[keycloak-user] Resteasy client SSLHandshakeException

Wed Apr 19 12:26:56 EDT 2017

It seems that your application where admin-client is running, needs to 
trust the Keycloak server, so it's able to communicate with it through SSL.

One possibility to do it is to ensure that your SSL certificate is 
signed by some well known Certificate Authority. This is good especially 
in production environments.

Other possibility is to configure your admin-client to trust the 
Keycloak server. The easiest is to use property like 
javax.net.ssl.trustStore system properties (see JVM docs for more 
details). Another possibility is to use custom RestEasyClient or 
SSLContext to your admin client, which will "trust" the Keycloak server.

Marek

On 19/04/17 14:33, Rajkiran K wrote:
> Hi all,
>
> We are trying to get all roles data of realm from keycloak. We are
> getting "SSLHandshakeException", can any one help on this issue
>
> *Keycloak version*: 1.9.8 Final
>
> *resteasy-client version*: resteasy-client-3.0.14.Final
>
> build    19-Apr-2017 02:00:18    2017-04-19 02:00:18 INFO
> KeycloakRestUserDataLoader:228 - Retrieving Roles from Keycloak
> error    19-Apr-2017 02:00:19    javax.ws.rs.ProcessingException:
> java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Remote
> host closed connection during handshake
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:430)
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102)
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64)
> error    19-Apr-2017 02:00:19        at
> com.sun.proxy.$Proxy27.list(Unknown Source)
> error    19-Apr-2017 02:00:19        at
> com.sample.loader.KeycloakRestUserDataLoader.getRealmRoles(KeycloakRestUserDataLoader.java:230)
> error    19-Apr-2017 02:00:19        at
> com.sample.loader.KeycloakRestUserDataLoader.loadUserData(KeycloakRestUserDataLoader.java:199)
> error    19-Apr-2017 02:00:19        at
> com.sample.loader.KeycloakDataManager.main(KeycloakDataManager.java:34)
> error    19-Apr-2017 02:00:19    Caused by: java.lang.RuntimeException:
> javax.net.ssl.SSLHandshakeException: Remote host closed connection
> during handshake
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.executeRequest(URLConnectionEngine.java:174)
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.invoke(URLConnectionEngine.java:47)
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:436)
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:102)
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:64)
> error    19-Apr-2017 02:00:19        at
> com.sun.proxy.$Proxy19.grantToken(Unknown Source)
> error    19-Apr-2017 02:00:19        at
> org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:85)
> error    19-Apr-2017 02:00:19        at
> org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:65)
> error    19-Apr-2017 02:00:19        at
> org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:60)
> error    19-Apr-2017 02:00:19        at
> org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52)
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:413)
> error    19-Apr-2017 02:00:19        ... 6 more
> error    19-Apr-2017 02:00:19    Caused by:
> javax.net.ssl.SSLHandshakeException: Remote host closed connection
> during handshake
> error    19-Apr-2017 02:00:19        at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
> error    19-Apr-2017 02:00:19        at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
> error    19-Apr-2017 02:00:19        at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
> error    19-Apr-2017 02:00:19        at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
> error    19-Apr-2017 02:00:19        at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> error    19-Apr-2017 02:00:19        at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
> error    19-Apr-2017 02:00:19        at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
> error    19-Apr-2017 02:00:19        at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
> error    19-Apr-2017 02:00:19        at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
> error    19-Apr-2017 02:00:19        at
> org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.executeRequest(URLConnectionEngine.java:167)
> error    19-Apr-2017 02:00:19        ... 16 more
> error    19-Apr-2017 02:00:19    Caused by: java.io.EOFException: SSL
> peer shut down incorrectly
> error    19-Apr-2017 02:00:19        at
> sun.security.ssl.InputRecord.read(InputRecord.java:505)
> error    19-Apr-2017 02:00:19        at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
> error    19-Apr-2017 02:00:19        ... 25 more
> build    19-Apr-2017 02:00:19    2017-04-19 02:00:19 ERROR
> KeycloakDataManager:38 - java.lang.RuntimeException:
> javax.net.ssl.SSLHandshakeException: Remote host closed connection
> during handshake
>