ERROR SSL_COMPLIANCE - SSLComplianceTest.getSSLKeyAppender() : Exception occurred while fetching cache key with SSL details for Keystore

Not applicable

We are getting below exception even after adding HTTPTargetConnection to disable client ssl authentication like below


 <HTTPTargetConnection>
        <SSLInfo>
            <Ciphers/>
            <ClientAuthEnabled>false</ClientAuthEnabled>
            <Enabled>true</Enabled>
            <KeyStore/>
            <KeyAlias/>
            <TrustStore/>
            <IgnoreValidationErrors>true</IgnoreValidationErrors>
        </SSLInfo>
....
....
</HTTPTargetConnection>


1) ERROR SSL_COMPLIANCE - SSLComplianceTest.getSSLKeyAppender() : Exception occurred while fetching cache key with SSL details for Keystore : , Alias : Truststore :

2)ERROR SSL_COMPLIANCE - SSLComplianceTest$Context.handshakeFailed() : STATIC-TARGET[/organizations/xxxx], SSLDetails[enabled:true, clientAuthEnabled:false, keyStore:, keyAlias:, trustStore:, crlStorenull, commonName:null, useWildCardMatch: false,ciphers: [], protocols: [], ignoreValidations: true] General SSLEngine problem Caused by: General SSLEngine problem Caused by: No subject alternative names present

Any suggestions will be appreciated.

Solved Solved
1 2 520
1 ACCEPTED SOLUTION

Maybe it is because you are including unused, empty elements in the configuration? Can you try a simpler configuration:

<SSLInfo>
    <Enabled>true</Enabled>
    <CommonName>foo.example.com</CommonName>
</SSLInfo>

If you want to not use the default truststore, then

<SSLInfo>
    <Enabled>true</Enabled>
    <TrustStore>mytruststore</TrustStore>
    <CommonName>foo.example.com</CommonName>
</SSLInfo>

View solution in original post

2 REPLIES 2

Maybe it is because you are including unused, empty elements in the configuration? Can you try a simpler configuration:

<SSLInfo>
    <Enabled>true</Enabled>
    <CommonName>foo.example.com</CommonName>
</SSLInfo>

If you want to not use the default truststore, then

<SSLInfo>
    <Enabled>true</Enabled>
    <TrustStore>mytruststore</TrustStore>
    <CommonName>foo.example.com</CommonName>
</SSLInfo>

Not applicable

for only simple https

<SSLInfo>
	<Enabled>true</Enabled>
</SSLInfo>

for mtls

<SSLInfo>
	<ClientAuthEnabled>true</ClientAut<KeyStore>hEnabled>
	<Enabled>true</Enabled>
	<KeyStore>ref://keystore_ref</KeyStore>
	<KeyAlias>keyalias_name<KeyAlias>
	<TrustStore>ref://truststore_ref</TrustStore>
	<IgnoreValidationErrors>true</IgnoreValidationErrors>
</SSLInfo>

you can do target server configuration, that makes easy and decoupled proxy code and target configuration.