Hello,

I would like to recover some data from HTTPS url.
I build a Flow Service which use “pub.client.http” to connect.
I have also add the client certificate in IS server which i had from the website.
The problem is when i execute my flow service i have this message :

[b]com.wm.app.b2b.server.ServiceException: java.io.IOException: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name[/b]

I built an independant program in Eclipse which do the same things.
I succeeded to connect to my HTTPS url.
I have read somewhere that, we must change a properties on IS server like this :

java -Djsse.enableSNIExtension=false yourClass

But i don’t know where to change this property ? In which files ?

Somebody can help me ?

Thank you in advance.

Hi Maxime,

what is your wM Version?

Which Java-Version are you running?

Additionally provide the List of Fixes appliead to IS (esp. IS_Core and SCG_Entrust).

You might be hitting a server which already suppresses SSLv3 and only allows certain TLS-levels.

Can you provide your Extended Settings like these:

watt.net.jsse.client.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.jsse.server.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.ssl.client.handshake.minVersion=tls
watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.server.handshake.minVersion=tls
watt.net.ssl.server.handshake.maxVersion=tls

Please note that TLSv1.1 and TLSv1.2 will only work with JVM 7 and newer and only when the target server port is configured to use JSSE instead of Entrust. Entrust is the default for most recent webMethods versions.

Regards,
Holger

Hello Holger,
Thanks for your reply.

My wM version (see the 2nd attachment)
My Java version : Java Version 1.8.0_91 (52.0)

My extended settings of wM server :

watt.net.jsse.client.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.jsse.server.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.ssl.client.handshake.minVersion=tls
watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.server.handshake.minVersion=tls
watt.net.ssl.server.handshake.maxVersion=tls
watt.net.ssl.client.cipherSuiteList=default
watt.ssl.iaik.debug=true

My port configuration (see the 1st attachment)

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/0f23a2ee165c7ce6816784503ef8187e4d680b01_2_1035x160.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/0f23a2ee165c7ce6816784503ef8187e4d680b01_2_1380x214.png 2x" data-dominant-color="DFEAEE">

Port.PNG1653×258 41.5 KB

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files/ccfc4903f2eb49be018ac0510eef9c129796e92c.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files/ccfc4903f2eb49be018ac0510eef9c129796e92c.png 2x" data-dominant-color="D7E6EC">

Version.PNG697×178 8.22 KB

Hi Maxime,

SCG_Entrust Fix is only visible in SUM under list of installed Fixes.

Is this an incoming or outgoing connection which is having the issue?

Regards,
Holger

Hi Holger,
Here the list of fixes installed on wM ( see the attachment).

This is for an outgoing connection.
ListFix.txt (2.95 KB)

Maxime,

By any chance in the http service did you set useJSSE to true and trying to attempt the https call?

HTH,
RMG

Hi rmg,
Thanks for your reply.
I set value of UseJSSE at true for pub.client.http
With a basic program in java which run on my computer (no on the server) i have no problem…

Here a sample of my code :

URL url;
String targetURL = TARGET_URL;
System.setProperty("jsse.enableSNIExtension", "false");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");  
url = new URL(targetURL);
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(CERTIFACATE_FILE);
ks.load(fis, CERTIFACATE_PASS.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, CERTIFACATE_PASS.toCharArray());
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), null, null);

HttpsURLConnection con = (HttpsURLConnection) url.openConnection();					

if (con instanceof HttpsURLConnection) {
((HttpsURLConnection)con)
.setSSLSocketFactory(sc.getSocketFactory());
}

/*add Request header*/
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", USER_AGENT);
// Send post request
con.setDoOutput(true);	

DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(URL_PARAMETERS);
wr.flush();
wr.close();

BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();

while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}

Hi,

might it be that the server to which you are trying to connect to is not using JSSE for his HTTPS-Port?

The Java-Property can be added to the profiles/IS/configuration/custom_wrapper.conf to the property JAVA_CUSTOM_OPTS.

Regards,
Holger

I add JAVA_CUSTOM_OPTS in this parts of custom_wrapper.conf (see the 1st attachment), that is correct ?.
Nothing change after a restart of IS
The only i can say is with my java program when i remove this line
System.setProperty(“jsse.enableSNIExtension”, “false”); , i have the same error as on the wM Server :

Exception in thread “main” javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name

My client provide me a certificate in PKCS12 format.

Hi Maxime,

this one is for MWS.

There should be another one for IntegtrationServer.

Regards,
Holger

Hi Holger,
I found the IS directory and i add JAVA_CUSTOM_OPTS but it’s change nothing

Hi Maxime,

under IntegrationServer/bin there should be a setenv.{bat|sh} file.

Can you update this one too?

Regards,
Holger

Holger,
I try to set JAVA_CUSTOM_OPTS in setenv.bat.
But still the same error

https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/7d7224d0259f0d2dcc0eb7f131a6550d5c946f39_2_783x750.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files/7d7224d0259f0d2dcc0eb7f131a6550d5c946f39.png 2x" data-dominant-color="F0F4F5">

setenv.PNG899×860 38.5 KB

Hi Maxime,

please add some double quotes around the value.

Additional question:
Are yoou running the server as application or service?

When running as a service you must update the service definition.
See Adminnistration Guide for details.

Regards,
Holger

Hi Holger
I run server as windows service.
When i want to update the service, i have this message (1st attachment).
I don’t find official documentations on how to restart application service.

Hi Maxime,

please use the startup.bat under IntegrationServer/bin with parameter “-service” for updating the service definition.

Regards,
Holger

Holger, so the command is :

startup.bat -service “servicename” update ?

Hi Maxime,

should be worth a try.

Can you check the IS Administrators Guide for your wM Version?

As wM 9.12 no longer has Win32-Bit Support this might have changed compared to earlier versions.

Regards,
Holger

I check documentation for my wM version 9.10. I don’t find how to update IS service …