Problem with clientAuth SSL connection

David Sills Tue, 12 Jan 2016 04:43:35 -0800

All:

I'm trying to set up clientAuth SSL connection between a batch process and 
Tomcat (7.0.55, Java 8 64-bit server). One-way SSL works wonderfully. I set up 
a server certificate (self-signed) and used this configuration in Tomcat 
(server.xml):


    <Connector port="${https.port}" 
protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https"
               secure="true" sslProtocol="TLS"
               keystoreFile="conf/dsikeystore.jks"
               keystorePass="keystorePassword"
               clientAuth="false"
    />

In the client, I used

java -cp ws-client.jar -Djavax.net.ssl.trustStore=clientkeystore2.jks 
-Djavax.net.ssl.trustStorePassword=changeme 
com.datasourceinc.abis.ws.pds.ServiceClient

It seemed to me pretty straightforward that to set up client authentication, I 
would need to


1.       Generate another (self-signed) certificate

2.       Export that certificate to a *.crt file

3.       Create another keystore on the server

4.       Import the certificate from #2

5.       Mark that in the configuration as the trust store

So,

    <Connector port="${https.port}" 
protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https"
               secure="true" sslProtocol="TLS"
               keystoreFile="conf/dsikeystore.jks"
               keystorePass="keystorePassword"
               clientAuth="true"
               truststoreFile="conf/clienttrustkeystore.jks"
               truststorePass="changeme"
    />

And change the client (which has the original self-signed certificate) thus

java -cp ws-client.jar -Djavax.net.ssl.keyStore=clientkeystore.jks 
-Djavax.net.ssl.keyStorePassword=changeme 
-Djavax.net.ssl.trustStore=clientkeystore2.jks 
-Djavax.net.ssl.trustStorePassword=changeme 
com.datasourceinc.abis.ws.pds.ServiceClient

All keystores have been verified.

I have to have done something wrong or missed a step, because I keep butting up 
against this error, even after having tried all the fixes I read online, 
including restarting my (Windows 7) machine and of course restarting the server:

java.net.SocketException: Software caused connection abort: recv failed
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.read(Unknown Source)
        at java.net.SocketInputStream.read(Unknown Source)
        at sun.security.ssl.InputRecord.readFully(Unknown Source)
        at sun.security.ssl.InputRecord.read(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.waitForClose(Unknown Source)
        at sun.security.ssl.HandshakeOutStream.flush(Unknown Source)
        at sun.security.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
        at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown 
Source)
        at sun.security.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown 
Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at 
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
        at 
org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
        at 
org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)

        at 
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
        at org.apache.axis.client.Call.invoke(Call.java:2767)
        at org.apache.axis.client.Call.invoke(Call.java:2443)
        at org.apache.axis.client.Call.invoke(Call.java:2366)
        at org.apache.axis.client.Call.invoke(Call.java:1812)
        at 
com.datasourceinc.abis.ws.pds.server.generated.IRS_PDS_ABIS_ServiceSOAP12BindingStub.update(IRS_PDS_ABIS_ServiceSOAP12BindingStub.java:164)
        at 
com.datasourceinc.abis.ws.pds.PdsServiceClient.main(PdsServiceClient.java:47)

        {http://xml.apache.org/axis/}hostname:DSI-DEV03

java.net.SocketException: Software caused connection abort: recv failed
        at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)

        at 
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
        at org.apache.axis.client.Call.invoke(Call.java:2767)
        at org.apache.axis.client.Call.invoke(Call.java:2443)
        at org.apache.axis.client.Call.invoke(Call.java:2366)
        at org.apache.axis.client.Call.invoke(Call.java:1812)
        at 
com.datasourceinc.abis.ws.pds.server.generated.IRS_PDS_ABIS_ServiceSOAP12BindingStub.update(IRS_PDS_ABIS_ServiceSOAP12BindingStub.java:164)
        at 
com.datasourceinc.abis.ws.pds.PdsServiceClient.main(PdsServiceClient.java:47)
Caused by: java.net.SocketException: Software caused connection abort: recv 
failed
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.read(Unknown Source)
        at java.net.SocketInputStream.read(Unknown Source)
        at sun.security.ssl.InputRecord.readFully(Unknown Source)
        at sun.security.ssl.InputRecord.read(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.waitForClose(Unknown Source)
        at sun.security.ssl.HandshakeOutStream.flush(Unknown Source)
        at sun.security.ssl.Handshaker.sendChangeCipherSpec(Unknown Source)
        at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(Unknown 
Source)
        at sun.security.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown 
Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at 
org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
        at 
org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
        at 
org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)

        ... 11 more

Does anyone have any ideas that might help?

Thanks!

David Sills

Problem with clientAuth SSL connection

Reply via email to