SSL HandShake exception

Question

I use SSL connection to connect web client to server. It works without any problem for a long time. But from yesterday it gives following error can anyone tell me the reason.

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1172)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
        at net.schubart.fixme.internal.MessageInput.readExactly(MessageInput.java:166)
        at net.schubart.fixme.internal.MessageInput.readMessage(MessageInput.java:78)
        at cc.aot.itsWeb.ClientWriterThread.run(ClientWriterThread.java:241)
        at java.lang.Thread.run(Thread.java:619)
clientWriter.ready
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1586)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:865)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:621)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
        at java.io.OutputStream.write(OutputStream.java:58)
        at net.schubart.fixme.internal.Message.write(Message.java:267)
        at net.schubart.fixme.internal.MessageOutput.writeMessage(MessageOutput.java:53)

Answer 1

The problem you're having is with the certificates. Here is a list of things you might need to be familiar with before working with a secure SSL program. There must be a truststore, keystore, and the certs have to be added. To add the key to your cacerts file, as in step 6, the computer might ask you for a password that you don't know. It is "changeit" mostt likely

1) To create a new keystore and self-signed certificate with corresponding public/private keys:

 keytool -genkeypair -alias "username" -keyalg RSA -validity 7 -keystore keystore

2) To Examine the keystore:

keytool -list -v -keystore keystore

3) Export and examine the self-signed certificate:

keytool -export -alias "username" -keystore keystore -rfc -file "username".cer

4) Import the certificate into a new truststore:

keytool -import -alias "username" -file "username".cer -keystore truststore

5) Examine the truststore:

keytool -list -v -keystore truststore

6) Add to keystore (this is what your looking for):

sudo keytool -import -file "username".cer -alias "username" -keystore "path-to-keystore"

On some systems this is found in

/usr/lib/jvm/<java version folder>/jre/lib/security/cacerts

and on other systems it is something like

/etc/ssl/certs/java/cacerts

Check out this project on Git-Hub if you need more clarification: https://github.com/rabbitfighter81/JSSLInfoCollectionServer And here is a shell script that helps with keys. https://github.com/rabbitfighter81/SSLKeytool