tRest: SSLException: Received fatal alert: internal_error

Four Stars

tRest: SSLException: Received fatal alert: internal_error

Hello,

I'm trying to use a tRest on a very simple Job.

My URL is:

https://api.status.salesforce.com/v1/incidents/2420

And it works well in my brower.

 

On Talend, I get this error:

 

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLException: Received fatal alert: internal_error

 

I replaced the URL with "https://google.com" and some other, it works well...

It looks like it's only with this specific url (https://api.status.salesforce.com).

 

My version of Talend: 6.4.1

 

Any ideas?

Thanks!

Eleven Stars

Re: tRest: SSLException: Received fatal alert: internal_error

can yo manually access this url?

Francois Denis

Tag as "solved" for others! Kudos to thanks!

Four Stars

Re: tRest: SSLException: Received fatal alert: internal_error

If you mean on a browser (same machine), yes, it works.
Eleven Stars

Re: tRest: SSLException: Received fatal alert: internal_error

did you have any proxy settings.

Francois Denis

Tag as "solved" for others! Kudos to thanks!

Four Stars

Re: tRest: SSLException: Received fatal alert: internal_error

I'm on a company machine, which has a proxy.

If the proxy is activated, nothing works in talend (neither www.google.com, or my initial URL).
If I deactivate it, only google.com works.
Eleven Stars

Re: tRest: SSLException: Received fatal alert: internal_error

ask your network team to open the url on ssl port for your machine and for the tac server.

Francois Denis

Tag as "solved" for others! Kudos to thanks!

Four Stars

Re: tRest: SSLException: Received fatal alert: internal_error

Ok, thank you. I will ask, but not sure they will accept (such requests were already denied before...).
Eleven Stars

Re: tRest: SSLException: Received fatal alert: internal_error

if you have access to this file with your account you may download it onces an use it on talend.
Good luck

Francois Denis

Tag as "solved" for others! Kudos to thanks!

Highlighted
Six Stars fmh
Six Stars

Re: tRest: SSLException: Received fatal alert: internal_error

I had a similar problem within a company network. In my network the admins are routing specific domains with their original SSL certificate, while the SSL connection to other systems is bridged by the firewall and therefore a new self-signed certificate is used for the connection between the firewall and my computer.

 

See if the certificate by the API you're trying to access is replaced by a company-signed certificate - you can click on the lock symbol in your browser and look for the certificate details. If the certificate is replaced, or if the certificate is somehow not trusted, you must enable your Java installation to accept the certificate issued by your company. For doing so, you can ask your administrators to give you the .crt files for the issuing authority ( root-CA-certs / universal CA-certs ). These then need to be included in your Java Keystore (google that to understand what it is doing). For doing so, you must use a command like the following in the /lib/security folder of your JRE / JDK installation - at my machine there was a JDK installed, but i needed to run the command in the JRE folder in the Talend installation (so there was one Java which i installed and an additional Java installed together with Talend, which i needed to patch in order to get things working):

 

sudo keytool -import -storepass changeit -noprompt -alias YOUR-COMPANY-CA1-v01 -file "YOUR-COMPANY-CA1-v01.crt" -keystore cacerts

 

My "symptoms" where the same error message, the problem is that Java has its own SSL integration and therefore you need to add support to additional certificates directly in your Java virtual machine (done via the Keystore component) as the trusted certificates of your system (which are used by your browser and other components) are not used by the Java SSL part.

 

Hope that helps, give Kudos / accept as a solution if you managed to get things working with this Smiley Wink

Four Stars

Re: tRest: SSLException: Received fatal alert: internal_error

Ok, that's interesting...
Here is what I did:
- Activated the proxy: all certificates (google.com, the site of my API), are replaced with one that looks like a company one
- Deactivated the proxy: certificates are different (looks like the original ones)

So, your assumption looks right.

I grabbed 3 of these company certificates (by exporting them with Mozilla Firefox). I couldn't ask my admins, because it's a pain to talk with them. So, I don't know if these certificates are the right ones.

Then, I ran the command you gave me. I did it in the JDK (Talend settings were saying it's the right place to be).
But it looks like I need admin rights (which I don't have), so I'm not sure it fully worked...

So, I still have the same error message. This starts getting tough, because I don't have enough rights on my machine/network...
Six Stars fmh
Six Stars

Re: tRest: SSLException: Received fatal alert: internal_error

some questions:
- you're working with Windows?
- you're maybe having an extra JRE / JDK folder in your Talend installation folder? (i had one and it was nowhere in the preferences really linked, but somehow it used the keystore file from that installation - so be aware of that and look in your install folder if you find a keystore file under an extra java install!)
some first hints:
- you dont need the "sudo" command in front if you are working on windows
- as far as i know, you dont need admin rights to add certificates via keytool to your java keystore. i may be wrong, but this should be application specific. you can also try to add the .crt files to one JDK / JRE installation and then copy just the keystore file over to the other installation.
- there is also a component called tKeystore, which you can use with an extra Keystore file you just create for your extra .crt files outside of your java installation folder, for that option you should be able to do it with just normal user rights, no admin stuff involved here. but for that solution you must change the keytool commands as you will need to create an empty keystore file first and then add it (so you need to use another name for the keystore file and maybe even in another folder)

 

by the way... in my solution i also needed to add three .crt files, so this sounds somehow matching Smiley Happy

hope this helps!

Four Stars

Re: tRest: SSLException: Received fatal alert: internal_error

Thanks again for your great inputs.

- yes I'm on Windows (10)
- I re-looked inside my Talend installation folder, and no trace of a JRE/JDK. I also looked for some .jks, keytool.exe, etc., nothing.

I went for the tKeystore suggestion. I was able to run multiple command without admin rights (-genkey, -import).
So, I have a .jks with the 3 crt inside. I add it in the tKeystore, but it still fails as before.
I even tried to do another .jks with the original certificates from my service (https://api.status.salesforce.com), but it's the same.

So, maybe I'm missing something because it's the first time I deep dive into this, but I start losing hope...

BUT, I made another discovery. I tried a simple tHttpRequest, and it works perfectly.
Is that normal? I mean, if it works with tHttpRequest, maybe the problem is in tRest component?

Meanwhile, I think I will try to work with tHttpRequest...