Hi folks, I’m updating my question in light of further research.
I've been trying to connect Jaspersoft Studio 6.4 Community Edition to my secure reports server over https. I don't know whether I have missed something very obvious here, but I have been struggling with this for two weeks now and I'm starting to feel pretty stupid. I've read countless articles on the subject of Java SSL/TLS and how to configure it, but this simply refuses to work.
I have enabled the console in Studio and switched on full debugging. From that I can see that the apparent problem is: "(ClientHandshaker.java:348) processMessage(..) : Warning: no suitable certificate found - continuing without client authentication". As you would expect, the server is then refusing the connection and I get a: “javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure”.
First thing, I can connect with a browser without any trouble, so I know the basics are set up correctly. At first I assumed I had a problem with my trust store configuration, but after trying endless combinations I am now convinced this is not the case. I have tried every conceivable permutation of using merged or separate trust store and keystore. I’ve tried JKS and PKCS12. I’ve tried forcing different algorithms and versions of TLS. I have installed the unlimited strength JARs. I am certain the client certificate is being loaded when I test the connection as I can see it listed in the SSL debug output in the console. It matches the certificate request exactly. I have the server root certificate in the trust store, but if it was a server authentication problem then I would be experiencing a different problem / error message.
Secondly, I started testing the connection with other tools. I have tried different Java clients on Windows and a Mac and they generally work. I have tried Keystore Explorer on Windows 7 and 10, and that also works perfectly. I can also connect with CURL without any trouble. Jaspersoft Studio will not connect on the Mac or Windows 7/10.
Am I unclear on how Jaspersoft Studio uses trust store and keystore? They are set in Jaspersoft Studio.ini and are correctly loaded when I try to connect to the server, so I know those config settings are correct. Is there anything else obvious I might be missing? Has anyone successfully connected Studio to the Jasper server over https? Are there any other tools you can recommend I try to debug the certificate selection function?
Any hints or help would be gratefully received, I'm totally stumped at this point and I think my employer's patience is beginning to evaporate!
UPDATE: Hi vchiem, yes I have the server root CA certificate in my trust store. As I mentioned above, I belive I would get a different error if it was a server authentication issue. It just seems that Jaspersoft Studio is not sending the client certificate when requested by the server. I have now written my own ssl client to connect to the Jasper Server over https and it works perfectly. I have configued it to use Studio's cacerts file and can retrieve the login page programmatically. For clarity, I am using Apache for the SSL authentication, and Jasper Server is running in Tomcat on another machine. I don't think this is relevant, however, as I'm not even able to complete the SSL handshake with Apache. This causes no problems for the various other clients I'm testing with, it's just Jaspersoft Studio that is failing to send the requested certificate...
Did you import the server certificate into the Studio's keystore. This is the cacert located under:
C:\Program Files\TIBCO\Jaspersoft Studio Professional-6.3.0.final\features\jre.win32.win32.x86_64.feature_1.8.0.u77\jre\lib\security
(or something similar for 6.4).
There's an old article for v5.5 but I cant see why the steps shouldn't work for version 6.4: