Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] ssl3_get_client_certificate:peer did not return a certificate

I did. I generated a .jks out of client certificate. Certificates I have check and seems to be ok.

keytool -import -trustcacerts -alias client -file /home/client.pem -keystore clientStore.jks

clientStore.jks acts as my keystore.

Am I missing anything?

On Wed, May 30, 2018 at 3:46 PM, Hitesh Pratyush V <hiteshpratyush@xxxxxxxxx> wrote:
The problem is that you haven't included the client.key and client.crt in the keystore or the certificates are wrong. You can check the validity of certificates using the mosquitto_pub and mosquitto_sub client included on mosquitto-clients package.

On Wed 30 May, 2018, 3:37 PM shekhar singhal, <shekhar.2709@xxxxxxxxx> wrote:

Hi,

Please suggest.

Client jar mqttv31.1.0.jar(eclipse.paho)
mosquitto version 1.4.8

When using client auth getting error - ssl3_get_client_certificate:peer did not return a certificate.

Below is my mosquitto.conf file and java client details:

mosquitto.conf

cafile /etc/mosquitto/ca_certificates/ca.pem
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.pem
require_certificate true
use_identity_as_username true

port 8883


java client

          client = new MqttClient("ssl://localhost:8883", "Session_3");
	connOpt = new MqttConnectOptions();
	connOpt.setCleanSession(true);
	
        Properties sslProperties = new Properties();
	
	sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORE, "/home/KeyStore.jks");
	sslProperties.put(SSLSocketFactoryFactory.TRUSTSTOREPWD, "123456");
           sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORETYPE, "JKS");
           sslProperties.put(SSLSocketFactoryFactory.CLIENTAUTH, true);
    
    sslProperties.put(SSLSocketFactoryFactory.KEYSTORE, "/home/clientStore.jks");
    sslProperties.put(SSLSocketFactoryFactory.KEYSTOREPWD, "123456");
    sslProperties.put(SSLSocketFactoryFactory.KEYSTORETYPE, "JKS");
    
    
    connOpt.setSSLProperties(sslProperties);

	client.connect(connOpt);
	
	client.subscribe("sample_T");
	
	client.setCallback( new MQTTSampleSubscriber() );

Getting error

MQTT Con: Session_3, READ: TLSv1.2 Alert, length = 2
MQTT Con: Session_3, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
MQTT Con: Session_3, called closeSocket()
MQTT Con: Session_3, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
MQTT Con: Session_3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
MQTT Con: Session_3, called close()
MQTT Con: Session_3, called closeInternal(true)

MqttException (0) - javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:664)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1779)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1156)
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1266)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1178)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:93)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:650)
... 1 more


mosquitto log says :

1527668974: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
1527668974: Socket error on client , disconnecting.


_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev


Back to the top