Hi All,
I know that this subjects sounds familiar and trust me i searched 2 days on this forum before opening a new post.
Here is my issue. My EAI partner is calling my service on webMethods via HTTPS post. I provided him with server and CA certs. He is calling my service via some JAVA script and he gets the following error :
“Unable to establish security context for this session”
Below is an excerpt from his trace log
INVSWEEP 160833 0031 INF: started thread 0x1B08 trace on 03-12-2012 16:08:33 [6.0.6030]
INVSWEEP 160833 0000 INF: gethostbyname(“xxxxx.xxxxx.corp”) returned xx.xx.xx.xx (xxxxxxx.xxxxxx.corp)
INVSWEEP 160833 0016 INF: socket(2, 1, 0) returned 1000
INVSWEEP 160833 0000 WRN: connect(1000, xx.xx.xx.xx:443, 16) returned -1 [10035]
INVSWEEP 160833 0000 INF: select(64, 0x0, 0x12e7c0, 0x12e8e0, 90:0) returned 1
INVSWEEP 160833 0000 INF: send(1000, 0x28b3a0, 128, 0) returned 128
0000 16 03 01 00 7B 01 00 00:77 03 01 4F 5E 73 E1 9A …{…w…O^s…
0010 BD 22 68 0F C7 1B 61 C1:EB 0A 24 34 28 DD B3 AA ."h…a…$4(…
0020 56 E1 CC B6 17 9B 1D FE:F3 50 1B 00 00 18 00 2F V…P…/
0030 00 35 00 05 00 0A C0 13:C0 14 C0 09 C0 0A 00 32 .5…2
0040 00 38 00 13 00 04 01 00:00 36 FF 01 00 01 00 00 .8…6…
0050 00 00 1D 00 1B 00 00 18:65 61 69 74 73 74 70 72 …xxxxxxxx
0060 6F 78 79 2E 63 61 62 65:6C 61 73 2E 63 6F 72 70 xxx.xxxxxxx.corp
0070 00 0A 00 06 00 04 00 17:00 18 00 0B 00 02 01 00 …
INVSWEEP 160833 0000 INF: select(64, 0x12e5bc, 0x0, 0x0, 90:0) returned 1
INVSWEEP 160833 0000 INF: recv(1000, 0x2de0058, 65536, 0) returned 7
0000 15 03 01 00 02 02 0A …
INVSWEEP 160833 0016 INF: send(1000, 0x274f40, 7, 0) returned 7
0000 15 03 01 00 02 01 00 …
INVSWEEP 160833 0015 INF: closesocket(1000) returned 0
INVSWEEP 161028 115051 INF: stopped thread 0x1B08 trace on 03-12-2012 16:10:28
He says that his java scripts internally converts the DNS name to IP address and since my certificates are issued with proxy name, they might be creating problems for the SSL handshake. One thing is clear connection is not an issue. The issue arises during the SSL handshake.
I changed my certificates and gave him new certs having the IP address of my server. But still he cannot call my service.
I heard that he is trying to import the certificates into his browser. Does he have to import it into his JAVA program?
What is the issue here? Can someone help?