Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
818
Views
0
Helpful
3
Replies

MSE Context Aware Notifications:Failed to send event to the destination. Error in connectivity and/or destination parameters.

SLMTechnology
Level 1
Level 1

‎09-30-2014 08:34 AM - edited ‎07-05-2021 01:36 AM

Getting error when Context Aware Notifications are being sent from our Cisco MSE to our cloud Service. It looks to be a ssl error from the logs. The cert is valid from what I can tell, tested it at https://www.sslshopper.com/ssl-checker.html and it says:

   

The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).

 

The certificate was issued by GoDaddy. 

Write review of GoDaddy

 

The certificate will expire in 127 days. 

Remind me

 

The hostname is correctly listed in the certificate.

 

Here is an error message that download from the Cisco MSE Logs (cfx.log):

 

 

javax.net.ssl.SSLException: java.lang.RuntimeException: Failed to throw Invalid Parameter Spec exception due to invalid parameter type.

  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1617)

  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:105)

  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

  at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)

  at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:146)

  at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)

  at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)

  at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)

  at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)

  at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)

  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

  at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)

  at com.aes.common.net.HttpsTransportProvider.sendMessage(HttpsTransportProvider.java:168)

  at com.aes.location.intf.track.AesEventGen.fireEventNow(AesEventGen.java:705)

  at com.aes.location.intf.track.DestinationHandler$EventProcessor.send(DestinationHandler.java:843)

  at com.aes.location.intf.track.DestinationHandler$EventProcessor.retrySend(DestinationHandler.java:827)

  at com.aes.location.intf.track.DestinationHandler$EventProcessor.watchDest(DestinationHandler.java:774)

  at com.aes.location.intf.track.DestinationHandler$EventProcessor.run(DestinationHandler.java:688)

  at java.lang.Thread.run(Thread.java:662)

Caused by: java.lang.RuntimeException: Failed to throw Invalid Parameter Spec exception due to invalid parameter type.

  at com.cisco.ciscossl.provider.ciscojce.trust.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:370)

  at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627)

  at com.sun.net.ssl.internal.ssl.ECDHCrypt.<init>(ECDHCrypt.java:58)

  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:568)

  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:198)

  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)

  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)

  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)

  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)

  ... 18 more

Labels:
0 Helpful
3 Replies 3

SLMTechnology
Level 1
Level 1

‎09-30-2014 09:24 AM

More Info:

 

 

INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEFirewall - allowing EC because CISCOJ_PERMIT_UNIMPLEMENTED_KEYFACTORY_EC set

INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEFirewall - allowing EC because CISCOJ_PERMIT_UNIMPLEMENTED_KEYFACTORY_EC set

INFO com.cisco.ciscossl.provider.ciscojce.trust.ECKeyFactory - CiscoJCE creating EC public key based on ECPublicKeySpec

INFO com.cisco.ciscossl.provider.ciscojce.trust.ECKeyFactory - CiscoJCE Find curve name: checking prime curves.

INFO com.cisco.ciscossl.provider.ciscojce.trust.ECKeyFactory - CiscoJCE Find curve name: checking sec curves.

INFO com.cisco.ciscossl.provider.ciscojce.trust.FECPublicKeySpec - CiscoJCE assigning EC public key with curve secp384r1

INFO com.cisco.ciscossl.provider.ciscojce.trust.ECKeyPairGenerator - Separate source of randomness not supported.

ERROR com.cisco.ciscossl.provider.ciscojce.trust.ECKeyPairGenerator - Invalid parameter type.  Only ECGenParameterSpec supported

ERROR com.cisco.ciscossl.provider.ciscojce.trust.ECKeyPairGenerator - Failed to throw Invalid Parameter Spec exception due to invalid parameter type.

0 Helpful

Ravi Singh
Level 7
Level 7

‎09-30-2014 11:46 AM

Cause

The JVM cannot find the javax.net.ssl.trustStore required for SSL, or it does not contain the required certificates.

For standard installations, we do not recommend this JVM argument is used, and rather your certificates are added to the JVM's default keystore, which is typically located in $JAVA_HOME/jre/lib/security/cacerts or the keystore used by your Tomcat, as in our Running JIRA over SSL or HTTPS documentation.

Resolution

Follow our Connecting to SSL services documentation. This will guide you through obtaining the certificate of the service you're accessing and importing it into the recommended Java keystore.

(warning) If you're using a non-standard keystore, such as the one specified in Tomcat, please import the certificate into that keystore.

 

 

for more detail please see the below link

https://confluence.atlassian.com/display/JIRAKB/Unable+to+Access+SSL+Services+due+to+java.security.InvalidAlgorithmParameterException

0 Helpful

SLMTechnology
Level 1
Level 1
In response to Ravi Singh

‎10-14-2014 01:12 PM

 

Ok following this is what I have found, $JAVA_HOME is set from the shell script that is starting the process that is writing the log file that I found the error in. The JRE that it is using has a cacerts in the path $JAVA_HOME/lib/security/. What this tells me that it should be working.

There error you are referencing somes different than the error I am seeing.

After following the cmd from the link :

 

openssl s_client -connect google.com:443 < /dev/null sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

<JAVA_HOME>/keytool -import -alias <server_name> -keystore <JAVA_HOME>/lib/security/cacerts -file public.crt

 

 

I get the following error message:

[root@localhost bin]# keytool -import -alias "service" -keystore ../lib/security/cacerts -file public.crt

Exception in thread "main" java.lang.UnsatisfiedLinkError: /opt/mse/framework/jre/lib/ext/libCiscoJCEJNI.so: libCiscoJSafeC_mem.so: cannot open shared object file: No such file or directory
        at java.lang.ClassLoader$NativeLibrary.load(Native Method)
        at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1807)
        at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1716)
        at java.lang.Runtime.loadLibrary0(Runtime.java:823)
        at java.lang.System.loadLibrary(System.java:1028)
        at com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider.loadGlue(CiscoJCEProvider.java:166)
        at com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider.<clinit>(CiscoJCEProvider.java:126)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:357)
        at java.lang.Class.newInstance(Class.java:310)
        at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:240)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:225)
        at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:205)
        at sun.security.jca.ProviderList.getProvider(ProviderList.java:215)
        at sun.security.jca.ProviderList.getService(ProviderList.java:313)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:140)
        at java.security.Security.getImpl(Security.java:659)
        at java.security.KeyStore.getInstance(KeyStore.java:584)
        at sun.security.tools.KeyTool.doCommands(KeyTool.java:594)
        at sun.security.tools.KeyTool.run(KeyTool.java:172)
        at sun.security.tools.KeyTool.main(KeyTool.java:166)

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card