Monitor Error: client certificate authentification required

Hi all, 

 

I have an url monitor that worked fine for years since last November when the aplication moved from SSL to TLS.

Obviously, I received immediately the error: 

SSLHandshakeException: Remote host closed connection during handshake

 

So I activated "Use WinInet" in the monitor Settings but since then I receve another error:

Status Summary: requires client certificate authentification

 

Do you have a suggestion maybe?

 

This is the url we monitor:

https://www.sv.justiz.gv.at/edikte/ex/exobj3.nsf/welcoma!OpenForm

 

These are the monitor settings:

 

Thanks for any help you can give!

 

Tags:

Parents
  • Hi Twinge,

    Good day, hope you are doing fine,

     

    Could you confirm your Sitescope version?

    Have you tried to restart the Sitescope & application Server yet?

     

    Thanks & Regards

  • Hi and thanks for your quick reply. 

     

    Yes I stopped and restarted it once, cannot remember with which monitors settings. Should I leave this settings and try angain?

     

    This is our Sitescope version, sorry I forgot to write: 

     

    HP SiteScope 11.12 64-bit JVM, Build SS1112120322

     

     

    Thanks and kind regards!

  • Hi Twinge,

     

    Could you please attach RunMonitor.log & error.log.

     

    Thanks & Regards

  • All error logs say nothing about this monitor, only if I deactivate winInet and save appears this (as you can see I have made it few minutes ago:

     

    2015-01-14 11:19:06,928 [04_Liegenschaftsversteigungen(VerfahrensautomationJustizBJUVJ/26) ] (ApacheHttpUtils.java:473) ERROR - problem while sending data to URL: www.sv.justiz.gv.at/.../welcoma!OpenForm error:  URL: www.sv.justiz.gv.at/.../welcoma!OpenForm, host: www.sv.justiz.gv.at, port: 80, UsingProxy: false, isHTTPS(SSL): true, javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake, currentRetry: 0

     

    The RunMonitor Log is attached, it does not say anything about this monitor, but I found this in the RulMonitor.log.1, that is related to this monitor (Attacehd also this log):

    2014-09-12 17:21:08,332 [04_Liegenschaftsversteigungen(VerfahrensautomationJustizBJUVJ/26) ] (URLMonitorWorker.java:913) ERROR - url error, www.sv.justiz.gv.at/.../welcoma!OpenForm, class java.lang.NullPointerException, , details: java.lang.NullPointerException
    	at com.mercury.sitescope.util.http.apache.UntrustedCertSSLSocketFactory.getDaysUntilCertExpires(UntrustedCertSSLSocketFactory.java:218)
    	at com.mercury.sitescope.util.http.apache.CommonMethodImpl.getDaysUntilCertExpires(CommonMethodImpl.java:348)
    	at com.mercury.sitescope.util.http.apache.ApacheGetMethod.getDaysUntilCertExpires(ApacheGetMethod.java:157)
    	at com.mercury.sitescope.util.http.apache.ApacheHttpMethod.getDaysUntilCertExpires(ApacheHttpMethod.java:866)
    	at com.mercury.sitescope.entities.monitors.shared.http.url.URLMonitorWorker.checkURLRetrieveDoneHere(URLMonitorWorker.java:818)
    	at com.mercury.sitescope.entities.monitors.shared.http.url.URLMonitorWorker.checkURL(URLMonitorWorker.java:2739)
    	at com.mercury.sitescope.monitors.facades.URLMonitor.checkUrl(URLMonitor.java:1168)
    	at com.mercury.sitescope.monitors.facades.URLMonitor.getResults_URLAndImagesAndFrames(URLMonitor.java:810)
    	at com.mercury.sitescope.monitors.facades.URLMonitor.update(URLMonitor.java:693)
    	at com.mercury.sitescope.entities.monitors.AtomicMonitor.monitorUpdate(AtomicMonitor.java:1457)
    	at com.mercury.sitescope.entities.monitors.AtomicMonitor.run(AtomicMonitor.java:1651)
    	at com.mercury.sitescope.infra.threads.ThreadPool$SingleThread.runTask(ThreadPool.java:462)
    	at com.mercury.sitescope.infra.threads.ThreadPool$SingleThread.run(ThreadPool.java:488)

     

    Thanks and kind regards!

     

  • Hi,

     

    Instead of "accept untrusted certs" try importing all certs into SiS first, use the host name and port 443 in cert preferences and click load >> import.

  • Hi,

     

    Instead of "accept untrusted certs" try importing all certs into SiS first, use the host name and port 443 in cert preferences and click load >> import.

  • Hi,

     

    Instead of "accept untrusted certs" try importing all certs into SiS first, use the host name and port 443 in cert preferences and click load >> import.

  • Hi Kenneth and thanks for your reply. 

     

    I never had a certificate for this monitor before. It starts asking me a client certificate since the application moved to TSL and I selected winInet option. I can manually log in with a standard user and pw challenge (you see in the screenshot above that these are also the monitor settings), without using any certificate. But using Sitescope i get always this message "requires client certificate authentification"

    Anyway I imported the certificate that I can download from the browser in any possibile way:

    1) as you suggested in your message;

    2) as file to upload in the storage;

    3) manually (as described in the manual "Using Sis" page 947).

     

    To activate or deactivate "accept untrusted certs" does not make any change here. Truly, any change in the settings does not make any difference at the moment. Testing the monitor produces always the same message: "requires client certificate authentification".

     

    Thanks for any help you could give and kind regards!

  • TSL and WinInet can be tricky, as it gets affected by Internet Options on SiS server. In SiS 11.23 and 11.24 there's option to switch from TSL to SSL without using winInet, do you have any other SiS instance to test? Other workarounds: script monitor with cURL or WebScript monitor.

  • TSL and WinInet can be tricky, as it gets affected by Internet Options on SiS server. In SiS 11.23 and 11.24 there's option to switch from TSL to SSL without using winInet, do you have any other SiS instance to test? Other workarounds: script monitor with cURL or WebScript monitor.

  • TSL and WinInet can be tricky, as it gets affected by Internet Options on SiS server. In SiS 11.23 and 11.24 there's option to switch from TSL to SSL without using winInet, do you have any other SiS instance to test? Other workarounds: script monitor with cURL or WebScript monitor.

  • Thanks again for your reply. I have other monitors for this application that work fine. But they do not require UserID and PW for access. 

    For this link there is a log-in challenge, I can log manually but sitescope can't (it worked with SSL).

    https://www.sv.justiz.gv.at/edikte/ex/exobj3.nsf/welcoma!OpenForm

     

    Honestly I do not understand why it always ask for a client certificate.

     

    I will give a look to the script monitor with cURL or WebScript monitor, I never used them until now. 

     

    Thanks and kind regards!

Reply Children
No Data