Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)
Previous Next
Subject: HELP - Web Services Consumer over SSL (Java)
Feedback Type: Question
Product Area: Domino Server
Technical Area: Application Development
Platform: Windows
Release: 8.5.2
Reproducible: Always

Help, I'm trying to consume a web services over SSL using WS-Security and I'm getting error from the SSL connection.

I'm using JAVA due to the WS-Security authentication, the consumer works perfectly over http, but when the provider added a certificate to have the connection done over SSL, I'm receiving errors...

I've tried different approaches as I found over the blogs and forums, here are the steps I've tried:

1.) I've build the Java agent and called from the Notes Client, it asked to cross-certify and it added the Internet cross-certify document to my nab, but it thru me an error message:

Error connecting to "services.xxxxxx.com" on port '443', SSL bad peer certificate. Connection refused.

2.) So, once it's a java agent, I found out that I need to import the certificate to the keystore in the server. So using the ikeyman utility on the \lotus\notes\jvm\bin, I added the certificate to the cacerts database.

To test if the certificate had been imported correctly and if it is trusted, I've used the JavaCertTool (http://members.iinet.net.au/~wyso/java/JavaCertTool/), and received as valid the certificate:

JavaCertTool v0.6.2 by Hd Luc (2011)
Loading JavaKeyStore (JKS) D:\Lotus\Domino\jvm\lib\security\cacerts

connecting to services.xxxxxx.com on port 443
starting SSL handshake...

services.intermedica.com.br sent 2 certificate(s)

(1) -----
subject: [CN=services.xxxxxx.com, OU=Comodo InstantSSL Pro, OU=Hosted by Comodo Brasil Tecnologia LTDA, OU=AAAA, O=xxxxxxxxxx, STREET="xxxxxxxxxx", L=xxxxxxxxxx, ST=xxxxxxxxxx, OID.2.5.4.17=xxxxxxxxxx, C=XX]
issuer : [CN=COMODO High-Assurance Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB]
alg : [SHA1withRSA]
serial : [143328498830787039505789751380015672730]
aliases : [www.services.xxxxx.com, services.xxxxx.com]
0
2
usage : [digitalSignature keyEncipherment]
sha1 : [2A:94:2A:89:36:DD:35:5B:93:13:0B:6E:07:DF:7B:1B:57:A1:9D:22]
md5 : [B5:C3:87:E9:A5:09:FA:65:87:53:48:90:C1:EE:6A:CB]
certificate is valid
(2) -----
subject: [CN=COMODO High-Assurance Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB]
issuer : [CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE]
alg : [SHA1withRSA]
serial : [29994665029595910897972718685290776267]
5
6
usage : [keyCertSign CRLSign]
sha1 : [B9:B4:C7:A4:88:C0:88:5E:C1:C8:3A:A8:7E:4E:BD:2B:21:5F:9F:A4]
md5 : [2B:EE:B7:93:D7:C5:DD:65:E3:16:E9:98:EF:85:9B:F7]
certificate is valid CA
certificate is trusted
HTTP/1.1 404 Not Found
Date: Thu, 28 Jul 2011 15:20:33 GMT

But I'm still getting error running the java agent:

Agent Manager: Agent error: Error connecting to 'services.xxxxxx.com' on port '443', SSL bad peer certificate. Connection refused.

3) As another option to track the problem, I added SSL Debug parameters to the server notes.ini:
Debug_SSL_All=3
Setting SSL_Trace_Keyfileread=1

The big problem is that I could not find anywhere to understand the debug responses, here is the listing, but what I could understand is that at the end my connection is been refused the the server.

07/28/2011 01:06:57.87 PM [0864:006A-097C] int_MapSSLError> Mapping SSL error 0 to 0
07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_Handshake> Enter
07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_Handshake> Current Cipher 0x0000 (Unknown Cipher)
07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_Handshake> SSL Undetermined attempt
07/28/2011 01:06:57.87 PM [0864:006A-097C] S_Write> Enter len = 66
07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_Xmt> 00000000: 80 40 01 03 00 00 27 00 00 00 10 00 00 04 00 00 '.@....'.........'

07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_Xmt> 00000010: 05 00 00 2F 00 00 35 00 00 0A 00 00 09 00 00 62 '.../..5........b'

07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_Xmt> 00000020: 00 00 03 00 00 02 00 00 01 00 00 01 01 00 80 02 '................'

07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_Xmt> 00000030: 00 80 35 38 D2 A1 99 3B 1A 5E B6 38 95 54 43 E4 '..58R!.;.^68.TCd'

07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_Xmt> 00000040: DD 2C '],'

07/28/2011 01:06:57.87 PM [0864:006A-097C] S_Write> Switching Endpoint to sync
07/28/2011 01:06:57.87 PM [0864:006A-097C] S_Write> Posting a nti_snd for 66 bytes
07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_EncryptData> SSL not init exit
07/28/2011 01:06:57.87 PM [0864:006A-097C] S_Write> Switching Endpoint to async
07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_EncryptDataCleanup> SSL not init exit
07/28/2011 01:06:57.87 PM [0864:006A-097C] S_Write> nti_done return 66 bytes rc = 0
07/28/2011 01:06:57.87 PM [0864:006A-097C] S_Write> Exit, wrote 66 bytes
07/28/2011 01:06:57.87 PM [0864:006A-097C] S_Read> Enter len = 1
07/28/2011 01:06:57.87 PM [0864:006A-097C] S_Read> Switching Endpoint to sync
07/28/2011 01:06:57.87 PM [0864:006A-097C] S_Read> Posting a nti_rcv for 1 bytes
07/28/2011 01:06:57.87 PM [0864:006A-097C] SSL_RcvSetup> SSL not init exit
07/28/2011 01:06:58.00 PM [0864:006A-097C] S_Read> Switching Endpoint to async
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> nti_done return 1 bytes rc = 0
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_RCV> 00000000: 00 '.'

07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Exit, read 1 bytes
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Enter len = 4
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Switching Endpoint to sync
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Posting a nti_rcv for 4 bytes
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_RcvSetup> SSL not init exit
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Switching Endpoint to async
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> nti_done return 4 bytes rc = 0
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_RCV> 00000000: 00 00 00 00 '....'

07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Exit, read 4 bytes
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Enter len = 74
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Switching Endpoint to sync
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Posting a nti_rcv for 74 bytes
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_RcvSetup> SSL not init exit
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Switching Endpoint to async
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> nti_done return 74 bytes rc = 0
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_RCV> -- 64 (0x0040) bytes of 0 --

07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Exit, read 74 bytes
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSLProcessHandshakeMessage Enter> Message: 2 State: 6 Key Exchange: 0 Cipher: 0x0000 (Unknown Cipher)
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSLProcessHandshakeMessage Enter> Message: SSL_server_hello
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSLProcessHandshakeMessage Exit> Message: 2 State: 6 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSLAdvanceHandshake Enter> Processed : 2 State: 6
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSLAdvanceHandshake Enter> Processed : SSL_server_hello
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSLAdvanceHandshake Exit> State : 8
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_Handshake> After handshake state= 8 Status= -5000
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_Handshake> Exit Status = -5000
07/28/2011 01:06:58.01 PM [0864:006A-097C] int_MapSSLError> Mapping SSL error -5000 to 4176
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_Handshake> Enter
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_Handshake> Current Cipher 0x0004 (RSA_WITH_RC4_128_MD5)
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Enter len = 5
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Switching Endpoint to sync
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Posting a nti_rcv for 5 bytes
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_RcvSetup> SSL not init exit
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Switching Endpoint to async
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> nti_done return 5 bytes rc = 0
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_RCV> 00000000: 02 00 00 46 03 '...F.'

07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Exit, read 5 bytes
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Enter len = 2857
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Switching Endpoint to sync
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Posting a nti_rcv for 2857 bytes
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_RcvSetup> SSL not init exit
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Switching Endpoint to async
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> nti_done return 2836 bytes rc = 0
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Switching Endpoint to sync
07/28/2011 01:06:58.01 PM [0864:006A-097C] S_Read> Posting a nti_rcv for 21 bytes
07/28/2011 01:06:58.01 PM [0864:006A-097C] SSL_RcvSetup> SSL not init exit
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Switching Endpoint to async
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> nti_done return 21 bytes rc = 0
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_RCV> -- 2848 (0x0B20) bytes of 0 --

07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Exit, read 2857 bytes
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLProcessHandshakeMessage Enter> Message: 11 State: 8 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLProcessHandshakeMessage Enter> Message: SSL_certificate
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLCheckCertChain> Valid certificate chain received
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLProcessHandshakeMessage Exit> Message: 11 State: 8 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLAdvanceHandshake Enter> Processed : 11 State: 8
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLAdvanceHandshake Enter> Processed : SSL_certificate
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLAdvanceHandshake Exit> State : 9
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_Handshake> After handshake2 state 9
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_Handshake> Exit Status = -5000
07/28/2011 01:06:58.14 PM [0864:006A-097C] int_MapSSLError> Mapping SSL error -5000 to 4176
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_Handshake> Enter
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_Handshake> Current Cipher 0x0004 (RSA_WITH_RC4_128_MD5)
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Enter len = 5
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Switching Endpoint to sync
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Posting a nti_rcv for 5 bytes
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_RcvSetup> SSL not init exit
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Switching Endpoint to async
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> nti_done return 5 bytes rc = 0
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_RCV> 00000000: 0B 00 0B 25 00 '...%.'

07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Exit, read 5 bytes
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Enter len = 13
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Switching Endpoint to sync
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Posting a nti_rcv for 13 bytes
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_RcvSetup> SSL not init exit
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Switching Endpoint to async
07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> nti_done return 13 bytes rc = 0
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_RCV> 00000000: 18 30 82 05 00 A0 03 02 01 02 02 10 6B '.0... ......k'

07/28/2011 01:06:58.14 PM [0864:006A-097C] S_Read> Exit, read 13 bytes
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLProcessHandshakeMessage Enter> Message: 13 State: 9 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLProcessHandshakeMessage Enter> Message: SSL_certificate_request
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLSendAlert> Sending an alert of 0x0 level 0x2
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSLProcessHandshakeMessage Exit> Message: 13 State: 2 Key Exchange: 1 Cipher: 0x0004 (RSA_WITH_RC4_128_MD5)
07/28/2011 01:06:58.14 PM [0864:006A-097C] SSL_Handshake> Changing SSL status from 5890 to -5000 to flush write queue
07/28/2011 01:06:58.15 PM [0864:006A-097C] SSL_Handshake> After handshake2 state 2
07/28/2011 01:06:58.15 PM [0864:006A-097C] SSL_Handshake> Exit Status = -5000
07/28/2011 01:06:58.15 PM [0864:006A-097C] int_MapSSLError> Mapping SSL error -5000 to 4176
07/28/2011 01:06:58.15 PM [0864:006A-097C] SSL_Handshake> Enter
07/28/2011 01:06:58.15 PM [0864:006A-097C] SSL_Handshake> Current Cipher 0x0004 (RSA_WITH_RC4_128_MD5)
07/28/2011 01:06:58.15 PM [0864:006A-097C] S_Write> Enter len = 7
07/28/2011 01:06:58.15 PM [0864:006A-097C] SSL_Xmt> 00000000: 15 03 00 00 02 02 00 '.......'

07/28/2011 01:06:58.15 PM [0864:006A-097C] S_Write> Switching Endpoint to sync
07/28/2011 01:06:58.15 PM [0864:006A-097C] S_Write> Posting a nti_snd for 7 bytes
07/28/2011 01:06:58.15 PM [0864:006A-097C] SSL_EncryptData> SSL not init exit
07/28/2011 01:06:58.15 PM [0864:006A-097C] S_Write> Switching Endpoint to async
07/28/2011 01:06:58.15 PM [0864:006A-097C] SSL_EncryptDataCleanup> SSL not init exit
07/28/2011 01:06:58.15 PM [0864:006A-097C] S_Write> nti_done return 7 bytes rc = 0
07/28/2011 01:06:58.15 PM [0864:006A-097C] S_Write> Exit, wrote 7 bytes
07/28/2011 01:06:58.15 PM [0864:006A-097C] SSL_Handshake> After handshake2 state 2
07/28/2011 01:06:58.15 PM [0864:006A-097C] SSL_Handshake> SSL Error: 5890
07/28/2011 01:06:58.15 PM [0864:006A-097C] int_MapSSLError> Mapping SSL error 5890 to 4171
07/28/2011 01:06:58 PM Agent Manager: Agent error: WebServiceEngineFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException faultSubcode: faultString: Error connecting to 'services.xxxxxx.com' on port '443', SSL bad peer certificate. Connection refused. faultActor: faultNode: faultDetail:
07/28/2011 01:06:58 PM Agent Manager: Agent error: Error connecting to 'services.xxxxxxx.com' on port '443', SSL bad peer certificate. Connection refused.
07/28/2011 01:06:58 PM Agent Manager: Agent error:


On the provider side, the only thing that I know is that they are using a apache server as a proxy to the services that is on a Websphere server behind the firewall.

This apache server only accept connections as https, I've tried the old school "http://....:443" and got no response from the server.

Am I missing something ? Is the problem on my side (Domino) ? Or is it something on the Apache + SSL + Websphere configuration ?


Feedback number RCOM8K7LBJ created by ~Kelly Umhipimanynds on 07/28/2011

Status: Open
Comments:

HELP - Web Services Consumer over S... (~Maria Rekroman... 28.Jul.11)
. . Retrieve Internet service certifica... (~Naomi Minhipit... 28.Jul.11)




Printer-friendly

Search this forum

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS