[SSL/TLS]: Failed in negotiations: javax.net.ssl.SSLHandshakeException: No available authentication scheme

  • Please make sure that the current keystore ( with a renewed/replaced certificate) contains a private key.
  • RadiantOne installation comes with a java keytool which is a command line utility which can be used for performing read/modify operation of keystore entries and certain properties.
    Keytool file is present in RLI_HOME/jdk/jre/bin
  • Server Public Key:

    • Public Key is is issued in .cer format which is obtained from the CA using the CSR and in the case of CA-signed/Self Signed certificate is issued for the host/server where the keystore resides( Subject Alternative Names or SANs included allow resusing the keystore for the all the hostnames listed as SANs).
    • During the RadiantOne installation, a default self-signed certificate is generated for RadiantOne FID. This self-signed certificate can be replaced with one assigned by a Certificate Authority (CA).
    • If RadiantOne FID is deployed in a cluster, and each node has their own server certificate ( Unless Subject Alternative Names are specified for the nodes of the cluster. The same server cert can be used for all the nodes of the cluster.)
    • Make sure the certificate is created with ServerAuth & ClientAuth extended key usage.
    • DELETING THE PUBLIC KEY ENTRY WILL ALSO DELETE THE PRIVATE KEY. DELETING ENTRIES FROM RLI KEYSTORE IS NOT RECOMMENDED.
  • Server Private Key:

    • Private key matching the public key ( CA-signed/Self Signed certificate ) issued for the host/server will be present in the keystore with the default alias "rli".
    • DELETING THE PUBLIC KEY ENTRY WILL ALSO DELETE A PRIVATE KEY. DELETING ENTRIES FROM RLI KEYSTORE IS NOT RECOMMENDED
  • Also, please make sure that, RLI_HOME/vds_server/jetty/conf, only contains ONE COPY of the keystore, please make sure that all the backups are deleted.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section