Handshake error while connecting to server: localhost.localdomain

Hello ,

I have setup my wildfire server and my CM in 2 different server. But when i run my CM, inside the log it display error below.

Need help to assist on the matter

2006.08.14 15:52:25 Handshake error while connecting to server: localhost.localdomain (DNS lookup: localhost.localdomain:5262)

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:994)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:4 59)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:10 54)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1026)

at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:411)

at org.jivesoftware.multiplexer.net.TLSStreamHandler.doHandshake(TLSStreamHandler. java:329)

at org.jivesoftware.multiplexer.net.TLSStreamHandler.start(TLSStreamHandler.java:2 23)

at org.jivesoftware.multiplexer.net.SocketConnection.startTLS(SocketConnection.jav a:169)

at org.jivesoftware.multiplexer.ConnectionWorkerThread.secureConnection(Connection WorkerThread.java:259)

at org.jivesoftware.multiplexer.ConnectionWorkerThread.createConnection(Connection WorkerThread.java:188)

at org.jivesoftware.multiplexer.ConnectionWorkerThread.(ConnectionManager.java:124 )

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessor Impl.java:39)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor AccessorImpl.java:27)

at java.lang.reflect.Constructor.newInstance(Constructor.java:494)

at java.lang.Class.newInstance0(Class.java:350)

at java.lang.Class.newInstance(Class.java:303)

at org.jivesoftware.multiplexer.starter.ServerStarter.start(ServerStarter.java:95)

at org.jivesoftware.multiplexer.starter.ServerStarter.main(ServerStarter.java:49)

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1413)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshake r.java:848)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.j ava:106)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)

at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:437)

at java.security.AccessController.doPrivileged(Native Method)

at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:932)

at org.jivesoftware.multiplexer.net.TLSStreamHandler.doTasks(TLSStreamHandler.java :380)

at org.jivesoftware.multiplexer.net.TLSStreamHandler.doHandshake(TLSStreamHandler. java:290)

… 21 more

Caused by: java.security.cert.CertificateException: root certificate not trusted of

at org.jivesoftware.multiplexer.net.ServerTrustManager.checkServerTrusted(ServerTr ustManager.java:133)

at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContext Impl.java:320)

at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshake r.java:841)

… 28 more

Message was edited by: lurusbendol

Message was edited by: lurusbendol

Message was edited by: lurusbendol

Hey lurus,

By default Wildfire and Connection Managers will try to verify certificates. That means that in order to establish a secure connection from the CMs to the server each CM will verify the certificates presented by the server. The same will happen when remote servers try to connect to Wildfire server.

I see that you are using the self-signed certificate. If you want to keep using them then you will need to disable certificate validation to make it work. In the conf/manager.xml try setting the property xmpp.server.certificate.verify to false. Restart the CM and try again. FYI, I just checked in a fix for JM-789 and JM-796 for Connection Managers. You will find them in the next nightly build.

Regards,

– Gato

Dear Gato,

Tq,

Is there a possibility to get a free cert?

Lurus

Hey Lurus,

Sure. Check out http://www.cacert.org/.

Regards,

– Gato