[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] ssl3_get_client_certificate:peer did not return a certificate

No problem.

On Thu 31 May, 2018, 10:13 AM shekhar singhal, <shekhar.2709@xxxxxxxxx> wrote:
This worked. Thnx Hitesh.

On Wed, May 30, 2018 at 5:36 PM, Hitesh Pratyush V <hiteshpratyush@xxxxxxxxx> wrote:
You need to add client.key as well
You can do this by creating crt key pair and adding that to the keystore.
You can create a client.crt and client.key pair by running this commandÂ
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12ÂÂ -ÂÂ CAfile ca.crt

On Wed, May 30, 2018 at 4:51 PM, shekhar singhal <shekhar.2709@xxxxxxxxx> wrote:
I added ca.crt, client.crt, server.crt in KeyStore.jks (Note : we cannot add key files in .jks)

Same result.

On Wed, May 30, 2018 at 4:11 PM, Hitesh Pratyush V <hiteshpratyush@xxxxxxxxx> wrote:
You need to have the CA.crt, client.pem(which contains client.key and client.crt) and also server.crt as it is the server's public certificate. You need to have all these in the keystore. Also you can use portecle to create a keystore as well, it gives you a GUI based keystore creater. It is easier to use than keytool

On Wed 30 May, 2018, 3:51 PM shekhar singhal, <shekhar.2709@xxxxxxxxx> wrote:
I did. I generated a .jks out of client certificate. Certificates I have check and seems to be ok.

keytool -import -trustcacerts -alias client -file /home/client.pem -keystore clientStore.jks

clientStore.jks acts as my keystore.

Am I missing anything?

On Wed, May 30, 2018 at 3:46 PM, Hitesh Pratyush V <hiteshpratyush@xxxxxxxxx> wrote:
The problem is that you haven't included the client.key and client.crt in the keystore or the certificates are wrong. You can check the validity of certificates using the mosquitto_pub and mosquitto_sub client included on mosquitto-clients package.

On Wed 30 May, 2018, 3:37 PM shekhar singhal, <shekhar.2709@xxxxxxxxx> wrote:

Hi,

Please suggest.

Client jar mqttv31.1.0.jar(eclipse.paho)
mosquitto version 1.4.8

When using client auth getting error - ssl3_get_client_certificate:peer did not return a certificate.

Below is my mosquitto.conf file and java client details:

mosquitto.conf

cafile /etc/mosquitto/ca_certificates/ca.pem
keyfile /etc/mosquitto/certs/server.key
certfile /etc/mosquitto/certs/server.pem
require_certificate true
use_identity_as_username true

port 8883


java client

          client = new MqttClient("ssl://localhost:8883", "Session_3");
	connOpt = new MqttConnectOptions();
	connOpt.setCleanSession(true);
	
        Properties sslProperties = new Properties();
	
	sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORE, "/home/KeyStore.jks");
	sslProperties.put(SSLSocketFactoryFactory.TRUSTSTOREPWD, "123456");
           sslProperties.put(SSLSocketFactoryFactory.TRUSTSTORETYPE, "JKS");
           sslProperties.put(SSLSocketFactoryFactory.CLIENTAUTH, true);
    
    sslProperties.put(SSLSocketFactoryFactory.KEYSTORE, "/home/clientStore.jks");
    sslProperties.put(SSLSocketFactoryFactory.KEYSTOREPWD, "123456");
    sslProperties.put(SSLSocketFactoryFactory.KEYSTORETYPE, "JKS");
    
    
    connOpt.setSSLProperties(sslProperties);

	client.connect(connOpt);
	
	client.subscribe("sample_T");
	
	client.setCallback( new MQTTSampleSubscriber() );

Getting error

MQTT Con: Session_3, READ: TLSv1.2 Alert, length = 2
MQTT Con: Session_3, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
MQTT Con: Session_3, called closeSocket()
MQTT Con: Session_3, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
MQTT Con: Session_3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
MQTT Con: Session_3, called close()
MQTT Con: Session_3, called closeInternal(true)

MqttException (0) - javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:664)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1779)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1156)
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1266)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1178)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:93)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:650)
... 1 more


mosquitto log says :

1527668974: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
1527668974: Socket error on client , disconnecting.


_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev


_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev


_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/mosquitto-dev