What is the cause of the error "Remote host closed connection during handshake"?

I want connect to the Oracle database 11.2 with SSL. But the only error that I receive is:

Exception in thread "main" java.sql.SQLException: I/O-Fehler: Remote host closed connection during handshake
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:465)
    at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:534)
    at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:217)
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:28)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:527)
    at java.sql.DriverManager.getConnection(DriverManager.java:582)
    at java.sql.DriverManager.getConnection(DriverManager.java:154)
    at TestOracle.testSSL(TestOracle.java:157)
    at TestOracle.main(TestOracle.java:131)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    at oracle.net.ns.Packet.send(Packet.java:420)
    at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:169)
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:301)
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1406)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:327)
    ... 8 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
    ... 16 more

I have add a self signed certificate to a created wallet. But I does not understand how the Oracle server can use it because it need a password which the oracle server does not know. Must I see the password and where must I set it?

On the network I can see that the Oracle server does not send any bytes. It close the socket after the client has start the handshake. That I think the problem is on the server side.

My listener.ora

SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
  (SID_NAME = CLRExtProc)
  (ORACLE_HOME = C:\app\Administrator\product\11.2.0\dbhome_2)
  (PROGRAM = extproc)
  (ENVS = "EXTPROC_DLLS=ONLY:C:\app\Administrator\product\11.2.0\dbhome_2\bin\oraclr11.dll")
)
)

LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = ora11.inetsoftware.local)(PORT = 1521))
  (ADDRESS = (PROTOCOL = TCPS)(HOST = ora11.inetsoftware.local)(PORT = 2484))
)
)

ADR_BASE_LISTENER = C:\app\Administrator

WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\Administrator\product\11.2.0\dbhome_2\BIN\owm\wallets\Administrator)))
SSL_CLIENT_AUTHENTICATION=FALSE

My sq开发者_如何学Golnet.ora:

SQLNET.AUTHENTICATION_SERVICES= (NTS)

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\Administrator\product\11.2.0\dbhome_2\BIN\owm\wallets\Administrator)))
SSL_CLIENT_AUTHENTICATION=FALSE

The certificate doesn't have a password. The thing the certificate is in has a password. Your client knows the password, gets the certificate outcof the thing, sends the certificate to the server.

If the server doesn't like the certificate for some reason, it may then close the connection rather than continuing the handshake. Same if you don't send it on request, which would happen if your certificate doesn't satisfy the constraints specified by the server in the certificate request. For example, if the server doesn't recognize the self-signer. Have you exported the certificate to the server's trust store?

I have found the solution. It is very simple. First you need set auto login. This creates a file cwallet.sso in the wallet directory. And the most important thing is that you have closed the wallet in the wallet manager when you start the TNS listener service. Else the listener can not load the file cwallet.sso. In the trace file you can see the error:

ntzlogin:Wallet open failed with error 28759

If you close the wallet later, this has no effect. It looks like the listener read the file only once.