views:

345

answers:

2

Hi I'm running an application (web service) in tomcat with TLS enabled (with certificates both for the client and the server).

I want that my application will be able to send audit message (logging) when TLS handshake fails. for example I want to log when:

  • the client certificate is expired,
  • the client certificate is unknown (not in the server trust store)
  • any other handshake failure

is there any event I can catch and handle in order to do that ?

please advice -- Yonatan

A: 

Since I spent the past week debugging Tomcat's SSL configuration, I am pretty sure catching javax.net.ssl.SSLHandshakeException in your code and logging it should take care of all three of those errors.

When you instantiate a new webservice connection in your application, that is when the exception will occur.

my application is web service based and is running in tomcat.Tomcat is handling all the TLS issues, and the application is not aware of that. where should I catch this Exception ?
Yonatan Maman
my application is the 'server side' (using axis2) it does not initiate anything explicitly
Yonatan Maman
Josh, I think you may be talking about catching the exception on the client side? Yanatan is asking about the server side.
Kevin Panko
A: 

my application is web service based and is running in tomcat. Tomcat is handling all network and the TLS layers, and the application does not aware of that.

As I don't open any socket myself, where should I catch this Exception ? – Yonatan

Yonatan Maman