The verification of the server's certificate chain failed

Hi All,
Not sure this is the right forum for this but never mind.
I am trying to get abap2GApps working and am having problems with the client certificates.
I am getting the below error in ICM :-
[Thr 06] Mon Jul 30 09:34:47 2012
[Thr 06] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 06]    session uses PSE file "/usr/sap/BWD/DVEBMGS58/sec/SAPSSLC.pse"
[Thr 06] SecudeSSL_SessionStart: SSL_connect() failed
  secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 06] >>            Begin of Secude-SSL Errorstack            >>
[Thr 06] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Equifax Secure Certificate Authority, O=E
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
[Thr 06] <<            End of Secude-SSL Errorstack
[Thr 06]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 06]   SSL NI-sock: local=172.30.7.170:59036  peer=172.30.8.100:80
[Thr 06] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000053910f0)==SSSLERR_SSL_CONNECT
[Thr 06] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {000726d5} [icxxconn_mt.c 2031]
Having already got the accounts.google.com SSL certificate chain installed and working I can't get the docs.google.com SSL chain working.
For accounts.google.com they use (this set works) :-
1) CN=accounts.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
2) CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
3) OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
For docs.google.com they use a different set of SSL certs. :-
1) CN=*.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
2) CN=Google Internet Authority, O=Google Inc, C=US
3) OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Can anyone explain what I am doing wrong or how to correct this?
Thanks
Craig

Further UPDATE
After removing every certificate related to docs.google.com I still get the same error!
I have even tried downloading the root certificate directly from GeoTrust themselves and yet I still get the same error.
I have even resorted to running SAP program ZSSF_TEST_PSE from note 800240 to check the PSE and all is well!
Referring to SAP Note 1318906 suggests I am missing a certificate in the chain but I am not!
"Situation: The ICM is in the client role and the following entry is displayed in the trace:
ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
Reason:You try to set up a secure connection to a server, but the validity of the certificate cannot be verified because the required certificates are not available.
Solution:The missing certificates are listed in the trace file. You must use transaction STRUST to insert these certificates in the Personal Security Environment (PSE) that is used for the connection. The certificates are usually made available to you by the server administrator. If the certificates are public Certification Authority (CA) certificates, you can also request the certificates there."
What could possibly causing this?
Please help!
Craig

Similar Messages

  • ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the se

    Hello,
    We are getting the following error in the dev_icm trace file:
    =================================================================
    [Thr 04] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1777]
    [Thr 11] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 2012]
    [Thr 11] *** ERROR => IcmJ2EEScheduleFunc: Connection to medpoolP45.os.fth.sbs.de:8443 failed - please check host configuration
    [Thr 05] Mon Dec  7 08:14:40 2009
    [Thr 05]   SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"
    [Thr 08] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
    [Thr 05] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
    [Thr 08] SecudeSSL_SessionStart: SSL_connect() failed
      secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
    [Thr 05] SecudeSSL_SessionStart: SSL_accept() failed
      secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"
    [Thr 08] >>            Begin of Secude-SSL Errorstack            >>
    [Thr 05] >>            Begin of Secude-SSL Errorstack            >>
    [Thr 08] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
    ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=VeriSign Trust Network, OU="(c) 1998 Veri
    ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
    [Thr 05] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer
    [Thr 08] <<            End of Secude-SSL Errorstack
    [Thr 05] <<            End of Secude-SSL Errorstack
    [Thr 08]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
    [Thr 05]   SSL NI-sock: unix domain socket="/tmp/.sapicm8443"
    [Thr 08]   SSL NI-sock: unix domain socket="/tmp/.sapicm8443"
    [Thr 05] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000051ad9b0)==SSSLERR_SSL_ACCEPT
    [Thr 08] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000052c0030)==SSSLERR_SSL_CONNECT
    =================================================================
    But in STRUST all the SSL server certificate and SSL client certificate are in green.
    Kindly let us know how to solve this error.
    Thanks,
    Rajesh

    Hi Jitendra,
    We resolved the issues by referring to Note 1249794
    Call transaction STRUST and double-click the entry "SSL server standard". Include the issuer of the certificate of "SSL server standard" in the certificate list of "SSL Client standard" or "SSL Client Anonymous" (for more information, see Notes 1094342 and 745103).
    Hope this help
    Daniel

  • Strange "The verification of the card cryptogram failed"

    Hello all,
    I've got two identical cards JCOP41 V2.3.1, they've got exactly the same ATR: 3B FA 18 00 FF 81 31 FE 45 4A 43 4F 50 34 31 56 32 33 31 63
    I've bought them to the same webshop,
    the first one have been purchased 6 months ago and works very well both with gpshell 1.4.4 , and with gpj too
    However when I use the same scripts to load applets in the second one (bought last month),I've got the famous error: "The verification of the card cryptogram failed"
    For the moment, I made 3 attempts and I stopped to keep it from locking... I think I have again 7 tries , right ?
    It seems similar to this: JCOP Cards: The verification of the card cryptogram failed
    Here is the gpshell script that works with the one bought 6 months ago, and doesn't work with the new one: http://pastebin.com/VL2Mbcuq
    and here are the logs with gpj,
    with the card that works: http://pastebin.com/TmdCpnxM
    with the one that doesn't work: http://pastebin.com/0MzWs9Ws
    Is normal that two cards with the same ATR haven't the same behavior "out of the box" when I send them the same script ?
    Thanks

    Ok I understood !!!
    In fact there's already an applet on this card, so the default security key must have been modified..., look at:
    http://www.cryptoshop.com/en/products/cardtoken/processorchipcards/3310101003.php
    there's a little sentence at the bottom of the page:
    *"This cards come with the AET-Applet to the JCOP card. There's no possibility that you apply your own Applets. If you require to use your own applets please inform us, so we can find alternatives fitting your needs."*
    I find it is really not fair from cryptoshop, because when I bought the first card 6 months ago the name and the description of the product were exactly the same..., they just added a small sentence hidden at the bottom of the page..., and they didn't even change the name of the product nor its description...
    Be careful guys when you buy on cryptoshop

  • Oracle HTTP Server, client certificate chain

    I use Oracle (Apache) HTTP Server, installed from Oracle SOA Suit distrib.
    There're 2 types of ssl client cert chains that I use: client-issue-root, client-root.
    My ssl works fine, unless I should config mod_ossl to accept only user certificates signed by certificate issuer (not root).
    I add SSLRequire directive:
    SSLOptions StdEnvVars ExportCertData
    SSLRequire (%{SSL_CLIENT_CERT_CHAIN_0} == file("/path/to/issue.cer"))
    but this doesn't work (condition expression always turn in false), and
    SSLOptions StdEnvVars ExportCertData
    SSLRequire (%{SSL_CLIENT_CERT_CHAIN_0} == "")
    condition always turn in true.
    So, SSL_CLIENT_CERT_CHAIN_0 is ALWAYS EMPTY.
    I've tried to use different versions of ApacheModuleOSSL.dll (build in 09/19/2006 version 10.1.3.1, 06/12/2007 version 10.1.3.3), result is the same.
    I've found something about mod_ssl (not mod_ossl) in "Technologies for Information Environment Security: TIES project report" (http://edina.ac.uk/projects/ties/ties_23-9.pdf):
    "NOTE: This is the second, and more significant, problem we encountered in this area of mod_ssl: the first caused all the
    SSL_CLIENT_CERT_CHAIN_n environmental variables to be empty. We traced this bug back to a literal +17 offset into a
    character string that should have been +18, but by the time we had done so, a fixed version was available."
    Is there the same problem in mod_ossl?
    Does anybody have any ideas?

    Once again)
    http://www.mail-archive.com/[email protected]/msg11705.html
    I've got a question for Oracle developers: is this the same problem in OHS and OHS2 mod_ossl?
    And if yes, when we can wait the patch?
    Thanks!

  • I need to change my email for my Adobe ID, however, the verification for the new email address never arrives.

    I've checked spam, added adobe to my contacts, waited for days, re-sent the email, but no luck. I'm on gmail. Any idea on what to do? The contact form on Adobe.com led me to the forums.

    Change Account https://forums.adobe.com/thread/1465499 may help
    -ID support http://helpx.adobe.com/x-productkb/global/service-c1.html
    -wrong email https://forums.adobe.com/thread/1446019

  • SQL Server not starting - FallBack certificate initialization failed

    I can not start my SqlServer 2008 Express. The problem seemed to start when I changed my "Built In account, Log in as" from Local Service to Local System. If I try to change back to Local Service I get the messagebox with WMI Provider Error, "Cannot find object or property. [0x80092004]".
    Getting a bit confused, but read http://support.microsoft.com/kb/900497    mentioned about 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\SuperSocketNetLib, Value name: Certificate, Type: REG_SZ not having a valid value then 2005 would not starte - my value is blank. Changing it to 0 did not work.
    How can I import a valid certificate using SQL Server Configuration Manager. And how do you turn off Forced Encryption? Not sure if this would fix it, but couldn't hurt.
    ======================================
    2009-03-08 01:39:06.01 Server      Error: 17190, Severity: 16, State: 1.
    2009-03-08 01:39:06.01 Server      FallBack certificate initialization failed with error code: 1.
    2009-03-08 01:39:06.01 Server      Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
    2009-03-08 01:39:06.01 Server      Error: 17182, Severity: 16, State: 1.
    2009-03-08 01:39:06.01 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
    2009-03-08 01:39:06.01 Server      Error: 17182, Severity: 16, State: 1.
    2009-03-08 01:39:06.01 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.
    2009-03-08 01:39:06.01 Server      Error: 17826, Severity: 18, State: 3.
    2009-03-08 01:39:06.01 Server      Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
    2009-03-08 01:39:06.01 Server      Error: 17120, Severity: 16, State: 1.
    2009-03-08 01:39:06.01 Server      SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
    2009-03-08 01:39:06.07 spid14s     Clearing tempdb database.
    =====================================
    Any help would be appreciated.
    TheBrenda

    I know it's probably too late to help with the original poster, but we had this same issue and nothing we tried resolved the problem. Finally, we opened a technical incident with Microsoft and this is the solution that we were provided:
    Take backup of below registry key.
    HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid This key should ideally have the GUID of the machine without curly braces, so {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} becomes xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    Then delete the braces.
    Try to reboot and start the SQL service . If service don’t start then Uninstall and reinstall SQL.
    The above solution worked on two separate machines exhibiting this problem.

  • SQL Server Express 2008 instance fails to start

    I've installed SQL Server Express with a named instance 'SQLSERVER2'. I was able to connect to it and reference it in the management studio. There was a problem though with Visual Studio 9 when running an ASP.NET web application that required connecting to the same instance. So, I went into the configuration manager to change the security level of the instance from network to local service. The change went through but could not restart the instance. That is what has created my next round of problems. I can't go in and change it back to network because the instance is permanently stopped. I cannot start it with the services manager. How can I fix this?
    Here is the connection log:
    2009-12-21 11:36:32.20 Server      Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (Intel X86)
     Jul  9 2008 14:43:34
     Copyright (c) 1988-2008 Microsoft Corporation
     Express Edition with Advanced Services on Windows NT 5.1 <X86> (Build 2600: Service Pack 3)
    2009-12-21 11:36:32.50 Server      (c) 2005 Microsoft Corporation.
    2009-12-21 11:36:32.51 Server      All rights reserved.
    2009-12-21 11:36:32.51 Server      Server process ID is 21856.
    2009-12-21 11:36:32.51 Server      Authentication mode is MIXED.
    2009-12-21 11:36:32.53 Server      Logging SQL Server messages in file 'c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS2\MSSQL\Log\ERRORLOG'.
    2009-12-21 11:36:32.89 Server      This instance of SQL Server last reported using a process ID of 3216 at 12/18/2009 6:06:56 PM (local) 12/19/2009 2:06:56 AM (UTC). This is an informational message only; no user action is required.
    2009-12-21 11:36:32.89 Server      Registry startup parameters:
      -d c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS2\MSSQL\DATA\master.mdf
      -e c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS2\MSSQL\Log\ERRORLOG
      -l c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS2\MSSQL\DATA\mastlog.ldf
    2009-12-21 11:36:33.26 Server      SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
    2009-12-21 11:36:33.29 Server      Detected 2 CPUs. This is an informational message; no user action is required.
    2009-12-21 11:36:35.15 Server      Using dynamic lock allocation.  Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node.  This is an informational message only.  No user action is required.
    2009-12-21 11:36:36.64 Server      Node configuration: node 0: CPU mask: 0x00000003 Active CPU mask: 0x00000003. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.
    2009-12-21 11:36:37.42 spid6s      Starting up database 'master'.
    2009-12-21 11:36:38.98 spid6s      FILESTREAM: effective level = 0, configured level = 0, file system access share name = 'SQLEXPRESS2'.
    2009-12-21 11:36:39.40 spid6s      SQL Trace ID 1 was started by login "sa".
    2009-12-21 11:36:39.50 spid6s      Starting up database 'mssqlsystemresource'.
    2009-12-21 11:36:39.59 spid6s      The resource database build version is 10.00.1600. This is an informational message only. No user action is required.
    2009-12-21 11:36:40.14 spid10s     Starting up database 'model'.
    2009-12-21 11:36:40.17 spid6s      Server name is 'USER-F19E13BA9B\SQLEXPRESS2'. This is an informational message only. No user action is required.
    2009-12-21 11:36:40.56 spid6s      Informational: No full-text supported languages found.
    2009-12-21 11:36:40.57 spid6s      Starting up database 'msdb'.
    2009-12-21 11:36:40.60 Server      Error: 17190, Severity: 16, State: 1.
    2009-12-21 11:36:40.60 Server      FallBack certificate initialization failed with error code: 1.
    2009-12-21 11:36:40.70 Server      Unable to initialize SSL encryption because a valid certificate could not be found, and it is not possible to create a self-signed certificate.
    2009-12-21 11:36:40.71 Server      Error: 17182, Severity: 16, State: 1.
    2009-12-21 11:36:40.71 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property.
    2009-12-21 11:36:40.71 Server      Error: 17182, Severity: 16, State: 1.
    2009-12-21 11:36:40.71 Server      TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property.
    2009-12-21 11:36:40.71 Server      Error: 17826, Severity: 18, State: 3.
    2009-12-21 11:36:40.71 Server      Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
    2009-12-21 11:36:40.71 Server      Error: 17120, Severity: 16, State: 1.
    2009-12-21 11:36:40.71 Server      SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

    Hi,
    This problem can occur if the new Service Account does not have a profile on the machine. To resolve the issue connect to the SQL Server machine using the New Service account. This will create a profile for the user.
    SQL Server creates a self-generated certificate if a certificate is not explicitly specified and/or is not installed. This information is saved in the profile for the SQL Server service account. If the profile has not been created then SQL cannot register the self-generated certificate.
    If there are any more questions, please let me know.
    Thanks.
    ***Xiao Min Tan***Microsoft Online Community***
    What 'New Service account' are you referring to? SQL Server Express resides on my PC where I'm logged on as administrator. I don't know what you mean by connecting to the server. I only know about connecting to the database instance which is the root of the this problem because it can't be started. Sorry for my confusion...

  • Hybrid Connection fails for Windows SQL Server 2014 - SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted

    Hello,
    I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
    Azure Management portal shows the status of Hybrid Connection as established.
    However, the website throws an error when trying to open a connection
    <
    addname="DefaultConnection"
    connectionString="Data
    Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
    providerName="System.Data.SqlClient"
    />
    (The same website, with the same connection string deployed on SQL Server machine works correctly).
    I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
    [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
    [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
    I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
    The certificate chain was issued by an authority that is not trusted             
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            
    Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
    Source Error:
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.                  
    Stack Trace:
    [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
    [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
    System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
    System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
    System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
    System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
    System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
    System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
    System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
    System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
    System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
    System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
    System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
    System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
    System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
    System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
    System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
    System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
    System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
    System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
    System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
    System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
    System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
    System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
    System.Data.SqlClient.SqlConnection.Open() +96
    System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
    [EntityException: The underlying provider failed on Open.]
    System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
    System.Data.EntityClient.EntityConnection.Open() +104
    System.Data.Objects.ObjectContext.EnsureConnection() +75
    System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
    System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
    System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
    System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
    CloudShop.Services.ProductsRepository.GetProducts() +216
    CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
    CloudShop.Controllers.HomeController.Index() +1130
    lambda_method(Closure , ControllerBase , Object[] ) +62
    System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
    System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
    System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
    System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
    System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
    System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
    System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
    System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
    System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
    System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
    System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
    System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
    System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
    System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
    System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
    System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
    System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
    System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
    System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
    System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
    System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
    System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
    System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
    System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
    Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213            
    Regards,
    Michal
    Michal Morciniec

    Same issue here, looking for more information !

  • How to get the Server Certificate Chain File?

    Hi all,
    I config the SSL for weblogic 6.0 on a Win2k Machine .I followed WebLogic
    documentation:
    Generate a private key file, then submit to Verisign, get the certificate
    file.
    Because I have only one WebLogic server. I clear the "Server Certificate
    Chain File" field.
    But I get error message after reboot WebLogic. Following is the error
    message:
    <2001-1-21 04:57:56 pm> <Alert> <WebLogicServer> <Inconsistent security con
    figuration, java.lang.Exception: Required file server-certchain.pem which is
    spe
    cified by ServerCertificateChainFileName, was not found>
    java.lang.Exception: Required file server-certchain.pem which is specified
    by Se
    rverCertificateChainFileName, was not found
    at
    weblogic.t3.srvr.SSLListenThread.resolvePropertyFromLocalFile(SSLList
    enThread.java:152)
    at
    weblogic.t3.srvr.SSLListenThread.resolvePropertyFromAdminServer(SSLLi
    stenThread.java:180)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
    at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
    at weblogic.Server.main(Server.java:35)
    My question is: Should I input the rootCA certificate into the Server
    Certificate Chain File field? If yes, where can I get the rootCA certificate
    file?
    Thanks

    [sorry, deleted irrelevant wrong answer]

  • "The certificate chain was issued by an authority that is not trusted" when migrating to SQL 2012

    Environment:
    1 Primary Site (USSCCM-Site.domain.com)
    1 CAS (USSCCM-CAS.domain.com)
    SQL 2008 R2 (USSCCM-CAS.domain.com)
    SQL 2012 SP1 CU6 (USSQL12.domain.com)
    Issue:
    We were successfully able to migrate the CAS to the new SQL 2012 server, almost without incident. When attempting to migrate the Site instance however, we are getting errors. Screenshot below.
    Attached is a copy of the log. But below is a highlight of what I think are the errors… It appears that either SQL or SCCM doesn’t like a certificate somewhere, but it is contradicting because the logs say that it has successfully tested connection to SQL.
    I am lost.
    Logs stating it can connect successfully to SQL
    Machine certificate has been created successfully on server USSQL12.domain.com.        Configuration Manager Setup                10/21/2013 10:20:10
    AM               2100 (0x0834)
    Deinstalled service SMS_SERVER_BOOTSTRAP_USSCCM-Site.domain.com_SMS_SQL_SERVER on USSQL12.domain.com.  Configuration Manager Setup    10/21/2013 10:20:10 AM              
    2100 (0x0834)
    SQL Server instance [sccmsite] is already running under the certificate with thumbprint[f671be844bf39dec7e7fdd725dc30e225991f28a].       Configuration Manager Setup    10/21/2013 10:20:10 AM        
    2100 (0x0834)
    INFO: Testing SQL Server [USSQL12.domain.com] connection ...                Configuration Manager Setup    10/21/2013 10:20:10 AM      
    2100 (0x0834)
    INFO: SQL Connection succeeded. Connection: USSQL12.domain.com SCCMSITE\MASTER, Type: Unsecure                Configuration Manager Setup    10/21/2013 10:20:10 AM              
    2100 (0x0834)
    INFO: Tested SQL Server [USSQL12.domain.com] connection successfully.  Any preceding SQL connection errors may be safely ignored.            Configuration Manager Setup    10/21/2013
    10:20:10 AM               2100 (0x0834)
    INFO: Certificate: 308202FC308201E4A003020102021011BA47041BB0609D4097BC19F5AB96B5300D06092A864886F70D01010B0500301D311B301906035504031312555353514C31322E7063756265642E636F6D3020170D3133313031373139343632345A180F32313133303932343139343632345A301D311B301906035504031312555353514C31322E7063756265642E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100CFAC23CEA8920051C8C24DF4E96D76D9E034931867C4DBF74F8AE863C5BDE6D1EAEAAF363F6B97DEF1D7A1FC292CB870F353D72F04472EBE3D31DCA009BD3F8C58E2AAB69C892C20598306537F5EEAA43FA6DE55D4A784CEB6FD07486AB2CC2DE1A8651648EBC31A5CD918E8ED6E184FC560B3A8B0F76F83E310BBA8C4EB27F46707E3A6377D8DD06C6808146E407EF9DB464F453798B6C1748216665884A7F2CDE03D9DA1CB4E59E67516E4F345755E35450F84F4B039642851EFFA96B22D8E77EC11C01D389989F740923B58799E34FC8F4F19CD55830FA7E786C993A08A1EEDCA87F209268CE9D5E86AC9E2A14668207721D94ACE9FACE3AA55B53507F6BF0203010001A3363034301D0603551D11041630148212555353514C31322E7063756265642E636F6D30130603551D25040C300A06082B06010505070301300D06092A864886F70D01010B05000382010100A0E33BF490B60C2B8A73BF7FA90EBB69D92DA27B439EF0569650F388EBA34B9F382CEF52DAAB543C2924E1B8DC7BEE828FB0C276330B0FF67340CBFA0CC24F47431E5272DC76C7610C290A04411036441E9822FBF8AB52B4BBE43F5FF48074BA420FF690A94D53AFCEF7AC75E2D2723520A9EF64AF06759814AE92D41CEA2F0D6CC8D9E5DEF121234F5DD97A7E886BE55F57DC0B79052A554724E8A0146C08A74AE75672FBD8C8BD6B7FCA82C1CC69906A45128CDDD1BC3985ED9603C16E712FFBAA8AA6878F853367F3E1F69E727DB96864DF6B47EBDA82659036EC82A8B04E77535CEA314D7518D02C401969C77B91C8C210C57AA991A622D679B994AEED3C               
    Configuration Manager Setup    10/21/2013 10:20:10 AM               2100 (0x0834)
    INFO: Created SQL Server machine certificate for Server [USSQL12.domain.com] successfully.    Configuration Manager Setup 10/21/2013 10:20:10 AM               2100 (0x0834)
    INFO: Configuration Manager Setup - Application Shutdown       Configuration Manager Setup    10/21/2013 10:20:10 AM         2100 (0x0834)
    INFO: Running SQL Server test query.    Configuration Manager Setup    10/21/2013 10:20:10 AM               2100 (0x0834)
    INFO: SQL Connection succeeded. Connection: USSQL12.domain.com SCCMSITE\MASTER, Type: Secure                Configuration Manager Setup    10/21/2013 10:20:10 AM              
    2100 (0x0834)
    INFO: SQL Server Test query succeeded.              Configuration Manager Setup    10/21/2013 10:20:10 AM              
    2100 (0x0834)
    INFO: SQLInstance Name: sccmsite         Configuration Manager Setup    10/21/2013 10:20:10 AM               2100 (0x0834)
    INFO: SQL Server version detected is 11.0, 11.0.3381.0 (SP1).      Configuration Manager Setup    10/21/2013 10:20:10 AM         2100 (0x0834)
    Logs saying certificate is not trusted
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
    10/21/2013 10:20:49 AM                2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:20:49
    AM               2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:20:49 AM              
    2100 (0x0834)
    *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:20:49 AM              
    2100 (0x0834)
    INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure         Configuration Manager Setup                10/21/2013 10:20:49
    AM               2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:20:52 AM              
    2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
    10/21/2013 10:20:52 AM                2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:20:52
    AM               2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:20:52 AM              
    2100 (0x0834)
    *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:20:52 AM              
    2100 (0x0834)
    INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure         Configuration Manager Setup                10/21/2013 10:20:52
    AM               2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:20:55 AM              
    2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
    10/21/2013 10:20:55 AM                2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:20:55
    AM               2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:20:55 AM              
    2100 (0x0834)
    *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:20:55 AM              
    2100 (0x0834)
    INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure         Configuration Manager Setup                10/21/2013 10:20:55
    AM               2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:20:58 AM              
    2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
    10/21/2013 10:20:58 AM                2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:20:58
    AM               2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:20:58 AM              
    2100 (0x0834)
    *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:20:58 AM              
    2100 (0x0834)
    INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure         Configuration Manager Setup                10/21/2013 10:20:58
    AM               2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:21:01 AM              
    2100 (0x0834)
    More logs saying cert is not trusted
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:21:20 AM              
    2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
    10/21/2013 10:21:20 AM                2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:21:20
    AM               2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:21:20 AM              
    2100 (0x0834)
    *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:21:20 AM              
    2100 (0x0834)
    INFO: Updated the site control information on the SQL Server USSQL12.domain.com.    Configuration Manager Setup                10/21/2013 10:21:39 AM              
    2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:21:39 AM              
    2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
    10/21/2013 10:21:39 AM                2100 (0x0834)
    *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:21:39
    AM               2100 (0x0834)
    ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:21:39 AM              
    2100 (0x0834)
    *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:21:39 AM              
    2100 (0x0834)
    CSiteSettings::WriteActualSCFToDatabase: Failed to get SQL connection                Configuration Manager Setup               
    10/21/2013 10:21:39 AM               2100 (0x0834)
    CSiteSettings::WriteActualSCFToDatabaseForNewSite: WriteActualSCFToDatabase(USA) returns 0x87D20002                Configuration Manager Setup    10/21/2013 10:21:39
    AM               2100 (0x0834)
    ERROR: Failed to insert the recovery site control image to the parent database. Configuration Manager Setup                10/21/2013 10:21:39 AM              
    2100 (0x0834)
    Troubleshooting:
    I have read on a few articles of other people having this issue that states to find the certificate on SQL 2012 that’s being used and export it to the SCCM server – which I’ve done.
    http://damianflynn.com/2012/08/22/sccm-2012-and-sql-certificates/
    http://trevorsullivan.net/2013/05/16/configmgr-2012-sp1-remote-sql-connectivity-problem/
    http://scug.be/sccm/2012/09/19/configmgr-2012-rtm-sp1-and-remote-management-points-not-healthy-when-running-configmgr-db-on-a-sql-cluster/
    -Brad

    Hi,
    How about importing certificate in the personal folder under SQL server computer account into SCCM server computer account or SCCM server service account? That certificate is for SQL Server Identification. And you could
    set the value of the ForceEncryption option to NO. (SQL Server Configuration Manager->SQL Server Network Configuration->
    Protocols for <server instance>->Properties)
    Best Regards,
    Joyce Li
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Error code 265: The certificate chain was issued by an authority that is not trusted.

    We are in the process of trying to set up a wireless network that uses NPS servers to authenticate domain users with computers that are not on our domain (BYOD).
    We are using a valid, wildcard SSL (with intermediate certificates) to authenticate via PEAP.  The certificate was issued by Godaddy.
    When trying to connect, we are getting the authentication request.
    The result of a connection attempt is no connection with an event log error code of - “265: The certificate chain was issued by an authority that is not trusted.”
    We have tried ensuring that the certificates are in the correct containers on the respective NPS servers: “Certificates\Personal\Certificates” With the intermediate certificates located: “Certificates/Intermediate Certification Authorities”
    All these attempts have proven fruitless.  Any assistance or direction would be very much appreciated.

    Hi,
    Do you import the intermediate certificate in the right account? It should be imported in the Computer Account.
    Have you imported the intermediate certificate in your client? Client need it to validate the certificate of your NPS server.
    Here is a similar thread in which Greg has explained this issue in detail.
    http://social.technet.microsoft.com/Forums/en-US/b770fcf6-d1e9-4aac-9005-62cb5ff6d485/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted?forum=winserverNAP
    Hope this helps.
    Steven Lee
    TechNet Community Support

  • HTTPS Client not sending the certificate chain

    Hi,
    I have HTTPS java programme with client authendication.
    When the server request for the certificate from the client, the client is not sending the certificate chain, the server says Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
    In the client I an setting the keystore properties properly
    Below is the ssl trace from the server and the client.
    The trace clearly says that the client has loded its certificate from the key store.
    One thing I noticed is the validity period of the client certificate is different in client and the server.
    I am not sure why it is different. I followed the steps properly to create the certificate.
    Can anyone help me to resolve this
    ==========================Server Trace==========================
    SecureServer version 1.0
    found key for : server
    chain [0] = [
    Version: V1
    Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
    Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                   To: Sat Jan 06 12:36:57 GMT+04:00 2007]
    Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    SerialNumber: [    4528b8a9]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
    0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
    0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
    0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
    0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
    0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
    0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
    0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
    trustStore is: d:\babu\ssltest\sscerts\jsseclient1
    trustStore type is : jks
    init truststore
    adding as trusted cert: [
    Version: V1
    Subject: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@166
    Validity: [From: Sun Jun 07 04:00:00 GMT+04:00 1998,
                   To: Tue Jun 07 03:59:59 GMT+04:00 2011]
    Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
    SerialNumber: [    32f057e7 153096f5 1fb86e5b 5a49104b]
    Algorithm: [SHA1withRSA]
    Signature:
    0000: A6 96 37 75 1C FD 95 95 40 E0 C9 53 25 8D E7 12 [email protected]%...
    0010: AC 44 51 10 AC F2 BA 98 4D 72 EF 0B 75 2D 51 19 .DQ.....Mr..u-Q.
    0020: 11 C9 47 E2 2F 96 67 61 0F 36 1D CA E7 C7 23 48 ..G./.ga.6....#H
    0030: 46 97 63 C4 32 AE FF 7B 5A 65 64 50 CA 67 F7 14 F.c.2...ZedP.g..
    adding as trusted cert: [
    Version: V3
    Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
    Validity: [From: Mon Oct 09 04:00:00 GMT+04:00 2006,
                   To: Tue Oct 24 03:59:59 GMT+04:00 2006]
    Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
    SerialNumber: [    5f2e369d 92ccf119 5d9a0371 c2f19ba4]
    Certificate Extensions: 6
    [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
    0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
    0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
    [2]: ObjectId: 2.5.29.31 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
    0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
    0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
    0030: 76 65 72 2E 63 72 6C ver.crl
    [3]: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
    [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
    [4]: ObjectId: 2.5.29.32 Criticality=false
    CertificatePolicies [
    [CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
    [PolicyQualifierInfo: [
      qualifierID: 1.3.6.1.5.5.7.2.2
      qualifier: 0000: 30 56 30 15 16 0E 56 65   72 69 53 69 67 6E 2C 20  0V0...VeriSign,
    0010: 49 6E 63 2E 30 03 02 01   01 1A 3D 56 65 72 69 53  Inc.0.....=VeriS
    0020: 69 67 6E 27 73 20 43 50   53 20 69 6E 63 6F 72 70  ign's CPS incorp
    0030: 2E 20 62 79 20 72 65 66   65 72 65 6E 63 65 20 6C  . by reference l
    0040: 69 61 62 2E 20 6C 74 64   2E 20 28 63 29 39 37 20  iab. ltd. (c)97
    0050: 56 65 72 69 53 69 67 6E                            VeriSign
    ], PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.1
    qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
    0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 risign.com/CPS
    [5]: ObjectId: 2.5.29.15 Criticality=false
    KeyUsage [
    DigitalSignature
    Key_Encipherment
    [6]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:false
    PathLen: undefined
    Algorithm: [SHA1withRSA]
    Signature:
    0000: 9D FC BF B3 A3 5D 94 B8 44 32 23 A5 B4 C2 BD 01 .....]..D2#.....
    0010: 90 54 CE 0F 23 1A 08 9D F3 E2 55 9A 4B C9 FE 3E .T..#.....U.K..>
    0020: F8 AD 45 DF 84 53 52 87 00 FA 66 2D 35 3F 48 53 ..E..SR...f-5?HS
    0030: 4A D5 77 0F FB E4 20 1B E5 4F 19 60 F9 EC 79 FF J.w... ..O.`..y.
    trigger seeding of SecureRandom
    done seeding SecureRandom
    SecureServer is listening on port 443.
    matching alias: server
    Accepted connection to ebms.uae.ebg.com (172.16.178.62) on port 3379.
    ----------1-1-1-----
    [read] MD5 and SHA1 hashes: len = 3
    0000: 01 03 01 ...
    [read] MD5 and SHA1 hashes: len = 74
    0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
    0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
    0020: 12 00 00 03 02 00 80 00 00 11 45 29 F4 B8 D5 0B ..........E)....
    0030: F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 ..R...P..I.PF.-.
    0040: 29 47 67 95 15 48 97 75 97 2C )Gg..H.u.,
    Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
    *** ClientHello, TLSv1
    RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
    Session ID: {}
    Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
    Compression Methods: { 0 }
    %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
    *** ServerHello, TLSv1
    RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
    Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
    Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
    Compression Method: 0
    Cipher suite: SSL_RSA_WITH_RC4_128_MD5
    *** Certificate chain
    chain [0] = [
    Version: V1
    Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
    Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                   To: Sat Jan 06 12:36:57 GMT+04:00 2007]
    Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    SerialNumber: [    4528b8a9]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
    0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
    0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
    0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
    0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
    0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
    0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
    0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
    *** CertificateRequest
    Cert Types: RSA, DSS,
    Cert Authorities:
    <CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
    <OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
    *** ServerHelloDone
    [write] MD5 and SHA1 hashes: len = 912
    0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
    0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
    0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
    0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
    0040: F4 5B 62 D2 8B A1 D6 00 04 00 0B 00 02 18 00 02 .[b.............
    0050: 15 00 02 12 30 82 02 0E 30 82 01 77 02 04 45 28 ....0...0..w..E(
    0060: B8 A9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
    0070: 00 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 .0N1.0...U....ae
    0080: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
    0090: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
    00A0: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
    00B0: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
    00C0: 37 30 1E 17 0D 30 36 31 30 30 38 30 38 33 36 35 70...06100808365
    00D0: 37 5A 17 0D 30 37 30 31 30 36 30 38 33 36 35 37 7Z..070106083657
    00E0: 5A 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 Z0N1.0...U....ae
    00F0: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
    0100: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
    0110: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
    0120: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
    0130: 37 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 70..0...*.H.....
    0140: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 86 .......0........
    0150: FA C2 EC 96 1B 02 01 27 08 D2 70 4D 3B AE D0 38 .......'..pM;..8
    0160: 15 97 E9 1D 94 D2 BE A1 2A 54 39 F8 2E AF 71 4C ........*T9...qL
    0170: FD 9A 71 BF 8A 1E 92 9F 3A 07 DA E9 5E 49 2C C6 ..q.....:...^I,.
    0180: 7D FD AA 1F C6 13 39 38 BC 16 34 04 FE E8 6B 4C ......98..4...kL
    0190: EA E9 BA 29 58 9E 6C 61 B8 1F B8 29 6F 83 5D 44 ...)X.la...)o.]D
    01A0: 7B 47 E5 BC 8E 2E D0 C1 E0 6F 73 15 E2 03 A8 49 .G.......os....I
    01B0: C9 42 39 87 0B 70 A0 80 0D 11 98 76 AE 2B B6 A3 .B9..p.....v.+..
    01C0: 5A BA 5D 3B BF C0 90 86 F6 E3 AB 9B A0 49 02 03 Z.];.........I..
    01D0: 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 ...0...*.H......
    01E0: 05 00 03 81 81 00 54 CC 61 97 1A 69 6C 1F 4B 53 ......T.a..il.KS
    01F0: 1B 7C 54 B3 65 A9 15 C6 1A C0 1B BD FC E5 15 ED ..T.e...........
    0200: 57 F7 29 E7 5E 34 3F D3 9C 40 4E D8 0B AC 79 5B W.).^[email protected][
    0210: 01 64 4E DD D2 FE 57 6A 02 1E 8F C7 00 11 77 0F .dN...Wj......w.
    0220: C8 20 06 0E DB 78 E3 45 57 9B 7D A4 95 0C 20 85 . ...x.EW..... .
    0230: B8 A4 87 D8 AE 29 69 B5 CC DC A1 B4 32 8C 6F 77 .....)i.....2.ow
    0240: F0 9A A8 12 27 C6 96 98 E9 EB AC 74 6E 39 2C D4 ....'......tn9,.
    0250: 1B 1C A1 4B 81 C8 0B B9 CD 0A 18 DC 01 74 5D 99 ...K.........t].
    0260: 4E 14 7A 2C 37 1E 0D 00 01 22 02 01 02 01 1D 00 N.z,7...."......
    0270: 6D 30 6B 31 0B 30 09 06 03 55 04 06 13 02 41 45 m0k1.0...U....AE
    0280: 31 11 30 0F 06 03 55 04 08 13 08 65 6D 69 72 61 1.0...U....emira
    0290: 74 65 73 31 0E 30 0C 06 03 55 04 07 14 05 64 75 tes1.0...U....du
    02A0: 62 61 69 31 11 30 0F 06 03 55 04 0A 14 08 65 6D bai1.0...U....em
    02B0: 69 72 61 74 65 73 31 15 30 13 06 03 55 04 0B 14 irates1.0...U...
    02C0: 0C 65 6D 69 72 61 74 65 73 62 61 6E 6B 31 0F 30 .ebg1.0
    02D0: 0D 06 03 55 04 03 14 06 69 74 6E 35 34 37 00 AC ...U....ebms..
    02E0: 30 81 A9 31 16 30 14 06 03 55 04 0A 13 0D 56 65 0..1.0...U....Ve
    02F0: 72 69 53 69 67 6E 2C 20 49 6E 63 31 47 30 45 06 riSign, Inc1G0E.
    0300: 03 55 04 0B 13 3E 77 77 77 2E 76 65 72 69 73 69 .U...>www.verisi
    0310: 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 gn.com/repositor
    0320: 79 2F 54 65 73 74 43 50 53 20 49 6E 63 6F 72 70 y/TestCPS Incorp
    0330: 2E 20 42 79 20 52 65 66 2E 20 4C 69 61 62 2E 20 . By Ref. Liab.
    0340: 4C 54 44 2E 31 46 30 44 06 03 55 04 0B 13 3D 46 LTD.1F0D..U...=F
    0350: 6F 72 20 56 65 72 69 53 69 67 6E 20 61 75 74 68 or VeriSign auth
    0360: 6F 72 69 7A 65 64 20 74 65 73 74 69 6E 67 20 6F orized testing o
    0370: 6E 6C 79 2E 20 4E 6F 20 61 73 73 75 72 61 6E 63 nly. No assuranc
    0380: 65 73 20 28 43 29 56 53 31 39 39 37 0E 00 00 00 es (C)VS1997....
    Thread-1, WRITE: TLSv1 Handshake, length = 912
    Thread-1, READ: TLSv1 Handshake, length = 141
    *** Certificate chain
    Thread-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
    Thread-1, WRITE: TLSv1 Alert, length = 2
    Thread-1, called closeSocket()
    Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
    IOException occurred when processing request.
    Thread-1, called close()
    Thread-1, called closeInternal(true)
    ==========================Client Trace==========================
    --->>>--------
    keyStore is : d:\babu\ssltest\sscerts\clientpk1
    keyStore type is : jks
    init keystore
    init keymanager of type SunX509
    found key for : client
    chain [0] = [
    Version: V1
    Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
    Validity: [From: Mon Oct 09 09:44:01 GMT+04:00 2006,
                   To: Sun Jan 07 09:44:01 GMT+04:00 2007]
    Issuer: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
    SerialNumber: [    4529e1a1]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 20 C7 89 9C 04 64 E8 62 AD D2 64 DD 0A E4 2A A1 ....d.b..d...*.
    0010: B6 9A B5 06 DC 3E F8 AA BE B5 8A 12 B5 75 91 EC .....>.......u..
    0020: 33 77 12 27 85 15 14 15 52 B3 7F 4B 03 18 B5 E0 3w.'....R..K....
    0030: 31 E4 0C A7 0A E1 52 3E 9F D1 58 B7 F2 CC F2 DD 1.....R>..X.....
    0040: D4 61 D6 C8 12 39 60 4D C9 FB DC 01 0C 0D FC 98 .a...9`M........
    0050: C6 AD A6 56 3E 05 1B 4E 20 1B 93 77 16 67 0E D1 ...V>..N ..w.g..
    0060: E0 A1 B6 7F CA 13 53 F2 53 92 14 63 9A 82 01 AE ......S.S..c....
    0070: 83 B2 FD FC 2E 29 22 F9 E7 18 DB 6A 14 73 83 E3 .....)"....j.s..
    trustStore is: d:\babu\ssltest\sscerts\jsseserver
    trustStore type is : jks
    init truststore
    adding as trusted cert: [
    Version: V1
    Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
    Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                   To: Sat Jan 06 12:36:57 GMT+04:00 2007]
    Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    SerialNumber: [    4528b8a9]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
    0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
    0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
    0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
    0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
    0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
    0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
    0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
    init context
    trigger seeding of SecureRandom
    done seeding SecureRandom
    ---<<<--------
    THE HEADERS
    ---111--------
    %% No cached client session
    *** ClientHello, TLSv1
    RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
    Session ID: {}
    Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
    Compression Methods: { 0 }
    [write] MD5 and SHA1 hashes: len = 59
    0000: 01 00 00 37 03 01 45 29 F4 B8 D5 0B F1 F5 52 D2 ...7..E)......R.
    0010: E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 29 47 67 95 ..P..I.PF.-.)Gg.
    0020: 15 48 97 75 97 2C 00 00 10 00 04 00 05 00 0A 00 .H.u.,..........
    0030: 13 00 09 00 12 00 03 00 11 01 00 ...........
    main, WRITE: TLSv1 Handshake, length = 59
    [write] MD5 and SHA1 hashes: len = 77
    0000: 01 03 01 00 24 00 00 00 20 00 00 04 01 00 80 00 ....$... .......
    0010: 00 05 00 00 0A 07 00 C0 00 00 13 00 00 09 06 00 ................
    0020: 40 00 00 12 00 00 03 02 00 80 00 00 11 45 29 F4 @............E).
    0030: B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 .....R...P..I.PF
    0040: AA 2D A7 29 47 67 95 15 48 97 75 97 2C .-.)Gg..H.u.,
    main, WRITE: SSLv2 client hello message, length = 77
    main, READ: TLSv1 Handshake, length = 912
    *** ServerHello, TLSv1
    RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
    Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
    Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
    Compression Method: 0
    %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
    ** SSL_RSA_WITH_RC4_128_MD5
    [read] MD5 and SHA1 hashes: len = 74
    0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
    0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
    0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
    0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
    0040: F4 5B 62 D2 8B A1 D6 00 04 00 .[b.......
    *** Certificate chain
    chain [0] = [
    Version: V1
    Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
    Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                   To: Sat Jan 06 12:36:57 GMT+04:00 2007]
    Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    SerialNumber: [    4528b8a9]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
    0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
    0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
    0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
    0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
    0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
    0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
    0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
    stop on trusted cert: [
    Version: V1
    Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
    Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                   To: Sat Jan 06 12:36:57 GMT+04:00 2007]
    Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
    SerialNumber: [    4528b8a9]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
    0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
    0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
    0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
    0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
    0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
    0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
    0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
    [read] MD5 and SHA1 hashes: len = 540
    0000: 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30 82 ..........0...0.
    0010: 01 77 02 04 45 28 B8 A9 30 0D 06 09 2A 86 48 86 .w..E(..0...*.H.
    0020: F7 0D 01 01 04 05 00 30 4E 31 0B 30 09 06 03 55 .......0N1.0...U
    0030: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
    0040: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
    0050: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
    0060: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
    0070: 06 69 74 6E 35 34 37 30 1E 17 0D 30 36 31 30 30 .ebms0...06100
    0080: 38 30 38 33 36 35 37 5A 17 0D 30 37 30 31 30 36 8083657Z..070106
    0090: 30 38 33 36 35 37 5A 30 4E 31 0B 30 09 06 03 55 083657Z0N1.0...U
    00A0: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
    00B0: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
    00C0: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
    00D0: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
    00E0: 06 69 74 6E 35 34 37 30 81 9F 30 0D 06 09 2A 86 .ebms0..0...*.
    00F0: 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 H............0..
    0100: 02 81 81 00 9C 86 FA C2 EC 96 1B 02 01 27 08 D2 .............'..
    0110: 70 4D 3B AE D0 38 15 97 E9 1D 94 D2 BE A1 2A 54 pM;..8........*T
    0120: 39 F8 2E AF 71 4C FD 9A 71 BF 8A 1E 92 9F 3A 07 9...qL..q.....:.
    0130: DA E9 5E 49 2C C6 7D FD AA 1F C6 13 39 38 BC 16 ..^I,.......98..
    0140: 34 04 FE E8 6B 4C EA E9 BA 29 58 9E 6C 61 B8 1F 4...kL...)X.la..
    0150: B8 29 6F 83 5D 44 7B 47 E5 BC 8E 2E D0 C1 E0 6F .)o.]D.G.......o
    0160: 73 15 E2 03 A8 49 C9 42 39 87 0B 70 A0 80 0D 11 s....I.B9..p....
    0170: 98 76 AE 2B B6 A3 5A BA 5D 3B BF C0 90 86 F6 E3 .v.+..Z.];......
    0180: AB 9B A0 49 02 03 01 00 01 30 0D 06 09 2A 86 48 ...I.....0...*.H
    0190: 86 F7 0D 01 01 04 05 00 03 81 81 00 54 CC 61 97 ............T.a.
    01A0: 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 15 C6 1A C0 .il.KS..T.e.....
    01B0: 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 3F D3 9C 40 ......W.).^4?..@
    01C0: 4E D8 0B AC 79 5B 01 64 4E DD D2 FE 57 6A 02 1E N...y[.dN...Wj..
    01D0: 8F C7 00 11 77 0F C8 20 06 0E DB 78 E3 45 57 9B ....w.. ...x.EW.
    01E0: 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 69 B5 CC DC .... ......)i...
    01F0: A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 96 98 E9 EB ..2.ow....'.....
    0200: AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 0B B9 CD 0A .tn9,....K......
    0210: 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E ...t].N.z,7.
    *** CertificateRequest
    Cert Types: RSA, DSS,
    Cert Authorities:
    <CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
    <OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
    [read] MD5 and SHA1 hashes: len = 294
    0000: 0D 00 01 22 02 01 02 01 1D 00 6D 30 6B 31 0B 30 ..."......m0k1.0
    0010: 09 06 03 55 04 06 13 02 41 45 31 11 30 0F 06 03 ...U....AE1.0...
    0020: 55 04 08 13 08 65 6D 69 72 61 74 65 73 31 0E 30 U....emirates1.0
    0030: 0C 06 03 55 04 07 14 05 64 75 62 61 69 31 11 30 ...U....dubai1.0
    0040: 0F 06 03 55 04 0A 14 08 65 6D 69 72 61 74 65 73 ...U....emirates
    0050: 31 15 30 13 06 03 55 04 0B 14 0C 65 6D 69 72 61 1.0...U....emira
    0060: 74 65 73 62 61 6E 6B 31 0F 30 0D 06 03 55 04 03 tesbank1.0...U..
    0070: 14 06 69 74 6E 35 34 37 00 AC 30 81 A9 31 16 30 ..ebms..0..1.0
    0080: 14 06 03 55 04 0A 13 0D 56 65 72 69 53 69 67 6E ...U....VeriSign
    0090: 2C 20 49 6E 63 31 47 30 45 06 03 55 04 0B 13 3E , Inc1G0E..U...>
    00A0: 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D www.verisign.com
    00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 2F 54 65 73 74 /repository/Test
    00C0: 43 50 53 20 49 6E 63 6F 72 70 2E 20 42 79 20 52 CPS Incorp. By R
    00D0: 65 66 2E 20 4C 69 61 62 2E 20 4C 54 44 2E 31 46 ef. Liab. LTD.1F
    00E0: 30 44 06 03 55 04 0B 13 3D 46 6F 72 20 56 65 72 0D..U...=For Ver
    00F0: 69 53 69 67 6E 20 61 75 74 68 6F 72 69 7A 65 64 iSign authorized
    0100: 20 74 65 73 74 69 6E 67 20 6F 6E 6C 79 2E 20 4E testing only. N
    0110: 6F 20 61 73 73 75 72 61 6E 63 65 73 20 28 43 29 o assurances (C)
    0120: 56 53 31 39 39 37 VS1997
    *** ServerHelloDone
    [read] MD5 and SHA1 hashes: len = 4
    0000: 0E 00 00 00 ....
    *** Certificate chain
    JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
    *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
    Random Secret: { 3, 1, 145, 198, 68, 101, 78, 79, 139, 241, 6, 243, 13, 208, 161, 242, 0, 185, 46, 87, 212, 79, 239, 132, 145, 14, 13, 134, 115, 250, 44, 44, 112, 33, 173, 105, 52, 186, 160, 119, 55, 202, 205, 212, 136, 92, 7, 120 }
    [write] MD5 and SHA1 hashes: len = 141
    0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 3A 83 FA .............:..
    0010: 1E B3 43 52 3B B5 B9 A5 9D 2D 30 5E 71 34 DF 45 ..CR;....-0^q4.E
    0020: 99 99 2D 9A 4A 42 54 3D 47 D8 94 22 BC F3 92 0D ..-.JBT=G.."....
    0030: 23 AA 95 B5 75 EA B2 2B 8B DD DA 91 AA 94 24 4B #...u..+......$K
    0040: 56 34 C8 3C 1D 2D 15 63 CF 03 FF 65 6C DF B9 00 V4.<.-.c...el...
    0050: C3 5E BF 72 F4 70 64 45 D8 5B 58 E2 DF D6 12 1B .^.r.pdE.[X.....
    0060: BE A3 71 E9 1C 49 BB 7E C0 4A 1F CA 1F F5 63 23 ..q..I...J....c#
    0070: 0D 40 0D C6 3B FE 03 E9 DE 2E E5 09 1F 72 D7 6B .@..;........r.k
    0080: D6 ED 5E 99 B0 A8 A0 D3 D2 73 F0 A0 8E ..^......s...
    main, WRITE: TLSv1 Handshake, length = 141
    SESSION KEYGEN:
    PreMaster Secret:
    0000: 03 01 91 C6 44 65 4E 4F 8B F1 06 F3 0D D0 A1 F2 ....DeNO........
    0010: 00 B9 2E 57 D4 4F EF 84 91 0E 0D 86 73 FA 2C 2C ...W.O......s.,,
    0020: 70 21 AD 69 34 BA A0 77 37 CA CD D4 88 5C 07 78 p!.i4..w7....\.x
    CONNECTION KEYGEN:
    Client Nonce:
    0000: 45 29 F4 B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E)......R...P..I
    0010: E7 50 46 AA 2D A7 29 47 67 95 15 48 97 75 97 2C .PF.-.)Gg..H.u.,
    Server Nonce:
    0000: 45 29 F4 B8 E3 1F D7 72 74 DB 3B 9F 9C E8 EA 4E E).....rt.;....N
    0010: D1 0F 86 66 2E CF 66 21 CA 92 A4 4A 63 1B 4C E5 ...f..f!...Jc.L.
    Master Secret:
    0000: 3A 36 9A CA 6F 82 0B 32 17 28 04 CD 33 B4 5D BF :6..o..2.(..3.].
    0010: 5F 87 23 71 6B 49 2D 0E 59 DE 2C EA 8E B3 43 C8 _.#qkI-.Y.,...C.
    0020: 5D 3B 3B 4C B7 B9 AB 4E EA A3 E6 CE 54 40 FB 2D ];;[email protected]
    Client MAC write Secret:
    0000: C3 72 45 7B 93 DE 55 FF 0A 8C 9E 91 43 48 6E E4 .rE...U.....CHn.
    Server MAC write Secret:
    0000: E2 05 07 CB 3F 2D 95 41 EF 69 3F 09 6D CB 81 EE ....?-.A.i?.m...
    Client write key:
    0000: EE 7E EE 7D D8 5F 46 CD 88 15 9E F6 C7 EC 05 5F ....._F........_
    Server write key:
    0000: 43 DE B1 D2 FA 54 F0 E6 CA EC E8 1E 6C AD 77 EC C....T......l.w.
    ... no IV for cipher
    main, WRITE: TLSv1 Change Cipher Spec, length = 1
    JsseJCE: Using JSSE internal implementation for cipher RC4
    *** Finished
    verify_data: { 196, 3, 24, 202, 107, 99, 158, 203, 62, 203, 204, 35 }
    [write] MD5 and SHA1 hashes: len = 16
    0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
    Plaintext before ENCRYPTION: len = 32
    0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
    0010: 22 2A 55 36 5F 75 DB D4 CF 19 6F 40 93 AF B8 3B "*U6_u....o@...;
    main, WRITE: TLSv1 Handshake, length = 32
    waiting for close_notify or alert: state 1
    Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
    main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
    main, SEND TLSv1 ALERT: fatal, description = unexpected_message
    Plaintext before ENCRYPTION: len = 18
    0000: 02 0A 3E CA 24 9F 8F 40 B8 65 A6 44 5D 7E 0B B5 ..>[email protected]]...
    0010: A9 C7 ..
    main, WRITE: TLSv1 Alert, length = 18
    Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
    main, called closeSocket()
    ---000--------

    Here are the steps I am perfoming to create the certificates. Can anyone please validate the steps...
    //Create private key
    keytool -genkey -keystore clientpk1 -keyalg rsa -alias client -storepass password -keypass password
    //Create CSR
    keytool -certreq -alias client -file client.csr -keypass password -keystore clientpk1 -storepass password
    //Received client-ca.cer and root certificate from verisign
    //Import signed certificate to client keystore
    keytool -import -keystore clientpk1 -keyalg RSA -import -trustcacerts -file client-ca.cer
    //Import signed certificate and the root certificate to keystore(server thruststore)
    keytool -import -keystore jsseclient1 -alias client -file getcacert.cer
    keytool -import -keystore jsseclient1 -alias client -file client-ca.cer
    Thanks in advance,
    Babu

  • ISE Problem: EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain

    Hello, I´m stucked with this problem for 3 weeks now.
    I´m not able to configure the EAP-TLS autentication.
    In the "Certificate Store" of the ISE server I have Installed the Root, policy and the Issuing certificates as "trust for client authentication",and in the Local store I have a certificate issuing for the same issuing authority which sign the thw client ones.
    The ISE´s certificate has been issued with the "server Authentication certificate" template.
    The clients have installed the certificates  also the certificate chain.
    When I try to authenticate the wireless clients I allways get the same error: "     Authentication failed : 12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain"
    and "OpenSSLErrorMessage=SSL alert
    code=0x230=560 ; source=local ; type=fatal ; message="Unknown CA - error self-signed certificate in chain",OpenSSLErrorStack=  1208556432:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2720"
    I don´t know what else can I do.
    Thank you
    Jorge

    Hi Rik,
    the Below are the certificate details
    ISE Certificate Signed by XX-CA-PROC-06
    User PKI Signed by XX-CA-OTHER-08
    In ISE certificate Store i have the below certificates
    XX-CA-OTHER-08 signed by XX-CA-ROOT-04
    XX-CA-PROC-06 signed by XX-CA-ROOT-04
    XX-CA-ROOT-04 signed by XX-CA-ROOT-04
    ISE certificate signed by XX-CA-PROC-06
    I have enabled - 'Trust for client authentication' on all three certificates
    this is unchecked - 'Enable Validation of Certificate Extensions (accept only valid certificate)'
    when i check the certificates of current user in the Client PC this is how it shows.
    XX-CA-ROOT-04 is listed in Trusted root Certification Authority
    and XX-CA-PROC-06 and XX-CA-OTHER-08  are in Intermediate Certificate Authorities

  • Cannot complete the certificate chain: No trusted cert found

    Hi:
    I am currently working on a application that makes a web service call to a third party service provider. I am using weblogic 10 application server and session bean makes a call to the gateway class which in turn initiates a web service call using SSL layer. I get the following error when gateway class is trying to make a SSL connection with the third party server. I have set the keystore to be custom and java standard and both Identity key store and turst key store points to C:\bea10\jdk160_05\jre\lib\security\cacerts key store. The interesting thing is when I tried with different other URLs www.bankofamerica.com and www.freshdirect.com
    I get the same error. I am not sure why certificate validation fails even if it is a trusted CA and I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net
    Can someone shed me somelight whats going on here? I also took a look at thread Re: SSL issues tried to import the server certificates into java keystore. but nothing worked out. Appreciate your help.
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: Cannot complete the certificate chain: No trusted cert found
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: Validating certificate 0 in the chain: Serial number: 805312903
    Issuer:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
    Subject:C=CA, ST=Ontario, L=Toronto, O=Givex Corp., CN=*.givex.com
    Not Valid Before:Wed Nov 21 09:56:03 EST 2007
    Not Valid After:Sat Nov 20 09:56:03 EST 2010
    Signature Algorithm:SHA1withRSA
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: Validating certificate 1 in the chain: Serial number: 1116160170
    Issuer:C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
    Subject:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
    Not Valid Before:Sun Oct 01 01:00:00 EDT 2006
    Not Valid After:Tue Nov 26 13:25:48 EST 2013
    Signature Algorithm:SHA1withRSA
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
         at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
         at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
         at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
         at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
         at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
         at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
         at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
         at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
         at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
         at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
         at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
         at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: write ALERT, offset = 0, length = 2
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: close(): 16720915
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: close(): 16720915
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: SSLIOContextTable.removeContext(ctx): 29310343
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: close(): 16720915
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: close(): 16720915
    Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
    FINE: SSLIOContextTable.removeContext(ctx): 29310343
    <Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220048> <A exception was thrown from the client handler sending a JAXM message.>
    <Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220034> <A stack trace associated with message 220048 follows:
    javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
         at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
         at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
         at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
         at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
         at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
         at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
         at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
         at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
         at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
         at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
         at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
         at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
    >

    I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net<You can list the contents of your cacerts file to see if exact matching version of the SecureTrust signer cert is present.
    You can also use a simple java program to test whether you can connect to the 2 servers that your're having issues with:
    import java.net.*;
    import java.io.*;
    public class SSL_Test {
    public static void main(String[] args) throws Exception {
    URL sslURL = new URL("https://someserver.com/someservice.wsdl");
    BufferedReader in = new BufferedReader( new InputStreamReader( sslURL.openStream()));
    String inputLine;
    while ((inputLine = in.readLine()) != null)
    System.out.println(inputLine);
    in.close();
    compile and run with something like:
    javac SSL_Test.java
    # all on one line
    java -D -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=***** -Djavax.net.debug=ssl,handshake SSL_Test
    This just tests whether your truststore can trust the server cert.

  • Windows server 2012 update standalone installer error: the certificate for the signer of the message is invalid

    I have a windows server 2012 Hyper V machine which acts as a web front end for my sharepoint 2013 farm.
    It is set to install updates automatically.
    I have 4 patch to install to correct an issue with my search:
     KB
    2567680, KB
    2554876 , KB
    2708075 , KB
    2472264 
    These are Microsoft patches
    Whenever I try to install them I receive an error
    Googling the error, I have tried extracting the file and using CMD prompt to install the xml file to install but to no avail.
    I have installed Windows Identity Foundation as a role. It is necessary for this to be 
    I have also noticed that all updates for a couple of weeks have failed. I have 2 other servers in the farm, both of which are joined to the same private network cannot look for updates with another error. Not sure if these are related.
    Anyone know of anything like this?
    Thanks in advance

    right-click the file and select properties.
    On "Digital Signatures" the tab, select the "Microsoft Corporation" entry and click "Details"
    In the "Digital Signature Details" dialog, click "View Certificate"
    In the  "Certificate" dialog, click "Install Certificate..."
    In the "Certificate Import Wizard" dialog, select "Local Machine" (though current user might work, didn't use it, so I can not attest to it) and click "Next"
    Select the "Place all certificates in the following store" option and click "Browse"
    In the "Select Certificate Store" dialog, select "Trusted Publishers" and click "Ok"
    Back in the "Certificate Import Wizard" click "Next"
    You should now be at the "Completing the Certificate Import Wizard" step of the "Certificate Import Wizard" ... click "Finish"
    You should get "Import was successful"
    You should now be able to install the package.
    gimme some slamming techno!!!!

Maybe you are looking for

  • Open and dispaly XL file in IE with java

    Hi all, I need to display XL file in the browser. Here the problem is,In JSP I am providing one link, After clicking the ling I have to create one XL file and dispaly the XL file(open and display) with out clicking another link or button. I wrote one

  • Abap editor in ecc 6.0

    hi all abap editor in ecc 6.0 is having a icon enhancement...wat is the use of tht and how to use it...

  • Padlock security icon does not appear

    Ever since I upgraded to OS X 10.9.4, I do not see the padlock security icon on the screen when I am going to purchase something. Am I missing something very obvious or is there a way to make sure that the icon is visible? I'm not great with computer

  • Writing through TEXT_IO

    Dear Gurus I am using Forms 10G. I am using Text_io to read the text file and putting into table and again reading the tables and putting into another text file . But when i am reading from table the out put file is coming like this :- 0|82374628|abc

  • How to avoid pauses in Garbage Collection

    While doing performance test on a full load we found pauses. We captured GC and here are few instances of Full GC. We are running JVM 1.5, JBoss 4.2.x on RedHat Linux. Could some one guide me in avoiding those 17 secs and 10 sec pauses. Thanks 3643.6