I am getting handshake_failure while calling https URL in my program
Question
Please see the complete logs
trustStore is: /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/jssecacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=m3_external_ca_test
Issuer: CN=m3_external_ca_test
Algorithm: RSA; Serial number: 0x1
Valid from Tue Jun 12 01:57:02 IST 2018 until Fri Jun 09 01:57:02 IST 2028
adding as trusted cert:
Subject: CN=ecw-test.mtn.co.ug, C=UG
Issuer: CN=m3_external_ca_test
Algorithm: RSA; Serial number: 0x-2afddf7d2f077bc9
Valid from Tue Jun 12 13:21:39 IST 2018 until Thu Jun 11 13:21:39 IST 2020
adding as trusted cert:
Subject: EMAILADDRESS=rchhabra@xpwallet.com, CN=test.xpwallet.com, OU=ARED, O=ARED, L=RW, ST=RW, C=RW
Issuer: CN=m3_external_ca_test
Algorithm: RSA; Serial number: 0xb165b0b05e8fed1
Valid from Mon Sep 09 13:58:16 IST 2019 until Wed Sep 08 13:58:16 IST 2021
keyStore is : /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/jssecacerts
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1553995999 bytes = { 68, 80, 88, 59, 21, 219, 212, 92, 98, 185, 156, 181, 51, 80, 35, 252, 156, 223, 223, 151, 72, 252, 100, 85, 35, 44, 134, 21 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=ecw-test.mtn.co.ug]
***
[write] MD5 and SHA1 hashes: len = 236
.......
main, READ: TLSv1.2 Handshake, length = 87
*** ServerHello, TLSv1.2
RandomCookie: GMT: 777089106 bytes = { 227, 20, 28, 76, 116, 217, 88, 149, 150, 110, 124, 147, 131, 74, 87, 141, 20, 91, 165, 22, 59, 250, 90, 47, 77, 228, 194, 218 }
Session ID: {170, 0, 108, 219, 127, 197, 96, 63, 147, 200, 99, 209, 231, 13, 8, 199, 114, 107, 230, 143, 75, 52, 149, 43, 141, 126, 68, 174, 182, 157, 88, 215}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[read] MD5 and SHA1 hashes: len = 87
0000: 02 00 00 53 03 03 2E 51 70 52 E3 14 1C 4C 74 D9 ...S...QpR...Lt.
0010: 58 95 96 6E 7C 93 83 4A 57 8D 14 5B A5 16 3B FA X..n...JW..[..;.
0020: 5A 2F 4D E4 C2 DA 20 AA 00 6C DB 7F C5 60 3F 93 Z/M... ..l...`?.
0030: C8 63 D1 E7 0D 08 C7 72 6B E6 8F 4B 34 95 2B 8D .c.....rk..K4.+.
0040: 7E 44 AE B6 9D 58 D7 C0 30 00 00 0B FF 01 00 01 .D...X..0.......
0050: 00 00 0B 00 02 01 00 .......
[Raw read]: length = 5
0000: 16 03 03 09 33 ....3
[Raw read]: length = 2355
0000: 0B 00 09 2F 00 09 2C 00 04 1B 30 82 04 17 30 82 .../..,...0...0.
0010: 01 FF A0 03 02 01 02 02 08 D5 02 20 82 D0 F8 84 ........... ....
0020: 37 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 70...*.H........
0030: 30 1E 31 1C 30 1A 06 03 55 04 03 0C 13 6D 33 5F 0.1.0...U....m3_
0040: 65 78 74 65 72 6E 61 6C 5F 63 61 5F 74 65 73 74 external_ca_test
0050: 30 1E 17 0D 31 38 30 36 31 32 30 37 35 31 33 39 0...180612075139
0060: 5A 17 0D 32 30 30 36 31 31 30 37 35 31 33 39 5A Z..200611075139Z
0070: 30 2A 31 0B 30 09 06 03 55 04 06 13 02 55 47 31 0*1.0...U....UG1
0080: 1B 30 19 06 03 55 04 03 0C 12 65 63 77 2D 74 65 .0...U....ecw-te
0090: 73 74 2E 6D 74 6E 2E 63 6F 2E 75 67 30 82 01 22 st.mtn.co.ug0.."
00A0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 0...*.H.........
00B0: 82 01 0F 00 30 82 01 0A 02 82 01 01 00 94 9B F1 ....0...........
00C0: 04 82 3F B0 F9 AE F4 98 CD 53 E4 1B B8 9A 90 A7 ..?......S......
00D0: 54 C2 5B BD 2E 68 40 DC 1C 4A 15 FC 8A A9 3C 37 T.[..h@..J....<7
00E0: EE 9F 4C C7 68 32 B5 5B 61 07 6A E1 F6 D3 17 E5 ..L.h2.[a.j.....
00F0: FC 3B 30 76 E2 5C 91 4C 91 46 0A 44 AC 3B 0E A5 .;0v.\.L.F.D.;..
0100: 3E 0E FB E8 15 62 13 AA 11 DC 40 25 FC 2D B1 5B >....b....@%.-.[
0110: 6B 17 F2 0F 4E B6 3A B1 52 74 88 08 40 B7 43 0C k...N.:.Rt..@.C.
0120: 55 5C 5B A6 8D 8E 45 87 6E D0 B7 50 20 AD 39 10 U\[...E.n..P .9.
0130: 74 C1 3A C0 B9 72 2E D7 D3 EE FF 46 DE EB E6 E1 t.:..r.....F....
0140: 88 43 C4 4F 73 11 33 93 34 CE F4 C2 A8 66 FC F4 .C.Os.3.4....f..
0150: E3 7B 5B 43 71 0C 6C 26 5C F5 47 B3 CE 8F FA 14 ..[Cq.l&\.G.....
0160: 02 7D D3 24 31 A1 13 7A 81 D6 DE D0 83 16 80 93 ...$1..z........
0170: 5A 7E 75 D6 02 B4 04 F3 35 51 88 CC 36 CE 43 79 Z.u.....5Q..6.Cy
0180: F5 F8 9D 01 74 9E 81 80 78 96 2A 25 BF 02 B0 3E ....t...x.*%...>
0190: AD EC 3C 63 72 86 17 A5 C2 35 04 72 2F 94 77 D6 ..<cr....5.r/.w.
01A0: 92 7E A5 9C 21 19 97 0F 80 EB C2 6E 50 92 9C 33 ....!......nP..3
01B0: B0 30 FA CE C9 B2 4F E9 E5 3F 67 F8 ED 02 03 01 .0....O..?g.....
01C0: 00 01 A3 4D 30 4B 30 09 06 03 55 1D 13 04 02 30 ...M0K0...U....0
01D0: 00 30 1D 06 03 55 1D 0E 04 16 04 14 07 DE 5D 71 .0...U........]q
01E0: F6 5C F7 0C 36 49 0F 0D 42 B7 32 DE 98 6C 74 BF .\..6I..B.2..lt.
01F0: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 5F 7F 19 0...U.#..0..._..
0200: 08 87 CD CC DD 56 B8 E4 C5 F4 6D B3 8E 18 E6 E3 .....V....m.....
0210: 83 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 .0...*.H........
0220: 03 82 02 01 00 48 E7 EC 53 40 38 F2 CA 62 39 A1 .....H..S@8..b9.
0230: 5B B5 21 3E 67 F6 0E 7F 28 1A 71 21 A1 4B 24 4F [.!>g...(.q!.K$O
0240: 68 39 4D E5 48 4B 76 2A 78 B0 4C 66 C3 93 37 10 h9M.HKv*x.Lf..7.
0250: 40 42 A7 55 15 A6 4B 6A 0A A0 F4 0F 66 55 96 7F @B.U..Kj....fU..
0260: 45 DD C5 D7 6D 1A 9D D9 26 A7 04 C1 A3 B8 59 48 E...m...&.....YH
0270: 9A CE D6 50 ED EC 48 7B 16 9D 9C EF 43 E2 E8 3E ...P..H.....C..>
0280: 5D 46 B7 A8 5B A1 D0 1A 71 2B 30 68 7F 2C 6F 31 ]F..[...q+0h.,o1
0290: A2 D9 A5 4E 16 09 3D 5E F1 F7 A1 29 6E E9 37 61 ...N..=^...)n.7a
02A0: 22 15 44 CE 34 CC AB 82 7D 1E 53 41 6E 52 9E A0 ".D.4.....SAnR..
02B0: 0B D3 50 32 70 5A 42 F5 FC F1 67 D3 3B A4 93 10 ..P2pZB...g.;...
02C0: 34 FB C0 F8 70 2D 90 2B 97 4C E5 0B 15 FA F0 45 4...p-.+.L.....E
02D0: 3E B6 52 06 7D E0 9E E1 09 CD 42 33 0F 80 71 DA >.R.......B3..q.
02E0: D5 44 19 60 81 C0 B9 32 7B 4A 78 67 7E 1F 65 33 .D.`...2.Jxg..e3
02F0: 60 B2 B2 4D EF 19 87 B8 AD FE D2 5E 76 63 9E 73 `..M.......^vc.s
0300: 66 B0 B2 41 AD 1D E8 E0 3F 99 DC D0 D2 C7 75 7A f..A....?.....uz
0310: 74 6E 9E 83 0B BF 8F 91 37 A0 E3 62 F9 E0 69 9C tn......7..b..i.
0320: FE 95 9C B4 13 67 A5 32 C0 5A 97 5C B5 7F 36 9E .....g.2.Z.\..6.
0330: 83 F3 E2 82 BD F8 F7 68 0F 75 EE 48 9F B4 C5 E2 .......h.u.H....
0340: EA 91 59 2C 96 70 DE F9 43 F7 B0 8F C9 C4 8E 24 ..Y,.p..C......$
0350: CE AD 73 40 0F 38 70 CE 4A 45 01 93 2E FB D1 BF ..s@.8p.JE......
0360: 1A 4E 65 66 FE E7 67 26 70 B6 A0 B4 97 67 2F 91 .Nef..g&p....g/.
0370: 27 6D CF 9A 32 BA E9 C4 CB 1C 13 67 D3 18 40 89 'm..2......g..@.
0380: CF C5 E4 A4 86 A1 5F E7 C3 85 7A 4E 3B 57 AD 95 ......_...zN;W..
0390: FB B0 73 8D 91 19 26 3B BD C2 CD EF 39 51 9E C6 ..s...&;....9Q..
03A0: 14 73 0A 6F 5C 73 70 0B 73 04 A3 CF D2 34 AC 3A .s.o\sp.s....4.:
03B0: 43 06 8F AF F5 37 B9 1A 33 A9 D0 CF EF 14 60 29 C....7..3.....`)
03C0: 12 71 92 74 25 D9 3C B3 C6 5D B7 10 96 13 0D FA .q.t%.<..]......
03D0: 31 42 13 AC B2 ED 50 03 CF E8 6B 28 5F 88 F7 57 1B....P...k(_..W
03E0: 1E CC 47 B8 EB EC B9 E0 BA FF 09 24 F7 A1 03 43 ..G........$...C
03F0: 2A C8 75 14 C4 B6 31 A2 2C 3F 5A D3 FC E6 09 87 *.u...1.,?Z.....
0400: 55 AC DF 06 B7 72 EF 3C A6 2B 20 9E 06 F7 B6 53 U....r.<.+ ....S
0410: 0E 8B F1 C3 4F 38 72 15 BC 27 14 06 27 79 AF AA ....O8r..'..'y..
0420: 3C FA 47 B4 2C 00 05 0B 30 82 05 07 30 82 02 EF <.G.,...0...0...
0430: A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 48 86 ........0...*.H.
0440: F7 0D 01 01 0B 05 00 30 1E 31 1C 30 1A 06 03 55 .......0.1.0...U
0450: 04 03 0C 13 6D 33 5F 65 78 74 65 72 6E 61 6C 5F ....m3_external_
0460: 63 61 5F 74 65 73 74 30 1E 17 0D 31 38 30 36 31 ca_test0...18061
0470: 31 32 30 32 37 30 32 5A 17 0D 32 38 30 36 30 38 1202702Z..280608
0480: 32 30 32 37 30 32 5A 30 1E 31 1C 30 1A 06 03 55 202702Z0.1.0...U
0490: 04 03 0C 13 6D 33 5F 65 78 74 65 72 6E 61 6C 5F ....m3_external_
04A0: 63 61 5F 74 65 73 74 30 82 02 22 30 0D 06 09 2A ca_test0.."0...*
04B0: 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 .H.............0
04C0: 82 02 0A 02 82 02 01 00 88 91 97 01 35 BB 35 3D ............5.5=
04D0: 2C 06 7D 2A 6D 8A 36 26 65 18 08 8D 46 EB B1 0E ,..*m.6&e...F...
04E0: 92 09 53 79 CF 63 36 57 CA 67 B8 B5 60 1C FF D6 ..Sy.c6W.g..`...
04F0: C3 E8 9D 27 9B 04 DF 7F B5 D2 A3 67 43 C9 85 2B ...'.......gC..+
0500: 60 CB 94 5C D6 EF 19 75 FA 32 53 A3 C4 FF 4A 5E `..\...u.2S...J^
0510: 6E 99 50 97 5E 5C 57 0A C2 68 A5 16 0C 06 09 40 n.P.^\W..h.....@
0520: 8B 20 3F 3B CB C2 B8 09 FE D4 3D 5B 49 DA EB 7E . ?;......=[I...
0530: A0 2E 65 41 0A BD 89 13 F9 63 49 C7 AE 2B 07 1C ..eA.....cI..+..
0540: 59 85 22 09 7C 9D 31 9B 6E FB 33 6E 4A CF 45 03 Y."...1.n.3nJ.E.
0550: 55 A8 6F 6F AC 3A 4A 3B 00 95 C1 65 B5 56 6F 6F U.oo.:J;...e.Voo
0560: F5 9E 23 6C 8A 0D 14 DA 36 18 C3 7D 6F 88 4A B7 ..#l....6...o.J.
0570: 99 79 81 9C F0 F3 97 AB 32 24 95 AC FF BA 75 3F .y......2$....u?
0580: 47 75 22 91 3E 23 20 D8 DF F6 BF F2 F4 B9 E0 AB Gu".># .........
0590: E9 84 51 90 4F 96 48 21 DC BE 74 50 7B 78 4E 77 ..Q.O.H!..tP.xNw
05A0: 4C 45 9B 8C 7B 05 B9 C4 76 0D 40 2C CD 59 3B 65 LE......v.@,.Y;e
05B0: BE FD DB BF 88 D3 02 0A E3 AA 5E ED 1E 03 00 74 ..........^....t
05C0: 98 B4 7C B7 D8 DE C6 0D 38 7B A7 98 C6 02 7C FF ........8.......
05D0: 91 BD DC E2 F0 25 1F 62 58 E3 80 7F AE 8C 9B 97 .....%.bX.......
05E0: 40 97 C0 2D 6E 02 14 4D B9 B2 EC 47 01 D2 48 56 @..-n..M...G..HV
05F0: 94 38 E3 4D 75 B3 7B 96 11 AC E3 EF EC DF D1 4F .8.Mu..........O
0600: 84 28 0C 67 5F C0 D8 A8 68 B2 BE 8A D3 63 AD 2D .(.g_...h....c.-
0610: A9 0A 62 4B 73 E4 EC CE 3C FD 8D 3F 5C 18 00 CD ..bKs...<..?\...
0620: A2 66 F5 3F 75 AC ED 31 20 F0 6A C6 5B 88 D2 33 .f.?u..1 .j.[..3
0630: 7B 73 CD 69 CC E3 4B 1D 9C 3B 83 5A 3E 95 7C 19 .s.i..K..;.Z>...
0640: 46 EE 34 0B 73 7E 7E F7 1F 32 DC F4 08 E7 51 3B F.4.s....2....Q;
0650: 40 B3 F2 35 26 06 8E E5 57 D0 8E 25 F8 A3 B2 9C @..5&...W..%....
0660: 4A 57 4A 88 D1 B1 50 1C F1 A1 E4 19 C8 FF 6E 22 JWJ...P.......n"
0670: D9 BC 63 D0 8F 32 6E 02 0A 5A 6F 2B D8 68 40 A3 ..c..2n..Zo+.h@.
0680: B6 65 2A 7A 42 D6 03 39 46 BE 8E 2E 58 E8 D8 7B .e*zB..9F...X...
0690: A2 FF 9E BD A4 B7 3A 4C E1 C2 11 35 A8 E0 C8 07 ......:L...5....
06A0: 21 DE 34 7D A7 72 5D 6D A3 7F B5 F7 E3 61 8E 09 !.4..r]m.....a..
06B0: D9 03 E1 AB 17 CE 8F 83 2F 22 F0 3B F4 93 EA 43 ......../".;...C
06C0: A6 C9 10 72 9E 32 CB E3 02 03 01 00 01 A3 50 30 ...r.2........P0
06D0: 4E 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 N0...U....0....0
06E0: 1D 06 03 55 1D 0E 04 16 04 14 5F 7F 19 08 87 CD ...U......_.....
06F0: CC DD 56 B8 E4 C5 F4 6D B3 8E 18 E6 E3 83 30 1F ..V....m......0.
0700: 06 03 55 1D 23 04 18 30 16 80 14 5F 7F 19 08 87 ..U.#..0..._....
0710: CD CC DD 56 B8 E4 C5 F4 6D B3 8E 18 E6 E3 83 30 ...V....m......0
0720: 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 ...*.H..........
0730: 02 01 00 2B A6 71 B1 E3 8A AF 97 CF 02 55 D6 EC ...+.q.......U..
0740: 02 CE 56 69 27 B5 34 51 33 19 74 18 DF F4 1C A2 ..Vi'.4Q3.t.....
0750: 63 7A DB B6 0B 3A 00 1F 64 13 DA B6 73 5F BC BD cz...:..d...s_..
0760: 69 BA 08 7B 7E 15 CE A5 8F 85 0F 35 EF CE 46 A5 i..........5..F.
0770: 46 77 B0 CB 86 22 4C CA EA F1 28 B8 94 E6 B3 6C Fw..."L...(....l
0780: 42 61 36 66 34 6C FD 87 4E 2E BA EA 33 5D 14 DD Ba6f4l..N...3]..
0790: 84 1F 4B 89 EF 1B AE D9 F3 38 3E DF 8A 73 00 C5 ..K......8>..s..
07A0: 12 86 D2 95 00 BC 5D FC EB AA F2 8D 24 6C D5 70 ......].....$l.p
07B0: 0E 86 B0 A7 CC EE 29 8D 6F BB B6 20 CA 78 5E 5C ......).o.. .x^\
07C0: 2E 8A 64 32 AA E1 DF 1F 8A E3 F3 BE 73 35 70 B8 ..d2........s5p.
07D0: 75 E0 77 BB 9C 9A 6D C8 2D 5F 65 23 DD E3 F7 64 u.w...m.-_e#...d
07E0: 89 F4 C4 D3 60 2B 24 F1 C2 C5 DF 88 01 90 F5 68 ....`+$........h
07F0: 67 9D 4B 47 C7 5F 9F 9B 2F E6 71 3F AE F3 A5 72 g.KG._../.q?...r
0800: 78 8D 73 8B 77 0D 21 C3 A4 B0 D3 B2 F3 02 68 AC x.s.w.!.......h.
0810: 66 31 83 85 3B 98 0F F7 8B 5C 33 4B 06 4E 08 43 f1..;....\3K.N.C
0820: 58 CF 74 1B 0A B9 F4 BF 5D 71 D9 18 30 AF 66 B7 X.t.....]q..0.f.
0830: D8 8A 43 0F 0C 6A 12 D2 8A 0E 0D 87 15 77 70 D0 ..C..j.......wp.
0840: AC D6 89 11 43 27 56 5B 02 E0 11 43 FF EF 1A DC ....C'V[...C....
0850: 62 F5 8E 0F E5 76 FD D9 13 03 40 47 C3 79 B0 B9 b....v....@G.y..
0860: 3B 7C EA 2F 94 93 CD 35 D3 D4 35 7E 5C 5B 01 41 ;../...5..5.\[.A
0870: BB 59 8F 85 A4 04 61 09 C8 13 4A 54 FB 66 CE 2D .Y....a...JT.f.-
0880: 2C 55 F7 E6 58 EF 06 30 1D 49 78 FE 89 DB 01 12 ,U..X..0.Ix.....
0890: 40 CA EA 9A 5B 02 98 21 83 92 09 09 9A 33 4C C7 @...[..!.....3L.
08A0: FC 83 9A 74 FB 79 0E CD 4C 09 66 0F B5 3E D5 BB ...t.y..L.f..>..
08B0: E5 6B 6D E4 9D EC 13 F8 5E D3 5A 88 1E 41 82 55 .km.....^.Z..A.U
08C0: F2 EC 54 1D 86 22 3F D8 7A CF 37 63 9F 96 D2 29 ..T.."?.z.7c...)
08D0: 97 86 CD 15 02 4D EF 9A 24 3E 42 FC 8D C7 32 3F .....M..$>B...2?
08E0: 0B 8A 0B 7D AC F4 8A A5 25 86 7C C2 76 EC 36 10 ........%...v.6.
08F0: A5 0B 65 F4 4C 8B 25 2A CE EF 44 8A E8 7D 26 CD ..e.L.%*..D...&.
0900: 45 01 4C 4A 21 D0 FF 87 4F 6E E9 72 3A AE E5 80 E.LJ!...On.r:...
0910: 3F B3 67 87 AE BE D5 BA 44 21 21 82 CF 71 AF 1E ?.g.....D!!..q..
0920: AD B3 CF A7 A2 7E 47 F7 A5 E1 4D 8B F3 3B FB 2B ......G...M..;.+
0930: 3A 54 94 :T.
main, READ: TLSv1.2 Handshake, length = 2355
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=ecw-test.mtn.co.ug, C=UG
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 18760166742336210646007664495745031327190029464821669470306527829763575346528631782132547941171360849683772583992605930917301481441101416645698614632353739542027025964353638587080188542222265595135606550050263251566024846748496906202147541040537923796925027183659957438551757027649843448864636566620125718160161036066401938675839562124067154220020711797081648913760388845438273214664283001626409771418011670171258850910841909886694279369529607357694509457161786296272001851016465260784571102998268482752579716916942479394342018541725225860288291413277309136676355212252408510983833354048707941547165862153808461166829
public exponent: 65537
Validity: [From: Tue Jun 12 13:21:39 IST 2018,
To: Thu Jun 11 13:21:39 IST 2020]
Issuer: CN=m3_external_ca_test
SerialNumber: [ -2afddf7d 2f077bc9]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5F 7F 19 08 87 CD CC DD 56 B8 E4 C5 F4 6D B3 8E _.......V....m..
0010: 18 E6 E3 83 ....
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 DE 5D 71 F6 5C F7 0C 36 49 0F 0D 42 B7 32 DE ..]q.\..6I..B.2.
0010: 98 6C 74 BF .lt.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 48 E7 EC 53 40 38 F2 CA 62 39 A1 5B B5 21 3E 67 H..S@8..b9.[.!>g
0010: F6 0E 7F 28 1A 71 21 A1 4B 24 4F 68 39 4D E5 48 ...(.q!.K$Oh9M.H
0020: 4B 76 2A 78 B0 4C 66 C3 93 37 10 40 42 A7 55 15 Kv*x.Lf..7.@B.U.
0030: A6 4B 6A 0A A0 F4 0F 66 55 96 7F 45 DD C5 D7 6D .Kj....fU..E...m
0040: 1A 9D D9 26 A7 04 C1 A3 B8 59 48 9A CE D6 50 ED ...&.....YH...P.
0050: EC 48 7B 16 9D 9C EF 43 E2 E8 3E 5D 46 B7 A8 5B .H.....C..>]F..[
0060: A1 D0 1A 71 2B 30 68 7F 2C 6F 31 A2 D9 A5 4E 16 ...q+0h.,o1...N.
0070: 09 3D 5E F1 F7 A1 29 6E E9 37 61 22 15 44 CE 34 .=^...)n.7a".D.4
0080: CC AB 82 7D 1E 53 41 6E 52 9E A0 0B D3 50 32 70 .....SAnR....P2p
0090: 5A 42 F5 FC F1 67 D3 3B A4 93 10 34 FB C0 F8 70 ZB...g.;...4...p
00A0: 2D 90 2B 97 4C E5 0B 15 FA F0 45 3E B6 52 06 7D -.+.L.....E>.R..
00B0: E0 9E E1 09 CD 42 33 0F 80 71 DA D5 44 19 60 81 .....B3..q..D.`.
00C0: C0 B9 32 7B 4A 78 67 7E 1F 65 33 60 B2 B2 4D EF ..2.Jxg..e3`..M.
00D0: 19 87 B8 AD FE D2 5E 76 63 9E 73 66 B0 B2 41 AD ......^vc.sf..A.
00E0: 1D E8 E0 3F 99 DC D0 D2 C7 75 7A 74 6E 9E 83 0B ...?.....uztn...
00F0: BF 8F 91 37 A0 E3 62 F9 E0 69 9C FE 95 9C B4 13 ...7..b..i......
0100: 67 A5 32 C0 5A 97 5C B5 7F 36 9E 83 F3 E2 82 BD g.2.Z.\..6......
0110: F8 F7 68 0F 75 EE 48 9F B4 C5 E2 EA 91 59 2C 96 ..h.u.H......Y,.
0120: 70 DE F9 43 F7 B0 8F C9 C4 8E 24 CE AD 73 40 0F p..C......$..s@.
0130: 38 70 CE 4A 45 01 93 2E FB D1 BF 1A 4E 65 66 FE 8p.JE.......Nef.
0140: E7 67 26 70 B6 A0 B4 97 67 2F 91 27 6D CF 9A 32 .g&p....g/.'m..2
0150: BA E9 C4 CB 1C 13 67 D3 18 40 89 CF C5 E4 A4 86 ......g..@......
0160: A1 5F E7 C3 85 7A 4E 3B 57 AD 95 FB B0 73 8D 91 ._...zN;W....s..
0170: 19 26 3B BD C2 CD EF 39 51 9E C6 14 73 0A 6F 5C .&;....9Q...s.o\
0180: 73 70 0B 73 04 A3 CF D2 34 AC 3A 43 06 8F AF F5 sp.s....4.:C....
0190: 37 B9 1A 33 A9 D0 CF EF 14 60 29 12 71 92 74 25 7..3.....`).q.t%
01A0: D9 3C B3 C6 5D B7 10 96 13 0D FA 31 42 13 AC B2 .<..]......1B...
01B0: ED 50 03 CF E8 6B 28 5F 88 F7 57 1E CC 47 B8 EB .P...k(_..W..G..
01C0: EC B9 E0 BA FF 09 24 F7 A1 03 43 2A C8 75 14 C4 ......$...C*.u..
01D0: B6 31 A2 2C 3F 5A D3 FC E6 09 87 55 AC DF 06 B7 .1.,?Z.....U....
01E0: 72 EF 3C A6 2B 20 9E 06 F7 B6 53 0E 8B F1 C3 4F r.<.+ ....S....O
01F0: 38 72 15 BC 27 14 06 27 79 AF AA 3C FA 47 B4 2C 8r..'..'y..<.G.,
]
chain [1] = [
[
Version: V3
Subject: CN=m3_external_ca_test
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 4096 bits
modulus: 557151729257513438839644150388994050633257463150916756666288129639829273703829321229726135597409651267923163753540191812166215491681418750095800124039177047610921338095584777847693211532173924379229429356988539203692954447396372998918466327209925104754132112452040117309037337899793627958986425102119033235946821927766586736238366399909058576730416643277317107012215518939823367870794050831329502931200465236622573918783105404625612091949806908192432139109240293637102989990682880462249168023520927635743443446087921283697496893345488202662761882381308627361840750432546788878561709613460624082025467787953553336217008221683384807014080736684293664958483129172471210065490491426284163056269241358166314722428304811418521683643082368229159063698592514583819017847444753883136339509772465286214624964332968123898190861074330815047931167787772472284663941700641329596402280513951974416355486973105161800167081754916542965323709213497146993492567648900054926942904129100128883337830188142220064431633066248767423041608386155063786967752130358976047264442038254969571760619157207175872513536937111013216384389085422556190661912889530860668679008606571201626257041618168321149461375656917730604989009634813014849328401907226383781886872547
public exponent: 65537
Validity: [From: Tue Jun 12 01:57:02 IST 2018,
To: Fri Jun 09 01:57:02 IST 2028]
Issuer: CN=m3_external_ca_test
SerialNumber: [ 01]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5F 7F 19 08 87 CD CC DD 56 B8 E4 C5 F4 6D B3 8E _.......V....m..
0010: 18 E6 E3 83 ....
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 5F 7F 19 08 87 CD CC DD 56 B8 E4 C5 F4 6D B3 8E _.......V....m..
0010: 18 E6 E3 83 ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=ecw-test.mtn.co.ug, C=UG
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 18760166742336210646007664495745031327190029464821669470306527829763575346528631782132547941171360849683772583992605930917301481441101416645698614632353739542027025964353638587080188542222265595135606550050263251566024846748496906202147541040537923796925027183659957438551757027649843448864636566620125718160161036066401938675839562124067154220020711797081648913760388845438273214664283001626409771418011670171258850910841909886694279369529607357694509457161786296272001851016465260784571102998268482752579716916942479394342018541725225860288291413277309136676355212252408510983833354048707941547165862153808461166829
public exponent: 65537
Validity: [From: Tue Jun 12 13:21:39 IST 2018,
To: Thu Jun 11 13:21:39 IST 2020]
Issuer: CN=m3_external_ca_test
SerialNumber: [ -2afddf7d 2f077bc9]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5F 7F 19 08 87 CD CC DD 56 B8 E4 C5 F4 6D B3 8E _.......V....m..
0010: 18 E6 E3 83 ....
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 07 DE 5D 71 F6 5C F7 0C 36 49 0F 0D 42 B7 32 DE ..]q.\..6I..B.2.
0010: 98 6C 74 BF .lt.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
main, READ: TLSv1.2 Handshake, length = 333
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: 22767616842921672428296979524517536574453051884265921346618822148174980533140
public y coord: 91036568456536708035496750224567632902507611421192548364369040295164559077412
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
main, READ: TLSv1.2 Handshake, length = 70
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<CN=m3_external_ca_test>
[read] MD5 and SHA1 hashes: len = 70
0000: 0E 00 00 00 ....
main, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ECDHClientKeyExchange
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
main, called close()
main, called closeInternal(true)
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.common.Utils.sendPostRequest(Utils.java:122)
at com.common.Utils.execute(Utils.java:77)
at com.common.Utils.main(Utils.java:158)
3 answers
solution1
1 2019-10-11 07:00:57
We normally use TrustStore to trust the 3rd party Server communication. In client and server communication over HTTPS protocol, the latter always lookup its keystore and present the public key and certificate to the prior. After that, the client looks up the associated certificate in the truststore . If the certificate or the Certificate Authorities shared by the calling server is not present in the client-side trust store( By default, Java always bundles a truststore as cacerts and keeps it's in $JAVA_HOME/jre/lib/security path ) then SSLHandshakeException will occur. To resolve the problem you have to add the trust store.
Default trusted Certificate Authorities can be listed using the command
keytool -list -keystore cacerts
you can add the trust store using the following command:
keytool -import -trustcacerts -alias certAlias -file certFile -keystore trustStoreFile
by default the trustStoreFile location is $JAVA_HOME/jre/lib/security/cacerts. you can refer here .
solution2
0 2019-10-11 06:38:20
you should try to build client like this
// Creating SSLContextBuilder object
SSLContextBuilder SSLBuilder = SSLContexts.custom();
// Loading the Keystore file
File file = new File("mykeystore.jks");
SSLBuilder = SSLBuilder.loadTrustMaterial(file, "changeit".toCharArray());
// Building the SSLContext usiong the build() method
SSLContext sslcontext = SSLBuilder.build();
// Creating SSLConnectionSocketFactory object
SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslcontext,
new NoopHostnameVerifier());
// Creating HttpClientBuilder
HttpClientBuilder clientbuilder = HttpClients.custom();
// Setting the SSLConnectionSocketFactory
clientbuilder = clientbuilder.setSSLSocketFactory(sslConSocFactory);
// Building the CloseableHttpClient
CloseableHttpClient httpclient = clientbuilder.build();
solution3
0 2019-10-11 10:09:29
TLDR: your client is not SENDING a client certificate as the server (definitely) requested, and apparently requires.
Note nothing is wrong with your truststore and changing your truststore or trustmanager is entirely irrelevant and useless. People who believe that all SSL/TLS problems are lack of validating (trusting) the server cert are like people who think that if the engine has been removed from your car it will still run great if you just put some gas (or petrol/essence/etc depending on country) in the tank.
From your debuglog:
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<CN=m3_external_ca_test>
Server requested a client certificate, aka client auth(entication) aka 2-way or mutual authentication.
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
...
*** ECDHClientKeyExchange
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
You didn't supply one (and the related signature to prove possession). Server aborts handshake, which in general can be for many reasons but the only likely one at this point is because you didn't supply the requested cert (and signature).
Go back near the top:
keyStore is : /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/jssecacerts
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
Notice this section does NOT say something like this, as it would for a usable client cert:
found key for : <alias>
chain [0] = [ <usually dozens of lines of data> ]
<usually chain[1], maybe chain[2] and more depending>
There are two quite different kinds of certificates: a cert that identifies you (or your device etc) and you want others to trust, for which you must have the privatekey , and a cert that identifies someone else which you trust, for which you should never have the privatekey. For client auth you need the first kind, and you don't have it. (Added note: In general for your own cert you also need one or sometimes more 'chain' or 'intermediate' cert(s), but in this case the debuglog makes clear you are using a dummy/test CA that doesn't use chain cert(s).)
Either you or somebody else prepared your jssecacerts wrong, or else it's the wrong file to use, since it is intended to contain certs for others , namely CAs, that you trust, which Java calls a truststore (although it's still in keystore format ), and not certs for yourself, which is a true keystore. The third cert listed as trusted, with EMAILADDRESS=rchhabra@xpwallet.com , looks like it was likely intended to be a client cert, but since you don't have the privatekey it can't be used as such. Either fix that file, or if you have the client cert WITH KEY in a different file, which would be a good and commonly used approach, use that different file instead.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Why am I getting handshake_failure with Java SSL cert?
I am getting the error handshake_failure when using jersey client to call api with HTTPS. I have turned off the server certificate validity check
Got handshake_failure using java/netty, but succeeded with curl for the same https url
jsse handshake_failure on public https web site
Tomcat handshake_failure when https call from the tomcat server
Trust Websocket SSL - Getting fatal alert: handshake_failure
HANDSHAKE_FAILURE alert received
handshake_failure in Jmeter4
Java SSL handshake_failure
Why do I get a handshake_failure error when I try to get more than 1 Document in my class using Jsoup?
Related Tags