Try adding the following Java property setting when launching your java client in order to see SSL Handshake related debug information:
-Djavax.net.debug=ssl:handshake Or to see all ssl related debug output: -Djavax.net.debug=ssl On Thu, Aug 25, 2016 at 4:24 PM, Nguyen, Kyle <kyle.ngu...@philips.com> wrote: > Hi all, > > > > I was trying to implement client certificate based authentication > following http://docs.basho.com/riak/kv/2.1.4/using/security/basics/ but > kept getting the following SSL Handshake exception. I believe I have the > client keystore, truststore and riak server cert/key setup properly. Both > client cert and riak server cert are signed with the same CA. Any advice > and suggestions will be greatly appreciated! > > > > 2016-08-25 12:53:24 DEBUG InternalLoggerFactory:71 - Using SLF4J as the > default logging framework > > 2016-08-25 12:53:24 DEBUG MultithreadEventLoopGroup:76 - > -Dio.netty.eventLoopThreads: 16 > > 2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Buffer.address: > available > > 2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - > sun.misc.Unsafe.theUnsafe: available > > 2016-08-25 12:53:24 DEBUG PlatformDependent0:71 - > sun.misc.Unsafe.copyMemory: available > > 2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Bits.unaligned: > true > > 2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Platform: Windows > > 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - Java version: 8 > > 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noUnsafe: false > > 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - sun.misc.Unsafe: available > > 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noJavassist: > false > > 2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Javassist: unavailable > > 2016-08-25 12:53:24 DEBUG PlatformDependent:71 - You don't have Javassist > in your class path or you don't have enough permission to load dynamically > generated classes. Please check the configuration for better performance. > > 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.tmpdir: > C:\apache-tomcat-7.0.54\temp (java.io.tmpdir) > > 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.bitMode: 64 > (sun.arch.data.model) > > 2016-08-25 12:53:24 DEBUG PlatformDependent:76 - > -Dio.netty.noPreferDirect: false > > 2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.noKeySetOptimization: > false > > 2016-08-25 12:53:24 DEBUG NioEventLoop:76 - > -Dio.netty.selectorAutoRebuildThreshold: > 512 > > 2016-08-25 12:53:24 INFO RiakJKSConnection:73 - initializeRiak Cluster is > OK > > 2016-08-25 12:53:24 DEBUG ThreadLocalRandom:71 - > -Dio.netty.initialSeedUniquifier: > 0xac658e47a52a7794 (took 3 ms) > > 2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.allocator.type: > unpooled > > 2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - > -Dio.netty.threadLocalDirectBufferSize: > 65536 > > 2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - > -Dio.netty.maxThreadLocalCharBufferSize: > 16384 > > 2016-08-25 12:53:24 DEBUG RiakNode:762 - Using TLSv1.2 > > 2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:166 - Handler Added > > 2016-08-25 12:53:24 DEBUG RiakNode:777 - Waiting on SSL Promise > > 2016-08-25 12:53:24 DEBUG AbstractByteBuf:81 - > -Dio.netty.buffer.bytebuf.checkAccessible: > true > > 2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 - > -Dio.netty.leakDetection.level: simple > > 2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 - > -Dio.netty.leakDetection.maxRecords: 4 > > 2016-08-25 12:53:24 DEBUG Recycler:76 - > -Dio.netty.recycler.maxCapacity.default: > 262144 > > 2016-08-25 12:53:24 DEBUG Cleaner0:76 - java.nio.ByteBuffer.cleaner(): > available > > 2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:69 - RiakSecurityDecoder > decode > > 2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:93 - Received > MSG_RpbStartTls reply > > 2016-08-25 12:53:24 ERROR RiakSecurityDecoder:230 - SSL Handshake failed: > > java.nio.channels.ClosedChannelException > > 2016-08-25 12:53:24 ERROR RiakNode:787 - Failure during Auth; > 127.0.0.1:8087 java.nio.channels.ClosedChannelException > > 2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:181 - Channel Inactive > > > > RiakNode builder setup: > > > > *public* *static* RiakCluster getRiakCluster(String riakUserName, String > userPassword, String storePath, String storePasswd, String keyPasswd) > *throws* UnknownHostException{ > > > > KeyStore keyStore = *loadKeystore*(storePath,storePasswd); > > //riak with one node > > RiakNode.Builder builder = *new* RiakNode.Builder(). > withRemoteAddress("127.0.0.1").withRemotePort(8087); > > builder.withAuth(riakUserName, userPassword, *trustStore*, keyStore, > keyPasswd); > > builder.withConnectionTimeout(30000); > > RiakCluster cluster = *cluster = new > RiakCluster.Builder(builder.build()).build();* > > * cluster.start();* > > *return* cluster; > > > > > > } > > > > Thanks > > > > -Kyle- > > ------------------------------ > The information contained in this message may be confidential and legally > protected under applicable law. The message is intended solely for the > addressee(s). If you are not the intended recipient, you are hereby > notified that any use, forwarding, dissemination, or reproduction of this > message is strictly prohibited and may be unlawful. If you are not the > intended recipient, please contact the sender by return e-mail and destroy > all copies of the original message. > > _______________________________________________ > riak-users mailing list > riak-users@lists.basho.com > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > >
_______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
