AD Authentication not working

Similar Messages

• [svn] 1720: Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints .

  Revision: 1720
  Author: [email protected]
  Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
  Log Message:
  Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
  QA: Yes
  Doc: No
  Details:
  Update to the TomcatLoginCommand to work correctly with NIO endpoints.
  Ticket Links:
  http://bugs.adobe.com/jira/browse/LCDS-304
  Modified Paths:
  blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java

  Revision: 1720
  Author: [email protected]
  Date: 2008-05-14 14:50:06 -0700 (Wed, 14 May 2008)
  Log Message:
  Bugs: LCDS-304 - Authentication not working in all cases when using security constraint with NIO endpoints.
  QA: Yes
  Doc: No
  Details:
  Update to the TomcatLoginCommand to work correctly with NIO endpoints.
  Ticket Links:
  http://bugs.adobe.com/jira/browse/LCDS-304
  Modified Paths:
  blazeds/branches/3.0.x/modules/opt/src/tomcat/flex/messaging/security/TomcatLoginCommand. java

• Ldap authentication not working for Solaris 8 host - Help!

  Greetings folks,
  I just recently migrated a host to use LDAP authentication. The only difference between this host and the rest of the hosts in the environment that I've converted to use LDAP is that this one is running Solaris 8.
  Here's the steps I took to migrate it (though, I used the same steps for another Sol8 host in another environment and it works fine):
  ldapclient -P stg -d mydomain.com -D cn=proxyagent,ou=profile,dc=mydomain,dc=com -w secret 192.168.1.69
  My /etc/nsswitch.conf looks like this:
  passwd: files ldap
  group: files ldap
  My /etc/pam.conf looks like this:
  login auth requisite pam_authtok_get.so.1
  login auth required pam_dhkeys.so.1
  login auth sufficient pam_unix_auth.so.1
  login auth required pam_ldap.so.1
  sshd auth requisite pam_authtok_get.so.1
  sshd auth sufficient pam_unix_auth.so.1
  sshd auth required pam_ldap.so.1
  other auth requisite pam_authtok_get.so.1
  other auth required pam_dhkeys.so.1
  other auth sufficient pam_unix_auth.so.1
  other auth required pam_ldap.so.1
  passwd auth sufficient pam_passwd_auth.so.1
  passwd auth required pam_ldap.so.1
  I've also cleared out the local user accounts for my human users, so there aren't any more passwd or shadow entries (yes, I ran pwconv). I also cleaned out the /etc/group entries for the same users. The machine appears to be configured properly, because I can run various DS commands that indicate this:
  hostname# getent passwd user1
  user1::1001:1001:User 1:/opt/home/user1:/bin/bash
  hostname# ldaplist -l passwd user1
  dn: uid=user1,ou=people,dc=mydomain,dc=com
  shadowFlag: 0
  userPassword: {crypt}(removed)
  uid: user1
  objectClass: posixAccount
  objectClass: shadowAccount
  objectClass: account
  objectClass: top
  cn: user1
  uidNumber: 1001
  gidNumber: 1001
  gecos: User 1
  homeDirectory: /opt/home/user1
  loginShell: /bin/bash
  However, in the end, actual logins to this host fail via ssh. Snooping the traffic reveals that all the right info is being handed back to the client, including the crypt'ed password hash, uid, etc. just like I see with other hosts that work.
  Any ideas?
  Thanks!
  Patrick

  I assume you have applied lastest kernel patch and 108993 to this Solaris8 machine, and its nss_ldap.so.1 and pam_ldap.so.1 are the same as the other Solaris8 LDAP clients that are working for ssh via LDAP auth.
  1) Please replace "objectClass: account" with "objectClass: person", I know SUN ONE DS5.2 likes "person".
  2) Did you test and verify telnet/ftp/su working? but SSH not working?
  3) If telnet/ftp/su all worked, and SSH (SUN-SSH or OpenSSH), make sure you have "UsePAM yes" in sshd_config and restart sshd.
  4) It is not a must I think but normally I will add "shadow: files ldap" to /etc/nsswitch.conf, restart nscd after that.
  5) Whenever ldapclient command is run and ldap_cachemgr is restarted, I usually also restart nscd and sshd after that, if not testing result may not be accurate as nscd is still remembering OLD stuffs cached which could be very misleading.
  6) You may use "ssh -v userid@localhost" to watch the SSH communications, on top of your usual "snoop"ing of network packets.
  7) Use the sample pam.conf that is meant for pam_ldap from Solaris 10 system admin guide with all the pam_unix_cred.so.1 lines commented out. This works for me, there is no sshd defintions as it will follow "other".
  http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
  Gary

• Sg300 - 802.1x NPS - mac authentication not working

  I configured 802.1x on a sg300 switch. It is working very well with some Windows 7 machines and a Windows Server 2008 NPS server.
  Now I tried to get the MAC authentication running, on a 3850X it is working without problems, but every access request sent from the SG300 is declined.
  My current port configuration on the SG300:
  interface fastethernet1
   dot1x guest-vlan enable
   dot1x max-req 1
   dot1x reauthentication
   dot1x timeout quiet-period 10
   dot1x authentication 802.1x mac
   dot1x radius-attributes vlan static
   dot1x port-control auto
   switchport mode access
  On the Windows NPS server there is following error to see:
  Authentication Details:
      Connection Request Policy Name:    Secure Wire
      Network Policy Name:        -
      Authentication Provider:        Windows
      Authentication Server:        myradius.local
      Authentication Type:        -
      EAP Type:            -
      Account Session Identifier:        30353030399999
      Reason Code:            1
      Reason:                An internal error occurred. Check the system event log for additional information.
  There is compared to the message from the 3850 the authentication type missing (PAP) and a not very helpful error message displayed...

  Still not working.
  I tried different settings and (also older) software versions on the SF302-08P.
  Also started to change the settings on the NPS (though it is working with the 3850X!), without success.
  The NPS reports following error:
  Schannel:
  The following fatal alert was received: 40.
  EventID 36887
  If I search for this error, every source is pointing to certificate errors, but there should not be any certificate involved?!
  ... is this a bug on the SF302-08P?

• Cisco Ise Central Web authentication not working

  Hello Guys,
  CWA is not working. It says that authentication suceeded but posture status is pending. No error in my Monitor--authentication. Checking it in my Windows 7, it does not shows the CWA portal.
  What might be the possible problem of this.?
  thanks

  Kindly review the below links:
  http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml
  http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml

• "Allow insecure authentication" not working on mac mail after upgrade to Yosimite

  I recently upgraded to the new Yosemite OS.  Since then, I have not been able to access my ISP's IMAP server. After spending time troubleshooting with the service provider, it seems that the "allow insecure authentication" feature is not working.  The password appears to be sent as a series of "*" which the server can not recognize and I fail the login. It is of note that I am still able to access this email account through my iPhone 4S with all the same settings and had no issues before the Yosimite upgrade. Is there anyway around this issue?

  I had the same problem. Rebooting the computer fixed the issue for me.

• J2EE and user authentication not working

  Hi,
  has anyone gotten the basic/form based authentication to
  work in the latest version of the 9iAS?
  Oracle9iAS (9.0.2.0.0)
  I've read all the posts and articles from orionsupport.com
  BUT it still does not work.
  Support Folks from ORacle: Where is the latest documentation
  for the Server ???? Everything seems outdated??
  cheers,
  Vijay

  Hi,
  You can change User and password through SU01 through UME. and also read SNote:  Note 891614 - Login problems / Expired password
  Regards
  Thomas

• Kerberos Authentication Not Working on OS X 10.6

  Using FF version 20.0, on OS X 10.6.8, I can not get it to use Kerberos authentication to allow SSO to a SharePoint web site.
  On OS X 10.8, with the same configuration in the about:config, everything works fine - the user is not prompted for credentials.
  I have put the necessary entires in network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uris, network.negotiate-auth.gsslib is set to true.
  When I have setup to log the errors from the authentication module, I find in the log file "Fail to load gssapi library".
  Interestingly on 10.8, when I start Firefox from the command line the Kerberos authentication does not work. When I start it via the icon, it does. What is the difference? Are the preferences not being loaded when launching via the command line?
  Thanks for any help,
  Richard

  Found the solution:
  Was a combination of kinit being run on login (apparently a known 10.6 bug). Our Mac team were able to alter the appropriate plist file so that this does happen on login.
  We also had to add an extra SPN for the actual server, as well as the DNS name of the SharePoint site we were trying to access with Kerberos authentication - although this may have something to do with using host-named site collections at the SharePoint end.
  Main problem was the kinit thing though.

• Kerberos / GSSAPI authentication not working in Mail.app

  I am using Kerberos with a Debian server on which is running the MIT KDC, Cyrus imapd, and sendmail. I have been using Kerberos authentication with Mail.app in this environment for some time, under Tiger. I just upgraded to Leopard, and it no longer works. The problem is simple: the Mail.app IMAP conversation goes like this:
  OK sequoia Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-5.1 server ready
  1.11 CAPABILITY
  * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDP LUS ID NOATOMICRENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=GSSAPI AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=NTLM ANNOTATEMORE
  1.11 OK Completed
  2.11 AUTHENTICATE GSSAPI
  +
  2.11 NO authentication failure
  Mail.app simply sends an empty GSSAPI message. This problem does not appear to be in the Kerberos libraries or endemic to Apple's apps in general, since Kerberos authentication still works in both SSH and WebDAV. This appears to be a Mail.app bug.
  - Richard Silverman

  Have you found any work around? I'm having exactly the same problem.
  As you say, kerberos in general seems okay -- not only does GSSAPI work fine for other programs, it even works correctly for ThunderBird running under 10.5. Meanwhile Mail.app doesn't even try to fetch service tickets, nor does it use them if something else already has.
  I've tried everything I can think of -- using the real A/PTR hostname instead of the CNAME, adding a user with a principal name that matches my username, hard-coding kerberos settings into the config file rather than relying on DNS -- but nothing makes Mail.app even try to use GSSAPI for IMAP or SMTP.

• Wireless with PEAP Authentication not working using new NPS server

  All,
  We are planning to migrate from our old IAS server to new NPS server. We are testing the new NPS server with our wireless infrastructure using WISM. We are using PEAP with server Cert for authentication. For testing purpose we are doing user authentication but our goal is to do machine authentication. On client side we are using Windows XP, Windows 7 & iPAD’s
  I believe I have configured the NPS & CA server as per the documents I found on Cisco support forum & Microsoft’s site.
  But it is not working for me. I am getting the following error message on the NPS server.
  Error # 1
  =======
  Cryptographic operation.
  Subject:
              Security ID:                 SYSTEM
              Account Name:                       MADXXX
              Account Domain:                    AD
              Logon ID:                    0x3e7
  Cryptographic Parameters:
              Provider Name:          Microsoft Software Key Storage Provider
              Algorithm Name:         RSA
              Key Name:      XXX-Wireless-NPS
              Key Type:       Machine key.
  Cryptographic Operation:
              Operation:       Decrypt.
              Return Code:  0x80090010
  Error # 2
  ======
  An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
  I was wondering if anyone has any insight on what is going on.
  Thanks, Ds

  Scott,
  I have disabled MS-CHAP v1 & only MS-CHAP v2 is enabled on Network Policies > Constraints.
  I  disabled validate Certificate on Windows 7 and tried to authenticate, it is still failing. Here is the output from the event viewer:
  Cryptographic operation.
  Subject:
  Security ID: SYSTEM
  Account Name: MADHFSVNPSPI01$
  Account Domain: AD
  Logon ID: 0x3e7
  Cryptographic Parameters:
  Provider Name: Microsoft Software Key Storage Provider
  Algorithm Name: RSA
  Key Name: DOT-Wireless-NPS
  Key Type: Machine key.
  Cryptographic Operation:
  Operation: Decrypt.
  Return Code: 0x80090010
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
  Security ID: AD\mscdzs
  Account Name: AD\mscdzs
  Account Domain: AD
  Fully Qualified Account Name: AD\mscdzs
  Client Machine:
  Security ID: NULL SID
  Account Name: -
  Fully Qualified Account Name: -
  OS-Version: -
  Called Station Identifier: 64-ae-0c-00-de-f0:DOT
  Calling Station Identifier: a0-88-b4-e2-79-cc
  NAS:
  NAS IPv4 Address: 130.47.128.7
  NAS IPv6 Address: -
  NAS Identifier: WISM2B
  NAS Port-Type: Wireless - IEEE 802.11
  NAS Port: 29
  RADIUS Client:
  Client Friendly Name: WISM2B
  Client IP Address: 130.47.128.7
  Authentication Details:
  Connection Request Policy Name: Secure Wireless Connections
  Network Policy Name: Secure Wireless Connections
  Authentication Provider: Windows
  Authentication Server: MADHFSVNPSPI01.AD.DOT.STATE.WI.US
  Authentication Type: PEAP
  EAP Type: -
  Account Session Identifier: -
  Logging Results: Accounting information was written to the local log file.
  Reason Code: 23
  Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
  Attached are EAP logs & debug logs from the controller.
  Thanks for all the help. I really appreciate.

• ADFS 3.0 Windows Authentication not working

  I recently upgraded from ADFS 2.1 and TMG 2010 as the reverse proxy to ADFS 3.0 and Web Application Proxy as the reverse proxy.  I have upgraded to ADFS 3.0 successfully and it is working without anything changing to the end users.  This is still
  using TMG 2010 as the reverse proxy. 
  When I make the changes to use WAP as the reverse proxy, I get prompted with a forms based authentication page instead of the usual windows authentication screen.  This poses a problem since this creates an extra step for people when logging on to our
  sites that use SSO since there's no "save password" box.  I can move the traffic back to TMG and it's back to working like it should but we are looking to remove TMG very soon.
  When I am on the "inside" network connecting to ADFS without the reverse proxy, it works just fine.  However, ALL of our users are "outside" of the network will be using the reverse proxy.  None of the computers are domain joined.
  The issue seems to only be when using Web Application Proxy server to service ADFS SSO requests.....TMG servicing these requests does not have this issue.
  What's the difference?  How can I get this functionality back with WAP?

  Hi Eric,
  Based on my research, when publishing applications that use Integrated Windows authentication, the Web Application Proxy server uses Kerberos constrained delegation to authenticate users
  to the published application.
  To use Integrated Windows authentication, the Web Application Proxy server must be joined to an AD DS domain.
  More information for you:
  Web Application Proxy: Some applications are configured to perform backend authentication using Integrated Windows authentication but the server is not joined to a domain
  http://technet.microsoft.com/en-us/library/dn464299.aspx
  Best Regards,
  Amy

• Client authentication not working

  Hi all,
  I am using Apache's HTTPClient to connect with a server running https. The server is the latest stable Tomcat (version 4.1.27). If I set clientAuth="false" in the Tomcat configuration, everything is working fine. I am able to comunicate with the server, since the server's certificate is in the trusted store. If I want to authenticate myself (by setting clientAuth="true") it doesn't work. It seems that the application I have written doesn't send the client's certificate.
  Here's the code:
  HttpClient httpclient = new HttpClient();
  Protocol myhttps =
       new Protocol(
            "https",
            new StrictSSLProtocolSocketFactory(false),
            8443);
  httpclient.getHostConfiguration().setHost("rigel", 8443, myhttps);
  GetMethod httpget = new GetMethod("/");
  httpclient.executeMethod(httpget);
  If I turn on all sorts of debugging this is what I get:
  2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Java version: 1.4.0_02
  2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Java vendor: Sun Microsystems Inc.
  2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Java class path: f:\myhome\projects\NextiraOne\class;f:\myhome\projects\NextiraOne\lib\commons-httpclient-2.0-rc1.jar;f:\myhome\projects\NextiraOne\lib\log4j-1.2.6.jar;f:\myhome\projects\NextiraOne\lib\commons-logging.jar;f:\myhome\projects\NextiraOne\lib\commons-logging-api.jar;f:\myhome\projects\NextiraOne\lib\com.ibm.mq.jar;f:\myhome\projects\NextiraOne\lib\xmlparserv2new.jar;f:\myhome\projects\NextiraOne\lib\connector.jar
  2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Operating system name: Windows 2000
  2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Operating system architecture: x86
  2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Operating system version: 5.0
  2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SUN 1.2: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SunJSSE 1.4002: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SunRsaSign 1.0: SUN's provider for RSA signatures
  2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SunJCE 1.4: SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  2003/10/08 14:54:27:088 CEST [DEBUG] HttpClient - -SunJGSS 1.0: Sun (Kerberos v5)
  2003/10/08 14:54:27:188 CEST [DEBUG] HttpConnection - -HttpConnection.setSoTimeout(0)
  keyStore is :
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  trustStore is: f:\client.keystore
  trustStore type is : jks
  init truststore
  adding private entry as trusted cert: [
  Version: V1
  Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@8fd984
  Validity: [From: Wed Oct 08 13:48:24 CEST 2003,
                 To: Tue Jan 06 12:48:24 CET 2004]
  Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
  SerialNumber: [    3f83f988 ]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 04 24 63 44 43 26 CA 79 BC 0B 96 2D 27 1A 40 DA .$cDC&.y...-'.@.
  0010: E0 92 FE D6 57 F8 4C C4 C6 97 F7 13 24 4B 30 F9 ....W.L.....$K0.
  0020: E7 C3 06 2B A3 67 FD 70 E1 A5 8E E7 16 3D 59 16 ...+.g.p.....=Y.
  0030: DB 7B 73 AC 30 B1 43 C1 F2 96 DD 8F 52 0E 61 1F ..s.0.C.....R.a.
  0040: 0E 23 0F 88 8E 1A 6F 24 54 B9 87 4C 2C A1 97 78 .#....o$T..L,..x
  0050: FD 80 6A A1 F8 65 C3 CE 39 F4 AA A6 6C 3C 7A 98 ..j..e..9...l<z.
  0060: 86 4E 5B 6A 2D 7F BC 89 E8 36 29 54 22 0A 3F C7 .N[j-....6)T".?.
  0070: B3 83 4E 47 36 F1 C9 09 25 E7 9C D6 11 10 3B 3C ..NG6...%.....;<
  adding as trusted cert: [
  Version: V1
  Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@f99ff5
  Validity: [From: Wed Oct 08 11:56:42 CEST 2003,
                 To: Tue Jan 06 10:56:42 CET 2004]
  Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
  SerialNumber: [    3f83df5a ]
  Algorithm: [MD5withRSA]
  Signature:
  0000: E0 21 80 C9 4C 8C BC FC 48 B3 36 6A 0B E1 C1 94 .!..L...H.6j....
  0010: 79 E1 E7 6B 27 B0 71 7D CF 17 A6 B9 E6 71 D6 85 y..k'.q......q..
  0020: 6F 9F EB 66 73 4B CB A2 C1 A2 7F F3 38 A1 A7 8B o..fsK......8...
  0030: 92 F0 82 1F 4A A4 E9 F5 8C 64 0B 7E 86 61 C0 D5 ....J....d...a..
  0040: 74 60 7D D3 B0 11 3F 77 B9 D8 EC 7D 17 22 D8 7C t`....?w....."..
  0050: 77 42 CB C1 24 CC 26 5E CF 8A 20 7D 77 44 D4 29 wB..$.&^.. .wD.)
  0060: DF 59 D1 17 CE D2 51 59 BC 53 35 B0 EB CE 51 CE .Y....QY.S5...Q.
  0070: 79 F7 D2 53 CE FD 2F 9A FD 1A A8 E3 3C 58 AF EB y..S../.....<X..
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  2003/10/08 14:54:32:456 CEST [DEBUG] HttpMethodBase - -Execute loop try 1
  2003/10/08 14:54:32:466 CEST [DEBUG] wire - ->> "GET / HTTP/1.1[\r][\n]"
  2003/10/08 14:54:32:466 CEST [DEBUG] HttpMethodBase - -Adding Host request header
  2003/10/08 14:54:32:476 CEST [DEBUG] wire - ->> "User-Agent: Jakarta Commons-HttpClient/2.0rc1[\r][\n]"
  2003/10/08 14:54:32:476 CEST [DEBUG] wire - ->> "Host: rigel[\r][\n]"
  %% No cached client session
  *** ClientHello, v3.1
  RandomCookie: GMT: 1048840456 bytes = { 43, 4, 244, 103, 54, 110, 99, 128, 162, 132, 22, 2, 197, 112, 91, 105, 4, 133, 249, 114, 142, 122, 44, 203, 156, 188, 132, 100 }
  Session ID: {}
  Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 59
  0000: 01 00 00 37 03 01 3F 84 09 08 2B 04 F4 67 36 6E ...7..?...+..g6n
  0010: 63 80 A2 84 16 02 C5 70 5B 69 04 85 F9 72 8E 7A c......p[i...r.z
  0020: 2C CB 9C BC 84 64 00 00 10 00 05 00 04 00 09 00 ,....d..........
  0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
  main, WRITE: SSL v3.1 Handshake, length = 59
  [write] MD5 and SHA1 hashes: len = 77
  0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
  0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
  0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 3F 84 09 .............?..
  0030: 08 2B 04 F4 67 36 6E 63 80 A2 84 16 02 C5 70 5B .+..g6nc......p[
  0040: 69 04 85 F9 72 8E 7A 2C CB 9C BC 84 64 i...r.z,....d
  main, WRITE: SSL v2, contentType = 22, translated length = 16310
  main, READ: SSL v3.1 Handshake, length = 2275
  *** ServerHello, v3.1
  RandomCookie: GMT: 1048840456 bytes = { 2, 207, 237, 54, 101, 119, 116, 33, 59, 54, 56, 111, 170, 110, 92, 129, 178, 67, 124, 46, 187, 153, 247, 27, 216, 197, 21, 232 }
  Session ID: {63, 132, 9, 8, 85, 66, 130, 20, 34, 100, 122, 131, 137, 133, 143, 214, 43, 232, 151, 61, 12, 216, 23, 84, 58, 241, 194, 116, 67, 44, 43, 44}
  Cipher Suite: { 0, 5 }
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
  ** SSL_RSA_WITH_RC4_128_SHA
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 3F 84 09 08 02 CF ED 36 65 77 ...F..?......6ew
  0010: 74 21 3B 36 38 6F AA 6E 5C 81 B2 43 7C 2E BB 99 t!;68o.n\..C....
  0020: F7 1B D8 C5 15 E8 20 3F 84 09 08 55 42 82 14 22 ...... ?...UB.."
  0030: 64 7A 83 89 85 8F D6 2B E8 97 3D 0C D8 17 54 3A dz.....+..=...T:
  0040: F1 C2 74 43 2C 2B 2C 00 05 00 ..tC,+,...
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@b2a2d8
  Validity: [From: Wed Oct 08 11:56:42 CEST 2003,
                 To: Tue Jan 06 10:56:42 CET 2004]
  Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
  SerialNumber: [    3f83df5a ]
  Algorithm: [MD5withRSA]
  Signature:
  0000: E0 21 80 C9 4C 8C BC FC 48 B3 36 6A 0B E1 C1 94 .!..L...H.6j....
  0010: 79 E1 E7 6B 27 B0 71 7D CF 17 A6 B9 E6 71 D6 85 y..k'.q......q..
  0020: 6F 9F EB 66 73 4B CB A2 C1 A2 7F F3 38 A1 A7 8B o..fsK......8...
  0030: 92 F0 82 1F 4A A4 E9 F5 8C 64 0B 7E 86 61 C0 D5 ....J....d...a..
  0040: 74 60 7D D3 B0 11 3F 77 B9 D8 EC 7D 17 22 D8 7C t`....?w....."..
  0050: 77 42 CB C1 24 CC 26 5E CF 8A 20 7D 77 44 D4 29 wB..$.&^.. .wD.)
  0060: DF 59 D1 17 CE D2 51 59 BC 53 35 B0 EB CE 51 CE .Y....QY.S5...Q.
  0070: 79 F7 D2 53 CE FD 2F 9A FD 1A A8 E3 3C 58 AF EB y..S../.....<X..
  stop on trusted cert: [
  Version: V1
  Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@b2a2d8
  Validity: [From: Wed Oct 08 11:56:42 CEST 2003,
                 To: Tue Jan 06 10:56:42 CET 2004]
  Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
  SerialNumber: [    3f83df5a ]
  Algorithm: [MD5withRSA]
  Signature:
  0000: E0 21 80 C9 4C 8C BC FC 48 B3 36 6A 0B E1 C1 94 .!..L...H.6j....
  0010: 79 E1 E7 6B 27 B0 71 7D CF 17 A6 B9 E6 71 D6 85 y..k'.q......q..
  0020: 6F 9F EB 66 73 4B CB A2 C1 A2 7F F3 38 A1 A7 8B o..fsK......8...
  0030: 92 F0 82 1F 4A A4 E9 F5 8C 64 0B 7E 86 61 C0 D5 ....J....d...a..
  0040: 74 60 7D D3 B0 11 3F 77 B9 D8 EC 7D 17 22 D8 7C t`....?w....."..
  0050: 77 42 CB C1 24 CC 26 5E CF 8A 20 7D 77 44 D4 29 wB..$.&^.. .wD.)
  0060: DF 59 D1 17 CE D2 51 59 BC 53 35 B0 EB CE 51 CE .Y....QY.S5...Q.
  0070: 79 F7 D2 53 CE FD 2F 9A FD 1A A8 E3 3C 58 AF EB y..S../.....<X..
  [read] MD5 and SHA1 hashes: len = 552
  0000: 0B 00 02 24 00 02 21 00 02 1E 30 82 02 1A 30 82 ...$..!...0...0.
  0010: 01 83 02 04 3F 83 DF 5A 30 0D 06 09 2A 86 48 86 ....?..Z0...*.H.
  0020: F7 0D 01 01 04 05 00 30 54 31 0B 30 09 06 03 55 .......0T1.0...U
  0030: 04 06 13 02 42 45 31 0C 30 0A 06 03 55 04 08 13 ....BE1.0...U...
  0040: 03 4F 56 4C 31 0C 30 0A 06 03 55 04 07 13 03 4D .OVL1.0...U....M
  0050: 45 52 31 0B 30 09 06 03 55 04 0A 13 02 44 43 31 ER1.0...U....DC1
  0060: 0C 30 0A 06 03 55 04 0B 13 03 45 43 53 31 0E 30 .0...U....ECS1.0
  0070: 0C 06 03 55 04 03 13 05 72 69 67 65 6C 30 1E 17 ...U....rigel0..
  0080: 0D 30 33 31 30 30 38 30 39 35 36 34 32 5A 17 0D .031008095642Z..
  0090: 30 34 30 31 30 36 30 39 35 36 34 32 5A 30 54 31 040106095642Z0T1
  00A0: 0B 30 09 06 03 55 04 06 13 02 42 45 31 0C 30 0A .0...U....BE1.0.
  00B0: 06 03 55 04 08 13 03 4F 56 4C 31 0C 30 0A 06 03 ..U....OVL1.0...
  00C0: 55 04 07 13 03 4D 45 52 31 0B 30 09 06 03 55 04 U....MER1.0...U.
  00D0: 0A 13 02 44 43 31 0C 30 0A 06 03 55 04 0B 13 03 ...DC1.0...U....
  00E0: 45 43 53 31 0E 30 0C 06 03 55 04 03 13 05 72 69 ECS1.0...U....ri
  00F0: 67 65 6C 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D gel0..0...*.H...
  0100: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
  0110: F0 8B 5A 91 87 97 AB 55 2A 6A AA 96 1F CF 77 D7 ..Z....U*j....w.
  0120: 73 C2 23 4D 78 51 CF 6E 3F 10 46 C5 DA D7 9D 75 s.#MxQ.n?.F....u
  0130: 77 3A 94 4A 07 5B D6 38 82 18 AE 71 6A 76 F9 6F w:.J.[.8...qjv.o
  0140: 58 19 9D 2F 97 EE 4E 38 0E 3F E1 B2 5D 2D C1 1A X../..N8.?..]-..
  0150: 0E F2 08 B2 D6 FF 0A 5E FC BD 57 73 C1 F0 09 C3 .......^..Ws....
  0160: 8E E4 20 C2 CC 96 E3 DE 24 2C 76 DD 9C BA F3 D2 .. .....$,v.....
  0170: 14 FC 94 86 C6 A3 6D 90 02 6B 5C 6E C7 94 0A 44 ......m..k\n...D
  0180: A2 64 F6 A2 31 16 1E AC 97 36 17 84 7E 60 EC 2B .d..1....6...`.+
  0190: 02 03 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 .....0...*.H....
  01A0: 01 04 05 00 03 81 81 00 E0 21 80 C9 4C 8C BC FC .........!..L...
  01B0: 48 B3 36 6A 0B E1 C1 94 79 E1 E7 6B 27 B0 71 7D H.6j....y..k'.q.
  01C0: CF 17 A6 B9 E6 71 D6 85 6F 9F EB 66 73 4B CB A2 .....q..o..fsK..
  01D0: C1 A2 7F F3 38 A1 A7 8B 92 F0 82 1F 4A A4 E9 F5 ....8.......J...
  01E0: 8C 64 0B 7E 86 61 C0 D5 74 60 7D D3 B0 11 3F 77 .d...a..t`....?w
  01F0: B9 D8 EC 7D 17 22 D8 7C 77 42 CB C1 24 CC 26 5E ....."..wB..$.&^
  0200: CF 8A 20 7D 77 44 D4 29 DF 59 D1 17 CE D2 51 59 .. .wD.).Y....QY
  0210: BC 53 35 B0 EB CE 51 CE 79 F7 D2 53 CE FD 2F 9A .S5...Q.y..S../.
  0220: FD 1A A8 E3 3C 58 AF EB ....<X..
  *** CertificateRequest
  Cert Types: DSS, RSA,
  Cert Authorities:
  <OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
  <[email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
  <[email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
  <OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
  <OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
  <OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
  <[email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
  <[email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
  <CN=kws, OU=Delaware, O=Delaware, L=BE, ST=BE, C=BE>
  <OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
  <[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
  [read] MD5 and SHA1 hashes: len = 1645
  0000: 0D 00 06 69 02 02 01 06 64 00 61 30 5F 31 0B 30 ...i....d.a0_1.0
  0010: 09 06 03 55 04 06 13 02 55 53 31 17 30 15 06 03 ...U....US1.0...
  0020: 55 04 0A 13 0E 56 65 72 69 53 69 67 6E 2C 20 49 U....VeriSign, I
  0030: 6E 63 2E 31 37 30 35 06 03 55 04 0B 13 2E 43 6C nc.1705..U....Cl
  0040: 61 73 73 20 33 20 50 75 62 6C 69 63 20 50 72 69 ass 3 Public Pri
  0050: 6D 61 72 79 20 43 65 72 74 69 66 69 63 61 74 69 mary Certificati
  0060: 6F 6E 20 41 75 74 68 6F 72 69 74 79 00 D1 30 81 on Authority..0.
  0070: CE 31 0B 30 09 06 03 55 04 06 13 02 5A 41 31 15 .1.0...U....ZA1.
  0080: 30 13 06 03 55 04 08 13 0C 57 65 73 74 65 72 6E 0...U....Western
  0090: 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13 09 Cape1.0...U....
  00A0: 43 61 70 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 Cape Town1.0...U
  00B0: 04 0A 13 14 54 68 61 77 74 65 20 43 6F 6E 73 75 ....Thawte Consu
  00C0: 6C 74 69 6E 67 20 63 63 31 28 30 26 06 03 55 04 lting cc1(0&..U.
  00D0: 0B 13 1F 43 65 72 74 69 66 69 63 61 74 69 6F 6E ...Certification
  00E0: 20 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 Services Divisi
  00F0: 6F 6E 31 21 30 1F 06 03 55 04 03 13 18 54 68 61 on1!0...U....Tha
  0100: 77 74 65 20 50 72 65 6D 69 75 6D 20 53 65 72 76 wte Premium Serv
  0110: 65 72 20 43 41 31 28 30 26 06 09 2A 86 48 86 F7 er CA1(0&..*.H..
  0120: 0D 01 09 01 16 19 70 72 65 6D 69 75 6D 2D 73 65 ......premium-se
  0130: 72 76 65 72 40 74 68 61 77 74 65 2E 63 6F 6D 00 [email protected].
  0140: CE 30 81 CB 31 0B 30 09 06 03 55 04 06 13 02 5A .0..1.0...U....Z
  0150: 41 31 15 30 13 06 03 55 04 08 13 0C 57 65 73 74 A1.0...U....West
  0160: 65 72 6E 20 43 61 70 65 31 12 30 10 06 03 55 04 ern Cape1.0...U.
  0170: 07 13 09 43 61 70 65 20 54 6F 77 6E 31 1A 30 18 ...Cape Town1.0.
  0180: 06 03 55 04 0A 13 11 54 68 61 77 74 65 20 43 6F ..U....Thawte Co
  0190: 6E 73 75 6C 74 69 6E 67 31 28 30 26 06 03 55 04 nsulting1(0&..U.
  01A0: 0B 13 1F 43 65 72 74 69 66 69 63 61 74 69 6F 6E ...Certification
  01B0: 20 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 Services Divisi
  01C0: 6F 6E 31 21 30 1F 06 03 55 04 03 13 18 54 68 61 on1!0...U....Tha
  01D0: 77 74 65 20 50 65 72 73 6F 6E 61 6C 20 42 61 73 wte Personal Bas
  01E0: 69 63 20 43 41 31 28 30 26 06 09 2A 86 48 86 F7 ic CA1(0&..*.H..
  01F0: 0D 01 09 01 16 19 70 65 72 73 6F 6E 61 6C 2D 62 ......personal-b
  0200: 61 73 69 63 40 74 68 61 77 74 65 2E 63 6F 6D 00 [email protected].
  0210: 61 30 5F 31 0B 30 09 06 03 55 04 06 13 02 55 53 a0_1.0...U....US
  0220: 31 20 30 1E 06 03 55 04 0A 13 17 52 53 41 20 44 1 0...U....RSA D
  0230: 61 74 61 20 53 65 63 75 72 69 74 79 2C 20 49 6E ata Security, In
  0240: 63 2E 31 2E 30 2C 06 03 55 04 0B 13 25 53 65 63 c.1.0,..U...%Sec
  0250: 75 72 65 20 53 65 72 76 65 72 20 43 65 72 74 69 ure Server Certi
  0260: 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 fication Authori
  0270: 74 79 00 61 30 5F 31 0B 30 09 06 03 55 04 06 13 ty.a0_1.0...U...
  0280: 02 55 53 31 17 30 15 06 03 55 04 0A 13 0E 56 65 .US1.0...U....Ve
  0290: 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 37 30 35 riSign, Inc.1705
  02A0: 06 03 55 04 0B 13 2E 43 6C 61 73 73 20 34 20 50 ..U....Class 4 P
  02B0: 75 62 6C 69 63 20 50 72 69 6D 61 72 79 20 43 65 ublic Primary Ce
  02C0: 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 rtification Auth
  02D0: 6F 72 69 74 79 00 61 30 5F 31 0B 30 09 06 03 55 ority.a0_1.0...U
  02E0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
  02F0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
  0300: 37 30 35 06 03 55 04 0B 13 2E 43 6C 61 73 73 20 705..U....Class
  0310: 31 20 50 75 62 6C 69 63 20 50 72 69 6D 61 72 79 1 Public Primary
  0320: 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 Certification A
  0330: 75 74 68 6F 72 69 74 79 00 D2 30 81 CF 31 0B 30 uthority..0..1.0
  0340: 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 03 ...U....ZA1.0...
  0350: 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 70 U....Western Cap
  0360: 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 65 e1.0...U....Cape
  0370: 20 54 6F 77 6E 31 1A 30 18 06 03 55 04 0A 13 11 Town1.0...U....
  0380: 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 6E Thawte Consultin
  0390: 67 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 74 g1(0&..U....Cert
  03A0: 69 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 63 ification Servic
  03B0: 65 73 20 44 69 76 69 73 69 6F 6E 31 23 30 21 06 es Division1#0!.
  03C0: 03 55 04 03 13 1A 54 68 61 77 74 65 20 50 65 72 .U....Thawte Per
  03D0: 73 6F 6E 61 6C 20 50 72 65 6D 69 75 6D 20 43 41 sonal Premium CA
  03E0: 31 2A 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1*0(..*.H.......
  03F0: 1B 70 65 72 73 6F 6E 61 6C 2D 70 72 65 6D 69 75 .personal-premiu
  0400: 6D 40 74 68 61 77 74 65 2E 63 6F 6D 00 D4 30 81 [email protected].
  0410: D1 31 0B 30 09 06 03 55 04 06 13 02 5A 41 31 15 .1.0...U....ZA1.
  0420: 30 13 06 03 55 04 08 13 0C 57 65 73 74 65 72 6E 0...U....Western
  0430: 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13 09 Cape1.0...U....
  0440: 43 61 70 65 20 54 6F 77 6E 31 1A 30 18 06 03 55 Cape Town1.0...U
  0450: 04 0A 13 11 54 68 61 77 74 65 20 43 6F 6E 73 75 ....Thawte Consu
  0460: 6C 74 69 6E 67 31 28 30 26 06 03 55 04 0B 13 1F lting1(0&..U....
  0470: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
  0480: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
  0490: 24 30 22 06 03 55 04 03 13 1B 54 68 61 77 74 65 $0"..U....Thawte
  04A0: 20 50 65 72 73 6F 6E 61 6C 20 46 72 65 65 6D 61 Personal Freema
  04B0: 69 6C 20 43 41 31 2B 30 29 06 09 2A 86 48 86 F7 il CA1+0)..*.H..
  04C0: 0D 01 09 01 16 1C 70 65 72 73 6F 6E 61 6C 2D 66 ......personal-f
  04D0: 72 65 65 6D 61 69 6C 40 74 68 61 77 74 65 2E 63 [email protected]
  04E0: 6F 6D 00 5D 30 5B 31 0B 30 09 06 03 55 04 06 13 om.]0[1.0...U...
  04F0: 02 42 45 31 0B 30 09 06 03 55 04 08 13 02 42 45 .BE1.0...U....BE
  0500: 31 0B 30 09 06 03 55 04 07 13 02 42 45 31 11 30 1.0...U....BE1.0
  0510: 0F 06 03 55 04 0A 13 08 44 65 6C 61 77 61 72 65 ...U....Delaware
  0520: 31 11 30 0F 06 03 55 04 0B 13 08 44 65 6C 61 77 1.0...U....Delaw
  0530: 61 72 65 31 0C 30 0A 06 03 55 04 03 13 03 6B 77 are1.0...U....kw
  0540: 73 00 61 30 5F 31 0B 30 09 06 03 55 04 06 13 02 s.a0_1.0...U....
  0550: 55 53 31 17 30 15 06 03 55 04 0A 13 0E 56 65 72 US1.0...U....Ver
  0560: 69 53 69 67 6E 2C 20 49 6E 63 2E 31 37 30 35 06 iSign, Inc.1705.
  0570: 03 55 04 0B 13 2E 43 6C 61 73 73 20 32 20 50 75 .U....Class 2 Pu
  0580: 62 6C 69 63 20 50 72 69 6D 61 72 79 20 43 65 72 blic Primary Cer
  0590: 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F tification Autho
  05A0: 72 69 74 79 00 C7 30 81 C4 31 0B 30 09 06 03 55 rity..0..1.0...U
  05B0: 04 06 13 02 5A 41 31 15 30 13 06 03 55 04 08 13 ....ZA1.0...U...
  05C0: 0C 57 65 73 74 65 72 6E 20 43 61 70 65 31 12 30 .Western Cape1.0
  05D0: 10 06 03 55 04 07 13 09 43 61 70 65 20 54 6F 77 ...U....Cape Tow
  05E0: 6E 31 1D 30 1B 06 03 55 04 0A 13 14 54 68 61 77 n1.0...U....Thaw
  05F0: 74 65 20 43 6F 6E 73 75 6C 74 69 6E 67 20 63 63 te Consulting cc
  0600: 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 74 69 1(0&..U....Certi
  0610: 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 63 65 fication Service
  0620: 73 20 44 69 76 69 73 69 6F 6E 31 19 30 17 06 03 s Division1.0...
  0630: 55 04 03 13 10 54 68 61 77 74 65 20 53 65 72 76 U....Thawte Serv
  0640: 65 72 20 43 41 31 26 30 24 06 09 2A 86 48 86 F7 er CA1&0$..*.H..
  0650: 0D 01 09 01 16 17 73 65 72 76 65 72 2D 63 65 72 ......server-cer
  0660: 74 73 40 74 68 61 77 74 65 2E 63 6F 6D [email protected]
  *** ServerHelloDone
  [read] MD5 and SHA1 hashes: len = 4
  0000: 0E 00 00 00 ....
  *** Certificate chain
  JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
  *** ClientKeyExchange, RSA PreMasterSecret, v3.1
  Random Secret: { 3, 1, 183, 52, 32, 171, 15, 252, 104, 26, 122, 4, 33, 152, 207, 169, 53, 3, 54, 92, 207, 235, 108, 124, 43, 137, 189, 40, 155, 244, 16, 195, 171, 111, 45, 24, 118, 251, 161, 5, 255, 221, 102, 77, 136, 92, 253, 146 }
  [write] MD5 and SHA1 hashes: len = 141
  0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 E7 73 AF ..............s.
  0010: 77 3C B9 37 C3 23 58 BB 44 7E B0 E1 EE D1 6F 37 w<.7.#X.D.....o7
  0020: E9 C2 CB CD 5B 36 80 61 76 69 28 FA 66 E5 19 31 ....[6.avi(.f..1
  0030: AF C5 CE 1D D0 B1 C0 A3 31 D4 2E 1A DB 1E CC 21 ........1......!
  0040: 7F B9 9F 8C 6A B8 4C 43 50 78 95 CF 51 E3 9E 97 ....j.LCPx..Q...
  0050: BF 07 DC 25 DE 56 D7 A5 7C D7 7D 5C D4 47 16 5D ...%.V.....\.G.]
  0060: 54 FC FE 6C D8 C7 17 AB 18 A0 EE 31 B6 38 10 29 T..l.......1.8.)
  0070: C4 D6 75 5B DB 1F B2 2B 20 28 40 C5 96 E4 E3 7A ..u[...+ (@....z
  0080: 5C D6 85 C3 03 05 F5 38 FE 34 72 EF 3F \......8.4r.?
  main, WRITE: SSL v3.1 Handshake, length = 141
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 B7 34 20 AB 0F FC 68 1A 7A 04 21 98 CF A9 ...4 ...h.z.!...
  0010: 35 03 36 5C CF EB 6C 7C 2B 89 BD 28 9B F4 10 C3 5.6\..l.+..(....
  0020: AB 6F 2D 18 76 FB A1 05 FF DD 66 4D 88 5C FD 92 .o-.v.....fM.\..
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 3F 84 09 08 2B 04 F4 67 36 6E 63 80 A2 84 16 02 ?...+..g6nc.....
  0010: C5 70 5B 69 04 85 F9 72 8E 7A 2C CB 9C BC 84 64 .p[i...r.z,....d
  Server Nonce:
  0000: 3F 84 09 08 02 CF ED 36 65 77 74 21 3B 36 38 6F ?......6ewt!;68o
  0010: AA 6E 5C 81 B2 43 7C 2E BB 99 F7 1B D8 C5 15 E8 .n\..C..........
  Master Secret:
  0000: 92 AB 4A D6 D4 F1 35 46 3D F8 20 64 7D 0D 1D 3C ..J...5F=. d...<
  0010: 6D 12 61 D7 B6 21 1D F9 9E F2 A3 1E C8 72 16 48 m.a..!.......r.H
  0020: 7E EB ED BD 71 66 89 36 8D A4 AA 30 A7 B6 F9 E3 ....qf.6...0....
  Client MAC write Secret:
  0000: FB B5 C5 28 A0 EF A9 2C 6F 6E 9A 8E 46 21 F8 5D ...(...,on..F!.]
  0010: 21 3A F3 5A !:.Z
  Server MAC write Secret:
  0000: AC B4 8C 0C 19 E9 70 87 86 2C 88 19 74 96 CB 86 ......p..,..t...
  0010: E1 57 28 D0 .W(.
  Client write key:
  0000: 67 8C 40 8A 0E F6 66 02 AA 57 A9 46 3E 4C 2B 0B [email protected]>L+.
  Server write key:
  0000: 39 79 50 0C 26 2A 0C 06 34 57 9F D0 ED 9E 76 1A 9yP.&*..4W....v.
  ... no IV for cipher
  main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
  JsseJCE: Using JSSE internal implementation for cipher RC4
  *** Finished, v3.1
  verify_data: { 2, 131, 239, 184, 3, 52, 180, 31, 246, 47, 142, 241 }
  [write] MD5 and SHA1 hashes: len = 16
  0000: 14 00 00 0C 02 83 EF B8 03 34 B4 1F F6 2F 8E F1 .........4.../..
  Plaintext before ENCRYPTION: len = 36
  0000: 14 00 00 0C 02 83 EF B8 03 34 B4 1F F6 2F 8E F1 .........4.../..
  0010: E8 92 3D 1E 0C A5 0A B2 E3 71 7A E9 02 41 91 20 ..=......qz..A.
  0020: 30 86 A2 47 0..G
  main, WRITE: SSL v3.1 Handshake, length = 36
  waiting for close_notify or alert: state 1
  Exception while waiting for close java.net.SocketException: Software caused connection abort: JVM_recv in socket input stream read
  main, SEND SSL v3.1 ALERT: warning, description = close_notify
  Plaintext before ENCRYPTION: len = 22
  0000: 01 00 BD 94 A3 63 BB DA 73 4F 7A 85 4B 79 25 76 .....c..sOz.Ky%v
  0010: 8B 08 0F FF CE FC ......
  main, WRITE: SSL v3.1 Alert, length = 22
  java.net.SocketException: Software caused connection abort: JVM_recv in socket input stream read
       at java.net.SocketInputStream.socketRead0(Native Method)
       at java.net.SocketInputStream.read(SocketInputStream.java:116)
       at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(DashoA6275)
       at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(DashoA6275)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.g(DashoA6275)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
       at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1344)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
       at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:779)
       at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2179)
       at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2534)
       at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1047)
       at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:638)
       at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:500)
       at kws.testing.out.HTTPClient.main(HTTPClient.java:60)
  Exception in thread "main"
  Does someone have an idea on how to get client authentication (without password) work?
  regards,
  Kenneth

  ... no IV for cipher
  This line is in my debug and the debug posted in the original message.
  Am having the same problem of accessing a page with a Client Side Cert that uses a password. I get debug that has the "no IV for cipher" message. It does not throw
  an exception, but gets a 403 from server.
  Does anyone know? Will a Client Side Cert with a Symmetric Key work in Java APIs?
  I load the .pfx cert into a Java KeyStore and send this to Apache HTTPClient.

• Negotiate Authentication Not working for Outlook

  This is a very odd situation so bear with me when explaining this.
  I have several users scattered out in different remote offices that are haveing authentication issues in outlook 2007 when trying to connect to our exchange 2010 public folder servers (CAS).  When the users open outlook it constantly sits at trying
  to connect and eventually locks the machine up until you use the task manager to close outlook.  I have only determined this is a public folder issue because if you hold down the cntrl key and right click on the outlook icon in the taskbar (next to clock) you
  get and option to see connection status.  This shows the server name (one of the CAS) and the type as public folder and the connection status is empty. 
  We opened a microsoft ticket on this and they said it was a client side issue because we have 1700 users connection to the same set of servers with out issues.  Well we have reimaged the users desktop, replaced all cableing from the user to the switch,
  and confirmed the IOS on the routers matches other offices that are working.   Still the same problem.
  Heres the kicker!  This problem does not effect other users in the same office and if this paticular user logs into another machine the same problem happens.  But if she accesses her mailbox from Web Access she has no problems and if I log this
  user on here at our home office on the same LAN as the Exchange system she has no issues.
  But wait theres more.  We have deleted the user's mailbox and LAN account.  Created a new mailbox and LAN account with a similar name not the same one and when I log on to her machine exacte same issue.  I have removed all antivirus software
  from the machine and still have the same problem.  
  Not until we ran wireshark on her machine did I start seeing some ntlm authentication issues to the exchange system. We manually changed outlook from Negotiate Authentication to  Password Authenticatoin (NTLM) and viola her email started syncing??? 
  When i change this setting on the other users they connect also. But why are we not haveing to change this on the other 1700 users?
  Can anyone please offer some insite in to what the hell is causing this and why it seem to follow the user around.  I have been troubleshooting this for weeks and am so frustrated because it just doesnt make any sense. 
  Thankyou to anyone willing to provide any ideas into what could be causing this.  When we opened a Microsoft ticket they were convinced that its client side but I have replaced everything.

  Hello,
  if you using OAW (Outlook AnyWhere) check the authentication method
  get-OutlookAnywhere -Identity "<Servername>xpv00645\RPC (Default Web Site)" | fl *AuthenticationMethod*
  I think it is set of NTLM or Negotiate.
  Outlook 2007 has negotiate
  problems at an OAW connection
  authentication.
  Change the authentication to NTLM for
  the internal and Basic for the extenal method.
  You need to reconfigure the Outlook Exhange settings to anonymous authentication and in the proxy settings to default authentication

• Apple ID authentication not working

  Last year, I changed my e-mail address to reflect my married name. My old Apple ID was my maiden name e-mail address (I'll call it KR for short), and my new Apple ID (KT for short) is my new e-mail address. I assume I must have just updated my e-mail address with my existing Apple ID account (and therefore changed my "Apple ID," since it's just my e-mail address), as opposed to creating an entirely new Apple ID account, though I can't remember for sure. Up until yesterday, the "merged" account (some things purchased under KR, some newer things under KT) worked fine, and all of it responded to the Apple ID and password for KT.
  Suddenly, yesterday, when I tried to play movies that were purchased before my e-mail switch from iTunes on my computer , it said my computer wasn't authorized to play KR purchases, and asked for the password. (When I test my purchased music, some of which I know I purchased before I changed my e-mail address, this does not happen). I tried every conceivable password, and then clicked "Forgot." There are two options when you've forgotten your Apple ID password: have reset instructions e-mailed to you, or answer your security questions.
  When I select the e-mail option, I don't receive an e-mail (either to my KR or my KT address--and I have checked my Spam folders). When I tried to answer my security questions, it first asks for your birthdate--and when I entered mine, it said it didn't match what Apple has on file. I've repeated this process two days in a row now.
  Oddly, I can still stream these movies to my Apple TV--it doesn't ask me to re-authenticate there (but I'm afraid it's only a matter of time, since the Apple TV does occasionally, and seemingly randomly, ask me to re-enter my password). My problem is that I can't play them on my computer, and I'm effectively locked out of my KR account. It's not asking for re-authentication on music, nor for the two movies I've purchased since switching over to KT.
  Why might I be locked out of the KR account (not receiving password e-mails and not accepting my date of birth), and how can I re-gain access to my movies? While I'm at it, I would like to merge the KR and KT accounts, so that everything falls under KT and I don't have these differentiated access problems in the future. Thanks so much in advance!

  Hmmmm... would appear that you need to be actually logged in to enable the additional menu features.
  Have you tried deletting the plists for MAS?
  This page might help you out...
  http://www.macobserver.com/tmo/answers/how_to_identify_and_fix_problems_with_the _mac_app_store
  Failing that, I will have to throw this back to the forum to see if anyone else can advise further.
  Let me know how you get on?
  Thanks.

• Realm authentication not working for usergroups

  Hi...
  I have a server running 10.4.3 (8F46). I'm running one web site, and also some AFP shares. This server is bound to our corporate Active Directory server.
  I'm positive the AD integration works because my AFP shares use AD users and groups for their permissions. All but one AFP share uses an AD group for permissions. AD users are in an AD group, and they can log in to the share. It works.
  Anyways.... I want my one web site to be protected, and I'd like only one AD group to be able to access it. I am familiar with Apache from FreeBSd and OpenBSD. In ServerAdmin, I created a web site, and it works. I then created a realm, and added one AD user to the users pane. From the browser, I can connect to the web site after I authenticate as the AD user (annoyingly, I have to prepend my AD domain and a backslash to my username). My AD user can connect and view the web page.
  When I add an AD group to the groups pane, none of the member users can authenticate properly. If I remove the above user from the user pane, and add a group (containing said user) to the group pane, that user can no longer log in.
  I've consulted the 10.4 server documentation; the WebServices pdf does not get into details with realm authentication, and covers it mostly in conjunction with WebDAV.
  I find it odd that an AD user can connect when specified as a user entry, but not from within a group. It's almost as if authenticating to AD groups is broken in Apple's implementation of Apache.
  Has anyone else set up authentication with websites? Ever done it with Active Directory?
  Thanks
  /eric

  This is not limited to Active Directory as I have been unable to use groups for realm authentication with OpenLDAP either (on 10.3.9).
  I assumed it would be fixed in 10.4 but I see it has not.

• Integrated Authentication not working for firefox 31 and above for NTLMv2

  Users browsing from a Citrix session are being asked to authenticate using Firefox on newer versions (31-35) as they used to pass authentication transparently via NTLMv2 in earlier versions. This does not happen on IE so wondering what to do to get this working again for Firefox users.
  Did release 31 also remove by accident ntlmv2 capability? If so, when and where is a fix to correct it. Fine to remove pre-ntlmv2 versions but dont break ntlmv2

  I would like to bump this and I am wondering if this was ever solved. My only difference is at one point I had it working with http but ended up reinstalling using https. I get access denied but when I type in my username and password and it goes in fine.
  There is a cert on the website
  I have changed NTFS permissions
  Made sure NTLM was on top
  Website is in the local intranet zone
  On the server itself that hosts the webconsole I can get in fine.