Received fatal alert: handshake_failure, already added truststore

0
votes
System.setProperty("javax.net.ssl.trustStore", "C:/tasks/MIP/Cert/ccc_acp.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
System.setProperty("javax.net.debug", "ssl");

already set the truststore, but when call https, still has error

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

The whole error message is very long, the last part of error message is quoted as following

main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished verify_data: { 204, 151, 145, 147, 7, 73, 205, 158, 73, 238, 129, 8 }

main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure java.lang.Exception: ; nested exception is: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

1
javasslhandshakeexception
What are the cypher suite you are sending the server, could it be possible that you and server does not share/agree on a common chyper for the communication to proceed. You can look at server certificate to see the supported cyphers, and compare with the once you are sendingSajith Silva

1 Answers

0
votes

Don't know what reason, but if I change the setProperty from trustStore to keyStore, the program work!! 

System.setProperty("javax.net.ssl.keyStore", "C:/tasks/MIP/Cert/ccc_acp.keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "password");

I am not familiar with SSL, in goolge, I find keyStore is only used for server, but my application is a client to call a server API, so don't know why change to keyStore and it will success now, anyone can explain?

For more information, I found that if I remove all System.setProperty(...), then in the console, I see keyStore is empty but trustStore is not, as follow:

keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jre6\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore

why keyStore is empty?