SSL handshake fails when requesting OAuth token from LinkedIn

8 posts / 0 new
Last post
Li Yu's picture
Joined: 2012-06-05
Jul 11, 2012
SSL handshake fails when requesting OAuth token from LinkedIn

Hi I'm working on a web app that access LinkedIn user's info through the REST API. The app is written in Java/Servlet.
It works well on local Tomcat server, but failed when deployed in the WebLogic server.
When the app connect to LinkedIn to get OAuth requestToken, an exception will be thrown:

org.scribe.exceptions.OAuthException: Problems while creating connection.
at org.scribe.model.Request.send(Request.java:70)
at org.scribe.model.OAuthRequest.send(OAuthRequest.java:12)
at org.scribe.oauth.OAuth10aServiceImpl.getRequestToken(OAuth10aServiceImpl.java:47)
......
Caused by: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from api.linkedin.com - 216.52.242.83 was not trusted causing SSL handshake failure.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
......

I have tried to export a cer file from LinkedIn webpage, and import it into JVM's keystore in WebLogic. But nothing changed. Maybe I got the certificate of LinkedIn in a wrong way, or maybe this kind problem is not solved in such way. Please help me on this issue, thank you!

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 11, 2012

Hi Li,

Sounds like a problem specific with WebLogic and consuming web services. Here's an article written about resolving the cert issue, hopefully it helps you out. Let me know if it does.

http://vbandaru.wordpress.com/2010/11/15/ssl-handshake-failure-in-weblogic-server

Thanks,
Kamyar

Li Yu's picture
Joined: 2012-06-05
Jul 11, 2012

Hi Kamyar, thanks for your post. I do follow this instruction. One thing I'm not sure is this step:
"Access the https URL from web browser and EXPORT the certificate to a location with .cer extension"
Cause api.linkedin.com - 216.52.242.83 is not accessible from browser so I used the certificate from the page at https://www.linkedin.com. But it seems not help.
That's why I'm wondering if I got the right certificate for SSL connection to api.linkedin.com.

Thanks.
Li

Li Yu's picture
Joined: 2012-06-05
Jul 12, 2012

Hi I got this problem solved. To help others that might also have this problem, I paste my solution below:

1. Get the certificate chain from LinkedIn (or other server)
CMD: openssl s_client -showcerts -connect api.linkedin.com:443 >/tmp/linkedin.cert </dev/null

2. Edit it into a formatted cert file
CMD: vim /tmp/$SERVERNAME.cert
delete extra lines, keep only lines between ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- (include these head/bottom lines as well). There should be three BEGIN END block.

3. Import the certificate chain file into keystore. (change the path of keytool to yours)
/opt/bea2/jrockit_28_41/bin/keytool -import -alias linkedin -keystore $STORENAME -storepass $STOREPASS -file /tmp/linkedin.cert

4. Restart the WebLogic server.

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 12, 2012

Great to hear Li, glad you got it solved! And thanks for posting your solution for everyone :)

- Kamyar

Joined: 2012-10-14
Oct 14, 2012

Hi Yu, your solution is clear but I still can't work out the problem. I develop with weblogic on windows and like to obtain the certificat from https://www.creditagricolestore.fr/castore-oauth/resources/1/oauth/get_request_token. I don't know how to get this server certificat and I got a Acces denied while executing the first step on windows via cmd.
I'm new at certificat operations and thanks for your help.

Joined: 2012-10-14
Oct 15, 2012

Don't border I'v resolved the problem. Thanks.

Ming Gao's picture
Joined: 2012-11-01
Jan 10, 2013

This is a quite basic thing, maybe, but could anyone advise on from a windows server? Or any easy way to get the Linkeind certificate?