Technical details: WebServiceException - javax.net.ssl.SSLException: Tag mismatch! #276
-
|
I'm trying to set up a SMP-server for the first time, and now I ran into this problem. I've read the other thread about it (#221) but where the other thread was about the wrong certificate, I'm pretty sure this is something about the network configurations. I'm using SMP 7.1.1, Tomcat 10.1.19, maven 3.6.3, java 11.0.22 The certificates seems to be alright: The stack trace[2024-04-23T06:47:40,869] [SMP-SERVER] [INFO ] [http-nio-80-exec-8] Trying to create new SMP 'SMP-PDK000636' with physical address '1.1.1.1' and logical address '***********' -- com.helger.peppol.smlclient.ManageServiceMetadataServiceCaller.create(ManageServiceMetadataServiceCaller.java:185) [2024-04-23T06:47:41,091] [SMP-SERVER] [WARN ] [http-nio-80-exec-8] Technical details -- com.helger.phoss.smp.ui.SMPCommonUI.getTechnicalDetailsUI(SMPCommonUI.java:380) jakarta.xml.ws.WebServiceException: javax.net.ssl.SSLException: Tag mismatch! at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:181) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.transport.http.client.HttpTransportPipe.createResponsePacket(HttpTransportPipe.java:227) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:218) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:131) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:111) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.client.Stub.process(Stub.java:431) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:160) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:132) ~[jaxws-rt-4.0.2.jar:4.0.2] at com.sun.proxy.$Proxy53.create(Unknown Source) ~[?:?] at com.helger.peppol.smlclient.ManageServiceMetadataServiceCaller.create(ManageServiceMetadataServiceCaller.java:193) ~[peppol-sml-client-9.3.0.jar:9.3.0] at com.helger.peppol.smlclient.ManageServiceMetadataServiceCaller.create(ManageServiceMetadataServiceCaller.java:157) ~[peppol-sml-client-9.3.0.jar:9.3.0] at com.helger.phoss.smp.ui.secure.PageSecureSMLRegCreate._registerSMPtoSML(PageSecureSMLRegCreate.java:134) ~[phoss-smp-webapp-7.1.1.jar:7.1.1] at com.helger.phoss.smp.ui.secure.PageSecureSMLRegCreate.fillContent(PageSecureSMLRegCreate.java:209) ~[phoss-smp-webapp-7.1.1.jar:7.1.1] at com.helger.phoss.smp.ui.secure.PageSecureSMLRegCreate.fillContent(PageSecureSMLRegCreate.java:55) ~[phoss-smp-webapp-7.1.1.jar:7.1.1] at com.helger.photon.uicore.page.AbstractWebPage.getContent(AbstractWebPage.java:162) ~[ph-oton-uicore-9.2.1.jar:9.2.1] at com.helger.photon.bootstrap4.uictrls.ext.BootstrapPageRenderer.getPageContent(BootstrapPageRenderer.java:133) ~[ph-oton-bootstrap4-uictrls-9.2.1.jar:9.2.1] at com.helger.photon.bootstrap4.uictrls.ext.BootstrapPageRenderer.getPageContent(BootstrapPageRenderer.java:160) ~[ph-oton-bootstrap4-uictrls-9.2.1.jar:9.2.1] at com.helger.phoss.smp.ui.secure.SMPRendererSecure.getContent(SMPRendererSecure.java:227) ~[phoss-smp-webapp-7.1.1.jar:7.1.1] at com.helger.phoss.smp.ui.SMPLayoutHTMLProvider.fillBody(SMPLayoutHTMLProvider.java:70) [phoss-smp-webapp-7.1.1.jar:7.1.1] at com.helger.photon.core.html.AbstractSWECHTMLProvider.fillHeadAndBody(AbstractSWECHTMLProvider.java:106) [ph-oton-core-9.2.1.jar:9.2.1] at com.helger.photon.core.html.AbstractHTMLProvider.createHTML(AbstractHTMLProvider.java:164) [ph-oton-core-9.2.1.jar:9.2.1] at com.helger.photon.app.html.PhotonHTMLHelper.createHTMLResponse(PhotonHTMLHelper.java:117) [ph-oton-app-9.2.1.jar:9.2.1] at com.helger.photon.core.servlet.AbstractApplicationXServletHandler.handleRequest(AbstractApplicationXServletHandler.java:102) [ph-oton-core-9.2.1.jar:9.2.1] at com.helger.phoss.smp.servlet.SMPApplicationXServletHandler.handleRequest(SMPApplicationXServletHandler.java:81) [phoss-smp-webapp-7.1.1.jar:7.1.1] at com.helger.xservlet.handler.simple.XServletHandlerToSimpleHandler.onRequest(XServletHandlerToSimpleHandler.java:241) [ph-xservlet-10.1.7.jar:10.1.7] at com.helger.xservlet.AbstractXServlet._invokeHandler(AbstractXServlet.java:355) [ph-xservlet-10.1.7.jar:10.1.7] at com.helger.xservlet.AbstractXServlet.service(AbstractXServlet.java:540) [ph-xservlet-10.1.7.jar:10.1.7] at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) [servlet-api.jar:6.0] at com.helger.xservlet.AbstractXServlet.service(AbstractXServlet.java:596) [ph-xservlet-10.1.7.jar:10.1.7] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205) [catalina.jar:10.1.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) [catalina.jar:10.1.19] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) [tomcat-websocket.jar:10.1.19] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) [catalina.jar:10.1.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) [catalina.jar:10.1.19] at com.helger.web.servlets.scope.AbstractScopeAwareFilter.doHttpFilter(AbstractScopeAwareFilter.java:82) [ph-web-10.1.7.jar:10.1.7] at com.helger.servlet.filter.AbstractHttpServletFilter.doFilter(AbstractHttpServletFilter.java:66) [ph-servlet-10.1.7.jar:10.1.7] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) [catalina.jar:10.1.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) [catalina.jar:10.1.19] at com.helger.xservlet.AbstractXFilter.doHttpFilter(AbstractXFilter.java:190) [ph-xservlet-10.1.7.jar:10.1.7] at com.helger.servlet.filter.AbstractHttpServletFilter.doFilter(AbstractHttpServletFilter.java:66) [ph-servlet-10.1.7.jar:10.1.7] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) [catalina.jar:10.1.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) [catalina.jar:10.1.19] at com.helger.servlet.filter.CharacterEncodingFilter.doHttpFilter(CharacterEncodingFilter.java:184) [ph-servlet-10.1.7.jar:10.1.7] at com.helger.servlet.filter.AbstractHttpServletFilter.doFilter(AbstractHttpServletFilter.java:66) [ph-servlet-10.1.7.jar:10.1.7] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) [catalina.jar:10.1.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) [catalina.jar:10.1.19] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) [catalina.jar:10.1.19] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [catalina.jar:10.1.19] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) [catalina.jar:10.1.19] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) [catalina.jar:10.1.19] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [catalina.jar:10.1.19] at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673) [catalina.jar:10.1.19] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [catalina.jar:10.1.19] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [catalina.jar:10.1.19] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391) [tomcat-coyote.jar:10.1.19] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-coyote.jar:10.1.19] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896) [tomcat-coyote.jar:10.1.19] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744) [tomcat-coyote.jar:10.1.19] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) [tomcat-coyote.jar:10.1.19] at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util.jar:10.1.19] at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util.jar:10.1.19] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) [tomcat-util.jar:10.1.19] at java.base/java.lang.Thread.run(Thread.java:829) [?:?] Caused by: javax.net.ssl.SSLException: Tag mismatch! at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[?:?] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:360) ~[?:?] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303) ~[?:?] at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:298) ~[?:?] at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:123) ~[?:?] at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1514) ~[?:?] at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1481) ~[?:?] at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1070) ~[?:?] at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252) ~[?:?] at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:292) ~[?:?] at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:351) ~[?:?] at java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:789) ~[?:?] at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:724) ~[?:?] at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:748) ~[?:?] at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1615) ~[?:?] at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?] at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527) ~[?:?] at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334) ~[?:?] at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:177) ~[jaxws-rt-4.0.2.jar:4.0.2] ... 68 more Caused by: javax.crypto.AEADBadTagException: Tag mismatch! at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623) ~[?:?] at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1122) ~[?:?] at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1059) ~[?:?] at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:945) ~[?:?] at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491) ~[?:?] at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:779) ~[?:?] at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730) ~[?:?] at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2497) ~[?:?] at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1929) ~[?:?] at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:264) ~[?:?] at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:181) ~[?:?] at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) ~[?:?] at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1514) ~[?:?] at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1481) ~[?:?] at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1070) ~[?:?] at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252) ~[?:?] at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:292) ~[?:?] at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:351) ~[?:?] at java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:789) ~[?:?] at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:724) ~[?:?] at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:748) ~[?:?] at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1615) ~[?:?] at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?] at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527) ~[?:?] at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334) ~[?:?] at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:177) ~[jaxws-rt-4.0.2.jar:4.0.2] ... 68 more The application.propertiesglobal.debug = false global.production = true global.debugjaxws = false /## Directory client pdclient.keystore.type = ${smp.keystore.type} pdclient.truststore.type = ${smp.truststore.type} /# SMP client smpclient.truststore.type = ${smp.truststore.type} /# Central directory where the data should be stored. /# Should all files of the application checked for readability? /# Is it a test version? E.g. a separate header is shown /# Use slow, but fancy dynamic table on the start page? /# Participant list is enabled by default /# Don't show content of extensions by default on start page /# The name of the Directory implementation /# Don't show content of extensions by default in service groups /# Should the error details of failed logins be shown? /# Should the /public part show a login /# Should the application name and version be shown on the /public part? /# Should the link to the source be shown on the /public part? /# Should the author be shown on the /public part? /# Configure an imprint on the UI /# Content Security Policy /# The backend to be used. Can either be "sql" or "xml" or "mongodb". Any other value will result in a startup error /## Keystore data /# This default truststore handles the Peppol PKIs (packed into the application via peppol-commons.jar) /# Force all paths (links) to be "/" instead of the context path /# If this property is specified, it will overwrite the automatically generated URL /# Is an SML needed in the current scenario - show warnings if true /## Write to SML? true or false /# The SMP ID also used in the SML! /# SML connection timeout milliseconds /# SML request timeout milliseconds /# Enable Directory integration? /# Use PEPPOL identifiers (with all constraints) or simple, unchecked identifiers? /# Define the type of the REST interface. Use this to switch between PEPPOL and BDXR /# Log exceptions occurring in the REST API that are returned as HTTP errors? /# Add payload to HTTP responses in case of REST API errors? /# The time zone to be used /# http/https Proxy settings /## Required when using the SQL backend /# MySQL example jdbc.url = jdbc:mysql://localhost:3306/smp?useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC&autoReconnect=true jdbc.schema = smp /# PostgreSQL example /## Warn if JDBC execution time is exceeded? (since 5.0.6) #jdbc.debug.connections = false |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi Anders, Please make sure, the following items are aligned:
In case you don't know, https://github.com/phax/phoss-smp/blob/master/docs/Setting%20up%20an%20SMP%20for%20Peppol.pdf contains a step-by-step guideline to setup an SMP. hth, Philip |
Beta Was this translation helpful? Give feedback.
-
|
Hi Philip, Thank you very much. It works now. Somehow I totally missed out the lines: I have used the guide, and I think it's a very well written :-) /Anders |
Beta Was this translation helpful? Give feedback.
Hi Anders,
Thanks for providing the data in such a structured format.
Your screenshot shows an image with the "Peppol Production Certificate" whereas your configuration file shows you are using the "Pilot trust store" (
truststore/2018/smp-pilot-truststore.jks).Please make sure, the following items are aligned:
In case you don't know, https://github.com/phax/phoss-smp/blob/master/docs/Setting%20up%20an%20SMP%20for%20Peppol.pdf contains a step-by-step guideline to setup an SMP.