Request Assistance::No X509TrustManager implementation available

K V Rao venkateswara.rao at i-exceed.com
Fri Apr 30 10:18:30 UTC 2021 

Dear Sir/Madam,

 

Greetings for the day!

 

We have provided an application which invokes https URL. App server used is
TOMCAT. The team who administers the application installed certificates
under CACERTS. The certificate is available in a .JKS file.

 

Now the application works well for some days. After few days we get the
error "No X509TrustManager implementation available". When JVM is restarted
it again works. 

 

Exception captured by application is following à Error =
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No X509TrustManager implementation
available

 

Exception printed after enabling SSL debug is the following.

 

  Algorithm: [SHA256withRSA]

  Signature:

0000: 77 7C 68 19 57 39 A2 72   97 D3 73 BF 03 88 24 C4  w.h.W9.r..s...$.

0010: 96 B0 52 87 64 D0 A1 4C   C5 B5 6B 9A 41 CA 0B BE  ..R.d..L..k.A...

0020: 43 8A D5 AE 09 6D 54 3A   10 58 1D 40 53 4E A7 CA  C....mT:.X. at SN..

0030: 48 2E 6C FE ED 99 16 96   99 9F AD E8 F8 BE E7 F0  H.l.............

0040: A0 42 ED 62 29 A0 AB A4   26 B3 16 1D BF BE 9B 7A  .B.b)...&......z

0050: EE F2 DB 6A DE C9 9B C5   7F DA 06 CF 9F 64 9D E4  ...j.........d..

0060: 0C 5D 2E 1D 10 F5 F9 7D   05 89 0A B3 F3 72 B9 0B  .]...........r..

0070: 39 15 19 8A 5E 57 6A 1F   5C E7 F9 D7 29 42 15 AA  9...^Wj.\...)B..

0080: CD EA BA F2 71 B7 EB B8   F6 D7 A7 60 34 0C FF FA  ....q......`4...

0090: 5D DD 49 45 B5 23 60 4F   E4 E3 09 A9 EF DF CD 41  ].IE.#`O.......A

00A0: EA B8 75 23 5B 82 D7 B6   3E 17 1F 45 30 6F CE CF  ..u#[...>..E0o..

00B0: 55 E5 6A 65 C9 C1 5C 19   5F B0 98 66 F9 17 71 A9  U.je..\._..f..q.

00C0: 38 92 29 57 19 3F 2B B6   8F 58 8B B5 3E 94 23 E3  8.)W.?+..X..>.#.

00D0: 76 D3 40 8B F7 93 4F 64   2D 8B 62 EF C2 D1 1F B5  v. at ...Od-.b.....

00E0: 02 94 7B 94 D7 2B D6 84   08 5C B0 0E EC 4C 51 E2  .....+...\...LQ.

00F0: AD 09 5A 1F 87 A0 30 E4   BF 28 E8 D7 1F DB 27 3B  ..Z...0..(....';

 

]

***

%% Invalidated:  [Session-14627, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]

Thread-9622, SEND TLSv1.2 ALERT:  fatal, description = certificate_unknown

Thread-9622, WRITE: TLSv1.2 Alert, length = 2

[Raw write]: length = 7

0000: 15 03 03 00 02 02 2E                               .......

Thread-9622, called closeSocket()

Thread-9622, handling exception: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No X509TrustManager implementation
available

 

When JVM is restarted, and users perform transaction, the application
receives success message and debug captured is the following.

 

Algorithm: [SHA256withRSA]

  Signature:

0000: 77 7C 68 19 57 39 A2 72   97 D3 73 BF 03 88 24 C4  w.h.W9.r..s...$.

0010: 96 B0 52 87 64 D0 A1 4C   C5 B5 6B 9A 41 CA 0B BE  ..R.d..L..k.A...

0020: 43 8A D5 AE 09 6D 54 3A   10 58 1D 40 53 4E A7 CA  C....mT:.X. at SN..

0030: 48 2E 6C FE ED 99 16 96   99 9F AD E8 F8 BE E7 F0  H.l.............

0040: A0 42 ED 62 29 A0 AB A4   26 B3 16 1D BF BE 9B 7A  .B.b)...&......z

0050: EE F2 DB 6A DE C9 9B C5   7F DA 06 CF 9F 64 9D E4  ...j.........d..

0060: 0C 5D 2E 1D 10 F5 F9 7D   05 89 0A B3 F3 72 B9 0B  .]...........r..

0070: 39 15 19 8A 5E 57 6A 1F   5C E7 F9 D7 29 42 15 AA  9...^Wj.\...)B..

0080: CD EA BA F2 71 B7 EB B8   F6 D7 A7 60 34 0C FF FA  ....q......`4...

0090: 5D DD 49 45 B5 23 60 4F   E4 E3 09 A9 EF DF CD 41  ].IE.#`O.......A

00A0: EA B8 75 23 5B 82 D7 B6   3E 17 1F 45 30 6F CE CF  ..u#[...>..E0o..

00B0: 55 E5 6A 65 C9 C1 5C 19   5F B0 98 66 F9 17 71 A9  U.je..\._..f..q.

00C0: 38 92 29 57 19 3F 2B B6   8F 58 8B B5 3E 94 23 E3  8.)W.?+..X..>.#.

00D0: 76 D3 40 8B F7 93 4F 64   2D 8B 62 EF C2 D1 1F B5  v. at ...Od-.b.....

00E0: 02 94 7B 94 D7 2B D6 84   08 5C B0 0E EC 4C 51 E2  .....+...\...LQ.

00F0: AD 09 5A 1F 87 A0 30 E4   BF 28 E8 D7 1F DB 27 3B  ..Z...0..(....';

 

]

***

Found trusted certificate:

 

So we are not able to figure out if there is an issue with certificate or
key store or certificate chain. Any guidance/assistance in this regard to
address the issue will be highly appreciated.

 

Please revert in case you need any additional details/information to provide
guidance.

 

Thank you in advance.

 

Regards,
Rao KV


-- 










*Disclaimer*


This e-mail and the attachments thereto contain 
confidential information and are intended only for the individual to whom 
it is addressed. If you are not the intended addressee, then you are hereby 
notified that dissemination, distribution, disclosure, copying or taking 
any action in reliance on the contents, of this email and/or its 
attachments are strictly prohibited and shall entail legal consequences. 
You are requested to notify the sender immediately by return e-mail that 
you have received this e-mail by mistake and delete this e-mail from your 
system.


Any views or opinions presented in this email are solely those of 
the author and do not necessarily represent those of i-exceed. 


E-mail 
transmission cannot be guaranteed to be secure or error-free as information 
could be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept 
liability for any errors or omissions in the contents of this message, 
which arise as a result of the e-mail transmission.


i-exceed technology 
solutions, www.i-exceed.com <http://www.i-exceed.com/> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210430/a5a38d5f/attachment.html>

More information about the openssl-users mailing list