Received fatal alert: certificate_unknown
i am making a SSL client server application.
i got this exception
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
how can i solve it?
thanks my all helpers..
i made new certificate.
some more details are under
1. SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SLServerSocketFactory.getDefault();
2. SSLServerSocket server= null;
3. server= (SSLServerSocket) sslserversocketfactory.createServerSocket(4444);
4. SSLSocket socket = (SSLSocket) server.accept();
5. System.out.print(socket.getInetAddress().getLocalHost());
6. ObjectOutputStream out = new ObjectOutputStream(socket.getOutputStream());Exception through at *6* line from server side
complete stack trace
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.ObjectOutputStream$BlockDataOutputStream.drain(ObjectOutputStream.java:1838)
at java.io.ObjectOutputStream$BlockDataOutputStream.setBlockDataMode(ObjectOutputStream.java:1747)
at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:226)
at NPBClientGUI.Connect.ConnectMe(Connect.java:87)
at NPBClientGUI.Connect.btnConnectActionPerformed(Connect.java:226)
at NPBClientGUI.Connect.access$200(Connect.java:42)
at NPBClientGUI.Connect$2.actionPerformed(Connect.java:175)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2318)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
at java.awt.Component.processMouseEvent(Component.java:6134)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3265)
at java.awt.Component.processEvent(Component.java:5899)
at java.awt.Container.processEvent(Container.java:2023)
at java.awt.Component.dispatchEventImpl(Component.java:4501)
at java.awt.Container.dispatchEventImpl(Container.java:2081)
at java.awt.Component.dispatchEvent(Component.java:4331)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4301)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3965)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3895)
at java.awt.Container.dispatchEventImpl(Container.java:2067)
at java.awt.Window.dispatchEventImpl(Window.java:2458)
at java.awt.Component.dispatchEvent(Component.java:4331)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)Edited by: Muneer_Ahmed on May 8, 2009 12:27 PM
Similar Messages
-
SSL: Received fatal alert: certificate_unknown Problem
Hi all, first I read this thread http://forums.sun.com/thread.jspa?threadID=5385002 but I didnt help me so i startad a new one.
I´m doing a client, server and thread implementation with ssl, i copied certifcates and keystores on the directories and so on.
Here is the error on the server, just when a client conects:
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at java.io.ObjectInputStream$PeekInputStream.read(Unknown Source)
at java.io.ObjectInputStream$PeekInputStream.readFully(Unknown Source)
at java.io.ObjectInputStream$BlockDataInputStream.readShort(Unknown Source)
at java.io.ObjectInputStream.readStreamHeader(Unknown Source)
at java.io.ObjectInputStream.<init>(Unknown Source)
at org.tockit.comunication.ServerThread.run(ServerThread.java:55)
at java.lang.Thread.run(Unknown Source)Here is the code of the client, server and server thread, i cant find the error as i follow some tutorials and it worked:
import java.io.BufferedReader;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.ArrayList;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import citic.android.remoteir.ComConstants;
import citic.android.remoteir.SendMessage;
public class Client {
public static void main(String[] args)
// Se crea el cliente y se le manda pedir el fichero.
Client cf = new Client();
BufferedReader in = null;
BufferedReader stdIn = new BufferedReader(new InputStreamReader(System.in));
String userInput;
cf.pide("rup", "localhost", 27960, 0, 20);
public void pide(String query, String servidor, int puerto, int startIndex, int count)
try
// Se abre el socket.
SSLSocketFactory sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket)sslsocketfactory.createSocket(servidor,puerto);
ObjectOutputStream oos = new ObjectOutputStream(socket
.getOutputStream());
SendMessage mensaje = new SendMessage();
mensaje.queryTerms = query;
mensaje.startIndex = startIndex;
mensaje.count = count;
oos.writeObject(mensaje);
ObjectInputStream ois = new ObjectInputStream(socket
.getInputStream());
ComConstants mensajeRecibido;
Object mensajeAux;
String mensa = null;
do
mensajeAux = ois.readObject();
// Si es del tipo esperado, se trata
if (mensajeAux instanceof ComConstants)
mensajeRecibido = (ComConstants) mensajeAux;
System.out.println("Client has Search Results");
String test;
test = new String(
mensajeRecibido.fileContent, 0,
mensajeRecibido.okBytes);
if (mensa == null) {
mensa = test;
else {
mensa += test;
System.out.println("client mierda" + test);
} else
System.err.println("Mensaje no esperado "
+ mensajeAux.getClass().getName());
break;
} while (!mensajeRecibido.lastMessage);
SaxParser sap = new SaxParser(mensa);
ois.close();
socket.close();
} catch (Exception e)
e.printStackTrace();
package org.tockit.comunication;
import java.io.*;
import java.net.*;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
public class Server {
public static void main(String[] args) throws IOException {
ServerSocket serverSocket = null;
boolean listening = true;
System.out.println("Indroduzca valor del puerto");
InputStreamReader isr = new InputStreamReader(System.in);
BufferedReader br = new BufferedReader (isr);
int port;
try
String texto = br.readLine();
int valor = Integer.parseInt(texto);
port = valor;
try {
System.setProperty("javax.net.ssl.keyStore","C:\\Program Files\\Java\\jre6\\bin\\remoteir.ks");
System.setProperty("javax.net.ssl.keyStorePassword","aquabona");
SSLServerSocketFactory sslServerSocketfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket = (SSLServerSocket)sslServerSocketfactory.createServerSocket(port);
System.out.println("Arracando servidor en " + port);
while (listening){
SSLSocket cliente = (SSLSocket)sslServerSocket.accept();
System.out.println("Aceptado cliente");
Runnable nuevoServer = new ServerThread(cliente);
Thread hilo = new Thread(nuevoServer);
hilo.start();
} catch (IOException e) {
System.err.println("Could not listen on port:" + port);
System.exit(-1);
catch (Exception e)
e.printStackTrace();
}The line at at org.tockit.comunication.ServerThread.run(ServerThread.java:55) is marked with ERRRROOOOOORRRRR and serverThread cod is posted on the fisrt reply post.
All this code works in absence of SSL (regular sockets).
I have another question related to the SSLSockets in the method of the serverThread, will my SSLSockets in the serverThread´s methods work to comunicate with other servers as i try to do?
Thanks!And this is a method like the ones i asked on #1, sorry about this but i cant post more than 7500 characters
private void enviaFicheroMultiple(String query, ObjectOutputStream oos, int startIndex, int count, ArrayList<String> ips, ArrayList<String> ports, SearcherValue value)
try
String finalString = "";
String tempFinal = "";
QueryWithResult[] outputLine;
QueryWithResult[] finalResults = new QueryWithResult[1];
Operations op = new Operations();
boolean enviadoUltimo=false;
ComConstants mensaje = new ComConstants();
mensaje.queryTerms = query;
outputLine = op.processInput(query, value);
int i = 0;
boolean firstRun = true;
while (i < ips.size()) {
String ip = ips.get(i);
int port = Integer.parseInt(ports.get(i));
try
SSLSocketFactory sslsocketfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket)sslsocketfactory.createSocket(ip,port);
ObjectOutputStream ooos = new ObjectOutputStream(socket
.getOutputStream());
SendMessage message = new SendMessage();
message.numDoc = value.numDoc;
message.docFreq = value.docFreq;
message.queryTerms = query;
message.startIndex = startIndex;
message.count = count;
message.multiple = false;
message.ips = null;
message.ports = null;
message.value = true;
message.docFreq = value.docFreq;
message.numDoc = value.numDoc;
ooos.writeObject(message);
ObjectInputStream ois = new ObjectInputStream(socket
.getInputStream());
QueryWithResult[] qwr = (QueryWithResult[]) ois.readObject();
int size = qwr.length;
int num=0;
boolean kk = true;
int pos = 0;
if(firstRun) {
finalResults = new QueryWithResult[size];
finalResults = qwr;
System.out.println("lenght" + finalResults.length);
} else {
QueryWithResult[] old = finalResults;
finalResults = new QueryWithResult[old.length + size];
int y =0;
while(y < old.length){
finalResults[y] = old[y];
y++;
int l = old.length;
int k = qwr.length;
while(l < finalResults.length){
finalResults[l] = qwr[0];
l++;
firstRun = false;
ois.close();
socket.close();
} catch (Exception e)
e.printStackTrace();
i++;
QueryWithResult[] old = finalResults;
finalResults = new QueryWithResult[old.length + outputLine.length];
int y =0;
while(y < old.length){
finalResults[y] = old[y];
y++;
int l = old.length;
int k = outputLine.length;
while(l < finalResults.length){
finalResults[l] = outputLine[0];
l++;
XmlConverter xce = new XmlConverter(finalResults, startIndex, count);
String serialized = xce.runConverter();
finalString = serialized + tempFinal;
finalString = finalString.trim();
System.out.println("Final String " + finalString);
byte mybytearray[] = finalString.getBytes();
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(mybytearray);
BufferedInputStream bis = new BufferedInputStream(byteArrayInputStream);
int readed = bis.read(mensaje.fileContent,0,4000);
while (readed > -1)
mensaje.okBytes = readed;
if (readed < ComConstants.MAX_LENGTH)
mensaje.lastMessage = true;
enviadoUltimo=true;
else
mensaje.lastMessage = false;
oos.writeObject(mensaje);
if (mensaje.lastMessage)
break;
mensaje = new ComConstants();
mensaje.queryTerms = query;
readed = bis.read(mensaje.fileContent);
if (enviadoUltimo==false)
mensaje.lastMessage=true;
mensaje.okBytes=0;
oos.writeObject(mensaje);
oos.close();
} catch (Exception e)
e.printStackTrace();
} -
SSLHandShakeException's fatal alert certificate_unknown
Trying to connect RMI SSL Client with RMI non-SSL Server with and getting following exception. How should i check SSLHandShakeException's fatal alert certificate_unknown in the code ? Also I am setting SSL properties(keystore, truststore, passwords) using System.setPropertiy()
*** ServerHelloDone
RMI TCP Connection(11)-10.229.194.39, WRITE: TLSv1 Handshake, length = 659
RMI TCP Connection(11)-10.229.194.39, READ: TLSv1 Alert, length = 2
RMI TCP Connection(11)-10.229.194.39, RECV TLSv1 ALERT: fatal, certificate_unknown
RMI TCP Connection(11)-10.229.194.39, called closeSocket()
RMI TCP Connection(11)-10.229.194.39, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
RMI TCP Connection(11)-10.229.194.39, called close()
RMI TCP Connection(11)-10.229.194.39, called closeInternal(true)
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
RMI TCP Connection(12)-10.229.194.39, setSoTimeout(7200000) called
RMI TCP Connection(12)-10.229.194.39, READ: SSL v2, contentType = Handshake, translated length = 73
*** ClientHello, TLSv1
RandomCookie: GMT: 1360739234 bytes = { 103, 192, 214, 126, 21, 70, 8, 98, 28, 38, 177, 79, 93, 98, 219, 3, 14, 199, 232, 12, 186, 102, 148, 116, 240, 107, 25, 14 }
Session ID: {}890918 wrote:
Trying to connect RMI SSL Client with RMI non-SSL Server with and getting following exception.What you have posted is not an exception, it is an SSL debug trace, and you could not possibly have got it by connecting to a non-SSL server. -
Https Issue:SSLHandshakeException:Received fatal alert:bad_certificate
hi experts,
My scenario is Proxy to AS2. In AS2 receiver I have https protocol. I have put SSL Certificate(keystore) value.
Let say
View- x
Certificate name- cer
then I have given
TRUSTED\x\cer
in SSL Certificate(keystore) field of AS2 receiver channel.
Let me know weather it is correct.
Second field in Communication channel is "Private key for Client Authentication". I have kept it as blank.
I am getting an error in AS2 Receiver Channel saying:-
Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate #
My certificate has not expired yet.
Please help me in this matter.
Thanks
Jaideephi experts,
Please look into the below matter and help me to resolve it.
Thanks
Jaideep -
Received fatal alert: handshake_failure!!
Hi all,
I have to connect with a server via mutual authentication. I have to received a server certificate and send my client certificate, which I have stored in cacerts.
This certificate is a class 3 certificate from verisign.
If I try to connect from IE directly as:
https://195.235.160.165/GPP/WLServer
I have no problem, but when I try to connect from my servlet
MY CODE
com.sun.net.ssl.SSLContext ctx = com.sun.net.ssl.SSLContext.getInstance("SSL");
URL url = new URL("https://195.235.160.165/GPP/WLServer");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
com.sun.net.ssl.HttpsURLConnection urlConn = (com.sun.net.ssl.HttpsURLConnection) conn;
urlConn.setDoOutput(true);
com.sun.net.ssl.KeyManagerFactory _kmFactory = null;;
com.sun.net.ssl.TrustManagerFactory _tmFactory = null;
//Establecemos los certificados
//Cliente
String _clientCertStoreFile = "C:\\certificados\\cacerts.jks";
String _serverCertStoreFile = "C:\\certificados\\keystore.jks";
String _clientCertStorePswd = "changeit";
String _serverCertStorePswd = "changeit";
InputStream _clientCertInputStream = null;
InputStream _serverCertInputStream = null;
String TRUST_STORE = "javax.net.ssl.trustStore";
String TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
String KEY_STORE = "javax.net.ssl.keyStore";
String KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
log.debug("set client side cert ...");
if (_clientCertStoreFile != null)
InputStream retInputStream = null;
try{
retInputStream = new FileInputStream(_clientCertStoreFile);
catch (FileNotFoundException fnfe)
retInputStream = this.getClass().getResourceAsStream(_clientCertSto reFile);
log.debug("The input stream is: " + retInputStream);
_clientCertInputStream = retInputStream;
try
if (_clientCertInputStream != null)
log.debug("setting client side cert ...");
KeyStore clientCertKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
clientCertKeyStore.load(_clientCertInputStream, _clientCertStorePswd.toCharArray());
_kmFactory = com.sun.net.ssl.KeyManagerFactory.getInstance(com. sun.net.ssl.KeyManagerFactory.getDefaultAlgorithm( ));
kmFactory.init(clientCertKeyStore, clientCertStorePswd.toCharArray());
else
log.debug("nothing to set for the client cert!");
catch (IOException ioe)
ioe.printStackTrace();
catch (KeyStoreException kse)
kse.printStackTrace();
catch (NoSuchAlgorithmException nsae)
nsae.printStackTrace();
catch (java.security.cert.CertificateException ce)
ce.printStackTrace();
catch (UnrecoverableKeyException uke)
uke.printStackTrace();
//Servidor
log.debug("set server side cert ...");
if (_serverCertStoreFile != null)
log.debug("read server side cert ...");
InputStream retInputStream = null;
try{
retInputStream = new FileInputStream(_serverCertStoreFile);
catch (FileNotFoundException fnfe)
retInputStream = this.getClass().getResourceAsStream(_serverCertSto reFile);
_serverCertInputStream = retInputStream;
if (_serverCertInputStream != null)
try
log.debug("setting server side cert ...");
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(_serverCertInputStream, _serverCertStorePswd.toCharArray());
_tmFactory = com.sun.net.ssl.TrustManagerFactory.getInstance(co m.sun.net.ssl.TrustManagerFactory.getDefaultAlgori thm());
_tmFactory.init(trustStore);
catch (IOException ioe)
ioe.printStackTrace();
catch (KeyStoreException kse)
kse.printStackTrace();
instance");
catch (NoSuchAlgorithmException nsae)
nsae.printStackTrace();
catch (java.security.cert.CertificateException ce)
ce.printStackTrace();
else
log.debug("Nothing to set for the server cert");
if (_kmFactory != null){
if (_tmFactory != null){
//ctx.init(_kmFactory.getKeyManagers(), _tmFactory.getTrustManagers(), null);
ctx.init(new com.sun.net.ssl.X509KeyManager[]{}, trustAllCerts, new java.security.SecureRandom());
else{
ctx.init(_kmFactory.getKeyManagers(), null, null);
else{
if (_tmFactory != null){
ctx.init(null, _tmFactory.getTrustManagers(), null);
else{
return;
urlConn.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, String session)
// I don't care if the certificate doesn't match host name
System.out.println("hotname: "+hostname);
return true;
urlConn.setSSLSocketFactory(ctx.getSocketFactory() );
urlConn.setDefaultSSLSocketFactory(ctx.getSocketFa ctory());
BufferedReader in = new BufferedReader(
new InputStreamReader(
urlConn.getInputStream()));
//Creates a writer with the encoding parameter as "UTF-8"
Writer out_ = new OutputStreamWriter(response.getOutputStream(), "UTF-8" );
log.debug("Creating writer");
String inputLine;
String fichero_in = "";
while ((inputLine = in.readLine()) != null){
if(inputLine.length()!=0){
System.out.println(inputLine);
fichero_in = inputLine;
out_.write(inputLine);
in.close();
//Sets the Content-Type header
response.setContentType("application/xml; charset=utf-8");
//response.setContentType("text/html; charset=UTF-8");
//Sends the response XML to the client
out_.write(fichero_in);
out_.flush();
response.sendRedirect(response.encodeRedirectURL("out_"));Sorry for not to be clearer and not to use formatting tips (I didn�t know about it) and finally sorry for my bad English!!
As regards the errors:
[LocationServlet] Error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure : com.deimos.dat.servlet.LocationServlet.processRequest(LocationServlet.java:397)
It appears when the servlet try to getInputStream from the HttpsUrlConnection because the handshake hasn�t been done properly.
BufferedReader in = new BufferedReader(
new InputStreamReader(
urlConn.getInputStream())
Thanks in advance!! -
FTPSClient - SSL Received fatal alert: bad_record_mac
I am trying to connect to an out of network server using org.apache.commons.net.ftp.FTPSClient
and trying to upload a file.
The code works correctly when i execute it from localhost but throws the following exception from prod server.
javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1682)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:240)
at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:171)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:178)
Code
FTPClient ftp = new FTPSClient("SSL")
ftp.connect(server, 21);
reply = ftp.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftp.disconnect();
log.debug("FTP server refused connection.");
return;
//ftp.enterRemotePassiveMode();
ftp.enterLocalPassiveMode();
ftp.login(username, password);
======================
Any suggestions why would it work from my localhost and not from the server.
Could it be a firewall issue or do i need to user a certificate?The FTP server sent you an alert saying that it received a bad_record_MAC from you, i.e. the client.
So there is something wrong with the client you used when it failed, or the underlying version of JSSE. Are the versions of Java the same in both cases? -
Client Auth failure:SSLException Received fatal alert: bad_certificate
Friends,
I have managed to establish a one -way https connection between the client and the tomcat-server by keeping the client-Authentication=false
<Connector
enableLookups="true"
port="8443"
scheme="https"
secure="true"
maxProcessors="75"
debug="0"
clientAuth="false"
keystorePass="arps3241"
keystoreFile="/usr/local/tomcat/bin/arps-dev.keystore"
className="org.apache.coyote.tomcat5.CoyoteConnector"
minProcessors="5"
sslProtocol="TLS">
</Connector>
. However , when i switch- 'on' the client-Authetication parameter i.e.clientAuth="true" in the server.xml for 2 way trust, I get the following error :-
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
Can any body please guide me?The server's truststore doesn't trust or possibly even recognize the client's certificate which came from the client's keystore.
-
Client Authentication - Received fatal alert: bad_certificate
I am making a "secure" chat server that has some simple functionality.
For the server cert, I sent off the CSR to Thawte and set up the trust chain. That keystore seems to be fine:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: verisigntestroot
Creation date: Nov 10, 2006
Entry type: trustedCertEntry
Owner: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Serial number: 0
Valid from: Wed Jul 31 20:00:00 EDT 1996 until: Thu Dec 31 16:59:59 EST 2020
Certificate fingerprints:
MD5: 5E:E0:0E:1D:17:B7:CA:A5:7D:36:D6:02:DF:4D:26:A4
SHA1: 39:C6:9D:27:AF:DC:EB:47:D6:33:36:6A:B2:05:F1:47:A9:B4:DA:EA
Alias name: server
Creation date: Nov 10, 2006
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=TestServer, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, OU=Domain Validated, O=TestServer
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Serial number: 76369fba895ca9f8f5b44dd1f28307ad
Valid from: Fri Nov 10 15:29:22 EST 2006 until: Fri Dec 01 15:29:22 EST 2006
Certificate fingerprints:
MD5: 5B:7D:EE:B3:0A:CC:7B:B8:A2:73:D3:96:FB:D3:43:ED
SHA1: E2:FD:31:00:D7:9D:F5:93:4E:99:D9:8B:C3:70:87:D9:CF:83:EC:36
Certificate[2]:
Owner: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Serial number: 0
Valid from: Wed Jul 31 20:00:00 EDT 1996 until: Thu Dec 31 16:59:59 EST 2020
Certificate fingerprints:
MD5: 5E:E0:0E:1D:17:B7:CA:A5:7D:36:D6:02:DF:4D:26:A4
SHA1: 39:C6:9D:27:AF:DC:EB:47:D6:33:36:6A:B2:05:F1:47:A9:B4:DA:EA
So next I want to set up my client. The professor said that it's fine to just give the clients all self-signed certs, so I ran:
keytool -genkey -alias client1 -keyalg RSA -keystore c1keystore -storepass client1 -keypass client1 -dname "o=jhu, cn=Client 1"
I assumed that I need to add the Thawte Root CA Cert to this keystore as well since I'm doing client authentication:
keytool -import -v -file ../server/thawtecert.txt -trustcacerts -keystore c1keystore -storepass client1
I start up the server, and then I attempt to connect with the client with these options:
-Djavax.net.ssl.trustStore=server/serverstore
-Djavax.net.ssl.keyStore=client/c1keystore
-Djavax.net.ssl.keyStorePassword=client1
Now when I attempt to connect to the server and write to the buffer, I get this error on the client side:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
And this error on the server side:
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: null cert chain
If I connect to the server with these options, I connect fine:
-Djavax.net.ssl.trustStore=server/serverstore
-Djavax.net.ssl.keyStore=server/serverstore
-Djavax.net.ssl.keyStorePassword=server
I assume this means that I have done something very wrong creating the client's keystore. Does anyone know how I'm supposed to create it?Hi ,
Even i get the same error . Although ,I imported the contents of my self-signed certificate into the truststore of tomcat i.e.cacerts file of jre/lib/security (in tomcat) , I get the following error:-
Tomcat does not seem to accept the client's certitficate.
Also , Incase if i use a standalone Java application to connect to a tomcat application , I get the same error? Any idea as to how does tomcat server authenticate the client from a standalone Java application .
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324) -
CA-Signed certificate: Received fatal alert: bad_certificate
Hello. I am still trying to get rmi ssl to work in the way I want (see my post http://forums.sun.com/thread.jspa?threadID=5351278&tstart=15 ).
I read that CA signed certificates are preferred to self signed certificates due to several reasons. Due to the fact, that I want to run a lot of different services, each with an own certificate, it is out of question to let them be signed by a real CA (for now all is in a testing environment and once I have solved all the problems this might become an option).
So for now, I create my own certificate authority and sign the certificates for my services (who interact with each other via ssl).
If there is a flaw in my setup, please tell me. If not continue reading.
In my scenario, a service A is querying a server S to discover a service B. S sends all the information about B back to A, including the certificate of B (so A can use ssl to talk to B). I use client authentication.
Each component uses a keystore, which acts as a truststore at the same time.
When I use self signed certificates and import them to the other keystores (using keytool) everything works as it should.
My setup using ca-signed certificates fails.
At the beginning the server has all the certificates in his keystore (A & B & S, which were signed with the servers secret key, who acts as my CA). A contains the servers certificate and his own, which has been signed with the servers private key (A &S). B contains the servers certificate and his own, which has been signed with the servers private key (B & S).
As far as I understand ssl, if A wants to talk to B, it needs the certificate of B (and needs to trust it).
In my scenario, A is receiving the certificate of B, when it queries the server for information about B. The certificate is imported into As keystore (works), but the method call fails with:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Is rmi ssl creating and using selfsigned certificates from the private keys in the keystore? Maybe I made a mistake, but I don't see it.
A has a certificate of B (and trusts it, because it was signed by an authority whose certificate is trusted from the beginning). B should trust the certificate of A (because it was signed by the same authority). So why is there a bad certificate?
My guess is, in the ssl handshake, A is using his private key to create a self signed certificate and is sending this to B. B has no reason of trusting a self-signed certificate and the handshake fails.
If you have any ideas, I appreciate them a lot.ejp wrote:
So for now, I create my own certificate authority and sign the certificates for my services (who interact with each other via ssl).So all you have to do is ensure that every client trusts your CA.This is done by importing the CA's certificate into each trust store.
Each component uses a keystore, which acts as a truststore at the same time.That's a really bad idea. They serve completely different purposes. Don't do that.Ok, I will change that. So the trust store is used for certificates I trust (which then can be used by ssl), the keystore is used to store secret keys or if I want to do "cryptography by hand".
As far as I understand ssl, if A wants to talk to B, it needs the certificate of B (and needs to trust it).That's true if B is a server. If A is the server in this scenario it is B that needs to trust A.
In my scenario, A is receiving the certificate of B, when it queries the server for information about B. The certificate is imported into As keystore (works)Should be truststoreI will change that it's only imported into the trust store (-> will do the separation of trust/key store).
but the method call fails with:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificateSo there is something wrong with the certificate that B sent.Yes, but I don't know why. I created a certificate signing request (csr) for B (using keytool) and then used openssl to create the certificate. When I use a private key and openssl to create a selfsigned certificate e.g. create csr for B, export private key of B, use openssl to create the certificate with the private key of B), it has the same checksum as a self signed certificate using keytool.
The trust store of B contains the CA signed certificate of B and the CA certificate. I don't understand why it is a "bad certificate".
Maybe separating key and trust store will solve the problem or give some new hints.
Is rmi ssl creating and using selfsigned certificates from the private keys in the keystore?No. SSL doesn't generate certificates at all. You do. SSL just looks in the keystore for a certificate to send that matches what the peer will accept, and sending that.
So maybe the CA cert is used for it, which would be fault. I'm going to check that.
A has a certificate of B (and trusts it, because it was signed by an authority whose certificate is trusted from the beginning). B should trust the certificate of A (because it was signed by the same authority).> A and B don't need mutual trust unless you have needClientAuth set 'true' somewhere, which you haven't mentioned.I mentioned it, but it came to my mind at the end of my post, so it's kind of hidden in the text. So, I do use client authentication.> > My guess is, in the ssl handshake, A is using his private key to create a self signed certificate> No. See above.> > and is sending this to B. B has no reason of trusting a self-signed certificate and the handshake fails.> No. There is something wrong with the certificate that was received by the side that first got the bad_certificate alert.Thanks a lot. I see several things clearer now. -
SSLHandshakeException: Received fatal alert :handshake_failure
Hola forum,
I'm having a bit of a problem with ssl sockets currently. Please bear with me as this is my first run at using ssl sockets for anything and I've done a fair bit of searching on google already.
Here's the code I'm using:
(kindly ignore any typos as they are the result of having to manually type the code in - the code resides on a seperate system).
int port = 443;
String hostname = "hostname";
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager(){
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateExcpetion{}
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException{}
public X509Certificate[] getAcceptedIssuers(){
return new X509Certificate[0];
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new SecureRandom());
SSLSocketFactory factory = sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.getSocketFactory(hostname, port);
socket.setUseClientMode9true);
socket.startHandshake();
...this throws the following exception from startHandshake():
javax.net.ssl.SSLHandhakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Uknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at testcode.main(testcode.java 62)Any insight? I would be most appreciative. Thanks!ejp thanks for the reply - unfortunately I have 0 control over the server that I am attempting to establish a connection to and I don't think I can get them to do much of anything (just getting their server certificate was some work).
Could this exception be caused by the server requiring client validation? I checked the various socket settings (forget the property names) but none of them indicated that client validation was required.
Let me know if just the debug on the client side would be helpful and I'll type it in.
--edit, alright here are what I think the relevant parts of the debugging info from the client side(bear with me as this has to be hand transcribed-). Please let me know if more is needed-
found key for : key alias
chain[0] = [
addiing as trusted cert:
adding as trusted cert:
trigger seeding of SecureRandom
done seeding SecureRandom
dexport control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
%% No cached client session
** ClientHello, TLSv1
RandomCookie:...
Session ID: {}
Cipher Suites: ...
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake. length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 74
***ServerHello, TSLv1
RandomCookie: ...
Cipher Suite: ...
COmpression Method: 0
%% Created: ...
**SSL_RSA_WITH_RC4_128_MD5
main, READ: TLSv1 Handshake, length = 2702
*** Certificate chain
chain [0] = ...
[2] : ...
[3] : ...
[4] : ...
[5] : ...
chain [1] = ...
[2] : ...
[3] : ...
[4] : ...
[5] : ...
chain[2] =...
[2]: ...
Found trusted certificate:
main, READ: TLSv1 Handshake, length = 278
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
*** ServerHelloDone
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: ...
main, WRITE: TLSv! Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
CONNECTION KEYGEN:
Client Nonce:
Server Nonce:
Master Secret:
Client MAC write Secret:
Server MAC write Secret:
Client write key:
Server write key:
...no IV for cipher
main, WRITe: TLSv1 Change Cipher spec, length = 1
*** Finished
verify_data: ...
main, WRITE: TLSv1 Handshake, length = 32
main, waiting for close_notify or alert: state 1
main, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
java.net.SocketException: Software caused connection abort: recv failed
at java.netSocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at com.sun.net.ssl.interal.ssl.InputRecord.readFully(Uknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLCoketImpl.waitForClose(Unknown Source)
at com.sun.net.ssl.internal.ssl.HanshakeOutStream.flush(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChagneCipherSpec(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFInish(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
at com.sun.net.ssl.internal.ssl.CLientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.internal.ssl.SLSocketImpl.startHandshake(Unknown Source)
at https.TestSSLSockets.main(TestSSLSockets.java:104)thanks again!
Message was edited by:
cjmose -
Why get "fatal alert: bad_certificate" but "certificate_expired"
Hi all,
I am testing 2 way SSL authentication now.
Expected Result:
When the client side provides a expired client cert to the server during handshaking, the server is supposed to return fatal alert: certificate_expired, which is exactly the client side wanna receive.
Acturally Result:
At first, I test server side with Tomcat, but the coming out result is that server will reject the connection with fatal alert: certificate_unknown.
Then, I try Weblogic. From Weblogic, I can see the warn:
<Nov 16, 2007 3:31:01 PM GMT+08:00>
<Warning><Security><BEA-090479>
<Certificate chain received from 206.225.50.35 - 206.225.50.35 failed date validity checks.>
But the client side will receive fatal alert : bad_certificate.
Any solution to get the expected response from server with fatal alert: certificate_expired?
Your help are appreciated!Hi all,
I am testing 2 way SSL authentication now.
Expected Result:
When the client side provides a expired client cert to the server during handshaking, the server is supposed to return fatal alert: certificate_expired, which is exactly the client side wanna receive.
Acturally Result:
At first, I test server side with Tomcat, but the coming out result is that server will reject the connection with fatal alert: certificate_unknown.
Then, I try Weblogic. From Weblogic, I can see the warn:
<Nov 16, 2007 3:31:01 PM GMT+08:00>
<Warning><Security><BEA-090479>
<Certificate chain received from 206.225.50.35 - 206.225.50.35 failed date validity checks.>
But the client side will receive fatal alert : bad_certificate.
Any solution to get the expected response from server with fatal alert: certificate_expired?
Your help are appreciated! -
WLS 10.3.3 not supporting SHA2 cert at provider end . (wild card certificate cannot be imported to trusted certs)
During integration from OSB 11g we face below exception :
General runtime error: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received
Regards,
AnithaEnable -Dssl.debug=true java option and capture the logs.
You might find this userful
http://weblogic-wonders.com/weblogic/2010/01/28/troubleshooting-ssl-issues/ -
Hi There,
am getting error when invoking a webservice from OSB .
"The invocation resulted in an error: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received..".
certs were loaded to the trust store and could see certificates in Trust store.
surprisingly, same webservice works from SOA BPEL and even from soapUI.
I even made Host Name verification to NONE... none of those helped.
your suggestions are very much appreciated.
Thanks,
Karthik.Enable -Dssl.debug=true java option and capture the logs.
You might find this userful
http://weblogic-wonders.com/weblogic/2010/01/28/troubleshooting-ssl-issues/ -
FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was receiv
I am trying to invoke a third part web-service (EDC RAVE) through the Oracle Service Bus/Weblogic Server. However whenever I try to use a business service to connect I get the following error message:
The invocation resulted in an error: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received..
I have tried to add the certificate to the set of trusted demo certificates but that doesn't seem to have solved the problem. Does anyone know how to resolve the problem?
The only solution I have found is:
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/webserv/trouble.html#1071057
But I am using 10.3, not 8.1.Hi,
I am getting the same error while invoking a Rave webservice from ALSB or from a web application hosted on weblogic 10.3.
I have tried first two of the options below, still got the same execption:
1) Disable host name verification ( never a pleasant thought )
2) Write your own custom hostname verification
3) Ask them to get a cert specific to their host ( with a CN of "someserver.mdsol.com, for instance ).
3rd one is not an option for us, as Medidata does not want to do any change in their setup or to obtain new certificate with CN specific to their host.
After troubleshooting for several days I am out of ideas. Would appreciate if someone helps me on this.
Some further details:
The Rave server presents a wildcard certificate with CN as *.mdsol.com. I have imported all the certificates in the chain to the trust store.
Configured the trust store in weblogic and disabled host name verification.
I have enabled the ssl debug, when i invoke Rave webservice, getting the following errors :
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Use Certicom SSL with Domestic strength>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE KeyAgreement: SunJCE version 1.6 for algorithm DiffieHellman>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm DiffieHellman>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Will use default KeyAgreement for algorithm ECDH>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DESede/CBC/NoPadding>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DES/CBC/NoPadding>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm AES/CBC/NoPadding>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSL Session TTL :90000>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSL enableUnencryptedNullCipher= false>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loading server SSL identity>
<Aug 29, 2010 8:05:18 PM IST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias usadc-vsedc35.quintiles.
net from the JKS keystore file C:\eDC-ODM\Beta\ssl\wls\dev1\WLS1\keystore\edc_server.jks.>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Loaded public identity certificate chain:>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=usadc-vsedc35.quintiles.net, OU=Global Solutions, O=Quintiles, L=Morrisville, ST=NC, C=US; Issuer: CN=USKAN-SECSA01, DC=quintiles, DC=net>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=USKAN-SECSA01, DC=quintiles, DC=net; Issuer: CN=uskan-secs02, DC=quintiles, DC=net>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=uskan-secs02, DC=quintiles, DC=net; Issuer: CN=uskan-secs02, DC=quintiles, DC=net>
<Aug 29, 2010 8:05:18 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Aug 29, 2010 8:05:20 PM IST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file C:\eDC-ODM\Beta\ssl\alsb\truststore\pftrust.jks.>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 4 trusted CAs from C:\eDC-ODM\Beta\ssl\alsb\truststore\pftrust.jks>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=ca.webcrf.net, OU=IAS Engineering, O=Phase Forward, L=Waltham, ST=Massachusetts, C=US; Issuer: CN=ca.webcrf.net, OU=IAS Engineering, O=Phase Forward, L=Waltham, ST=Massachusetts, C=US>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US; Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=*.mdsol.com, OU=Domain Control Validated, O=*.mdsol.com; Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Subject: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US; Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US>
<Aug 29, 2010 8:05:20 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Failed to load server trusted CAs
java.security.cert.CertificateParsingException: Could not set value for ASN.1 string object.
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:62)
at weblogic.security.utils.SSLContextManager.createServerSSLContext(SSLContextManager.java:424)
at weblogic.security.utils.SSLContextManager.getDefaultServerSSLContext(SSLContextManager.java:318)
at weblogic.security.utils.SSLContextManager.getServerTrustedCAs(SSLContextManager.java:279)
at weblogic.security.utils.SSLSetup.getTrustedCAs(SSLSetup.java:438)
at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:317)
at weblogic.security.SSL.SSLClientInfo.getSSLSocketFactory(SSLClientInfo.java:101)
at weblogic.security.SSL.SSLSocketFactory.setSSLClientInfo(SSLSocketFactory.java:218)
at weblogic.security.SSL.SSLSocketFactory.<init>(SSLSocketFactory.java:36)
at weblogic.security.SSL.SSLSocketFactory.getInstance(SSLSocketFactory.java:68)
at weblogic.net.http.HttpsClient.New(HttpsClient.java:561)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:242)
at com.sun.xml.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:133)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:140)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:86)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.client.Stub.process(Stub.java:248)
at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:180)
at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:206)
at test.GetFromRWS.doGet(GetFromRWS.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3495)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 4106403>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<Aug 29, 2010 8:05:22 PM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Aug 29, 2010 8:05:23 PM IST> <Debug> <SecuritySSL> <BEA-000000> <11680652 SSL3/TLS MAC>
<Aug 29, 2010 8:05:23 PM IST> <Debug> <SecuritySSL> <BEA-000000> <11680652 received HANDSHAKE>
<Aug 29, 2010 8:05:23 PM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Aug 29, 2010 8:05:23 PM IST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Aug 29, 2010 8:05:24 PM IST> <Debug> <SecuritySSL> <BEA-000000> <11680652 SSL3/TLS MAC>
<Aug 29, 2010 8:05:24 PM IST> <Debug> <SecuritySSL> <BEA-000000> <11680652 received HANDSHAKE>
<Aug 29, 2010 8:05:24 PM IST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Aug 29, 2010 8:05:24 PM IST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:947)
at com.sun.xml.ws.transport.http.client.HttpClientTransport.checkResponseCode(HttpClientTransport.java:221)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:149)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:86)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
at com.sun.xml.ws.client.Stub.process(Stub.java:248)
at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:180)
at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:206)
at test.GetFromRWS.doGet(GetFromRWS.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3495)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Thanks 'n Regards,
Satya
Edited by: user10115986 on Aug 31, 2010 2:03 AM -
I've just did a sync on my palm I was adding an excel file and first it came up as a locked file. I removed said filed and attempted to add a modified version of this said file. (was told some formula's were not supported)
So after doing the second sync. I went to my documents on my Palm Tungsten E2 and now I get a black boxs
Fatal Alert
MemoryMgr.c,Line:3751, Free handle
I've done a few soft reset. And will remove said warning but the minute I try to go into the documents it freezes.
Even now I dd yet another sync to remove all the files I added today, and still get the same warning.
Post relates to: Tungsten E2Are you sync'ing the excel file over to the handheld again? This may be causing the error.
The next step is to hard reset and rename the backup folder on your PC.
Go to http://www.palm.com/cgi-bin/cso_kbURL.cgi?ID=887 and follow the directions to do a hard reset. Next before you hotsync your data back over you will need to rename your backup folder, to do that go here;
XP
C:\program files\palm or palm one\[hotsync username]\ and rename your backup
folder to backup.old
Vista
Start-->documents\Palm OS Desktop\[hotsync username]\ and rename your backup
folder to backup.old
Then hotsync to your current hotsync name and all your contacts, calendar,
tasks, and memos will come back over.
Show file extensions for XP or Vista
XP
If you can not view file extensions on your PC I would like you to open a
folder go to Tools-->Folder Options--> View (tab) and under show hidden
files and folders uncheck hide file extensions for known file types.
Vista
Open control Panel go to Folder Options--> View (tab) and under show hidden
files and folders uncheck hide file extensions for known file types.
Maybe you are looking for
-
How can I send a personalized mass email with the mail app?
I need to be able to send a mass email where the "Dear So-and-so" is personalized for each recipient. Is it possible to do this with Mail? If so, how can I accomplish that?
-
Related to the previous question, the SHIFT command does not recognize the '#' sign over there. it does not eliminate so what I have used before to remove it is. this is the logic.. if znewlawsoncode+??? na 'abcdefghijklmnopqurstuvwxyz'. shift
-
CALL SCREEN inside a FM ( parameter passing to PBO ) ?
Hello Friends, I have the following issue: I have a FM with some import parameter; inside the FM I am calling a screen. the screen has some input fields, and I have to set the value to input fields those import parameter of fm. I can staticaly set th
-
Display " You are not authorized to view this page " when I can see index.html on demos folder, but when I see the html out the server work very well.
-
I have been using Firefox since I first got Arch, and after a month or two, it started randomly crashing. I figured it would go away, and things would be fine. But is continued, to the point that I only opened Firefox in the terminal. And when it fin