javasoapsslexception

ssl handshake exception due to keystore file


I have a request where i need to write the content on db from application running in Server A to Same application running in another instance Server B.

DB read write are via SOAP API's

Both server do have their own client.truststore file.

From a stand alone Server C using Server A's client.trustsrore i am able to read write to Server A's DB And using Server B's client truststore am able to read write in to Server B's DB.

Since the requirement is to read from Server A and write into Server B. I introduced a new keystore file in both the servers and i set the system.properties properly (Both keystore location and password). and this keystore was copied properly in to both servers with permissions.

I created the certificate using private key and then created keystore file using keytool command.

Since keeping the keystore file in 2 server didn't work. It always complained unknown_certificate. I tried to import the certificate to cacerts under /$JAVA_HOME/lib/security/. But even this gives unknow certificate with handshake exception.

Is there anything else i want to do which i am missing?

Regards
Dheeraj Joshi


Solution

  • A certificate for an application server must match the hostname of that server. It could be the problem here since you have two different servers with two different hostnames.

    You should enter the valid hostname while in the certificate generating process when you're asked to provide your first and last name:

    What is your first and last name?
    [Unknown]:  myserver.domain.com
    

    But in that case I'm not really sure what you could do to accomplish your task. Maybe you should have for your servers two different certificates with different corresponding hostnames. But these certificates should be signed by one parent certificate that's trusted by your databases. Something like that.