Keep getting No X509TrustManager implementation available error when trying to connect to web socket server

jgr208 picture jgr208 · Jul 13, 2016 · Viewed 43.5k times · Source

I have the following code for connecting to a web socket server in my java application using secure websockets.

private boolean openConnection(boolean tried) {
    String sslFile = 
        ConfigMgr.getValue(Constants.SSL_CFG_NAME, "sslfile"); 
    String sslPassword = 
        ConfigMgr.getValue(Constants.SSL_CFG_NAME, "sslpassword"); 
    try {
        System.setProperty("javax.net.ssl.trustStore",
                //sslFile);
        System.setProperty("javax.net.ssl.trustStorePassword", sslPassword);
        System.out.println(System.getProperty("javax.net.ssl.trustStore"));
        System.out.println(System.getProperty("javax.net.ssl.trustStorePassword"));
    } catch (Exception e) {
        if (!tried) {
            logger.error("unable to get certificates", e);
        }
        return false;
    }
    try {
        WebSocketContainer container = ContainerProvider
                .getWebSocketContainer();
        container.connectToServer(this, new URI(websocketServer));
    } catch (Exception e) {
        // only log error trying to connection to web application first
        // time
        if (!tried) {
            logger.error("error while trying to connect daemon to websocket"
                    + " server", e);
        }
        return false;
    }
    return true;
}

I can see from my print statements

 System.setProperty("javax.net.ssl.trustStorePassword", sslPassword);

and

System.out.println(System.getProperty("javax.net.ssl.trustStore"));

That the correct password and certificate (a .cer in this case) with the contents

-----BEGIN CERTIFICATE-----
MIIDmTCCAoGgAwIBAgIEB/pKmDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJV
UzELMAkGA1UECBMCUEExGDAWBgNVBAcTD0ZvcnQgV2FzaGluZ3RvbjEXMBUGA1UE
ChMOTWlrcm9zIFN5c3RlbXMxFzAVBgNVBAsTDk1pa3JvcyBTeXN0ZW1zMRUwEwYD
VQQDEwxKYXNvbiBSaWNsZXMwHhcNMTYwNjIyMTcwOTQ0WhcNMTYwOTIwMTcwOTQ0
WjB9MQswCQYDVQQGEwJVUzELMAkGA1UECBMCUEExGDAWBgNVBAcTD0ZvcnQgV2Fz
aGluZ3RvbjEXMBUGA1UEChMOTWlrcm9zIFN5c3RlbXMxFzAVBgNVBAsTDk1pa3Jv
cyBTeXN0ZW1zMRUwEwYDVQQDEwxKYXNvbiBSaWNsZXMwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCsha/dfnWIibmtySZuE8H+3AOa8/QuARKsFgmZJmWZ
ZErjlzN6liUO1Q9pzYXoka69tiIOw0KDWwGAHCAK8mjNpdcs9XiYq3QMZjNAUhqP
rRU5oDn9jwCwQnpepBhH6uiMaBcvrMsvLTaD4HvwoVyMROEhIWywBYMdHk86gcGr
ALz+iMhE8017CAA2n/35fqwDjxeGxDgY3Ove/fTKoeA+ItKOwsYeFZUeej9omTz+
UcdXJ6fu312At/Sh7YZpgP3LsX+rMfdD9sHn80UTy46UoT5UNW0Me40+S47/oh4H
VeOeR5XpcBPHnqbAJAvPAqD/sF9xbvhESwfoSkMB26drAgMBAAGjITAfMB0GA1Ud
DgQWBBQ7YV0yIawkjCCp0crz52BGwMPHnzANBgkqhkiG9w0BAQsFAAOCAQEAdmwo
8ZXZMxKzyfolVKj2UQBzkeSies133nRns0jFbkzm8N4lNtcWiShfLtlTQAuUZNMl
JK7Eax+weLq7tNMZyBdLWse8E4oe8m3XY/Xe7oQGs2EzdlHVZk7JuDHU63mC33cz
xvoNutE+y1Zonce9WaxACuNNMuxyYTVg6yqz/psjYE2YOajc1MmXjI38FkfmQ1bL
ByeNEvnLT1IcQ0OmaSuk2ESj144y/EtkN9/GKFOTPjSRL3zIStNBytn7WNlFV/ch
qaF/eOJRQMlHDosX40IrkHHIoc/pbTKYmjoreC/+biMKc0gUk+EN/uBrcJrVRFnl
dXTNJe6/sNzvkTc/IA==
-----END CERTIFICATE-----

are being set correctly.

However when I run my code the following error gets printed when container.connectToServer(this, new URI(websocketServer)); is ran

    javax.websocket.DeploymentException: The HTTP request to initiate the WebSocket connection failed
        at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:434) ~[tomcat7-websocket.jar:7.0.68]
        at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:184) ~[tomcat7-websocket.jar:7.0.68]
        at 
cored.web.CoreWebSocket.openConnection(CoreWebSocket.java:278) [cored.jar:3.0.10.160712122615]
        at cored.web.CoreWebSocket.establishConnection(CoreWebSocket.java:1150) [cored.jar:3.0.10.160712122615]
        at 
cored.web.CoreWebSocket.access$100(CoreWebSocket.java:85) [cored.jar:3.0.10.160712122615]
        at 
cored.web.CoreWebSocket$2.execute(CoreWebSocket.java:138) [cored.jar:3.0.10.160712122615]
        at utils.AThread.run(AThread.java:51) 
[utils.jar:3.0.10.160712122615]
    Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WrapperFuture.get(AsyncChannelWrapperSecure.java:511) ~[tomcat7-websocket.jar:7.0.68]
        at org.apache.tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.java:379) ~[tomcat7-websocket.jar:7.0.68]
        ... 6 more
    Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at sun.security.ssl.Handshaker.checkThrown(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.SSLEngineImpl.wrap(Unknown Source) ~[?:1.8.0_92]
        at javax.net.ssl.SSLEngine.wrap(Unknown Source) ~[?:1.8.0_92]
        at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.java:371) ~[tomcat7-websocket.jar:7.0.68]
    Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[?:1.8.0_92]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[?:1.8.0_92]
        at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.java:397) ~[tomcat7-websocket.jar:7.0.68]
    Caused by: java.security.cert.CertificateException: No X509TrustManager implementation available
        at sun.security.ssl.DummyX509TrustManager.checkServerTrusted(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[?:1.8.0_92]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_92]
        at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[?:1.8.0_92]
        at org.apache.tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.java:397) ~[tomcat7-websocket.jar:7.0.68]

I know the .cer file I am using is not corrupt since it is also being used on a tomcat webserver and has no problem.

What may be causing this No X509TrustManager implementation available error?

Answer

pedrofb picture pedrofb · Jul 14, 2016

.cer file is not a valid type for your truststore. You can use the system variable javax.net.ssl.trustStoreType to set the type. By default is set to JKS, you can also use PKCS12 for example.

You have to create a JKS file and include the .cer file. Configure also the password for the trusttore

System.setProperty("javax.net.ssl.trustStore", "path/to/truststore");
System.setProperty("javax.net.ssl.trustStorePassword", truststorepassword); 

To import a .cer file into a JKS use

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"