ssl handshake exception due to keystore file

Question

I have a request where i need to write the content on db from application running in Server A to Same application running in another instance Server B.

DB read write are via SOAP API's

Both server do have their own client.truststore file.

From a stand alone Server C using Server A's client.trustsrore i am able to read write to Server A's DB And using Server B's client truststore am able to read write in to Server B's DB.

Since the requirement is to read from Server A and write into Server B. I introduced a new keystore file in both the servers and i set the system.properties properly (Both keystore location and password). and this keystore was copied properly in to both servers with permissions.

I created the certificate using private key and then created keystore file using keytool command.

Since keeping the keystore file in 2 server didn't work. It always complained unknown_certificate. I tried to import the certificate to cacerts under /$JAVA_HOME/lib/security/. But even this gives unknow certificate with handshake exception.

Is there anything else i want to do which i am missing?

Regards
Dheeraj Joshi

Do your both servers have the same hostname? As far as I know, a certificate must match the host name of the target server. — Artem Shafranov, Sep 28 '12 at 04:48

score 1 · Accepted Answer · answered Sep 28 '12 at 05:54

A certificate for an application server must match the hostname of that server. It could be the problem here since you have two different servers with two different hostnames.

You should enter the valid hostname while in the certificate generating process when you're asked to provide your first and last name:

What is your first and last name?
[Unknown]:  myserver.domain.com

But in that case I'm not really sure what you could do to accomplish your task. Maybe you should have for your servers two different certificates with different corresponding hostnames. But these certificates should be signed by one parent certificate that's trusted by your databases. Something like that.

score 0 · Answer 2 · answered Sep 28 '12 at 10:06

Ok Solution was simple. Create a new store using certificates of two servers

keytool -import -alias <alias> --keystore <newstore> -file server1.crt -storepass changeit
keytool -import -alias <alias> --keystore <newstore> -file server2.crt -storepass changeit

Now newstore can be used for SSL communication.

Regards
Dheeraj Joshi

ssl handshake exception due to keystore file

2 Answers2