Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

GeoTrust Global CA: SSL handshake failed: certificate verify failed

See original GitHub issue

Realm 3.7.2. Certificate: GeoTrust Global CA (expire 10 May 2022 )

Android client. Steps:

Login to Realm Object Server (ROS)
Download data from ROS

First steps always success. But on second step:

If I try to get data from ROS that deploy on “http” all is work fine. Data success downloaded. But f I try to get data from ROS that deploy on “https” I get the next error:

 I/REALM_SYNC(10435): Opening Realm file: /data/data/com.myproject/files/realm-object-server/1234567890/1234567890/myproject
 D/REALM_SYNC(10435): Connection[1]: WebSocket::Websocket()
 D/REALM_SYNC(10435): Connection[1]: Reconnecting in 0 milliseconds
 D/OpenGLRenderer(10435): Enabling debug mode 0
 I/REALM_SYNC(10435): Connection[1]: Session[1]: Starting session for '/data/data/com.myproject/files/realm-object-server/1234567890/1234567890/myproject'
 D/REALM_SYNC(10435): Connection[1]: Session[1]: last_version_available	 = 0
 D/REALM_SYNC(10435): Connection[1]: Session[1]: progress_server_version = 0
 D/REALM_SYNC(10435): Connection[1]: Session[1]: progress_client_version = 0
 D/REALM_SYNC(10435): Using already open Realm file: /data/data/com.myproject/files/realm-object-server/1234567890/1234567890/myproject
 D/REALM_SYNC(10435): Connection[1]: Session[1]: Progress handler called, downloaded = 0, downloadable = 0, uploaded = 0, uploadable = 0, progress version = 0, snapshot version = 1
 I/REALM_SYNC(10435): Connection[1]: Resolving 'object-server.mycompany.com:443'
 I/REALM_SYNC(10435): Connection[1]: Connecting to endpoint 'xx.xx.xxx.68:443' (1/1)
 I/REALM_SYNC(10435): Connection[1]: Connected to endpoint 'xx.xx.xxx.68:443' (from '112.1x.xxx.15:42191')
 E/REALM_SYNC(10435): Connection[1]: SSL handshake failed: certificate verify failed
 I/REALM_SYNC(10435): Connection[1]: Connection closed due to error
 D/REALM_JNI(10435): error_handler lambda invoked
 I/ActivityManager(  372): Displayed com.myproject/com.myproject.android.activity.RegistrationActivity: +1s130ms (total +4s494ms)
 E/REALM_JAVA(10435): java.lang.IllegalArgumentException: Unknown error code: 117
 E/REALM_JAVA(10435):	at io.realm.ErrorCode.fromInt(ErrorCode.java:190)
 E/REALM_JAVA(10435):	at io.realm.SyncSession.notifySessionError(SyncSession.java:162)
 E/REALM_JAVA(10435):	at io.realm.SyncManager.notifyErrorHandler(SyncManager.java:299)
 E/REALM_JAVA(10435):	at dalvik.system.NativeStart.run(Native Method)
 D/REALM_SYNC(10435): Connection[1]: Reconnecting in 582 milliseconds
 I/REALM_SYNC(10435): Closing Realm file: /data/data/com.myproject/files/realm-object-server/1234567890/1234567890/myproject
 V/REALM_JNI(10435):  --> Java_io_realm_internal_SharedRealm_nativeCloseSharedRealm 1469283808
 E/REALM_JAVA(10435): UNKNOWN(-1)
 E/REALM_JAVA(10435): Internal error (125): Operation Canceled
 E/REALM_JAVA(10435):	at io.realm.SyncSession$WaitForSessionWrapper.throwExceptionIfNeeded(SyncSession.java:695)
 E/REALM_JAVA(10435):	at io.realm.SyncSession.waitForChanges(SyncSession.java:399)
 E/REALM_JAVA(10435):	at io.realm.SyncSession.downloadAllServerChanges(SyncSession.java:336)
 E/REALM_JAVA(10435):	at io.realm.internal.SyncObjectServerFacade.downloadRemoteChanges(SyncObjectServerFacade.java:164)
 E/REALM_JAVA(10435):	at io.realm.RealmCache.doCreateRealmOrGetFromCache(RealmCache.java:302)
 E/REALM_JAVA(10435):	at io.realm.RealmCache.createRealmOrGetFromCache(RealmCache.java:281)
 E/REALM_JAVA(10435):	at io.realm.RealmCache$CreateRealmRunnable.run(RealmCache.java:115)
 E/REALM_JAVA(10435):	at io.realm.internal.async.BgPriorityRunnable.run(BgPriorityRunnable.java:34)
 E/REALM_JAVA(10435):	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:390)
 E/REALM_JAVA(10435):	at java.util.concurrent.FutureTask.run(FutureTask.java:234)
 E/REALM_JAVA(10435):	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
 E/REALM_JAVA(10435):	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
 E/REALM_JAVA(10435):	at java.lang.Thread.run(Thread.java:841)
 E/REALM_JAVA(10435): 
 E/REALM_JAVA(10435): `CreateRealmRunnable` failed.
 D/com.myproject.MainApp(10435): setLoadingOrganizaions: set flag = false
 E/com.myproject.MainApp(10435): loadOrganization: new Callback: onError: Finish! NOT success loaded (sync) organizations
 E/com.myproject.MainApp(10435): UNKNOWN(-1)
 E/com.myproject.MainApp(10435): Internal error (125): Operation Canceled
 E/com.myproject.MainApp(10435):	at io.realm.SyncSession$WaitForSessionWrapper.throwExceptionIfNeeded(SyncSession.java:695)
 E/com.myproject.MainApp(10435):	at io.realm.SyncSession.waitForChanges(SyncSession.java:399)
 E/com.myproject.MainApp(10435):	at io.realm.SyncSession.downloadAllServerChanges(SyncSession.java:336)
 E/com.myproject.MainApp(10435):	at io.realm.internal.SyncObjectServerFacade.downloadRemoteChanges(SyncObjectServerFacade.java:164)
 E/com.myproject.MainApp(10435):	at io.realm.RealmCache.doCreateRealmOrGetFromCache(RealmCache.java:302)
 E/com.myproject.MainApp(10435):	at io.realm.RealmCache.createRealmOrGetFromCache(RealmCache.java:281)
 E/com.myproject.MainApp(10435):	at io.realm.RealmCache$CreateRealmRunnable.run(RealmCache.java:115)
 E/com.myproject.MainApp(10435):	at io.realm.internal.async.BgPriorityRunnable.run(BgPriorityRunnable.java:34)
 E/com.myproject.MainApp(10435):	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:390)
 E/com.myproject.MainApp(10435):	at java.util.concurrent.FutureTask.run(FutureTask.java:234)
 E/com.myproject.MainApp(10435):	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
 E/com.myproject.MainApp(10435):	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
 E/com.myproject.MainApp(10435):	at java.lang.Thread.run(Thread.java:841)

Issue Analytics

State:
Created 6 years ago
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

cmelchiorcommented, Sep 21, 2017

It needs to be manually added, see https://realm.io/docs/java/latest/#ssl-tls

The underlying reason is that C++ code do not have access to the Android keystore. It works for login because that uses OkHttp, but the sync protocol itself runs entirely in C++. We have a potential solution for that, but until we can release that you need to manually add the CA.

We also have a bug in our ErrorCode though. As @Zhuinden points out we are not handling the 117 code correctly.

0reactions

nhachichacommented, Oct 7, 2017

Platform SSL validation will be added in https://github.com/realm/realm-java/issues/4759

Top Results From Across the Web

How to Fix the SSL/TLS Handshake Failed Error - SSL2BUY

Solution. Install the omitted intermediate certificate, which may be present on your Certificate Authority (CA) website and fix the error. Expired Certificate.

How to Fix the SSL/TLS Handshake Failed Error? - AboutSSL

Some Reasons That Causes SSL/TLS Handshake Failed Error ; Incorrect Certificate. The name on the certificate doesn't match with the hostname in the...

GeoTrust cert installs, but does not create a trusted SSL ...

So right now I have purchased an SSL cert that does not secure the connection and that has broken Web Direct access completely....

HTTP Server Test Fails with SSL Error

The most common cause of the "unable to get local issuer certificate" error is a misconfigured web server that fails to send all...

openssl verify not working with GeoTrust Certificate

As per the chain display, the root certificate is not self signed . Its shows its issued by Equifax. Openssl will continue giving...