Algorithm RSA
Hi,
Since the 1 of January, 2011 all portuguese invoices must be signed up digitally and registered.
We have come up to the following solution:
With the help of OPENSSL generate a private key:
OPENSSL GENRSA -OUT privatekey.PEM 1024
It must fulfill the following requisites of RSA algorithm:
-> Format = x.509
-> Charset = UTF-8
-> Encoding = Base-64
-> Endianess = Little Endian
-> OAEP Padding = PKCS1 v1.5 padding
-> Length private key = 1024 bytes
-> Mensage Format Hash = SHA-1
Then on the basis of the private key a public key should be generated:
OPENSSL RSA -IN privatekey.PEM - OUT publickey.PEM -OUTFORM PEM -PUBOUT
With the help pf the HOST command I create the signatures for the invoice registry:
cmd> echo TEXT.TXT | openssl dgst -sha1 -sign privatekey.pem | openssl enc -base64
where the file TEXT.TXT is: "2010-05-18;2010-05-18T11:22:19;FAC 001/14;3.12;"
It has been an horrible, but efficient solution.
It functions well when you register an invoice, but it gets complicated when you want to verify if the signatures are correct.
Reasons:
- You have to filter all the documents and all the registries must execute the Host command in the background.
The command will open and create files for each verification.
When you delete these files it continues in the registry...
What I´m asking is whether there is a better, more efficient way to generate signatures in pl/sql as well as their verification?
Regards
Jomar
Hi Jomar,
correct me if I'm wrong, but from your post it looks like what you are doing is capturing the ouput from an OS command to manipulate within the database. If you search this forum or google for something like "execute OS command from PL/SQL" you will get lots of hits. Also, have you searched to see if there is a java based equivalent to openssl which could be compiled in and called from the Oracle database.
Andre
Similar Messages
-
Error Https SOAP Adapter:NoSuchAlgorithmException: No such algorithm: RSA
Hi,
I'm using a SOAP Adapter Receiver to integrate a file to an External WS (with HTTPS). But when I tried to execute It I got the following error:
Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: Unable to encrypt preMasterSecret: java.security.NoSuchAlgorithmException: No such algorithm: RSA: iaik.security.ssl.SSLException: Unable to encrypt preMasterSecret: java.security.NoSuchAlgorithmException: No such algorithm: RSA
SOAP: call failed: iaik.security.ssl.SSLException: Unable to encrypt preMasterSecret: java.security.NoSuchAlgorithmException: No such algorithm: RSA
I think It is a problem with the creation of the secure channel of HTTPS.
Any tip is very welcome!!
Thanks
Martinhttp://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppA
there is not much info to find about who provides for RSA.RSA is already implemented in the Crypto-Provider by Sun. You don't have to laod a special provider.
The following sample is just enough:
Cipher cipher = Cipher.getInstance("RSA");Jan -
when i try to call the Cipher.getInstance("RSA") method, i get a runtime error:
Exception in thread "main" java.security.NoSuchAlgorithmException: No such algor
ithm: RSA
at javax.crypto.SunJCE_b.c(DashoA6275)
at javax.crypto.SunJCE_b.a(DashoA6275)
at javax.crypto.Cipher.getInstance(DashoA6275)
at Crypto.main(Crypto.java:21)
the jce api says that rsa is implemented, please help.That's make sence. Your applet doesn't work because of the security restrictions for the unsigned applets.
Even sun's provider are in the same restrictions as any 3rd party. So, you have to sign your applet anyway and deploy it together with the JCE provider because there is no warranty that JCE provider will be installed on the user's machine (cos' it is only included into JRE 1.4, but not before). -
Digital Signature Certificate algorithm
Hi Friends
Please clarify below points as we are planning to use SHA 256 algorithm with digital certificate while signing using SECULIB libraray.
1) Does SAP support SHA 256 algorithm , if yes doesnt any additional library files are required.
2) Does SAP support SHA 256 algorithm differently from ECC6
Thanks
LavanyaPlease check the below notes:
[Note 455033 - SAPCRYPTOLIB versions, bugs and fixes|https://service.sap.com/sap/support/notes/455033]
[Note 991968 - Value list for login/password_hash_algorithm|https://service.sap.com/sap/support/notes/991968]
Following Algorithms are provided by SAPCryptolib
1. Under HASH Algorithms:
RSA-MD2 OID 1.2.840.113549.2.2, NULL parameter
RSA-MD4 OID 1.2.840.113549.2.4, NULL parameter
RSA-MD5 OID 1.2.840.113549.2.5, NULL parameter
NIST-SHA OID 1.3.14.3.2.18, NULL parameter
SHA-1 OID 1.3.14.3.2.26, NULL parameter
md2 Same algorithm as RSA-MD2
md4 Same algorithm as RSA-MD4
md5 Same algorithm as RSA-MD5
RIPEMD-160 OID 1.3.36.3.2.1, NULL parameter
ripemd160 Same algorithm as RIPEMD-160
sha Same algorithm as NIST-SHA
sha1 Same algorithm as SHA-1
For more details on which algo.s are supported and provided by SAPCryptolib, please check the following links:
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/e186c590-0201-0010-af8d-a2697dee13c0
[Secure System Management FAQ|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/a0b60eb4-a1fa-2b10-58b6-b83ed4d3ff82]
Regards,
Dipanjan -
Issue with configuring RSA 9.1 connector
Oracle Web logic Version 10.3.0.0
JDK JDK160_10
Oracle Identity Manager 9.1.0.2 bp11
OIM OS Windows 2003-R2-sp2-64bit
Processor AMD
RSA OS Windows 2003-R2-sp2-64bit
Processor AMD
JDK JDK150_04
RSA Auth manager 7.1
Could not communicate with the target system. javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
These are the SSL logs from xel-log when I try to run a schedule task RSA recon.
2010-10-06 08:21:18,118 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSALookupRecon : init():: STARTED
2010-10-06 08:21:18,118 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : ITResource:: STARTED
2010-10-06 08:21:18,149 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : ITResource : IT Resource Key :142
2010-10-06 08:21:18,165 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : ITResource:: FINISHED
2010-10-06 08:21:18,196 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : OIMUtil():: STARTED
2010-10-06 08:21:18,212 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : OIMUtil():: FINISHED
2010-10-06 08:21:18,212 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: STARTED
2010-10-06 08:21:18,212 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap() : LookUpName : Lookup.RSA.AuthManager.Configuration
2010-10-06 08:21:18,243 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: FINISHED
2010-10-06 08:21:18,243 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: STARTED
2010-10-06 08:21:18,243 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap() : LookUpName : Lookup.RSA.AuthManager.LookupReconMapping
2010-10-06 08:21:18,259 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: FINISHED
2010-10-06 08:21:18,259 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: STARTED
2010-10-06 08:21:18,259 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap() : LookUpName : Lookup.RSA.AuthManager.Constants
2010-10-06 08:21:18,274 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: FINISHED
2010-10-06 08:21:18,274 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: STARTED
2010-10-06 08:21:18,274 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap() : LookUpName : Lookup.RSA.AuthManager.ITResourceMapping
2010-10-06 08:21:18,290 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getLookUpMap():: FINISHED
2010-10-06 08:21:18,290 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : getScheduledTaskDetails():: STARTED
2010-10-06 08:21:18,306 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : getScheduleTaskKey():: STARTED
2010-10-06 08:21:18,337 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : getScheduleTaskKey():: FINISHED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : getScheduledTaskDetails():: FINISHED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : validateMandatoryTaskAttrs():: STARTED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ScheduledTask : validateMandatoryTaskAttrs():: FINISHED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getITResourceKey():: STARTED
2010-10-06 08:21:18,352 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getITResourceKey() : ITResource Name = RSA Server Instance
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getITResourceKey() : tcresultSet.getRowCount() = 1
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.dao.OIMUtil : getITResourceKey():: FINISHED
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : validateMandatoryITResource():: STARTED
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.vo.ITResource : validateMandatoryITResource():: FINISHED
2010-10-06 08:21:18,368 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.usermgmt.tasks.RSALookupRecon : execute():: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection():: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Setting connection properties...
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: SecurityPrincipal
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setSecurityPrincipal
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: SecurityCredentials
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setSecurityCredentials
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: InitialContextFactory
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setInitialContextFactory
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: ProviderURL
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setProviderURL
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Bean Method: TargetClass
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.common.util.Util : getMethodName:: FINISHED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : Method name: setTargetClass
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties():: STARTED
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup code value: Command Client Password
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup decode value: SecurityCredentials
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup code value: Command Client UserID
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup decode value: SecurityPrincipal
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup code value: Provider URL
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup decode value: ProviderURL
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup code value: JNDI Factory Class
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties() : Lookup decode value: InitialContextFactory
2010-10-06 08:21:18,384 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : getITRCustomProperties():: FINISHED
2010-10-06 08:21:18,805 | DEBUG | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : CommandTarget initialized...
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | ====================================================
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection() : javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | ====================================================
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | ================= Start Stack Trace =======================
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | oracle.iam.connectors.rsaauthmgr.common.connection.RSAConnection : createConnection()
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | Description : javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | com.rsa.common.SystemException: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
2010-10-06 08:21:23,194 | ERROR | QuartzWorkerThread-1 | OIMCP.RSAM | ================= End Stack Trace =======================
Edited by: 800558 on Oct 6, 2010 12:02 PMThese are the server logs
####<Oct 6, 2010 9:14:39 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <> <main> <> <> <> <1286374479421> <BEA-000000> <Enabled muxing IO for SSL in server>
weblogic.debug.DebugSecuritySSL = true
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612532> <BEA-000000> <SSLContextManager: initializing SSL context for channel DefaultSecure>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612532> <BEA-000000> <Use Certicom SSL with Domestic strength>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612547> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacSHA1>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612547> <BEA-000000> <Will use default Mac for algorithm HmacSHA1>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612547> <BEA-000000> <Ignoring not supported JCE Mac: SunJCE version 1.6 for algorithm HmacMD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612547> <BEA-000000> <Will use default Mac for algorithm HmacMD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612610> <BEA-000000> <Ignoring not supported JCE KeyAgreement: SunJCE version 1.6 for algorithm DiffieHellman>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612610> <BEA-000000> <Will use default KeyAgreement for algorithm DiffieHellman>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612610> <BEA-000000> <Will use default KeyAgreement for algorithm ECDH>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DESede/CBC/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm DES/CBC/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm AES/CBC/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RC4>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612625> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612641> <BEA-000000> <SSL Session TTL :90000>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612641> <BEA-000000> <DefaultHostnameVerifier: allowReverseDNS=false>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612641> <BEA-000000> <SSL enableUnencryptedNullCipher= false>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612641> <BEA-000000> <SSLContextManager: loading server SSL identity>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612657> <BEA-000000> <Loaded public identity certificate chain:>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612657> <BEA-000000> <Subject: CN=S02AOIMD03, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US; Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612657> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612719> <BEA-000000> <SSLContextManager: loaded 4 trusted CAs from D:\bea\WLSERV~1.3\server\lib\DemoTrust.jks>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <SSLContextManager: reusing SSL context of channel DefaultSecure>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <DynamicSSLListenThread[DefaultSecure[1]] 21 cipher suites enabled:>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <DynamicSSLListenThread[DefaultSecure] 21 cipher suites enabled:>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <TLS_RSA_WITH_RC4_128_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612953> <BEA-000000> <TLS_RSA_WITH_RC4_128_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_RC4_128_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_RC4_128_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_AES_128_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_AES_128_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_AES_256_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_AES_256_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_RC4_56_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_RC4_56_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT_WITH_RC4_40_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_RSA_EXPORT_WITH_RC4_40_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612969> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_3DES_EDE_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_RC4_128_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_RC4_128_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_WITH_DES_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_RC4_40_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_RC4_40_MD5>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure[1]]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA>
####<Oct 6, 2010 9:16:52 AM CDT> <Debug> <SecuritySSL> <S02AOIMD03> <AdminD03> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1286374612985> <BEA-000000> <TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA> -
Hi guys could somebody tell me if iaik support keyfactory for rsa?
Apparently no, infact
try{
java.security.KeyFactory fact = java.security.KeyFactory.getInstance ( " RSA" , "IAIK");
}throw a java.security.NoSuchAlgorithmException: no such algorithm: RSA for provider IAIK.
Could somebody help me? Suggest?
thanks in advacne.Interesting, I can get this to work(I'm using java 1.4.2 and iaik_jce.jar). Maybe you have bad version of your jar file.
import iaik.security.provider.IAIK;
import java.security.KeyFactory;
import java.security.Security;
public class temp {
* @param args
public static void main(String[] args) {
Security.addProvider(new IAIK());
try {
KeyFactory kf = KeyFactory.getInstance("RSA", "IAIK");
System.out.println(kf.getAlgorithm());
} catch (Exception e) {
e.printStackTrace();
} -
Encrypt electronic billing chain with MD5-RSA 1024 for Mexico rules
Hi,
I'm working in a task to create electronic billing for Mexico Rules, to do this; I need to use programs that will encrypt the source information.
For this reason, I'm looking how to use the method RSA with MD5 Encryption 1024 in some information that is stored in an Oracle Data Base.
All this is for the new legislations rules in Mexico to use electronic billing.
Please, if you have any reference about this, let me know.
Thanks and regards.Hi Justin,
Tks for you answer.
Look, there are 2 steps where I’m working:
1. - First I need to use the MD5 to sign the original source chain that contains all the information of the electronic billing; then after obtain the sign,
2. - I need to encrypt the data using the encryption algorithm RSA of 1024 bits.
All this is the complement to give a valid electronic billing.
I will review the package that you mentioned, but if you have any other reference about this I will appreciate it.
Regards. -
HTTPS SSL Certificate Signed using Weak Hashing Algorithm
I am support one client for, whom falls under Security scans mandatory for new implementation of ASA 5520 device . The client uses Nessus Scan and the test results are attached
The Nessus scanner hit on 1 Medium vulnerabilities, Could you pls review the statement and provide work around for the same.
Nessus Scanner reports
Medium Severity Vulnerability
Port : https (443/tcp)
Issue:
SSL Certificate Signed using Weak Hashing Algorithm
Synopsis :
The SSL certificate has been signed using a weak hash algorithm.
Description :
The remote service uses an SSL certificate that has been signed using
a cryptographically weak hashing algorithm - MD2, MD4, or MD5. These
signature algorithms are known to be vulnerable to collision attacks.
In theory, a determined attacker may be able to leverage this weakness
to generate another certificate with the same digital signature, which
could allow him to masquerade as the affected service.
See also :
http://tools.ietf.org/html/rfc3279
http://www.phreedom.org/research/rogue-ca/
http://www.microsoft.com/technet/security/advisory/961509.mspx
http://www.kb.cert.org/vuls/id/836068
Solution :
Contact the Certificate Authority to have the certificate reissued.
Plugin Output :
Here is the service's SSL certificate :
Subject Name:
Common Name: xxxxxxxxxx
Issuer Name:
Common Name: xxxxxxxxxx
Serial Number: D8 2E 56 4E
Version: 3
Signature Algorithm: MD5 With RSA Encryption
Not Valid Before: Aug 25 11:15:36 2011 GMT
Not Valid After: Aug 22 11:15:36 2021 GMT
Public Key Info:
Algorithm: RSA Encryption
Public Key: 00 AA AB 57 9C 74 FF E9 FB 68 E1 BF 69 90 8E D2 65 7F DF 40
D6 F6 29 E7 35 5E 16 FB 76 AA 03 3F 47 07 5A D0 6D 07 E0 EC
06 7E D4 9A 43 C6 B3 A6 93 B7 76 CC 58 31 25 36 98 04 30 E6
77 56 D7 C3 EE EF 7A 79 21 5E A0 78 9B F6 1B C5 E6 2A 10 B5
CB 90 3D 6D 7C A0 8D B1 B8 76 61 7F E2 D1 00 45 E2 A1 C7 9F
57 00 37 60 27 E1 56 2A 83 F5 0E 48 36 CC 61 85 59 54 0C CB
78 82 FB 50 17 CB 7D CD 15
Exponent: 01 00 01
Signature: 00 24 51 24 25 47 62 30 73 95 37 C4 71 7E BD E4 95 68 76 35
2E AF 2B 4A 23 EE 15 AF E9 09 93 3F 02 BB F8 45 00 A1 12 A9
F7 5A 0C E8 4D DB AE 92 70 E4 4C 24 10 58 6B A9 87 E1 F0 12
AE 12 18 E8 AB DF B9 02 F7 DA BE 3C 45 02 C4 1E 81 44 C2 74
25 A2 81 E7 D6 38 ED B9 66 4C 4A 17 AC E3 05 1A 01 14 88 23
E8 9F 3B 5C C5 B8 13 97 27 17 C3 02 5F 6E 7C DB 4C D3 65 B5
C5 FC 94 62 59 04 E7 7E FB
CVE :
CVE-2004-2761
BID :
BID 11849
BID 33065
Other References :
OSVDB:45106
OSVDB:45108
OSVDB:45127
CWE:310
Nessus Plugin ID :
35291
VulnDB ID:
69469
and try with configure the ssl encryption method with " ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 rc4-md5" but it throws the same issue.
Here is ASA log
7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxx/2586
6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2586
6|Oct 19 2011 01:59:34|725007: SSL session with client production:xxxxxxxx/2586 terminated.
6|Oct 19 2011 01:59:34|302014: Teardown TCP connection 3201 for production:xxxxxxx/2586 to identity:xxxxxx/443 duration 0:00:00 bytes 758 TCP Reset-I
6|Oct 19 2011 01:59:34|302013: Built inbound TCP connection 3202 for production:xxxxxxxxxxx/2587 (xxxxxxxxx/2587) to identity:xxxxxx/443 (xxxxxxx/443)
6|Oct 19 2011 01:59:34|725001: Starting SSL handshake with client production:xxxxxxxxxxx/2587 for TLSv1 session.
7|Oct 19 2011 01:59:34|725010: Device supports the following 4 cipher(s).
7|Oct 19 2011 01:59:34|725011: Cipher[1] : DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[2] : AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[3] : AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[4] : RC4-MD5
7|Oct 19 2011 01:59:34|725008: SSL client production:xxxxxxxxx/2587 proposes the following 26 cipher(s).
7|Oct 19 2011 01:59:34|725011: Cipher[1] : ADH-AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[2] : DHE-RSA-AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[3] : DHE-DSS-AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[4] : AES256-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[5] : ADH-AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[6] : DHE-RSA-AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[7] : DHE-DSS-AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[8] : AES128-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[9] : ADH-DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[10] : ADH-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[11] : EXP-ADH-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[12] : ADH-RC4-MD5
7|Oct 19 2011 01:59:34|725011: Cipher[13] : EXP-ADH-RC4-MD5
7|Oct 19 2011 01:59:34|725011: Cipher[14] : EDH-RSA-DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[15] : EDH-RSA-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[16] : EXP-EDH-RSA-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[17] : EDH-DSS-DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[18] : EDH-DSS-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[19] : EXP-EDH-DSS-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[20] : DES-CBC3-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[21] : DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[22] : EXP-DES-CBC-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[23] : EXP-RC2-CBC-MD5
7|Oct 19 2011 01:59:34|725011: Cipher[24] : RC4-SHA
7|Oct 19 2011 01:59:34|725011: Cipher[25] : RC4-MD5
7|Oct 19 2011 01:59:34|725011: Cipher[26] : EXP-RC4-MD5
7|Oct 19 2011 01:59:34|725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client production:xxxxxxxxxx/2587
6|Oct 19 2011 01:59:34|725002: Device completed SSL handshake with client production:xxxxxxxxx/2587
HHi Ramkumar,
The report is complaining that the Certificate Authority who signed the ID certificate presented by the ASA used a weak hashing algorithm. First, you need to determine who signed the certificate.
If the certificate is self-signed by the ASA, you can generate a new certificate and use SHA1 as the hashing algorithm. To do this, the ASA needs to be running a software version that is at least 8.2(4) (8.3 and 8.4 software also support SHA1).
If the certificate is signed by an external CA, you need to contact them and ask them to sign a new certificate for you using SHA instead of MD5.
The links you posted have more information on this as well. Hope that helps.
-Mike -
HTTPs connection from SAP WebAS
Hello,
I have to establish a connection from SAP WebAS to an iSaSiLk server via HTTPS.
The iSaSiLk authentication is based on client certificates.
I've created a SSL client PSE, generated the Certificate Request, imported the certificate response and the chain of certificates associated with no errors. When testing the connection we're getting the following error message:
SAP icm log:
[Thr 1087400256] ->> SapSSLSessionInit(&sssl_hdl=0x2aaaba679980, role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT))
[Thr 1087400256] <<- SapSSLSessionInit()==SAP_O_K
[Thr 1087400256] in: args = "role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT)"
[Thr 1087400256] out: sssl_hdl = 0x1a3310c0
[Thr 1087400256] ->> SapSSLSetNiHdl(sssl_hdl=0x1a3310c0, ni_hdl=22)
[Thr 1087400256] NiIBlockMode: set blockmode for hdl 22 TRUE
[Thr 1087400256] <<- SapSSLSetNiHdl(sssl_hdl=0x1a3310c0, ni_hdl=22)==SAP_O_K
[Thr 1087400256] ->> SapSSLSetSessionCredential(sssl_hdl=0x1a3310c0, &cred_name=0x1a49e4e0)
[Thr 1087400256] SapISSLComposeFilename(): Filename = "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] <<- SapSSLSetSessionCredential(sssl_hdl=0x1a3310c0)==SAP_O_K
[Thr 1087400256] in: cred_name = "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] ->> SapSSLSetTargetHostname(sssl_hdl=0x1a3310c0, &hostname=0x1a4a09e0)
[Thr 1087400256] <<- SapSSLSetTargetHostname(sssl_hdl=0x1a3310c0)==SAP_O_K
[Thr 1087400256] in: hostname = "<remoteServer_to_be_accessed>"
[Thr 1087400256] ->> SapSSLSessionStart(sssl_hdl=0x1a3310c0)
[Thr 1087400256] SapISSLUseSessionCache(): Creating NEW session (0 cached)
[Thr 1087400256] Tue Jan 13 10:10:22 2009
*[Thr 1087400256] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL*
[Thr 1087400256] session uses PSE file "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 536871693 (0x2000030d) = "none of the PSEs registered with hSsl can suffice the negotiated SSL cipher suite"
[Thr 1087400256] >> Begin of Secude-SSL Errorstack >>
[Thr 1087400256] ERROR in ssl3_get_certificate_request: (536871693/0x2000030d) none of the PSEs registered with hSsl can suffice
[Thr 1087400256] << End of Secude-SSL Errorstack
[Thr 1087400256] SSL_get_state() returned 0x00002150 "SSLv3 read server certificate request A"
[Thr 1087400256] No certificate request received from Server
[Thr 1087400256] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x1a3310c0)==SSSLERR_SSL_CONNECT
[Thr 1087400256] ->> SapSSLErrorName(rc=-57)
[Thr 1087400256] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT
[Thr 1087400256] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt
On the iSaSiLk server we're getting:
ssl_debug(2): Starting handshake (iSaSiLk 3.06)...
ssl_debug(2): Received v3 client_hello handshake message.
ssl_debug(2): Client requested SSL version 3.0, selecting version 3.0.
ssl_debug(2): Creating new session 11:5F:04:C9:0D:32:15:B9...
ssl_debug(2): CipherSuites supported by the client:
ssl_debug(2): SSL_RSA_WITH_RC4_128_SHA
ssl_debug(2): SSL_RSA_WITH_RC4_128_MD5
ssl_debug(2): SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): SSL_RSA_WITH_DES_CBC_SHA
ssl_debug(2): SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
ssl_debug(2): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
ssl_debug(2): SSL_RSA_EXPORT_WITH_RC4_40_MD5
ssl_debug(2): CompressionMethods supported by the client:
ssl_debug(2): NULL
ssl_debug(2): Sending server_hello handshake message.
ssl_debug(2): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_SHA
ssl_debug(2): Selecting CompressionMethod: NULL
ssl_debug(2): Sending certificate handshake message with server certificate...
ssl_debug(2): Sending certificate_request handshake message...
ssl_debug(2): Sending server_hello_done handshake message...
ssl_debug(2): IOException while handshaking: Connection closed by remote host.
ssl_debug(2): Sending alert: Alert Fatal: handshake failure
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): Closing transport...
From the iSaSiLk everything seems to be OK, but on the SAP WebAS the error "none of the PSEs registered with hSsl can suffice the negotiated SSL cipher suite" is really unclear, since the cipher chosen by the iSaSiLk is one of the ciphers sent by SAP WebAS...
Can anyone give me any suggestion?Hello Olivier,
Thanks for your answer.
I've implemented note 800240 which facilitates the PSE analysis by implementing the report ZSSF_TEST_PSE. With this report I'm able to check all the PSE content, which are:
Filename SAPSSLSPHTID.pse
PIN <no>
Signature X
Encryption X
Profile Parameter
DIR_INSTANCE /usr/sap/XID/DVEBMGS00 /usr/sap/XID/D00
sec/dsakeylengthdefault 1024
sec/libsapsecu /usr/sap/XID/SYS/exe/run/libsapcrypto.so
sec/rsakeylengthdefault 1024
ssf/name SAPSECULIB
ssf/ssf_md_alg SHA1
ssf/ssf_symencr_alg DES-CBC
ssf/ssfapi_lib /usr/sap/XID/SYS/exe/run/libsapcrypto.so
ssf2/name
ssf2/ssf_md_alg SHA1
ssf2/ssf_symencr_alg DES-CBC
ssf2/ssfapi_lib
ssf3/name
ssf3/ssf_md_alg SHA1
ssf3/ssf_symencr_alg DES-CBC
ssf3/ssfapi_lib
Environment variables
USER xidadm
SECUDIR /usr/sap/XID/DVEBMGS00/sec
PSE
Validity 18.12.2008 19:47:04 18.12.2009 19:47:04
Algorithm RSA (OID 1.2.840.113549.1.1.1)
Test signature
Signature OK
Verification OK
Test encryption
Encryption OK
Decryption OK
As you can see, the cipher algorithm used is RSA. Any suggestion... ?
An iSaSiLk server "is a Java programming language implementation of the SSLv2 (client-side), SSLv3, TLS 1.0 and TLS 1.1 protocols. It supports all defined cipher suites (except for Fortezza), including all AES and PSK cipher suites. iSaSiLk implements all standard TLS extensions, comes with an easy to use API and operates on top of the IAIK-JCE Javau2122 Cryptography Extension. iSaSiLk is highly configurable and will work with any alternative JCE implementation supported by a proper provider for supplying the required cryptographic algorithms".
Once again thanks for your answer. -
Problema with web services over ssl
I'm trying to consume a web service that require ssql. i enabled ssl debug, but i can't understand what's wrong. :-(
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Arquivos de programas\Java\jdk1.6.0_06\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x20000000000d678b79405
Valid from Tue Sep 01 09:00:00 GMT-03:00 1998 until Tue Jan 28 09:00:00 GMT-03:00 2014
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 21:00:00 GMT-03:00 1996 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:44:50 GMT-03:00 2000 until Sat May 30 07:44:50 GMT-03:00 2020
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Mon Jun 21 01:00:00 GMT-03:00 1999 until Sun Jun 21 01:00:00 GMT-03:00 2020
adding as trusted cert:
Subject: CN=ZEMA CIA DE PETROLEO LTDA, OU=GIT, O=ICP-SEFAZGO, ST=GO, C=BR
Issuer: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
Algorithm: RSA; Serial number: 0x10a
Valid from Wed Feb 14 14:58:31 GMT-03:00 2007 until Mon Feb 13 14:58:31 GMT-03:00 2012
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 21:29:00 GMT-03:00 1998 until Mon Aug 13 20:59:00 GMT-03:00 2018
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 15:46:00 GMT-03:00 2000 until Mon May 12 20:59:00 GMT-03:00 2025
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 13:16:40 GMT-03:00 2000 until Fri Feb 07 13:46:40 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 11:01:00 GMT-03:00 2000 until Sat May 17 20:59:00 GMT-03:00 2025
adding as trusted cert:
Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
Valid from Thu Mar 23 11:10:23 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 13:09:40 GMT-03:00 1999 until Sat May 25 13:39:40 GMT-03:00 2019
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
Valid from Wed Mar 22 12:54:28 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 21:00:00 GMT-03:00 1996 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 16:24:30 GMT-03:00 1999 until Sat Oct 12 16:54:30 GMT-03:00 2019
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 GMT-03:00 1999 until Tue Jun 25 21:19:54 GMT-03:00 2019
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:38:31 GMT-03:00 2000 until Sat May 30 07:38:31 GMT-03:00 2020
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:48:38 GMT-03:00 2000 until Sat May 30 07:48:38 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 13:41:51 GMT-03:00 1998 until Wed Aug 22 13:41:51 GMT-03:00 2018
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 14:39:16 GMT-03:00 2004 until Thu Jun 29 14:39:16 GMT-03:00 2034
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 01:00:00 GMT-03:00 1999 until Sun Jun 21 01:00:00 GMT-03:00 2020
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Wed Dec 31 21:00:00 GMT-03:00 2003 until Sun Dec 31 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 09:14:45 GMT-03:00 1999 until Sun Jun 23 09:14:45 GMT-03:00 2019
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 05:00:00 GMT-03:00 2006 until Wed Dec 15 05:00:00 GMT-03:00 2021
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 14:20:00 GMT-03:00 2000 until Tue Feb 04 14:50:00 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Tue Nov 08 21:00:00 GMT-03:00 1994 until Thu Jan 07 20:59:59 GMT-03:00 2010
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 01:00:00 GMT-03:00 2002 until Sat May 21 01:00:00 GMT-03:00 2022
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 07:49:13 GMT-03:00 2001 until Tue Apr 06 07:49:13 GMT-03:00 2021
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 14:06:20 GMT-03:00 2004 until Thu Jun 29 14:06:20 GMT-03:00 2034
adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 15:10:42 GMT-03:00 1999 until Tue Jul 09 15:19:22 GMT-03:00 2019
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 14:28:50 GMT-03:00 1999 until Tue Jul 09 14:36:58 GMT-03:00 2019
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 03:00:00 GMT-03:00 2002 until Thu Nov 19 17:43:00 GMT-03:00 2037
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 14:50:51 GMT-03:00 1999 until Tue Dec 24 15:20:51 GMT-03:00 2019
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 11:50:00 GMT-03:00 1998 until Wed Aug 14 20:59:00 GMT-03:00 2013
adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 15:31:20 GMT-03:00 1999 until Tue Jul 09 15:40:36 GMT-03:00 2019
adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 15:57:21 GMT-03:00 1999 until Mon Jun 24 16:06:30 GMT-03:00 2019
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 04:29:40 GMT-03:00 2001 until Tue Apr 06 04:29:40 GMT-03:00 2021
adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 11:38:43 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1213102186 bytes = { 150, 70, 222, 91, 1, 159, 135, 122, 245, 66, 221, 50, 113, 8, 128, 154, 68, 232, 127, 215, 140, 215, 148, 147, 58, 93, 236, 23 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 10761
*** ServerHello, TLSv1
RandomCookie: GMT: 1213102414 bytes = { 186, 36, 22, 99, 140, 117, 31, 5, 231, 216, 148, 205, 190, 127, 202, 37, 111, 176, 39, 77, 137, 208, 110, 239, 167, 210, 211, 160 }
Session ID: {72, 78, 121, 78, 23, 96, 172, 97, 143, 196, 65, 95, 90, 198, 182, 217, 85, 189, 237, 255, 214, 174, 250, 18, 138, 100, 13, 130, 185, 47, 30, 194}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=homolog.sefaz.go.gov.br, OU=Equipamento A1, OU=SEFAZ, OU=Autoridade Certificadora SERPROACF, O=ICP-Brasil, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 121822830792857140980544413730208327423965418338836769494531514391506636002202311770038004646445375567736723855328246700773881808368957013969090425291780159678803518407365187798936095103086486699406270894225547100200566740997780387564247231686362223169873014182514927324634241630443664842180597672619260289963
public exponent: 65537
Validity: [From: Mon Aug 20 15:22:15 GMT-03:00 2007,
To: Tue Aug 19 15:22:15 GMT-03:00 2008]
Issuer: CN=Autoridade Certificadora do SERPRO Final v1, OU=CSPB-1, OU=Servico Federal de Processamento de Dados - SERPRO, O=ICP-Brasil, C=BR
SerialNumber: [ 32303037 30383230 31373434 35343032]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 32 38 96 C7 EE 44 64 E9 9A AA 15 5D E0 08 B4 8D 28...Dd....]....
0010: 89 47 51 A2 .GQ.
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://ccd.serpro.gov.br/lcr/serproacfv1.crl]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.4
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.2
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.3
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.7
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.8
RFC822Name: [email protected]
[4]: ObjectId: 2.5.29.37 Criticality=true
ExtendedKeyUsages [
serverAuth
clientAuth
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.76.1.2.1.16]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 39 68 74 74 70 73 3A 2F 2F 63 63 64 2E 73 65 .9https://ccd.se
0010: 72 70 72 6F 2E 67 6F 76 2E 62 72 2F 73 65 72 70 rpro.gov.br/serp
0020: 72 6F 61 63 66 2F 64 6F 63 73 2F 64 70 63 73 65 roacf/docs/dpcse
0030: 72 70 72 6F 61 63 66 2E 70 64 66 rproacf.pdf
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 5B 3B 86 9B 76 9A 9E 5A 21 53 38 A2 38 F8 53 00 [;..v..Z!S8.8.S.
0010: DA 12 46 B4 18 77 7E 12 8F A8 BE 36 DC C8 FB 50 ..F..w.....6...P
0020: 75 AA 4B 53 62 68 8A 5E 89 BB A5 96 54 75 4B DE u.KSbh.^....TuK.
0030: A5 C8 B8 85 5F 37 D5 A9 AC 9D 06 9E 31 B3 E0 E7 ...._7......1...
0040: BF AC B5 87 9F 24 AB 9D B5 C1 20 6B 63 B4 77 7E .....$.... kc.w.
0050: 83 1D 59 2F 81 B7 3D 02 45 D3 26 C4 A8 09 6E 3A ..Y/..=.E.&...n:
0060: 16 A3 0B 35 EE 06 4E 98 20 BD B3 92 90 50 C1 ED ...5..N. ....P..
0070: 2D 00 66 2D D0 C7 7D 7A 54 2B 1F 7D 68 11 C9 D8 -.f-...zT+..h...
0080: D4 45 5A 7D C4 C3 55 E6 0F 6D A1 5C D4 69 AC 04 .EZ...U..m.\.i..
0090: DB 0F FC 02 DF 63 17 17 A2 DD 9D 3E C6 6A 1E F2 .....c.....>.j..
00A0: 9B 6B 27 48 B2 52 75 8A B1 8B 6B 05 0D 7A 83 7E .k'H.Ru...k..z..
00B0: 3B 4D 5F 13 4D 69 7D 98 BF D0 29 86 43 01 1F F0 ;M_.Mi....).C...
00C0: DD D9 4D 41 D2 27 82 B3 D6 48 3B A6 CA 7B 18 21 ..MA.'...H;....!
00D0: E0 8A D0 07 EF 1F 4F 6D DA 74 BC AC 64 99 9C 80 ......Om.t..d...
00E0: FD EC 89 22 AE 18 D3 1A 1B C8 D4 D8 EC 69 80 99 ...".........i..
00F0: 43 5B 91 1C E3 28 5F 4C 51 71 F4 4D 85 01 71 E7 C[...(_LQq.M..q.
chain [1] = [
Version: V3
Subject: CN=Autoridade Certificadora do SERPRO Final v1, OU=CSPB-1, OU=Servico Federal de Processamento de Dados - SERPRO, O=ICP-Brasil, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 23659367425961339986383814473655435770305076360336120846402324294010759604691167341796796450718297422937486485989173997689009435615853573479123246742093161509679795253583183150516996100507241385700603597169864442790237544440295928051568067762067963906038465181975829517141032706152589802921982785603244093509126659971216775796468681697846064212891335993008177024582806600140619329189802486109058177503824508848203446928569492107040513868017002818333597993397664228505910643929070063949422917116775478325433437537593716368812763202859366097841062831999053298446527212103412654663554371896386629504450969081314886684871
public exponent: 58865
Validity: [From: Mon Apr 04 13:26:59 GMT-03:00 2005,
To: Mon Oct 24 20:59:00 GMT-03:00 2011]
Issuer: CN=Autoridade Certificadora do SERPRO v1, OU=Servico Federal de Processamento de Dados - SERPRO, O=ICP-Brasil, C=BR
SerialNumber: [ 32303035 30343034 31353530 35363030 3031]
Certificate Extensions: 6
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 32 38 96 C7 EE 44 64 E9 9A AA 15 5D E0 08 B4 8D 28...Dd....]....
0010: 89 47 51 A2 .GQ.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E2 8B 15 41 DB 75 39 29 BC 1C 54 7B FB 51 3F 14 ...A.u9)..T..Q?.
0010: 09 12 F2 B4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://ccd.serpro.gov.br/lcr/acserpro.crl]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.76.1.2.1.16]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 37 68 74 74 70 73 3A 2F 2F 63 63 64 2E 73 65 .7https://ccd.se
0010: 72 70 72 6F 2E 67 6F 76 2E 62 72 2F 61 63 73 65 rpro.gov.br/acse
0020: 72 70 72 6F 2F 64 6F 63 73 2F 64 70 63 61 63 73 rpro/docs/dpcacs
0030: 65 72 70 72 6F 2E 70 64 66 erpro.pdf
[CertificatePolicyId: [2.16.76.1.2.3.13]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 37 68 74 74 70 73 3A 2F 2F 63 63 64 2E 73 65 .7https://ccd.se
0010: 72 70 72 6F 2E 67 6F 76 2E 62 72 2F 61 63 73 65 rpro.gov.br/acse
0020: 72 70 72 6F 2F 64 6F 63 73 2F 64 70 63 61 63 73 rpro/docs/dpcacs
0030: 65 72 70 72 6F 2E 70 64 66 erpro.pdf
[CertificatePolicyId: [2.16.76.1.2.1.17]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 37 68 74 74 70 73 3A 2F 2F 63 63 64 2E 73 65 .7https://ccd.se
0010: 72 70 72 6F 2E 67 6F 76 2E 62 72 2F 61 63 73 65 rpro.gov.br/acse
0020: 72 70 72 6F 2F 64 6F 63 73 2F 64 70 63 61 63 73 rpro/docs/dpcacs
0030: 65 72 70 72 6F 2E 70 64 66 erpro.pdf
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
Algorithm: [SHA1withRSA]
Signature:
0000: 20 D5 4E 17 91 54 10 D5 3C 8C A0 3F F3 5D 23 FB .N..T..<..?.]#.
0010: 03 83 C8 92 59 13 58 E1 DA 37 3E B6 85 00 F2 F5 ....Y.X..7>.....
0020: C2 5E 27 DE C6 DD 30 F1 F8 8D CB DF E0 79 42 52 .^'...0......yBR
0030: E8 8A 9C C0 39 40 67 E2 32 19 05 0F C3 8A 62 7C [email protected].
0040: 44 D8 AB 1C 02 90 BF 4A 0D 85 89 D9 28 3C 19 6A D......i get a new certificate and now i'm getting the following error:
run:
keyStore is : D:\NFe\FiboNFe\Codigo\binarios\Certificados\00647154000250.p12
keyStore type is : PKCS12
keyStore provider is :
init keystore
init keymanager of type SunX509
found key for : ac sefazgo - zema cia de petroleo ltda
chain [0] = [
Version: V3
Subject: CN=ZEMA CIA DE PETROLEO LTDA, OU=GIT, O=ICP-SEFAZGO, ST=GO, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 156165028103689130512128042499152839841454193332056593988973957180679312477722424100906759434445855868490108915782950316422470489371768181578031249674215052225925638629814529894401995141383245975637710610778796528775386241354343792138837300923183596668288077189084522054268656963846045071234921096231142045503
public exponent: 65537
Validity: [From: Wed Feb 14 14:58:31 GMT-03:00 2007,
To: Mon Feb 13 14:58:31 GMT-03:00 2012]
Issuer: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
SerialNumber: [ 010a]
Certificate Extensions: 8
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 34 16 32 43 65 72 74 69 66 69 63 61 64 6F 20 .4.2Certificado
0010: 63 6C 69 65 6E 74 65 20 70 61 72 61 20 5A 45 4D cliente para ZEM
0020: 41 20 43 49 41 20 44 45 20 50 45 54 52 4F 4C 45 A CIA DE PETROLE
0030: 4F 20 4C 54 44 41 O LTDA
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 98 9E 12 CE 90 93 05 1A D5 22 DA 37 86 DE FA DF .........".7....
0010: 82 DA 3D 76 ..=v
[3]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
S/MIME
Object Signing
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR]
SerialNumber: [ fddca941 482ec9a8]
[5]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: [email protected]
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.4
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.2
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.3
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.7
[6]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://homolog.sefaz.go.gov.br/acsefazgo/acsefazgo.crl]
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 5D C2 B6 D0 46 C7 62 75 0B C9 4B 33 6C DC C9 59 ]...F.bu..K3l..Y
0010: 5E 2C C0 DB 5E 4A 1D 92 E7 07 D6 57 A8 42 F3 9C ^,..^J.....W.B..
0020: 20 73 06 2F 85 C3 7F D7 4B 9C 37 01 78 CE F5 D6 s./....K.7.x...
0030: 0A 4E 73 E3 97 D4 91 AB E5 36 FD E1 72 0A 52 81 .Ns......6..r.R.
0040: E4 7C 71 C9 ED 3B 07 CF 5F 92 23 6E BD D1 41 B4 ..q..;.._.#n..A.
0050: 0E 63 98 34 30 58 45 BC F2 8B 79 CC 42 35 C4 9E .c.40XE...y.B5..
0060: 11 60 4A 4D 18 E8 5C 5D E0 DE 00 62 92 3E 5C 3A .`JM..\]...b.>\:
0070: F8 1B 22 F3 25 0D F1 44 19 0F 4D 39 AB 28 2A D9 ..".%..D..M9.(*.
chain [1] = [
Version: V1
Subject: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 127802546146235830576140179493601283095940595321418162651326663347027489542570383903029994774550120601063051515739969496712154341918329211265045381248247800442115925457899222625312701264189136966705127659226917208209098405021110477504756857490937404558470512168426299183317779894163270945711882621802732846421
public exponent: 65537
Validity: [From: Mon Feb 12 21:49:13 GMT-03:00 2007,
To: Thu Feb 09 21:49:13 GMT-03:00 2017]
Issuer: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
SerialNumber: [ fddca941 482ec9a8]
Algorithm: [SHA1withRSA]
Signature:
0000: 9C FC A1 04 AC D5 EB E6 27 EC B3 F8 5F 77 96 C6 ........'..._w..
0010: 3D 65 8D C7 83 C4 3E 17 E3 AF D2 8C 66 48 C0 38 =e....>.....fH.8
0020: 12 41 41 18 58 92 91 6D 64 E1 8C B5 5A 3C 18 5B .AA.X..md...Z<.[
0030: E6 42 79 97 1B 50 4D 7B 49 C5 55 95 7B 73 EC 42 .By..PM.I.U..s.B
0040: A5 BE E5 A7 4A 2A 00 59 0C B3 0D B9 23 F6 D5 70 ....J*.Y....#..p
0050: 1B 9A 2B 75 97 46 25 EF 1C 7C 57 41 43 7B 37 53 ..+u.F%...WAC.7S
0060: E3 D7 BF 04 AE EA 83 26 B7 AF D2 8D 50 4B 04 60 .......&....PK.`
0070: 3A CE 5A A6 4B 0E 27 BA A6 7D 49 02 34 CD EB F6 :.Z.K.'...I.4...
trustStore is: C:\Arquivos de programas\Java\jdk1.6.0_06\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x20000000000d678b79405
Valid from Tue Sep 01 09:00:00 GMT-03:00 1998 until Tue Jan 28 09:00:00 GMT-03:00 2014
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 21:00:00 GMT-03:00 1996 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:44:50 GMT-03:00 2000 until Sat May 30 07:44:50 GMT-03:00 2020
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Mon Jun 21 01:00:00 GMT-03:00 1999 until Sun Jun 21 01:00:00 GMT-03:00 2020
adding as trusted cert:
Subject: CN=ZEMA CIA DE PETROLEO LTDA, OU=GIT, O=ICP-SEFAZGO, ST=GO, C=BR
Issuer: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
Algorithm: RSA; Serial number: 0x10a
Valid from Wed Feb 14 14:58:31 GMT-03:00 2007 until Mon Feb 13 14:58:31 GMT-03:00 2012
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 21:29:00 GMT-03:00 1998 until Mon Aug 13 20:59:00 GMT-03:00 2018
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 15:46:00 GMT-03:00 2000 until Mon May 12 20:59:00 GMT-03:00 2025
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 13:16:40 GMT-03:00 2000 until Fri Feb 07 13:46:40 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 11:01:00 GMT-03:00 2000 until Sat May 17 20:59:00 GMT-03:00 2025
adding as trusted cert:
Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
Valid from Thu Mar 23 11:10:23 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 13:09:40 GMT-03:00 1999 until Sat May 25 13:39:40 GMT-03:00 2019
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
Valid from Wed Mar 22 12:54:28 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 21:00:00 GMT-03:00 1996 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 16:24:30 GMT-03:00 1999 until Sat Oct 12 16:54:30 GMT-03:00 2019
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 GMT-03:00 1999 until Tue Jun 25 21:19:54 GMT-03:00 2019
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:38:31 GMT-03:00 2000 until Sat May 30 07:38:31 GMT-03:00 2020
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:48:38 GMT-03:00 2000 until Sat May 30 07:48:38 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 13:41:51 GMT-03:00 1998 until Wed Aug 22 13:41:51 GMT-03:00 2018
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 14:39:16 GMT-03:00 2004 until Thu Jun 29 14:39:16 GMT-03:00 2034
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 01:00:00 GMT-03:00 1999 until Sun Jun 21 01:00:00 GMT-03:00 2020
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Wed Dec 31 21:00:00 GMT-03:00 2003 until Sun Dec 31 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 09:14:45 GMT-03:00 1999 until Sun Jun 23 09:14:45 GMT-03:00 2019
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 05:00:00 GMT-03:00 2006 until Wed Dec 15 05:00:00 GMT-03:00 2021
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 14:20:00 GMT-03:00 2000 until Tue Feb 04 14:50:00 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Tue Nov 08 21:00:00 GMT-03:00 1994 until Thu Jan 07 20:59:59 GMT-03:00 2010
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 01:00:00 GMT-03:00 2002 until Sat May 21 01:00:00 GMT-03:00 2022
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 07:49:13 GMT-03:00 2001 until Tue Apr 06 07:49:13 GMT-03:00 2021
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 14:06:20 GMT-03:00 2004 until Thu Jun 29 14:06:20 GMT-03:00 2034
adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 15:10:42 GMT-03:00 1999 until Tue Jul 09 15:19:22 GMT-03:00 2019
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 14:28:50 GMT-03:00 1999 until Tue Jul 09 14:36:58 GMT-03:00 2019
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 03:00:00 GMT-03:00 2002 until Thu Nov 19 17:43:00 GMT-03:00 2037
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 14:50:51 GMT-03:00 1999 until Tue Dec 24 15:20:51 GMT-03:00 2019
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 11:50:00 GMT-03:00 1998 until Wed Aug 14 20:59:00 GMT-03:00 2013
adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 15:31:20 GMT-03:00 1999 until Tue Jul 09 15:40:36 GMT-03:00 2019
adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 15:57:21 GMT-03:00 1999 until Mon Jun 24 16:06:30 GMT-03:00 2019
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 04:29:40 GMT-03:00 2001 until Tue Apr 06 04:29:40 GMT-03:00 2021
adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 11:38:43 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1213286062 bytes = { 175, 119, 88, 156, 122, 87, 49, 44, 101, 238, 155, 248, 50, 93, 130, 181, 230, 183, 242, 175, 99, 73, 45, 213, 138, 159, 67, 2 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 48 51 47 AE AF 77 58 9C 7A 57 ...E..HQG..wX.zW
0010: 31 2C 65 EE 9B F8 32 5D 82 B5 E6 B7 F2 AF 63 49 1,e...2]......cI
0020: 2D D5 8A 9F 43 02 00 00 1E 00 04 00 05 00 2F 00 -...C........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 48 51 47 AE AF 77 58 9C 7A 57 31 2C 65 EE ..HQG..wX.zW1,e.
0050: 9B F8 32 5D 82 B5 E6 B7 F2 AF 63 49 2D D5 8A 9F ..2]......cI-...
0060: 43 02 C.
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2...
0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@.
0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................
0040: 14 00 00 11 48 51 47 AE AF 77 58 9C 7A 57 31 2C ....HQG..wX.zW1,
0050: 65 EE 9B F8 32 5D 82 B5 E6 B7 F2 AF 63 49 2D D5 e...2]......cI-.
0060: 8A 9F 43 02 ..C.
[Raw read]: length = 5
0000: 16 03 01 2A 09 ...*.
[Raw read]: length = 1447
0000: 02 00 00 46 03 01 48 51 48 9A E1 59 9B EA B2 68 ...F..HQH..Y...h
0010: 3E 94 C8 47 A5 D6 1B 61 84 A6 09 1D 59 5D 16 1E >..G...a....Y]..
0020: B2 20 9C FF 2C B2 20 48 51 48 9A 01 56 28 85 90 . ..,. HQH..V(..
0030: 5C D9 06 F0 DC B0 A4 7E DB 4C 64 25 0D 3D 4E FF \........Ld%.=N.
0040: B3 89 4D 54 E7 0E AF 00 04 00 0B 00 14 09 00 14 ..MT............
0050: 06 00 05 47 30 82 05 43 30 82 04 2B A0 03 02 01 ...G0..C0..+....
0060: 02 02 10 32 30 30 37 30 38 32 30 31 37 34 34 35 ...2007082017445
0070: 34 30 32 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 4020...*.H......
0080: 05 00 30 81 A6 31 0B 30 09 06 03 55 04 06 13 02 ..0..1.0...U....
0090: 42 52 31 13 30 11 06 03 55 04 0A 13 0A 49 43 50 BR1.0...U....ICP
00A0: 2D 42 72 61 73 69 6C 31 3B 30 39 06 03 55 04 0B -Brasil1;09..U..
00B0: 13 32 53 65 72 76 69 63 6F 20 46 65 64 65 72 61 .2Servico Federa
00C0: 6C 20 64 65 20 50 72 6F 63 65 73 73 61 6D 65 6E l de Processamen
00D0: 74 6F 20 64 65 20 44 61 64 6F 73 20 2D 20 53 45 to de Dados - SE
00E0: 52 50 52 4F 31 0F 30 0D 06 03 55 04 0B 13 06 43 RPRO1.0...U....C
00F0: 53 50 42 2D 31 31 34 30 32 06 03 55 04 03 13 2B SPB-11402..U...+
0100: 41 75 74 6F 72 69 64 61 64 65 20 43 65 72 74 69 Autoridade Certi
0110: 66 69 63 61 64 6F 72 61 20 64 6F 20 53 45 52 50 ficadora do SERP
0120: 52 4F 20 46 69 6E 61 6C 20 76 31 30 1E 17 0D 30 RO Final v10...0
0130: 37 30 38 32 30 31 38 32 32 31 35 5A 17 0D 30 38 70820182215Z..08
0140: 30 38 31 39 31 38 32 32 31 35 5A 30 81 9A 31 0B 0819182215Z0..1.
0150: 30 09 06 03 55 04 06 13 02 42 52 31 13 30 11 06 0...U....BR1.0..
0160: 03 55 04 0A 13 0A 49 43 50 2D 42 72 61 73 69 6C .U....ICP-Brasil
0170: 31 2B 30 29 06 03 55 04 0B 13 22 41 75 74 6F 72 1+0)..U..."Autor
0180 -
Weblogic app server wsdl web service call with SSL Validation error = 16
Weblogic app server wsdl web service call with SSL Validation error = 16
I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
Cannot complete the certificate chain: No trusted cert found
Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
Validation error = 16
From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
Here is how I load trustStore and keyStore in my java program:
System.setProperty("javax.net.ssl.trustStore",”cacerts”);
System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
System.setProperty("javax.net.ssl.trustStoreType","JKS");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.keyStore", keyStoreName);
System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd); System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
Here is how I create cacerts using verisign hierarchy certs (in this order)
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
Because my program is a weblogic app server, when I start the program, I have java command line options set as:
-Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.enforceConstraints=strong
That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
1. Do I create “cacerts” the correct order with right keeltool options?
2. Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
3. Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
4. Do I need to put the “cacerts” to some specific weblogic directory?
---------------------------------wsdl file
<wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp:Policy wsu:Id="TokenServices_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="true"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
<xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ITokenServices_GetUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
</wsdl:message>
<wsdl:portType name="ITokenServices">
<wsdl:operation name="GetUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="TokenServices" type="tns:ITokenServices">
<wsp:PolicyReference URI="#TokenServices_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="GetUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="TokenServices">
<wsdl:port name="TokenServices" binding="tns:TokenServices">
<soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
<wsa10:EndpointReference>
<wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
----------------------------------application log
adding as trusted cert:
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>I received a workaround by an internal message.
The how to guide is :
-Download the wsdl file (with bindings, not the one from ESR)
-Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
-Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
-Create a new logicial destination that point to the wsdl file modified
-Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
Then the received data is check by the metadata logical destination but the data is retrieved from the correct server. -
Configuring WLS to invoke a web service on SSL
Hi,
It will be really helpful if I get some pointers on this. Stuck with this without any progress. I havent experimented too much working with Certificates and so on...
I have a web service on my WLS...This has to invoke an external web service (provided by a third party).
They have given me a url for WSDL.
.p12 certificate - privateKeyEntry
.cer certificate - trustCertEntry
In my browser(IE), to display the WSDL page, I had to import this .p12 certificate in the "Personal" tab and .cer certificate in the "Trusted Root Certification Authorities" tab. It works !! I can see the WSDL.
Now I have to do a equivalent setting in WLS so that my WS invokes the external WS. I can test this with the Weblogic Test Client for my WS.
This is what I thought I had to do.
Configure Custom Identity and Custom Trust in WLS.
Custom Identity - directly used the .p12 file and specified type as PCKS12 with a password. That seems OK.
Custom Trust - Since I didnt think I could use .cer file, I imported this certificate into .jks file using the below command
keytool -import -trustcacerts -alias mykey -keystore mytrust.jks -file TestRootCert.cer -keyalg RSA
configured this .jks file as a custom truststore.
In the SSL tab, specified the alias name that existed in the PrivateKeyEntry(.p12 file) assuming this is used to identify myself to the external WS.
Set -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true in the WLS startup file just to see some more additional info.
When I invoke the external WS using the WLS test client, this is how the output on console looks..(sorry, had to edit some stuff related to company names etc.)
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSL enableUnencryptedNullCipher= false>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loading server SSL identity>
<Sep 16, 2010 5:35:02 PM CEST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias e74476a0b5a8cfce6e426c266aee9bbc_2d3fa38c-4f19-4115-b030-11acb1de5cd5 from the PKCS12 keystore file C:\PROGRA~2\Java\JDK16~1.0_2\jre\lib\security\TestPoints.p12.>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Loaded public identity certificate chain:>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Subject: [email protected], CN=Test , OU=Digital ID Class 1 - Microsoft Full Service, OU=Persona Not Validated, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Trust Network, O="VeriSign, Inc."; Issuer: CN=VeriSign Class 1 Individual Subscriber CA - G2, OU=Persona Not Validated, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Sep 16, 2010 5:35:02 PM CEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file C:\PROGRA~2\Java\JDK16~1.0_2\jre\lib\security\ebmscert.jks.>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLContextManager: loaded 1 trusted CAs from C:\PROGRA~2\Java\JDK16~1.0_2\jre\lib\security\ebmscert.jks>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Subject: CN=VeriSign Class 1 Individual Subscriber CA - G2, OU=Persona Not Validated, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US; Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<Sep 16, 2010 5:35:02 PM CEST> <Info> <WebLogicServer> <BEA-000307> <Exportable key maximum lifespan set to 500 uses.>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28972139>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <write SSL_20_RECORD>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <8413295 SSL3/TLS MAC>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <8413295 received HANDSHAKE>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 320858270326811821565694692014706744673
Issuer:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Subject:C=SE, ?=19587, ST=None, L=country, ?=Test Address, O=CompanyName Denmark-Norway-Sweden, OU=DK Wintel AS, OU=Hosted by Melbourne IT Corporate Brand Services, OU=Comodo PremiumSSL, CN=a.b.com
Not Valid Before:Thu Mar 19 01:00:00 CET 2009
Not Valid After:Sun Mar 20 00:59:59 CET 2011
Signature Algorithm:SHA1withRSA
>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 109339514828885055587748732527481675047
Issuer:C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Subject:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Not Valid Before:Tue Jun 07 10:09:10 CEST 2005
Not Valid After:Sat May 30 12:48:38 CEST 2020
Signature Algorithm:SHA1withRSA
>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 320858270326811821565694692014706744673
Issuer:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Subject:C=SE, ?=19587, ST=None, L=country, ?=Test Address, O=CompanyName Denmark-Norway-Sweden, OU=DK Wintel AS, OU=Hosted by Melbourne IT Corporate Brand Services, OU=Comodo PremiumSSL, CN=a.b.com
Not Valid Before:Thu Mar 19 01:00:00 CET 2009
Not Valid After:Sun Mar 20 00:59:59 CET 2011
Signature Algorithm:SHA1withRSA
>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 109339514828885055587748732527481675047
Issuer:C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Subject:C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Not Valid Before:Tue Jun 07 10:09:10 CEST 2005
Not Valid After:Sat May 30 12:48:38 CEST 2020
Signature Algorithm:SHA1withRSA
>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Sep 16, 2010 5:35:02 PM CEST> <Warning> <Security> <BEA-090477> <Certificate chain received from a.b.com - 194.182.249.133 was not trusted causing SSL handshake failure.>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Sep 16, 2010 5:35:02 PM CEST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
If I understood rite, the external server is sending some certificates which is not there in the WLS trust store. Is this correct?
Also tried to get these certificates into the truststore using the InstallCert.java utility class, but then I get a 403:Forbidden.
So I have no clue at the moment. Basically, my WLS acts as a client to the external WS rite? so this is a one-way SSL. IS that correct?
Can you help with some pointers please?
best regards,
MuraliHi,
I just noticed this post and it seems that I had the same problem ( [see the relevant topic|http://forums.sun.com/thread.jspa?threadID=5378686] ) -- it is now answered.
Simply follow the instructions on [this page|http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1] - note that the answer was provided by Miroslav777.
Bye
Urbas -
Help with getting Web Start working with two-way SSL
I have successfully transferred data (myclient.jnlp) utilizing web browsers (IE and Mozilla) from my web server (which is set up for two-way SSL "CLIENT-CERT" required) after using the browser's utility to "import" my client-side cert (in .p12 format).
After the browser connects and downloads the "myclient.jnlp" contents and places it in a temporary file, it then kicks off the javaws process with the temporary file as a parameter. The first thing javaws does is utilize the codebase and href values (found in the temporary file) to make a "GET" call to the server for the "myclient.jnlp" file (again).
However, this fails (with a SSL handshake error) since javaws uses a different keystore than IE - the server does not receive the client-side cert. I have imported the root CA and the client cert (in .pem format) into the $JAVA_HOME/jre/lib/security/cacerts file using the keytool command but alas my server still indicates a lack of a client-side cert.
Has anyone else tried this and got it working?Hi Richard,
Indeed it appears that the 1.5 version will have more built-in capability for client certs. It has the look of the IE browser import capability. Unfortunately, I am stuck with having to utilize 1.4.2 for the time being. Since I have posted my original message I have found more information but have yet to get it all working. The truststore in javaws 1.4.2 does have a default (the 1.4.2 jre's cacert file - stragely enough not the same one that gets updated when you import the root CA! - but this has been noted in many other threads). The javaws keystore does not have a default and I have tried, to no avail yet, to utilize some command line parameters, see http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Customization - to get my client cert "available" and recognized by javaws.
With the help of some debug flags here is the output on my javaws "output" log - all seems to go well up to the point of the client's Certificate chain (which appears to be empty), after the ServerHelloDone :
trustStore is: C:\j2sdk1.4.2_04\jre\lib\security\cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
snipped all the regular trusted certs, left my root CA as proof it is recognized...
adding as trusted cert:
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Wed May 26 16:38:59 EDT 2004 until Fri Jun 25 16:38:59 EDT 2004
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1070211537 bytes = { 205, 211, 129, 234, 88, 129, 152, 176, 223, 180, 161, 138, 246, 183, 181, 89, 61, 252, 63, 35, 21, 34, 253, 32, 254, 124, 38, 198 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 40 CA 22 D1 CD D3 81 EA 58 81 ...E..@.".....X.
0010: 98 B0 DF B4 A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 .........Y=.?#."
0020: FD 20 FE 7C 26 C6 00 00 1E 00 04 00 05 00 2F 00 . ..&........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
Thread-3, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 ..@.".....X.....
0050: A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C .....Y=.?#.". ..
0060: 26 C6 &.
Thread-3, WRITE: SSLv2 client hello message, length = 98
Thread-3, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
RandomCookie: GMT: 1070211539 bytes = { 81, 106, 82, 45, 233, 226, 89, 6, 38, 240, 71, 122, 90, 226, 255, 207, 9, 102, 205, 127, 223, 211, 4, 84, 79, 16, 101, 89 }
Session ID: {34, 167, 132, 174, 141, 4, 57, 197, 190, 207, 105, 117, 241, 9, 97, 81}
Cipher Suite: SSL_RSA_WITH_DES_CBC_SHA
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_DES_CBC_SHA]
** SSL_RSA_WITH_DES_CBC_SHA
[read] MD5 and SHA1 hashes: len = 58
0000: 02 00 00 36 03 01 40 CA 22 D3 51 6A 52 2D E9 E2 ...6..@.".QjR-..
0010: 59 06 26 F0 47 7A 5A E2 FF CF 09 66 CD 7F DF D3 Y.&.GzZ....f....
0020: 04 54 4F 10 65 59 10 22 A7 84 AE 8D 04 39 C5 BE .TO.eY.".....9..
0030: CF 69 75 F1 09 61 51 00 09 00 .iu..aQ...
Thread-3, READ: TLSv1 Handshake, length = 607
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
Found trusted certificate:
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
[read] MD5 and SHA1 hashes: len = 607
0000: 0B 00 02 5B 00 02 58 00 02 55 30 82 02 51 30 82 ...[..X..U0..Q0.
0010: 01 FB A0 03 02 01 02 02 01 00 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 05 05 00 30 57 31 0B 30 09 06 H........0W1.0..
0030: 03 55 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 .U....US1.0...U.
0040: 08 13 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 ...Virginia1.0..
0050: 03 55 04 07 13 07 46 61 69 72 66 61 78 31 11 30 .U....Fairfax1.0
0060: 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 ...U....Zork.org
0070: 31 10 30 0E 06 03 55 04 03 13 07 52 6F 6F 74 20 1.0...U....Root
0080: 43 41 30 1E 17 0D 30 34 30 35 32 36 32 30 33 38 CA0...0405262038
0090: 35 39 5A 17 0D 30 34 30 36 32 35 32 30 33 38 35 59Z..04062520385
00A0: 39 5A 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 9Z0W1.0...U....U
00B0: 53 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 S1.0...U....Virg
00C0: 69 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 inia1.0...U....F
00D0: 61 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 airfax1.0...U...
00E0: 08 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 .Zork.org1.0...U
00F0: 04 03 13 07 52 6F 6F 74 20 43 41 30 5C 30 0D 06 ....Root CA0\0..
0100: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B 00 30 .*.H.........K.0
0110: 48 02 41 00 E2 BD 8D E9 59 8E 07 35 2B ED 20 57 H.A.....Y..5+. W
0120: 38 00 C8 3D 34 85 50 E2 93 A0 17 C7 98 45 F3 5F 8..=4.P......E._
0130: CD 7B 4A DA 6E F0 C7 0F 7A 03 3E 69 A9 7C CD 15 ..J.n...z.>i....
0140: 46 F0 D1 C8 7A 0A E9 09 DD B7 6F 5B CD 80 29 E6 F...z.....o[..).
0150: 3A 6A 49 65 02 03 01 00 01 A3 81 B1 30 81 AE 30 :jIe........0..0
0160: 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 1D 06 ...U....0....0..
0170: 03 55 1D 0E 04 16 04 14 3F A7 DF 1F FA 90 1F 98 .U......?.......
0180: 4F BA 42 9F 21 7D B4 C4 88 76 14 DA 30 7F 06 03 O.B.!....v..0...
0190: 55 1D 23 04 78 30 76 80 14 3F A7 DF 1F FA 90 1F U.#.x0v..?......
01A0: 98 4F BA 42 9F 21 7D B4 C4 88 76 14 DA A1 5B A4 .O.B.!....v...[.
01B0: 59 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 53 Y0W1.0...U....US
01C0: 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 69 1.0...U....Virgi
01D0: 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 61 nia1.0...U....Fa
01E0: 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 08 irfax1.0...U....
01F0: 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 04 Zork.org1.0...U.
0200: 03 13 07 52 6F 6F 74 20 43 41 82 01 00 30 0D 06 ...Root CA...0..
0210: 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 29 .*.H.........A.)
0220: CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D 9E ..H../.J.s.q.X..
0230: 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD C4 .D....<.........
0240: FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 AE .R..re....ba5...
0250: FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 .........w..j..
Thread-3, READ: TLSv1 Handshake, length = 220
*** CertificateRequest
Cert Types: RSA, DSS, Ephemeral DH (RSA sig),
Cert Authorities:
<CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
<CN=Server CA, OU=Server Division, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
[read] MD5 and SHA1 hashes: len = 220
0000: 0D 00 00 D8 03 01 02 05 00 D2 00 59 30 57 31 0B ...........Y0W1.
0010: 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0F 06 0...U....US1.0..
0020: 03 55 04 08 13 08 56 69 72 67 69 6E 69 61 31 10 .U....Virginia1.
0030: 30 0E 06 03 55 04 07 13 07 46 61 69 72 66 61 78 0...U....Fairfax
0040: 31 11 30 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 1.0...U....Zork.
0050: 6F 72 67 31 10 30 0E 06 03 55 04 03 13 07 52 6F org1.0...U....Ro
0060: 6F 74 20 43 41 00 75 30 73 31 0B 30 09 06 03 55 ot CA.u0s1.0...U
0070: 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 08 13 ....US1.0...U...
0080: 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 03 55 .Virginia1.0...U
0090: 04 07 13 07 46 61 69 72 66 61 78 31 11 30 0F 06 ....Fairfax1.0..
00A0: 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 31 18 .U....Zork.org1.
00B0: 30 16 06 03 55 04 0B 13 0F 53 65 72 76 65 72 20 0...U....Server
00C0: 44 69 76 69 73 69 6F 6E 31 12 30 10 06 03 55 04 Division1.0...U.
00D0: 03 13 09 53 65 72 76 65 72 20 43 41 ...Server CA
Thread-3, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 175, 38, 47, 77, 131, 125, 209, 147, 174, 228, 183, 99, 34, 2, 100, 186, 77, 47, 65, 233, 82, 133, 183, 113, 8, 193, 51, 241, 167, 105, 4, 187, 57, 130, 161, 11, 178, 11, 134, 84, 96, 106, 203, 11, 195, 51 }
[write] MD5 and SHA1 hashes: len = 77
0000: 0B 00 00 03 00 00 00 10 00 00 42 00 40 39 9F EC ..........B.@9..
0010: 5F 92 FA 3D 5E 3D 0C 19 10 72 DA BE B6 14 76 62 _..=^=...r....vb
0020: AE 39 75 0B 74 10 C7 B1 42 D7 A1 22 C0 0E B8 A2 .9u.t...B.."....
0030: 22 80 73 20 36 A2 FD BB F9 3E F4 F0 91 CE 95 F8 ".s 6....>......
0040: 05 D7 22 FC 2C CF 1B AB 19 82 03 D2 F5 ..".,........
Thread-3, WRITE: TLSv1 Handshake, length = 77
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 AF 26 2F 4D 83 7D D1 93 AE E4 B7 63 22 02 ...&/M.......c".
0010: 64 BA 4D 2F 41 E9 52 85 B7 71 08 C1 33 F1 A7 69 d.M/A.R..q..3..i
0020: 04 BB 39 82 A1 0B B2 0B 86 54 60 6A CB 0B C3 33 ..9......T`j...3
CONNECTION KEYGEN:
Client Nonce:
0000: 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 A1 8A @.".....X.......
0010: F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C 26 C6 ...Y=.?#.". ..&.
Server Nonce:
0000: 40 CA 22 D3 51 6A 52 2D E9 E2 59 06 26 F0 47 7A @.".QjR-..Y.&.Gz
0010: 5A E2 FF CF 09 66 CD 7F DF D3 04 54 4F 10 65 59 Z....f.....TO.eY
Master Secret:
0000: 67 B9 58 74 69 18 0B 2E 00 EB AC 9B 77 15 B4 65 g.Xti.......w..e
0010: 61 A1 AC D0 F1 D5 4C CA 0E 51 FC 58 A0 11 B7 87 a.....L..Q.X....
0020: EC 72 26 D0 83 18 27 49 8F B6 32 FF E3 89 1D E4 .r&...'I..2.....
Client MAC write Secret:
0000: D5 96 AB F7 1E 46 5F 46 8A E9 3E DF A0 5E 32 5E .....F_F..>..^2^
0010: 00 FB B8 D8 ....
Server MAC write Secret:
0000: E6 7D 8E F5 6A 4C 94 4C D6 2A 3A 4D FC C1 94 A3 ....jL.L.*:M....
0010: C5 6C 5F B6 .l_.
Client write key:
0000: 18 1D 51 8C 74 6D 18 57 ..Q.tm.W
Server write key:
0000: 0D 4E 7A F1 5A D6 5F 5B .Nz.Z._[
Client write IV:
0000: 4C BB 4D FA 4F EB CB 4E L.M.O..N
Server write IV:
0000: B7 6A CA E9 66 7D 25 88 .j..f.%.
Thread-3, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DES/CBC/NoPadding
*** Finished
verify_data: { 20, 20, 38, 13, 43, 235, 102, 72, 75, 212, 21, 21 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
Padded plaintext before ENCRYPTION: len = 40
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
0010: 90 9C E9 09 F4 48 96 A6 8F AA 04 DF E9 36 72 F0 .....H.......6r.
0020: 42 F0 60 78 03 03 03 03 B.`x....
Thread-3, WRITE: TLSv1 Handshake, length = 40
Thread-3, READ: TLSv1 Alert, length = 2
Thread-3, RECV TLSv1 ALERT: fatal, handshake_failure
Thread-3, called closeSocket()
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
So I'll toil away trying to get *right* combination of settings - please let me know if you have any ideas! FYI here are the command line settings I am using for the keystore:
-Djavax.net.ssl.keyStore=c:\myClientIdKeyStore -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=myClientIdKeyStorePass
Thanks,
Paul -
Java Client AUthentication to IIS 5 server throwing no IV for Cipher error
I have trying to do Java client authentication. Got the Certificate from CA and loaded it in server. When I run the JavaClient program I get the
error no IV for Cipher.
I am using JDK 1.5.0_06 and JSSE 1.0.3_03.
Any help is greatly appreciated.
Thanks
Here is the debug report
trustStore is: C:\JTEST\cacerts
trustStore type is : JKS
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=devclient.test.com, OU=Mycompany, O=Second Data Corporation., L=San Francisco, ST=California, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x5b0bf
Valid from Thu Feb 16 06:23:37 PST 2006 until Sat Feb 17 06:23:37 PST 2007
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 17:19:54 PDT 1999 until Tue Jun 25 17:19:54 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 07:01:00 PDT 2000 until Sat May 17 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 09:09:40 PDT 1999 until Sat May 25 09:39:40 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 11:46:00 PDT 2000 until Mon May 12 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=devclient.paymap.com, OU=First Data Corp, O=Paymap Inc, L=San Francisco, ST=California, C=USA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Algorithm: RSA; Serial number: 0xe2501de73ac37428
Valid from Mon Feb 20 15:51:25 PST 2006 until Mon Mar 13 15:51:25 PST 2006
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:39:16 PDT 2004 until Thu Jun 29 10:39:16 PDT 2034
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 05:14:45 PDT 1999 until Sun Jun 23 05:14:45 PDT 2019
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 09:41:51 PDT 1998 until Wed Aug 22 09:41:51 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 07:50:00 PDT 1998 until Wed Aug 14 16:59:00 PDT 2013
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a3
Valid from Fri Feb 23 15:01:00 PST 1996 until Thu Feb 23 15:59:00 PST 2006
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 09:20:00 PST 2000 until Tue Feb 04 09:50:00 PST 2020
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Tue Nov 08 16:00:00 PST 1994 until Thu Jan 07 15:59:59 PST 2010
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 12:24:30 PDT 1999 until Sat Oct 12 12:54:30 PDT 2019
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 08:16:40 PST 2000 until Fri Feb 07 08:46:40 PST 2020
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 17:29:00 PDT 1998 until Mon Aug 13 16:59:00 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Mon May 20 21:00:00 PDT 2002 until Fri May 20 21:00:00 PDT 2022
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 09:50:51 PST 1999 until Tue Dec 24 10:20:51 PST 2019
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:06:20 PDT 2004 until Thu Jun 29 10:06:20 PDT 2034
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(50000) called
TIMEOUT=50000
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 11, 7, 242, 147, 134, 10, 57, 192, 137, 131, 191, 249, 253, 146, 232, 223, 146, 195, 53, 255, 121, 236, 182, 158, 191, 94, 156, 190 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 873
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 123, 165, 102, 102, 169, 196, 229, 241, 3, 49, 81, 239, 83, 155, 209, 243, 236, 229, 18, 193, 228, 104, 27, 152, 232, 193, 173, 11 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 82, 2, 69, 241, 210, 36, 175, 168, 76, 86, 170, 3, 158, 52, 89, 146, 84, 210, 223, 113, 212, 231, 129, 100, 177, 125, 116, 31, 97, 233, 150, 162, 161, 51, 168, 189, 14, 47, 83, 27, 67, 252, 172, 191, 102, 39 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 52 02 45 F1 D2 24 AF A8 4C 56 AA 03 9E 34 ..R.E..$..LV...4
0010: 59 92 54 D2 DF 71 D4 E7 81 64 B1 7D 74 1F 61 E9 Y.T..q...d..t.a.
0020: 96 A2 A1 33 A8 BD 0E 2F 53 1B 43 FC AC BF 66 27 ...3.../S.C...f'
CONNECTION KEYGEN:
Client Nonce:
0000: 43 FA 5A 48 0B 07 F2 93 86 0A 39 C0 89 83 BF F9 C.ZH......9.....
0010: FD 92 E8 DF 92 C3 35 FF 79 EC B6 9E BF 5E 9C BE ......5.y....^..
Server Nonce:
0000: 43 FA 5A 00 7B A5 66 66 A9 C4 E5 F1 03 31 51 EF C.Z...ff.....1Q.
0010: 53 9B D1 F3 EC E5 12 C1 E4 68 1B 98 E8 C1 AD 0B S........h......
Master Secret:
0000: 10 47 C2 16 13 58 4B 50 D3 D6 34 05 C8 C9 11 29 .G...XKP..4....)
0010: AD 90 0D 8F 9B BD C8 C1 FC CD BC 26 ED FB 26 84 ...........&..&.
0020: 04 0B 94 BC D2 4D 7D 71 E0 1E 08 10 59 38 B5 4E .....M.q....Y8.N
Client MAC write Secret:
0000: A5 66 C1 48 0E F1 18 2B 2B 7A F7 9B A4 6C D7 FA .f.H...++z...l..
Server MAC write Secret:
0000: 3B F5 04 FA AC 9C D7 ED 2E E7 36 44 80 FF 11 E2 ;.........6D....
Client write key:
0000: 7B 9F 56 A1 FC 3D BD 31 25 27 91 BB D0 66 66 0B ..V..=.1%'...ff.
Server write key:
0000: 2B 45 E2 19 E8 C8 61 5B 84 B8 94 76 A1 B4 9C 6E +E....a[...v...n
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 110, 253, 95, 109, 150, 89, 93, 140, 108, 186, 172, 188 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 70, 219, 18, 202, 105, 203, 83, 220, 151, 174, 102, 125 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(50000) called
main, WRITE: TLSv1 Application Data, length = 96
main, setSoTimeout(50000) called
main, READ: TLSv1 Handshake, length = 20
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 1130
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 242, 6, 117, 127, 243, 197, 134, 82, 139, 54, 241, 243, 132, 22, 63, 136, 4, 180, 225, 8, 159, 55, 182, 105, 133, 226, 213, 167 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 121
main, READ: TLSv1 Handshake, length = 11432
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 168, 158, 224, 186, 230, 77, 9, 24, 237, 106, 203, 158, 176, 252, 249, 167, 73, 173, 69, 178, 115, 34, 96, 179, 191, 230, 178, 160 }
Session ID: {3, 27, 0, 0, 51, 252, 181, 131, 214, 28, 220, 247, 154, 175, 51, 237, 76, 111, 88, 78, 28, 105, 106, 114, 42, 51, 53, 144, 178, 93, 245, 127}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** CertificateRequest
Cert Types: RSA,
Cert Authorities:
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Sonera Class1 CA, O=Sonera, C=FI>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL>
<CN=VeriSign Class 3I have the same problem. I�m turning crazy working with certificates in mutual athetication!!!
If someone has the solution to this problem, send a repy or at [email protected]
Thanks in advance -
Java.security.cert.CertificateException
Hi,
I am using a JAVA client to connect to a https server which uses certificates for authentication.
The server uses gSOAP certificates for client authentication and encryption of messages.
I am using JSSE coming along with JDK1.6 and generated keystore file from client.pem and cacert.pem files used by the server.
I need to send SOAP messages with attachments.
I am using SAAJ API with JDK 1.6 .
When I try to connect to the server through javax.xml.soap.SOAPConnection, I am getting java.security.cert.CertificateException. Please see the exception below.
Note: Server is responding properly to SOAP UI tool(java testing tool) with certifcates authentication.
I have enabled debug option in SSL.
E:\test\properties\storefile.jks
keyStore is : E:\test\properties\storefile.jks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: E:\test\properties\storefile.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Sat Oct 02 22:38:06 IST 2004 until Tue Oct 02 22:38:06 IST 2007
adding as trusted cert:
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x7
Valid from Sun Dec 25 01:01:53 IST 2005 until Wed Dec 24 01:01:53 IST 2008
adding as trusted cert:
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x8
Valid from Sun Dec 25 01:03:13 IST 2005 until Wed Dec 24 01:03:13 IST 2008
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1155448094 bytes = { 120, 70, 246, 123, 195, 47, 61, 191, 223, 241, 23, 204, 98, 143, 212, 251, 80, 10, 100, 183, 82, 82, 215, 228, 212, 47, 68, 224 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
Thread-3, WRITE: TLSv1 Handshake, length = 73
Thread-3, WRITE: SSLv2 client hello message, length = 98
Thread-3, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1155531752 bytes = { 248, 141, 63, 154, 117, 213, 184, 250, 239, 237, 26, 225, 175, 38, 151, 65, 101, 127, 134, 46, 180, 80, 153, 133, 215, 120, 102, 11 }
Session ID: {100, 201, 98, 232, 113, 191, 163, 129, 1, 101, 251, 29, 233, 245, 144, 203, 231, 208, 202, 248, 160, 99, 84, 248, 86, 16, 235, 234, 20, 73, 231, 148}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
Thread-3, READ: TLSv1 Handshake, length = 1868
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
public exponent: 65537
Validity: [From: Sun Dec 25 01:03:13 IST 2005,
To: Wed Dec 24 01:03:13 IST 2008]
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
SerialNumber: [ 08]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
0010: BA 27 B4 C1 .'..
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
chain [1] = [
Version: V3
Subject: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 106482211752195899275275639329238789380560290379431640534106480581317795742917955972475513891969031216742557266096088552725987675210922796797720103531106400345818891764659480805498923495886457178236281557583158652266656923442983245641013901721295378444704296581436391012531718274035287004196101203604693764023
public exponent: 65537
Validity: [From: Sat Oct 02 22:38:06 IST 2004,
To: Tue Oct 02 22:38:06 IST 2007]
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 59 9B F6 45 7E 10 3C 79 3B 88 FB 74 B3 2E F7 4F Y..E..<y;..t...O
0010: 67 16 09 C1 2F 4E AC 7A 98 EA B4 12 08 6D 96 37 g.../N.z.....m.7
0020: 1A 70 A0 79 FC 4A A7 54 BA 21 FD 35 FE 67 55 EF .p.y.J.T.!.5.gU.
0030: D9 D9 18 99 5D 7A 03 3B EE DC F8 54 89 73 B8 86 ....]z.;...T.s..
0040: B3 FB 63 4E F8 6A 9B AF A1 2B 39 1F B7 50 63 AB ..cN.j...+9..Pc.
0050: 46 E1 F7 F5 A3 13 D4 3B F0 1D 8A 54 E4 65 3E 94 F......;...T.e>.
0060: 6D 5A 58 77 50 A7 CB 99 E7 2E 28 90 C8 37 67 D2 mZXwP.....(..7g.
0070: 19 E6 78 A3 91 49 E9 08 74 0E FA AF FC 16 B3 0B ..x..I..t.......
Feb 24, 2007 9:50:47 AM com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
SEVERE: SAAJ0009: Message send failed
com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
at SOAPConnector$1.run(SOAPConnector.java:145)
Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
at java.security.AccessController.doPrivileged(Native Method)Found trusted certificate:
Version: V3
Subject: [email protected], CN=localhost, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 144881101064455404788814091404981462608080902688277626878350142057531273562236240952084735254146287262789443540177122740514352105900513219519909051335421867736741713195463254360663999239941476817345303119999799829037388457231058611674562175705514528085594563474765367007497034178272408363177194954006361904887
public exponent: 65537
Validity: [From: Sun Dec 25 01:03:13 IST 2005,
To: Wed Dec 24 01:03:13 IST 2008]
Issuer: [email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US
SerialNumber: [ 08]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3D C1 C8 B5 19 17 C3 8C 12 64 3C 05 C3 22 EE 7B =........d<.."..
0010: BA 27 B4 C1 .'..
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E0 CC 88 8B 41 A0 21 4A A4 61 18 67 27 61 A0 C9 ....A.!J.a.g'a..
0010: 49 95 77 CA I.w.
[[email protected], CN=genivia.com, OU=IT, O="Genivia, Inc.", L=Tallahassee, ST=FL, C=US]
SerialNumber: [ 00]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 6E D0 0E EC 85 EA A9 71 60 5D CB 13 3A 0C C2 C6 n......q`]..:...
0010: A1 92 15 14 2A BB 86 2A 1D 68 B1 4B 41 C0 0B FB ....*..*.h.KA...
0020: 35 C7 0F 6E 51 99 B3 25 95 4F 58 18 3D 73 F2 06 5..nQ..%.OX.=s..
0030: 18 63 40 21 A7 44 1D AB 46 DB DD 6C 20 7D 23 23 .c@!.D..F..l .##
0040: 08 84 92 CE 04 93 10 B3 CB 84 67 FD 3F 53 81 51 ..........g.?S.Q
0050: 25 60 EE D1 02 89 06 58 E6 E0 B4 C2 20 D8 E8 84 %`.....X.... ...
0060: 8A 4E 8D 59 62 67 33 4C 95 BD A3 F7 68 76 5E BA .N.Ybg3L....hv^.
0070: D9 84 3F 80 C8 1E 49 3A 59 D0 B4 74 9E 2D CD F6 ..?...I:Y..t.-..
Thread-3, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-3, WRITE: TLSv1 Alert, length = 2
Thread-3, called closeSocket()
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
... 2 more
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 17 more
CAUSE:
java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
at SOAPConnector$1.run(SOAPConnector.java:145)
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 17 more
CAUSE:
java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
at SOAPConnector$1.run(SOAPConnector.java:145)
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
... 5 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
at sun.security.util.HostnameChecker.match(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 17 more
Any help is appreciated.did you find the solution for the issue i am using jscape now...
Maybe you are looking for
-
Error while posting-(Travel Management)
Hi Experts, I am facing a problem while posting travel expenses to FI, when i execute PRFI i am getting a message "For the ISO code INR there is no unique SAP currency code for ALE". It is not an error message and trip will be posted with postable am
-
How do I stop the menu from showing up when I hover to the top of a full screen app?
I am running Parallels in full-screen on Lion and when I move the cursor towards the top of the full screen app the menu pops up. How do I stop the menu from popping up? I keep hitting an icon on the menu bar that pulls it out of full screen mode and
-
Oracle secure backup "lsbackup " not showing in obtool
hi! i am using oracle secure backup with virtual tape drive.... lsdev -lvlib: Device type: library (virtual) Model: [none] Serial number: 82206a7c In service: yes Debug mode: no Barcode reader: default (hardware-selected) Barcodes required: no Auto c
-
Hi, I've just bought a 'Monster iStudioLink' lead to record a guitar onto my Mac using Garageband, but something isn't working! I've gone into System Preferences to check if there is a sound input and the iMacs internal mic is working fine but theres
-
How can I use the speakers from my old iMac (with miniRCA? plug) on a new iMac
How can I use the speakers (M-Audio) from my old 24" iMac on a new 27" iMac? There is no jack on the new iMac - is there an adapter that will use the mini-RCA (?) plug from my old speakers to connect them to a new iMac? Thanks ...