Announcement

Collapse
No announcement yet.

SSL Handshake Error

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSL Handshake Error

    Windows Server 2012 R2
    Mirth Connect 3.8.1
    Java 1.8.0_241
    OpenSSL - Win32OpenSSL-1_1_1

    Steps thus far:
    OpenSSL:
    Generate Private Key - openssl genrsa –out myprivatekey.key 2048
    Generate the CSR - Openssl req –new –key myprivatekey.key –out my.server.com.csr
    Send CSR to Vendor (CA-certificate authority)
    Receive Signed Certificate from vendor
    Join private key with the signed certificate and certificate authority files
    - Openssl pkcs12 –export –out myexample.pfx–inkey myprivatekey.key–in signedcertificate.crt –certfile vendorcacert.crt
    Using Portecle, I imported myexample.pfx into Mirth keystore.jks C:\Program Files\Mirth Connect\appdata (Import Key Pair)
    Using Portecle, I imported vendorcacert.crt into Java cacerts C:\Program Files\Java\jre1.8.0_241\lib\security (Import Trusted Certificate)
    I restarted the Mirth service
    I am getting this error:
    Wrapped javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

    I tested using SOAPUI and it works OK.

    I am using Javascript to send SOAP (HTTP)

  • #2
    I think keystore.jks is only used by mirth for the admin webserver. You likely need to specify which keystore to use for your connections if you require mutual authentication.

    Comment


    • #3
      Of course, if you have the SSL Manager extension (available as part of the Core Extension Bundle) it will handle mutual auth for you directly in the HTTP Sender or WebService Sender without needing any Javascript.

      Comment


      • #4
        Can you please provide more info on your reply:
        I think keystore.jks is only used by mirth for the admin webserver. You likely need to specify which keystore to use for your connections if you require mutual authentication.

        Comment


        • #5
          Can you share your code that isn't working?

          Comment


          • #6
            I would like to first verify if I have the ssl certificates configured correctly for Mirth to use.

            Comment


            • #7
              That's going to probably depend on how you are creating your connections.

              Comment


              • #8
                The javascript (SOAP/HTTP) is being successfully used for many other connections/sites. The SSL configuration for Mirth needs to be reviewed to see if correct.

                Comment


                • #9
                  Google "how to do mutual ssl authentication with <whatever you are using to create your SOAP requests>"

                  Comment


                  • #10
                    There is no SSL configuration for mirth unless you're paying for the SSL extension that I mentioned in the third comment on this thread.

                    Comment

                    Working...
                    X