NetTalk Central

« previous next »
Pages: [1]

Author Topic: fatal alert: handshake_failure with webservice  (Read 2280 times)

joep

  • Newbie
  • *
  • Posts: 48
    • View Profile
    • Email
fatal alert: handshake_failure with webservice
« on: May 28, 2020, 06:14:07 AM »
I have a webservice which works perfect insecure.
Lately they asked me to make the webservice Secure.

So I got an signed certificate which I use on a local area network.
I can address the webservice by   "https://swa843t.ka.haagnet.net:443/Xml2Aag"
Secure port : 443
Certificate folder : c:\temp\certificates
Ca Account : swa843t.ka.haagnet.net
Domains : swa843t.ka.haagnet.net

But I keep getting errors:
ERROR:Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
ERROR:An error occurred [Received fatal alert: handshake_failure], see error log for details
INFO:Error getting response for [https://swa843t.ka.haagnet.net:443.Xml2aag:DenHaag_XML2AAG]; javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

I have got the certificate in place:
swa843t.ka.haagnet.net.crt    and
swa843t.ka.haagnet.net.key 

These certificates where created from an exported windows certificate to an pfx file
And the crt and key where created with openssl

Anyone an Idea what could cause this?
Kind regards Joep


Logged

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11183
    • View Profile
Re: fatal alert: handshake_failure with webservice
« Reply #1 on: May 31, 2020, 12:08:46 AM »
Hi Joep,

is the web service online, or are you only running it on the LAN?
Can you access the site via a browser (on the LAN if it's on the lan?)

>> Anyone an Idea what could cause this?

look also in debugview as your program (server) starts to see what it tells you there about the certificates.

what are the names of the crt and key files?

cheers
Bruce
Logged

Jane

  • Sr. Member
  • ****
  • Posts: 350
  • Expert on nothing with opinions on everything.
    • View Profile
    • Email
Re: fatal alert: handshake_failure with webservice
« Reply #2 on: May 31, 2020, 09:12:20 AM »
One thing to check...

When you split the key and certificate from the PFX using OpenSSL, the default is for the private key file to be encrypted.  Which will not work with an NT webserver.

You need the extra step of creating a decrypted private key from the encrypted key file. 

This is an example of how to do that:
Openssl rsa –in MyDomainEncrypted.key –out MyDomain.key

Cheers,

Jane
Logged

joep

  • Newbie
  • *
  • Posts: 48
    • View Profile
    • Email
Re: fatal alert: handshake_failure with webservice
« Reply #3 on: June 02, 2020, 05:40:08 AM »
Hi Jane,

You are wonderful.
Your openssl solution with the key certificate works.
My reaction is a bit late, but my client's office was closed yesterday (day off in the Netherlands)
ps thank you too Bruce,but your suggestions wheren't necessary.

Regards Joep
Logged

Jane

  • Sr. Member
  • ****
  • Posts: 350
  • Expert on nothing with opinions on everything.
    • View Profile
    • Email
Re: fatal alert: handshake_failure with webservice
« Reply #4 on: June 02, 2020, 07:33:21 PM »
Glad you got it sorted!
Logged
Pages: [1]
« previous next »