Preventing SSL handshaking exceptions

To prevent SSL handshaking exceptions, ensure that the certificate of a server can be found in the trust store of a client. If the certificate is not found in the trust store and the client is a browser, a security alert dialog is displayed. A user can use the dialog to view the certificate and select whether to proceed.

When a Web service is invoked from a Rich UI application, the EGL Rich UI Proxy establishes a HTTP or HTTPS connection between the proxy and Web service. This connection is independent of the connection between the browser and proxy. If the Web service has an HTTPS protocol, the connection between the proxy and Web service uses SSL. Because no browser is available to display a security alert and prompt for a response, the certificate that belongs to the server of the Web service must be in the trust store of the server of the EGL Rich UI Proxy before the connection is initiated. Otherwise a handshaking error occurs.

To obtain a copy of the server's certificate when calling a third-party Web service, enter the URL of the Web service in a browser over HTTPS. The way in which you receive the certificate of the server varies depending on the browser. A common way is through a "View Certificate" button, Details tab, and "Copy to File" button. Save the certificate to a file. Use the Administrative Console to open the trust store of your EGL Rich UI Proxy and import the saved certificate as a signer certificate.

Alternatively, you can connect to the remote SSL host and port and receive the signer certificate during the handshake by using the "Retrieve from port" option.


Feedback