<div dir="ltr"><div><div>Try adding the following Java property setting when launching your java client in order to see SSL Handshake related debug information:<br><br><code>-Djavax.net.debug=ssl:handshake<br><br></code></div><code>Or to see all ssl related debug output:<br></code><br><code>-Djavax.net.debug=ssl<br><br></code></div><code><br></code></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 25, 2016 at 4:24 PM, Nguyen, Kyle <span dir="ltr"><<a href="mailto:kyle.nguyen@philips.com" target="_blank">kyle.nguyen@philips.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal">Hi all,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I was trying to implement client certificate based authentication following
<a href="http://docs.basho.com/riak/kv/2.1.4/using/security/basics/" target="_blank">http://docs.basho.com/riak/kv/<wbr>2.1.4/using/security/basics/</a> but kept getting the following SSL Handshake exception. I believe I have the client keystore, truststore and riak server cert/key
 setup properly. Both client cert and riak server cert are signed with the same CA. Any advice and suggestions will be greatly appreciated!<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG InternalLoggerFactory:71 - Using SLF4J as the default logging framework<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG MultithreadEventLoopGroup:76 - -Dio.netty.eventLoopThreads: 16<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Buffer.address: available<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - sun.misc.Unsafe.theUnsafe: available<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent0:71 - sun.misc.Unsafe.copyMemory: available<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent0:76 - java.nio.Bits.unaligned: true<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Platform: Windows<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:76 - Java version: 8<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noUnsafe: false<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:76 - sun.misc.Unsafe: available<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noJavassist: false<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:71 - Javassist: unavailable<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:71 - You don't have Javassist in your class path or you don't have enough permission to load dynamically generated classes.  Please check the configuration for better performance.<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.tmpdir: C:\apache-tomcat-7.0.54\temp (java.io.tmpdir)<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.bitMode: 64 (sun.arch.data.model)<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG PlatformDependent:76 - -Dio.netty.noPreferDirect: false<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.<wbr>noKeySetOptimization: false<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG NioEventLoop:76 - -Dio.netty.<wbr>selectorAutoRebuildThreshold: 512<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 INFO  RiakJKSConnection:73 - initializeRiak Cluster is OK<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG ThreadLocalRandom:71 - -Dio.netty.<wbr>initialSeedUniquifier: 0xac658e47a52a7794 (took 3 ms)<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.allocator.type: unpooled<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.<wbr>threadLocalDirectBufferSize: 65536<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG ByteBufUtil:76 - -Dio.netty.<wbr>maxThreadLocalCharBufferSize: 16384<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG RiakNode:762 - Using TLSv1.2<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:166 - Handler Added<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG RiakNode:777 - Waiting on SSL Promise<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG AbstractByteBuf:81 - -Dio.netty.buffer.bytebuf.<wbr>checkAccessible: true<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 - -Dio.netty.leakDetection.<wbr>level: simple<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG ResourceLeakDetector:81 - -Dio.netty.leakDetection.<wbr>maxRecords: 4<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG Recycler:76 - -Dio.netty.recycler.<wbr>maxCapacity.default: 262144<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG Cleaner0:76 - java.nio.ByteBuffer.cleaner(): available<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:69 - RiakSecurityDecoder decode<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:93 - Received MSG_RpbStartTls reply<u></u><u></u></p>
<p class="MsoNormal"><span style="color:red">2016-08-25 12:53:24 ERROR RiakSecurityDecoder:230 - SSL Handshake failed:
<u></u><u></u></span></p>
<p class="MsoNormal">java.nio.channels.<wbr>ClosedChannelException<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 ERROR RiakNode:787 - Failure during Auth; <a href="http://127.0.0.1:8087" target="_blank">127.0.0.1:8087</a> java.nio.channels.<wbr>ClosedChannelException<u></u><u></u></p>
<p class="MsoNormal">2016-08-25 12:53:24 DEBUG RiakSecurityDecoder:181 - Channel Inactive<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">RiakNode builder setup:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:10.0pt;font-family:Consolas;color:#7f0055">public</span></b><span style="font-size:10.0pt;font-family:Consolas;color:black">
</span><b><span style="font-size:10.0pt;font-family:Consolas;color:#7f0055">static</span></b><span style="font-size:10.0pt;font-family:Consolas;color:black"> RiakCluster getRiakCluster(String riak</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">UserName</span><span style="font-size:10.0pt;font-family:Consolas;color:black">,
 String user</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">Password</span><span style="font-size:10.0pt;font-family:Consolas;color:black">, String
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">storePath</span><span style="font-size:10.0pt;font-family:Consolas;color:black">, String
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">storePasswd</span><span style="font-size:10.0pt;font-family:Consolas;color:black">, String
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">keyPasswd</span><span style="font-size:10.0pt;font-family:Consolas;color:black">)
</span><b><span style="font-size:10.0pt;font-family:Consolas;color:#7f0055">throws</span></b><span style="font-size:10.0pt;font-family:Consolas;color:black"> UnknownHostException{</span><span style="font-size:10.0pt;font-family:Consolas"><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">       <u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">       KeyStore
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">keyStore</span><span style="font-size:10.0pt;font-family:Consolas;color:black"> =
<i>loadKeystore</i>(</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">storePath</span><span style="font-size:10.0pt;font-family:Consolas;color:black">,</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">storePa<wbr>sswd</span><span style="font-size:10.0pt;font-family:Consolas;color:black">);</span><span style="font-size:10.0pt;font-family:Consolas"><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">       //riak with one node                         
</span><span style="font-size:10.0pt;font-family:Consolas"><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">       RiakNode.Builder
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">builder</span><span style="font-size:10.0pt;font-family:Consolas;color:black"> =
</span><b><span style="font-size:10.0pt;font-family:Consolas;color:#7f0055">new</span></b><span style="font-size:10.0pt;font-family:Consolas;color:black"> RiakNode.Builder().<wbr>withRemoteAddress(</span><span style="font-size:10.0pt;font-family:Consolas;color:#2a00ff">"127.0.0.1"</span><span style="font-size:10.0pt;font-family:Consolas;color:black">)<wbr>.withRemotePort(8087);  
</span><span style="font-size:10.0pt;font-family:Consolas"><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">       </span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">builder</span><span style="font-size:10.0pt;font-family:Consolas;color:black">.withAuth(riak</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">Us<wbr>erName</span><span style="font-size:10.0pt;font-family:Consolas;color:black">,
 user</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">Password</span><span style="font-size:10.0pt;font-family:Consolas;color:black">,
</span><b><i><span style="font-size:10.0pt;font-family:Consolas;color:#0000c0">trustStore</span></i></b><span style="font-size:10.0pt;font-family:Consolas;color:black">,
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">keyStore</span><span style="font-size:10.0pt;font-family:Consolas;color:black">,
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">keyPasswd</span><span style="font-size:10.0pt;font-family:Consolas;color:black">);</span><span style="font-size:10.0pt;font-family:Consolas"><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">      
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">builder</span><span style="font-size:10.0pt;font-family:Consolas;color:black">.withConnectionTimeout(<wbr>30000);    
</span><span style="font-size:10.0pt;font-family:Consolas"><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">       RiakCluster
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">cluster</span><span style="font-size:10.0pt;font-family:Consolas;color:black"> =
<i>cluster = <b>new</b> RiakCluster.Builder(builder.<wbr>build()).build();<u></u><u></u></i></span></p>
<p class="MsoNormal" style="text-autospace:none"><i><span style="font-size:10.0pt;font-family:Consolas;color:black">       cluster.start();</span></i><span style="font-size:10.0pt;font-family:Consolas;color:black">           
</span><span style="font-size:10.0pt;font-family:Consolas"><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">       </span><b><span style="font-size:10.0pt;font-family:Consolas;color:#7f0055">return</span></b><span style="font-size:10.0pt;font-family:Consolas;color:black">
</span><span style="font-size:10.0pt;font-family:Consolas;color:#6a3e3e">cluster</span><span style="font-size:10.0pt;font-family:Consolas;color:black">;        </span><span style="font-size:10.0pt;font-family:Consolas"><u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">      
<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black"> </span><span style="font-size:10.0pt;font-family:Consolas"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas;color:black">    }</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">-Kyle-<u></u><u></u></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1">The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified
 that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.<br>
</font>
</div>

<br>______________________________<wbr>_________________<br>
riak-users mailing list<br>
<a href="mailto:riak-users@lists.basho.com">riak-users@lists.basho.com</a><br>
<a href="http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com" rel="noreferrer" target="_blank">http://lists.basho.com/<wbr>mailman/listinfo/riak-users_<wbr>lists.basho.com</a><br>
<br></blockquote></div><br></div>