NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: joep on May 28, 2020, 06:14:07 AM

Title: fatal alert: handshake_failure with webservice
Post by: joep on May 28, 2020, 06:14:07 AM

I have a webservice which works perfect insecure.
Lately they asked me to make the webservice Secure.

So I got an signed certificate which I use on a local area network.
I can address the webservice by   "https://swa843t.ka.haagnet.net:443/Xml2Aag"
Secure port : 443
Certificate folder : c:\temp\certificates
Ca Account : swa843t.ka.haagnet.net
Domains : swa843t.ka.haagnet.net

But I keep getting errors:
ERROR:Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
ERROR:An error occurred [Received fatal alert: handshake_failure], see error log for details
INFO:Error getting response for [https://swa843t.ka.haagnet.net:443.Xml2aag:DenHaag_XML2AAG]; javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

I have got the certificate in place:
swa843t.ka.haagnet.net.crt    and
swa843t.ka.haagnet.net.key 

These certificates where created from an exported windows certificate to an pfx file
And the crt and key where created with openssl

Anyone an Idea what could cause this?
Kind regards Joep

Title: Re: fatal alert: handshake_failure with webservice
Post by: Bruce on May 31, 2020, 12:08:46 AM

Hi Joep,

is the web service online, or are you only running it on the LAN?
Can you access the site via a browser (on the LAN if it's on the lan?)

>> Anyone an Idea what could cause this?

look also in debugview as your program (server) starts to see what it tells you there about the certificates.

what are the names of the crt and key files?

cheers
Bruce

Title: Re: fatal alert: handshake_failure with webservice
Post by: Jane on May 31, 2020, 09:12:20 AM

One thing to check...

When you split the key and certificate from the PFX using OpenSSL, the default is for the private key file to be encrypted.  Which will not work with an NT webserver.

You need the extra step of creating a decrypted private key from the encrypted key file. 

This is an example of how to do that:
Openssl rsa –in MyDomainEncrypted.key –out MyDomain.key

Cheers,

Jane

Title: Re: fatal alert: handshake_failure with webservice
Post by: joep on June 02, 2020, 05:40:08 AM

Hi Jane,

You are wonderful.
Your openssl solution with the key certificate works.
My reaction is a bit late, but my client's office was closed yesterday (day off in the Netherlands)
ps thank you too Bruce,but your suggestions wheren't necessary.

Regards Joep

Title: Re: fatal alert: handshake_failure with webservice
Post by: Jane on June 02, 2020, 07:33:21 PM

Glad you got it sorted!