Topics In Demand
Notification
New

No notification found.

Blog
How to Debugging mutual-authentication SSL handshake?

September 29, 2018

1046

0

 

Hi Guys,

I am new to SSL. I have got a load balancer that is configured for mutual-authentication SSL. As far as I am aware, the load balancer has been configured with an Entrust certificate and has been installed with our own CA as a Trusted Root.

Client-side, I have got our CA installed as a trusted root and a signed certificate from the CA as a personal cert.

When I connect using Internet Explorer I get prompted to choose a certificate and the client certificate is there but once I select it the page fails.

Connecting with my Java app, with Entrust in my truststore and the client .p12 in my keystore I get SSL handshake failure.

Using OpenSSL I get the following:

openssl s_client -connect xxx.xxx.xxx:443 -state -nbio
Loading ‘screen’ into random state – done
CONNECTED(00000134)
turning on non blocking io
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write R BLOCK
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority – L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:error in SSLv3 read finished A
SSL_connect:error in SSLv3 read finished A
read R BLOCK
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
1688:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.ssls3_pkt.c:1053:SSL alert number 40
1688:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:.ssls3_pkt.c:838:

Can anyone help with where the problem lies? Is it on the client or server and with which certificate?

Thanks & Regards
Camillelola

 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


© Copyright nasscom. All Rights Reserved.