-ref="connectorname" /> <set-payload value="w00t" /> </flow>
tested with:
$ curl -vk https://localhost:8081 * connect() localhost port 8081 (#0) * trying 127.0.0.1... connected * set certificate verify locations: * cafile: none capath: /etc/ssl/certs * sslv3, tls handshake, client hello (1): * sslv3, tls handshake, server hello (2): * sslv3, tls handshake, cert (11): * sslv3, tls handshake, server key exchange (12): * sslv3, tls handshake, server finished (14): * sslv3, tls handshake, client key exchange (16): * sslv3, tls change cipher, client hello (1): * sslv3, tls handshake, finished (20): * sslv3, tls change cipher, client hello (1): * sslv3, tls handshake, finished (20): * ssl connection using ecdhe-rsa-aes256-sha * server certificate: * subject: c=unknown; st=unknown; l=unknown; o=unknown; ou=unknown; cn=unknown * start date: 2013-05-15 18:20:34 gmt * expire date: 2013-08-13 18:20:34 gmt * common name: unknown (does not match 'localhost') * issuer: c=unknown; st=unknown; l=unknown; o=unknown; ou=unknown; cn=unknown * ssl certificate verify result: self signed certificate (18), continuing anyway. > / http/1.1 > user-agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 openssl/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 > host: localhost:8081 > accept: */* > < http/1.1 200 ok < date: wed, 15 may 2013 11:24:24 -0700 < server: mule core/3.4.0 < x-mule_session: ro0abxnyacnvcmcubxvszs5zzxnzaw9ulkrlzmf1bhrndwxlu2vzc2lvbi7rdtew7ggkawaewgafdmfsawrmaa1mbg93q29uc3rydwn0daamtg9yzy9tdwxll2fwas9jb25zdhj1y3qvrmxvd0nvbnn0cnvjddtmaajpzhqaekxqyxzhl2xhbmcvu3ryaw5no0wad3nly3vyaxr5q29udgv4dhqaj0xvcmcvbxvszs9hcgkvc2vjdxjpdhkvu2vjdxjpdhldb250zxh0o3hwaxb0acrhyjcwzty0os1izdhjltexztitowu5yy1mzjdmmdixmme5mmzwc3iajwphdmeudxrpbc5db2xszwn0aw9ucyrtew5jahjvbml6zwrnyxabc/kjs0s5ewmaakwaaw10aa9mamf2ys91dglsl01hcdtmaavtdxrlehqaekxqyxzhl2xhbmcvt2jqzwn0o3hwc3iajg9yzy5tdwxllnv0awwuq2fzzuluc2vuc2l0axzlsgfzae1hcj3r2e9nrc4aawaaehb3dd9aaaaaaaaqaaaaahhxah4acxh4 < x-mule_encoding: utf-8 < local_certificates: [ljava.security.cert.x509certificate;@1c5e22a < content-type: text/plain < content-length: 4 < connection: close < * closing connection #0 * sslv3, tls alert, client hello (1): w00t
Comments
Post a Comment