Skip to main content
Version: 3.7.6

SSL

  • Untrusted server certificates
  • Handshake problems

Untrusted Server Certificates#

  • Self-signed server certificate
  • Unknown signing authority

The following command shows the complete server certificate chain:

echo | openssl s_client -host <host> -port <port> -showcerts

You can extract the relevant certificate information using:

sed -ne "/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p"

Store the result in a file such as mychain.pem

To trust the server certificate, import the file into the Java Truststore using the following command:

keytool -import -file mychain.pem -keystore mytruststore

note

Application requires a restart after the import

Handshake Problems#

Handshake problems occur if the application does not find a common ground with the server it is connecting to in terms of the security infrastructure, such as the protocol or cipher suites.

To diagnose the problem, run the following command:

openssl s_client -connect <server>:<port>

If the above command successfully establishes a ssl connection, the handshake problem is Java specific, enable Java SSL Debugging for further diagnosis.