PHP SoapClient with self-signed cert in Java

Question

One of WS which we need to connect to has sample code in PHP. They are signed for us CSR ... so we have now PRIVATE KEY and CERTIFICATE for authentication.

They suggest to put both, PRIVATE KEY, and signed CERTIFICATE to one .pem file, and in PHP to have code like this one:

$client = new SoapClient('https://www.example.com/api/server.php?wsdl', array('local_cert' => "custom-pc.pem", "trace"=>1));
$result = $client->Login();

and that works fine.

But we are using Java, no PHP gurus here - so I imported both PRIVATE KEY and CERTIFICATE to cacerts (exported to PKCS12 and then merged keystore).

openssl pkcs12 -export -in signed.pem -inkey server.key -out signed.p12 -name custom -CAfile ca.crt -caname root
sudo keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /Library/Java/JavaVirtualMachines/jdk1.7.0_06.jdk/Contents/Home/jre/lib/security/cacerts -srckeystore signed.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias custom

But, no luck :(

All the time got exception:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1977)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1093)
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)

any idea what we did wrong?

Answer 1

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
This is usually encountered when the server is inaccesible. Perhaps firewall issue?
You could run your client with java -Djavax.net.debug=ssl or see the handshake via wireshark to get an idea where the problem is at