New Participant

Solved

Facebook integration with AEM app - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: KeyUsage does not allow key encipherment

Forum|Forum|10 years ago
October 16, 2015
5 replies
2472 views

Hi Folks,

Thanks in anticipation.

I am trying to establish a SSL connection (https://graph.facebook.com) from AEM JVM (jdk1.7) but it throws an following exception.

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: KeyUsage does not allow key encipherment
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
   at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)

Caused by: sun.security.validator.ValidatorException: KeyUsage does not allow key encipherment
   at sun.security.validator.EndEntityChecker.checkTLSServer(EndEntityChecker.java:264)
   at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)

Please note that I have downloaded the certificates (Root, intermediate certificates) and added to AEM JRE using "keytool" command but still I am getting above exception.

In Root and intermediate certificates we have "key usage" array contains following fields.

Digital signature, Certificate signing, Off-line CRL signing, CRL signing(86)

Please check and advise, your assistance is much appreciated.

Thanks & Regards,

Vinayak S

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by joerghoh

Hi,

There might be a problem with your JRE and SSL/TLS; with the security breaches around SSLv3 ("poodle"), a lot of websites have changed their encryption standards, and at least in java6 there were quite a few changes with the last versions regarding that; probably the same with java7. I would recommend to update your JRE/JDK first and then try again.

kind regards,
Jörg

smacdonald2008

New Participant

Have you followed all instructions listed here:

http://docs.adobe.com/docs/en/aem/6-0/administer/social-communities/social-connect.html#Create a Facebook Application

If you are following all of the specified instructions and are still getting an error - please file a ticket at the suport page:

http://helpx.adobe.com/marketing-cloud/contact-support.html

joerghohAccepted solution

Employee

Hi,

There might be a problem with your JRE and SSL/TLS; with the security breaches around SSLv3 ("poodle"), a lot of websites have changed their encryption standards, and at least in java6 there were quite a few changes with the last versions regarding that; probably the same with java7. I would recommend to update your JRE/JDK first and then try again.

kind regards,
Jörg

vennouem_vennou

New Participant

thanks for instructions

VINAYAKSAuthor

New Participant

Hi Smacdonald2008,

Good day !!

I have followed all instructions properly, its working fine in open network.

Currently I am working on South African network and not able to pull profile details with this but I am able to pull profile details with Indian network. So I thought it might be proxy issue, so I have set up the proxy in AEM 6.0 JVM and tried then I was getting following error.

"SSL handshake exception: unable to find valid certificate" - This is solved by adding certificates into JRE by using keytool.

After that I am getting new exception, please check and advise.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: KeyUsage does not allow key encipherment

Hi Jorg,

Currently I am using JDK 1.7 and JRE 7 version, please suggest me which version of JRE do I need to use.

Thanks & Regards,

Vinayak S

joerghoh

Employee

Hi,

I would recommend to the latest version of Oracle JDK (don't know which version is currently the latest one).

Regarding the exception I cannot help you :-( It also isn't specific to AEM. Looks like you might have some issues with keys and/or certificates.

kind regards,
Jörg

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded