Hi,

I would say that we are not passing the certificate in the request, just using it to secure the request. We will try to get the certificate only in the "Add a REST host" from the URL,

i will test again and share my results.

One more question. Can vRO work with a self-sign certificate ? Could it be the reason of "handshake_failure" ?

Thank you!

vRO should be able to work with self-signed certificates.

Hi again,

Apparently we are using certificate for secure the communication and also for authentication in the server.

After re-check the configuration, we are getting the same error: handshake_failure.

Do you know if certificate authentication is supported ?

Do you have any help? vRO does not show more information in the logs to try to troubleshoot the issue.

Thank you very much.

When you address your REST endpoint, are you doing so with the same *name* that's in the certificate? In your first example, you show a log snippet with an IP address. If your cert is not signed with the IP address then it won't accept what you've stored. You need to address all secured endpoints with FQDN or whatever is stored in the certificate.

Hi,

Yes, I'm requesting to the FQDN. Here is an updated complete log:

[2018-03-05 13:37:54.900] [I] Request: DynamicWrapper (Instance) : [RESTRequest]-[class com.vmware.o11n.plugin.rest.Request] -- VALUE : com.vmware.o11n.plugin.rest.Request@4ec361ac

[2018-03-05 13:37:54.977] [I] Request URL: https://gaservice.fit.esb.vodafone.com:10762/UpdateStatusForProductInstantiation

[2018-03-05 13:37:55.121] [E] Workfow execution stack:

***

item: 'Invoke a REST operation/item2', state: 'failed', business state: 'null', exception: 'Cannot execute request: ; Received fatal alert: handshake_failure (Workflow:Invoke a REST operation / REST call (item0)#6)'

workflow: 'Invoke a REST operation' (A18080808080808080808080808080808080808001299080088268176866967b3) 

|  'attribute': name=errorCode type=string value=Cannot execute request: ; Received fatal alert: handshake_failure (Workflow:Invoke a REST operation / REST call (item0)#6)

|  'attribute': name=statusCodeAttribute type=number value=null

|  'input': name=restOperation type=REST:RESTOperation value=dunes://service.dunes.ch/CustomSDKObject?id='98d362d0-c6ce-4009-96a0-3a5841f22602:1af3269a-926f-4c2c-8f1e-28d19149f74b'&dunesName='REST:RESTOperation'

|  'input': name=param_0 type=string value=<>

|  'input': name=param_1 type=string value=<>

|  'input': name=param_2 type=string value=<>

|  'input': name=param_3 type=string value=<>

|  'input': name=param_4 type=string value=<>

|  'input': name=param_5 type=string value=<>

|  'input': name=param_6 type=string value=<>

|  'input': name=param_7 type=string value=<>

|  'input': name=param_8 type=string value=<>

|  'input': name=param_9 type=string value=<>

|  'input': name=param_10 type=string value=<>

|  'input': name=param_11 type=string value=<>

|  'input': name=param_12 type=string value=<>

|  'input': name=param_13 type=string value=<>

|  'input': name=param_14 type=string value=<>

|  'input': name=content type=string value=

|  'input': name=defaultContentType type=string value=application/json

|  'output': name=statusCode type=number value=null

|  'output': name=contentLength type=number value=null

|  'output': name=headers type=Properties value=null

|  'output': name=contentAsString type=string value=null

*** End of execution stack.

Check server.log on vRO to see what else was returned around that failure.

Hi,

I have reviewed the server.log and I don't see the reason of the failure. This is the main traces:

2018-03-05 17:07:52.686+0000 [WorkflowExecutorPool-Thread-79] ERROR {juan.carlos@wahpb.cww-hcs.com:Invoke a REST operation:A18080808080808080808080808080808080808001299080088268176866967b3:token=be99d03a61f66e9a0161f722405b046a} [Request] Cannot execute request.

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)

        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)

        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)

        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)

        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)

        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)

        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)

        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)

        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)

        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)

        at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)

        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)

And attached you can find the complete traces of the failure.

Thanks

This may be a TLS issue. What version(s) are supported by the REST host? Which are blocked?

REST host supports TLS 1.2 and SSLv3. The point is that if we do the request with curl command, the request get the Host.

On the other hand, if I try to select the vRO client authentication certificate when I am adding a new REST Host, in the certificate section of the window of add Host, I get a kind of error in vRO. I mean, the host is added but with a pre-name INVALID, and it is not possible to add a operation to this host. So in my previous tests, I didn't select any client authentication certificate.

Please let me know if you need anything else to find out the issue.

Thank you.