Army Bad Certificates

I'm relatively new to the army and I'm still unable to log in to any of the DoD websites from my MacBook Pro (AKO, LMS, MyPay, etc.). I've purchased a CAC reader, I've downloaded the software but no matter what I do and which browser I use I just get a sea of 'bad certificate' errors. There are over 2 million AKO users, is their only option to use a PC? This seems ridiculous but I can't find any information that states otherwise. I'm at the point now where I need to complete online training to get promoted and my only options are to purchase Windows and run it in bootcamp or entirely switch to a Windows machine. I'm in the market for a second computer and right now it seems like staying on a Mac will actually hinder my career. Is there anyone out there who's had similar successes or failures? I have about a half dozen coworkers who also use Mac and their solution is, rather non-technically, stay at work and complete the required training in the office after hours.
details:
MacPro 13" mid 2012
OSX Yosemite 10.10.2
Up to date Flash and Java
IOGEAR CAC Reader and Centrify smart card support software
Errors:
Chrome: 'ERR_BAD_SSL_CLIENT_AUTH_CERT'
Firefox: 'Error code: ssl_error_bad_cert_alert'
Safari gives me no error, the page just never loads.

You need a client-side SSL certificate to get into those sites. Merely installing a CAC reader isn't enough.

Similar Messages

SSL and BEA-090482 (BAD Certificate)

Hi All,
I am trying to get self-signed certificates to work with the keytool and I have followed just about every instruction to get everything to work. But no matter what I try I keep getting the BAD CERTIFICATE error. My Setup is the following:
- I have Oracle Enterprise Linux (5.8) installed
- I have Weblogic 10.3.4.0 installed
- I start nodemanger through wlst
- I have 1 weblogic installation with 3 domains and each domain has it's own IP address (virtual IP adresses).
For 1 SOA Server (soa_server1) I want to enable SSL so here's wat I did:
1. I use the keytool to create identity.jks (keytool -genkey -alias mycert -keyalg RSA -keypass weblogic1 -keystore identity.jks -storepass weblogic1 -validity 365)
2. I export the certificate (keytool -export -alias mycert -file root.cer -keystore identity.jks -storepass weblogic1)
3. I import the certificate into trust.jks (keytool -import -alias mycert -trustcacerts -file root.cer -keystore trust.jks -storepass weblogic1)
4. I setup Weblogic (tab keystores) with the appropriate setting (identity.jks and trust.jks)
5. I setup Weblogic (tab SSL) with a private key alias and it's password
6. I enable SSL in Weblogic
Our servername = MYSRV005 and our domain name = yyy.lan
When going to the AdminServer each domain can be reached by it's own name (for example test.yyy.lan etc.)
I have configured our listen-address for our soa_server1 for test.yyy.lan
I have set our certificate common name to test.yyy.lan
My nodemanager runs on localhost (I can start any server from our AdminServer console)
We disabled hostname verification in startWeblogic.sh, startNodeManager.sh and in the soa_server1 console
I even added CertGenCa.der into our trust.jks (keytool -import -alias mycert-trustcacerts -file “<location of CertGenCA.der>” -keystore trust.jks)
No matter what I try, I keep getting BEA-090482 (BAD Certificate .....).
I hope someone can help me out on this issue. I've been at it for 2 days now and still can't solve the problem. Are there any other things I have to be thinking of?
Thanks for any help. :)

Well,
Once again I solved my problem. Am not sure what I did, but it seems that switching to the java utils.CertGen utility did the trick. That way certificates will get signed with the CertGenCA.der certificate. However I am not entirely sure this was our problem since I have changed so many settings in the last couple of days. Noticed that the keytool doesn't change the issuer and the issuer will be the same as what you fill out. Wonder why everyt tut on the net used the keytool while that wasn't working for us. :( Guess I have to dive into that. :)

FTPS -Bad certificate error

Hi
I am sending a file from SAP PI 7.0 to file server through FTP-S.
The SSL certificate and private key,password is installed as per sap in PI 7.0.
I am getting below error -
boldUnable to create new pooled resource: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate.
Any solution ..
Thanks in advance.

He,
check you installed the certificates properly or not,may be this could be the one reason i guess.
Regards,
Ra

Peer sent alert: Alert Fatal: bad certificate

Dear Experts,
When we try to load an application on our MSS, we get this alert iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate. Here the full exception that we get:
com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRuntimeException: Failed to UPDATEDATAINPDF
     at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:419)
     at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.afterApplicationModification(ClientApplication.java:1132)
     at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.afterApplicationModification(ClientComponent.java:895)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doRespond(WindowPhaseModel.java:573)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:152)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:321)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRuntimeException: PDFDocument Processor failed to process Render Request.
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentProcessor.process(PDFDocumentProcessor.java:55)
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentInteractiveFormHandlingContext.execute(PDFDocumentInteractiveFormHandlingContext.java:100)
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentInteractiveFormHandlingContext.execute(PDFDocumentInteractiveFormHandlingContext.java:123)
     at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:340)
     ... 29 more
Caused by: com.sap.tc.webdynpro.pdfobject.core.PDFObjectRuntimeException: Service call exception; nested exception is:
     iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
     at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:408)
     at com.sap.tc.webdynpro.pdfobject.core.PDFObject.render(PDFObject.java:3944)
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRenderHandler.handle(PDFDocumentRenderHandler.java:148)
     at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentProcessor.process(PDFDocumentProcessor.java:52)
     ... 32 more
Caused by: java.rmi.RemoteException: Service call exception; nested exception is:
     iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
     at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:85)
     at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:95)
     at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:385)
     ... 35 more
Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
     at iaik.security.ssl.r.f(Unknown Source)
     at iaik.security.ssl.x.b(Unknown Source)
     at iaik.security.ssl.x.a(Unknown Source)
     at iaik.security.ssl.r.d(Unknown Source)
     at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
     at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source)
     at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
     at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:669)
     at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:470)
     at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:427)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getRequestStream(HTTPTransport.java:355)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:550)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1433)
     at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:78)
     ... 37 more
Can anyone suggest a corrective measurement for this issue?
Thank You in advance
Regards
Ramesh

Hi Ramesh,
we are facing the similar issue while consuming external webservices
Here is the error:
Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac at iaik.security.ssl.r.f(Unknown Source) at iaik.security.ssl.x.b(Unknown Source) at iaik.security.ssl.x.a(Unknown Source) at iaik.security.ssl.r.d(Unknown Source) at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source) at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
com.sap.tc.webdynpro.model.webservice.api.WDWSModelExecuteException: Exception on execution of web service with WSDL URL 'http://lxxxxxxx:50000/webdynpro/resources/demo.sap.com/mywebservice/Components/com.sap.demo.mywebservice.webservice.comp.WebserviceComp/VECTOR.wsdl' with operation 'VECTOR' in interface 'VECTORPortType' at com.sap.tc.webdynpro.model.webservice.model.WSGenericModelClassExecutable.execute(WSGenericModelClassExecutable.java:84) at com.sap.tc.webdynpro.model.webservice.gci.WSTypedModelClassExecutable.execute(WSTypedModelClassExecutable.java:49) at com.sap.demo.mywebservice.webservice.comp.WebserviceComp.executeVECTOR(WebserviceComp.java:313) at com.sap.demo.mywebservice.webservice.comp.wdp.InternalWebserviceComp.executeVECTOR(InternalWebserviceComp.java:303) at com.sap.demo.mywebservice.webservice.comp.WebserviceCompView.onActionGetDetails(WebserviceCompView.java:195) at com.sap.demo.mywebservice.webservice.comp.wdp.InternalWebserviceCompView.wdInvokeEventHandler(InternalWebserviceCompView.java:289) at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:131) at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:72) at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:156) at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:91) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97) at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:514) at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:52) at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1547) at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1361) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToApplicationDoProcessing(AbstractExecutionContextDispatcher.java:154) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForAppProcessing.doService(DispatchHandlerForAppProcessing.java:35) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127) at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToApplicationDoProcessing(ExecutionContextDispatcher.java:114) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:80) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:571) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:602) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:523) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:270) at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:729) at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:256) at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:258) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:202) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.doService(DispatchHandlerForRequestManager.java:38) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127) at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToRequestManager(ExecutionContextDispatcher.java:140) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:92) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:104) at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87) at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:61) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:140) at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:37) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:466) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:291) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:396) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:385) at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:48) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:76) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:240) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:78) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:43) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:42) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:425) at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:250) at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:45) at com.sap.engine.core.thread.execution.Executable.run(Executable.java:109) at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:314) Caused by: com.sap.engine.services.webservices.espbase.client.bindings.exceptions.TransportBindingException: Connection IO Exception. Check nested exception for details. (Peer sent alert: Alert Fatal: bad record mac) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:399) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call_SOAP(SOAPTransportBinding.java:1083) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.callWOLogging(SOAPTransportBinding.java:779) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call(SOAPTransportBinding.java:746) at com.sap.engine.services.webservices.espbase.client.dynamic.impl.DInterfaceInvokerImpl.invokeOperation(DInterfaceInvokerImpl.java:76) at com.sap.tc.webdynpro.model.webservice.model.WSGenericModelClassExecutable.execute(WSGenericModelClassExecutable.java:73) ... 75 more Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac at iaik.security.ssl.r.f(Unknown Source) at iaik.security.ssl.x.b(Unknown Source) at iaik.security.ssl.x.a(Unknown Source) at iaik.security.ssl.r.d(Unknown Source) at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source) at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:636) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:499) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:450) at com.sap.engine.services.webservices.espbase.client.bindings.ClientHTTPTransport.getRequestStream(ClientHTTPTransport.java:489) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:357) ... 80 more
Please let me know how do you solved this problem....
I will be very thankful to you
please do me the needful
Thanks & regards
Swetha
Edited by: Swetha Nellore on Mar 12, 2009 9:18 AM
Edited by: Swetha Nellore on Mar 12, 2009 9:18 AM

SOAP receiver via HTTPS leads to Alert Fatal: bad certificate

Hello everybody,
I working on a scenario where i have to send a message out via https to a partner.
The server requires a client certificate which is installed and configured.
When I now send out some data I get the following error:
com.sap.aii.af.ra.ms.api.RecoverableException: Peer sent alert: Alert Fatal: bad certificate: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
The partner told me that I also have to install the server certificate. Is this correct? I thought it is not neccessary to install the certificate from Server, is it?
Regards,
Thomas

Hi,
You would need to load the SSL certificate of your customer if it is a self signed certificate in the TrsutedCA's view in your Visual Admin.
The request is being rejected by XI as the https connection is bot being established as the certificate is not present in the Trusted CA's.
Regards,
Bhavesh

How do i delete a bad certificate for google I'm using 3.5.9. Foxflags show it's from Poland

how do I delete a bad certificate for google.I'm using 3.5.9. with fox flags. Which says it's from Poland.I get a notice when I open firefox of the bad certificate but I can't find where to delete this.
any help would be appreciated.
== This happened ==
Every time Firefox opened
== Monday

Hi, and welcome to Apple Discussions.
Yes, the iBook G3 has USB 1.1.
If your DVD burner needs USB 2.0, it isn't going to find it here.
Since I've never done it, I hope you'll find an answer from someone in the Mac OS X 10.3 forum, where I see you've posted.
You may also find some help in the iDVD forum, so you may want to post there, also:
http://discussions.apple.com/category.jspa?categoryID=128
Good luck!

Problem with validating SAML assertion signature ("bad" certificate?)

Hi,
We've been developing and testing webservices and webservice clients under WebLogic for awhile. In our typical configuration, we have the SAML Credential mapper configured on the webservice client side, and the SAML Identity Asserter on the webservice side, and we are using "sender-vouches", whereby the SAML assertions are being signed by the SAML Credential mapper.
Up through development, for the signing, we've been using certs issued by a test CA that we have, but now, we are moving to a pre-production environment, and we're required to use certs issued by a specific 3rd party CA. Since we've started using those new certs, we have been getting "token failed to validate" errors. We've been trying to diagnose this problem for awhile, and we're at the point that we believe that, for some reason, the certs that we got that were issued by the 3rd party CA are "bad".
Specifically, those certs are SSL Server certs, with the following characteristics:
Usages:
Digital Signature
Key Encipherment
Key Agreement
Netscape Type: SSL Server Authentication
but, they also have two "extended usage extension" OIDs, both are "2.16.840.1.101.2.x.yy.zz".
When we looked at the certs using various tools, e.g., "openssl x509...", etc., those extended usage extensions are being displayed as "unknown", which made us a littel suspicious about them, so I setup a simple test configuration with two WebLogic 10.0 MP1 instances.
For testing, we first used a cert from the 3rd party CA, which gave us the "failed to validate token" errors.
During this testing, we put a sniffer on the line, and captured the SOAP message with the signed SAML assertion, and we used a small Java app that I wrote awhile ago that will validate a digital signature. When we ran that Java app, the digital signature validated successfully (i.e., the digital signature was GOOD).
This seems to imply that the "failed to validate token signature" errors are happening because of something other than the digital signature being incorrect.
So, then, we created a certificate that matches the 3rd party CA certs almost exactly, except that we did not include the two extended usage extensions, and we configured the two WebLogic instances to use this new certificate.
When we tested with the new certificate, we no longer got the errors.
So, it appears that when the cert has those two enhanced usage extensions, WebLogic is either not willing to, or not able to, utilize the certs for validating digital signatures.
Does anyone have any insight into this problem, or has anyone encountered a problem like this before?
I also was wondering if there are any parameters for WebLogic that we might try to set that would tell WebLogic to perhaps ignore the certificate extensions and to just do the digital signature validation?
Thanks,
Jim

Hi,
FYI, we were able to resolve this problem today. It turned out to be that the certificate and key were not "matched".
The way that we figured this out was to use openssl and the procedure here:
http://kb.wisc.edu/middleware/page.php?id=4064
which showed the mismatch.
We've since generated a new cert request and got a new certificate, and it's working now.
Jim

I keep getting a message that a website is untrusted only in Firefox, how do I get rid of the bad certificate?

I am using Windows 7. Internet Explorer and Chrome work fine. I know this relates to certificates, but The one Firefox is one created by Fiddler and it had name DONT TRUST. I deleted it from Firefox certificates but each time Firefox keeps finding it. I have validated the websites certificate. How do I get Firefox get rid of this certificate and get the right certificate?

Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware.
All these programs have free versions.
Make sure that you update each program to get the latest version of their databases before doing a scan.
*Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php
*AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/ http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
*SuperAntispyware: http://www.superantispyware.com/
*Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/en-us/default.aspx
*Windows Defender: http://windows.microsoft.com/en-us/windows/using-defender
*Spybot Search & Destroy: http://www.safer-networking.org/en/index.html
*Kasperky Free Security Scan: http://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
*Anti-rootkit utility TDSSKiller: http://support.kaspersky.com/5350?el=88446
See also:
*"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
*https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-malware

Webcenter Spaces Events Service configuration: FATAL Alert BAD CERTIFICATE

Hello,
I have a simple requirement to connect the events taskflow from an exchange server that is https and has a confirmed security certificate. I use the wsdl path for the events service and add it to my webcenter spaces service configuration -> Personal Events configuration.
Then I ran into this error.
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
So, I downloaded the .crt file from Chrome (in per format) and used the keytool to upload the certificate exception into the cacerts file inside jdk and jrocket folders. I restart the managed server running WebCenter Spaces. This had no effect on the error.
Is there anything else that I should do?
Thanks,
Pradyumna

I have the same problem. Did You resolve it?

Using ssl against bad certificates.

java.io.IOException: Certificate SubjectDN CommonName received does not match server
hostname
at weblogic.security.SSL.SSLSocket.clientInit(SSLSocket.java:454)
at weblogic.security.SSL.SSLSocket.initialize(SSLSocket.java:265)
at weblogic.security.SSL.SSLSocket.<init>(SSLSocket.java:212)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:85)
at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:143)
at weblogic.net.http.HttpsClient.<init>(HttpsClient.java:67)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:47)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:311)
at java.net.URL.openStream(URL.java:798)
This is what I am trying:
System.setProperty( "java.protocol.handler.pkgs",
"weblogic.net|weblogic.management|weblogic.net|weblogic.utils");
System.setProperty( "weblogic.security.SSL.hostnameVerifier",
"com.prescient.pfs.common.system.NulledHostnameVerifier");
System.setProperty( "weblogic.security.SSL.ignoreHostnameVerification",
true" );
1) What changed from 6.0 to 6.1?
2) Why does this work from a stand-alone client? (are there any special properties
that are set up during weblogic startup?)
3) Is there anything else I can try?
4) What is the HostnameVerifier for? (It seems like it isn't being used in this
case)
thanks,
-steven

Hi!
We've been having the similar problem with BEA Weblogic 5.1 Service Pack 11. The exception "Certificate SubjectDN CommonName received does not match server" is reported by Weblogic RMI layer even if we have properly named certificate for our cluster. The problem appears in some failover scenarious where RMI layer begin reconnecting to live server via god-knowns-what names, which, of course, do not match the name in our certificate.
Don't beleave BEA's FAQ on that issue ;) They write just crap there. First of all, they spell the name of the propertly incorrectly, which is case-sensitive. The corrent spelling is: "weblogic.security.SSL.ignoreHostnameVerification". Second, it makes no difference on the server side - hostname verification happens on the client side. You must have -Dweblogic.security.SSL.ignoreHostnameVerification=true in your client JVM system properties before you try to establish any connection to weblogic server. This is the only solution I know and it helped us.

SCUP Adobe Acrobat Installation Failures - Bad Certificate

I recently published some Acrobat updates in SCUP 2011. Shortly after that, I had to regenerate another cert from SCUP due to the old one expiring. I have some updates out there that are failing on user's machines with errors like this in WindowsUpdate.log
Validating signature for C:\Windows\SoftwareDistribution\Download\431980c76c452fe726671fe621ed1900_ctc\AcrobatUpd11010.cab with dwProvFlags 0x00000080:
FATAL: Error: 0x800b0101 when verifying trust for C:\Windows\SoftwareDistribution\Download\431980c76c452fe726671fe621ed1900_ctc\AcrobatUpd11010.cab
WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\Download\431980c76c452fe726671fe621ed1900_ctc\AcrobatUpd11010.cab are not trusted: Error 0x800b0101
I went ahead and in SCUP republished them and checked the option to re-sign the updates with the new cert. I sync'd SCCM and saw the update in the logs getting sync'd. Then I refreshed my DPs that had the update.
When I tried to reinstall the update on a client I got the same errors in WindowsUpdate.log as above. What do I need to do so that the client's content will get signed with the new cert?
Orange County District Attorney

Hi,
Refreshing the DP is not enough, you need to download and deploy those updates again otherwise the DP's will be refreshed from the source for the intial updates you deployed and they are not updated when you sync with WSUS only when you deploy a software
update.
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec

Connecting Java client to SSL server with existing certificates

I am currently trying to connect my Java client to an existing server application
written in C++. I have been provided the needed certificates (root.pem, server.pem,
and client.pem). My code simply creates a SSLSocket and then attempts to read
from it. Something goes wrong during the handshake process and I get a SSLHandshakeException. The certificates have been added to the keystore
I am using, and I do not know any other action to take.
Here is the debug output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: keystore.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O=company-USA, L=City, ST=AL, C=US
Issuer: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167aa
Valid from Tue Sep 12 09:42:01 CDT 2006 until Thu Oct 12 09:42:01 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=ISAC Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=company, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
SSL socket created
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158089181 bytes = { 138, 112, 170, 91, 246, 86, 216, 146, 160, 188, 243, 154, 238, 132, 33, 219, 251, 3, 93, 25, 191, 247, 41, 14, 99, 135, 130, 23 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 79
0000: 01 00 00 4B 03 01 45 07 0A DD 8A 70 AA 5B F6 56 ...K..E....p.[.V
0010: D8 92 A0 BC F3 9A EE 84 21 DB FB 03 5D 19 BF F7 ........!...]...
0020: 29 0E 63 87 82 17 00 00 24 00 04 00 05 00 2F 00 ).c.....$...../.
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00 5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00 ...............
Client Thread, WRITE: TLSv1 Handshake, length = 79
[write] MD5 and SHA1 hashes: len = 107
0000: 01 03 01 00 42 00 00 00 20 00 00 04 01 00 80 00 ....B... .......
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00 ..../..5..3..9..
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13 2..8............
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 .....@..........
0040: 00 80 00 00 08 00 00 14 00 00 11 45 07 0A DD 8A ...........E....
0050: 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 DB FB p.[.V........!..
0060: 03 5D 19 BF F7 29 0E 63 87 82 17 .]...).c...
Client Thread, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
0000: 80 6B 01 03 01 00 42 00 00 00 20 00 00 04 01 00 .k....B... .....
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 ....../..5..3..9
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 ..2..8..........
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 .......@........
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 45 07 0A .............E..
0050: DD 8A 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 ..p.[.V........!
0060: DB FB 03 5D 19 BF F7 29 0E 63 87 82 17 ...]...).c...
Client Thread, received EOFException: error
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Client Thread, SEND TLSv1 ALERT: fatal, description = handshake_failure
Client Thread, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
Client Thread, called closeSocket()
Error: Remote host closed connection during handshake
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

(I am the original poster of this message, I had to create a new username though).
The original problem had to do with incompatibilities with the protocol and/or cipher suites
used. Now, the client and server perform most of the handshake process, but something
goes wrong as the server requests the client certificate. In other words, the server requires
mutual authentication, but for some reason it seems like my JSSE client won't send over
it's client certificate. I don't get any type of bad certificate exceptions, so I'm not sure
where the source of the error lies.
Updated output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : keystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: truststore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=default, O="default Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default-Server, OU=HawkEye, O=default, L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ac
Valid from Tue Sep 12 14:42:28 CDT 2006 until Thu Oct 12 14:42:28 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158242806 bytes = { 71, 195, 185, 44, 86, 96, 14, 11, 171, 76, 105, 135, 136, 114, 53, 54, 137, 75, 202, 254, 112, 208, 240, 91, 199, 246, 175, 207 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
Client Thread, WRITE: TLSv1 Handshake, length = 79
Client Thread, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1158242807 bytes = { 63, 93, 48, 73, 98, 251, 160, 215, 61, 110, 246, 12, 5, 209, 95, 194, 152, 193, 0, 181, 135, 26, 150, 174, 52, 92, 56, 250 }
Session ID: {83, 31, 134, 30, 76, 200, 183, 120, 7, 94, 26, 65, 186, 91, 197, 25, 10, 193, 94, 220, 198, 250, 162, 153, 6, 89, 12, 250, 66, 105, 249, 211}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
Client Thread, READ: TLSv1 Handshake, length = 1903
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
 To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
chain [1] = [
Version: V3
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 140862286957037297158683104484469503810921697537964422595574798580128510755934413463045842414762254029728885690233847950678735782281077619629628663140568366247472189890316085560712610474766899389736269383565795688749374256479726939861138704211990111677657317335172626254520371267441364353295155431963634875809
public exponent: 65537
Validity: [From: Tue Sep 12 09:40:32 CDT 2006,
 To: Thu Oct 12 09:40:32 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ f6e3ada8 7dc4004f]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: AB 84 38 1F 7B 71 D8 87 FF 24 DB C2 7E DC D0 0B ..8..q...$......
0010: 60 60 14 A8 F8 D5 46 AD 6B FC 33 90 6F 43 08 17 ``....F.k.3.oC..
0020: AE 2B EE 6C 2B 29 85 E2 A6 67 EE 5D A4 61 F3 9E .+.l+)...g.].a..
0030: E7 CA B1 27 F9 11 36 ED 93 05 7B E1 20 90 57 B5 ...'..6..... .W.
0040: C6 F9 8A 9D 50 CD B3 4A 54 DC 1B 52 EC EA 7A 0B ....P..JT..R..z.
0050: B6 E6 95 FD DD 80 BE 66 F0 77 F4 E7 9A 8A A3 EF .......f.w......
0060: 9B 68 57 0C 9C 4B 4C C0 24 C5 34 16 D3 8E 45 27 .hW..KL.$.4...E'
0070: CA 23 F1 E0 C5 5E FB FB AA 1C 21 6E CB 5B 57 D9 .#...^....!n.[W.
Found trusted certificate:
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
 To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
Client Thread, READ: TLSv1 Handshake, length = 13
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
*** ServerHelloDone
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 27, 159, 38, 131, 132, 24, 47, 148, 161, 90, 7, 39, 189, 28, 178, 156, 20, 151, 220, 192, 239, 182, 115, 234, 99, 225, 68, 250, 199, 173, 96, 181, 78, 180, 238, 37, 243, 72, 19, 91, 249, 11, 49, 83, 1, 150 }
Client Thread, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 1B 9F 26 83 84 18 2F 94 A1 5A 07 27 BD 1C ....&.../..Z.'..
0010: B2 9C 14 97 DC C0 EF B6 73 EA 63 E1 44 FA C7 AD ........s.c.D...
0020: 60 B5 4E B4 EE 25 F3 48 13 5B F9 0B 31 53 01 96 `.N..%.H.[..1S..
CONNECTION KEYGEN:
Client Nonce:
0000: 45 09 62 F6 47 C3 B9 2C 56 60 0E 0B AB 4C 69 87 E.b.G..,V`...Li.
0010: 88 72 35 36 89 4B CA FE 70 D0 F0 5B C7 F6 AF CF .r56.K..p..[....
Server Nonce:
0000: 45 09 62 F7 3F 5D 30 49 62 FB A0 D7 3D 6E F6 0C E.b.?]0Ib...=n..
0010: 05 D1 5F C2 98 C1 00 B5 87 1A 96 AE 34 5C 38 FA .._.........4\8.
Master Secret:
0000: 0E 63 38 16 86 A1 84 72 33 2C D7 07 D7 C3 AC E0 .c8....r3,......
0010: AD 5B CD 3B 2E 2A 02 91 1E FE 17 97 4E 3B 56 C3 .[.;.*......N;V.
0020: 5D 0F 7A 99 90 0D 3D 4E 5F 39 C5 EB 6E AD DA 71 ].z...=N_9..n..q
Client MAC write Secret:
0000: 99 32 FA 60 0B 88 36 CD 88 02 D5 4A CA D2 A6 49 .2.`..6....J...I
0010: 69 60 42 B6 i`B.
Server MAC write Secret:
0000: 43 3F 85 72 FB 6D 28 1C BA 1E 8A 26 56 DE 18 FB C?.r.m(....&V...
0010: 01 83 20 7F .. .
Client write key:
0000: 6F 58 29 AB B3 8C F5 75 3C 70 04 DF 9D 01 43 F5 oX)....u<p....C.
Server write key:
0000: 4A D7 E9 63 53 32 78 DF E0 99 89 60 A4 1A 3C E7 J..cS2x....`..<.
Client write IV:
0000: 24 FB 0E 12 AB D2 70 6D 80 B1 B2 BC 78 1A 55 88 $.....pm....x.U.
Server write IV:
0000: E4 75 62 25 46 95 0F 7A 44 16 E2 39 38 AD 29 CD .ub%F..zD..98.).
HawkEye Client Thread, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 98, 254, 245, 75, 252, 23, 91, 164, 67, 197, 69, 44 }
Client Thread, WRITE: TLSv1 Handshake, length = 48
Client Thread, READ: TLSv1 Alert, length = 2
Client Thread, RECV TLSv1 ALERT: fatal, handshake_failure
Client Thread, called closeSocket()
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Error: Received fatal alert: handshake_failure
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

OIF with external IdP (Shibboleth) - certificate issue

Hi,
We are in the process of setting up Oracle Identify Federation(as SP) with an external IdP (shibboleth) for SSO,
We got the meta data from the IdP and setup the Identify Provider in OIF with IdP meta data,
The IdP got self sign certificate,
When we try to test the connection, it redirects to the IdP but it fails in the end with below bad certificate error,
Can someone shed some light into this and this is a road block for us? Is Self certificate a issue? please advice any steps to be followed and how
<Error> <oracle.security.fed.controller.library.api.FedEngineInstance> <FEDSTS-12079> <ResponseHandlerException: {0}
oracle.security.fed.controller.frontend.action.exceptions.ResponseHandlerException: oracle.security.fed.util.soap.SOAPException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at oracle.security.fed.frontend.fed.responsehandler.profiles.sp.SendSoapRequestSSOResponseHandler.perform(SendSoapRequestSSOResponseHandler.java:119)
at oracle.security.fed.controller.library.api.FedEngineInstance.processCall(FedEngineInstance.java:279)
at oracle.security.fed.controller.library.api.FedEngineInstance.processCall(FedEngineInstance.java:164)
at oracle.security.fed.controller.library.api.FedEngineSPInstance.validateAndMapAssertion(FedEngineSPInstance.java:166)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.security.am.engine.authn.internal.plugin.FedUserAuthenticationPlugin.invokeValidateAndMapAssertion(FedUserAuthenticationPlugin.java:284)
at oracle.security.am.engine.authn.internal.plugin.FedUserAuthenticationPlugin.process(FedUserAuthenticationPlugin.java:162)
at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:197)
at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:101)
at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:265)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:698)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:299)
at oracle.security.am.controller.MasterController.processEvent(MasterController.java:570)
at oracle.security.am.controller.MasterController.processRequest(MasterController.java:759)
at oracle.security.am.controller.MasterController.process(MasterController.java:682)
at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:177)
at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:136)
at oracle.security.am.pbl.transport.http.AMServlet.doGet(AMServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:264)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:134)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3738)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3704)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2281)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1491)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.security.am.engine.authn.internal.plugin.FedUserAuthenticationPlugin.invokeValidateAndMapAssertion(FedUserAuthenticationPlugin.java:284)
at oracle.security.am.engine.authn.internal.plugin.FedUserAuthenticationPlugin.process(FedUserAuthenticationPlugin.java:162)
at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:197)
at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:101)
at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:265)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:698)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:299)
at oracle.security.am.controller.MasterController.processEvent(MasterController.java:570)
at oracle.security.am.controller.MasterController.processRequest(MasterController.java:759)
at oracle.security.am.controller.MasterController.process(MasterController.java:682)
at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:177)
at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:136)
at oracle.security.am.pbl.transport.http.AMServlet.doGet(AMServlet.java:697)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:264)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3738)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3704)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2281)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1491)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: java.lang.RuntimeException: oracle.security.fed.controller.frontend.action.exceptions.ResponseHandlerException: oracle.security.fed.util.soap.SOAPException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at oracle.security.fed.controller.library.api.FedEngineInstance.processCall(FedEngineInstance.java:395)
at oracle.security.fed.controller.library.api.FedEngineInstance.processCall(FedEngineInstance.java:164)
at oracle.security.fed.controller.library.api.FedEngineSPInstance.validateAndMapAssertion(FedEngineSPInstance.java:166)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.security.am.engine.authn.internal.plugin.FedUserAuthenticationPlugin.invokeValidateAndMapAssertion(FedUserAuthenticationPlugin.java:284)
at oracle.security.am.engine.authn.internal.plugin.FedUserAuthenticationPlugin.process(FedUserAuthenticationPlugin.java:162)
at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:197)
at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:101)
at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:265)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:698)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:299)
at oracle.security.am.controller.MasterController.processEvent(MasterController.java:570)
at oracle.security.am.controller.MasterController.processRequest(MasterController.java:759)
at oracle.security.am.controller.MasterController.process(MasterController.java:682)
at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:177)
at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:136)
at oracle.security.am.pbl.transport.http.AMServlet.doGet(AMServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:264)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:134)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:61)
... 9 more
Caused by: oracle.security.fed.controller.frontend.action.exceptions.ResponseHandlerException: oracle.security.fed.util.soap.SOAPException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at oracle.security.fed.frontend.fed.responsehandler.profiles.sp.SendSoapRequestSSOResponseHandler.perform(SendSoapRequestSSOResponseHandler.java:119)
at oracle.security.fed.controller.library.api.FedEngineInstance.processCall(FedEngineInstance.java:279)
... 51 more
<Mar 21, 2013 3:50:16 PM EST> <Error> <oracle.oam.binding> <OAM-00002> <Error occurred while handling the request.
java.lang.NullPointerException
at oracle.security.am.pbl.protocol.plugin.credcollect.DefaultRedirectionStrategy.getTargetUrl(DefaultRedirectionStrategy.java:403)
at oracle.security.am.pbl.protocol.plugin.credcollect.DefaultRedirectionStrategy.getRedirectUrl(DefaultRedirectionStrategy.java:314)
at oracle.security.am.pbl.protocol.plugin.credcollect.DefaultCredCollectResponseExecutor.process(DefaultCredCollectResponseExecutor.java:121)
at oracle.security.am.pbl.protocol.plugin.credcollect.CredentialCollectionResponseHandler.process(CredentialCollectionResponseHandler.java:99)
at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:175)
at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:177)
at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:136)
at oracle.security.am.pbl.transport.http.AMServlet.doGet(AMServlet.java:697)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)

extract the certificate for your https site and add this to your trusted store.
if you are using the default trust, it should be located under WLSERV~1.3\server\lib\DemoTrust.jks.
you can either use keytool or a tool like portecle for the same.

CA-Signed certificate: Received fatal alert: bad_certificate

Hello. I am still trying to get rmi ssl to work in the way I want (see my post http://forums.sun.com/thread.jspa?threadID=5351278&tstart=15 ).
I read that CA signed certificates are preferred to self signed certificates due to several reasons. Due to the fact, that I want to run a lot of different services, each with an own certificate, it is out of question to let them be signed by a real CA (for now all is in a testing environment and once I have solved all the problems this might become an option).
So for now, I create my own certificate authority and sign the certificates for my services (who interact with each other via ssl).
If there is a flaw in my setup, please tell me. If not continue reading.
In my scenario, a service A is querying a server S to discover a service B. S sends all the information about B back to A, including the certificate of B (so A can use ssl to talk to B). I use client authentication.
Each component uses a keystore, which acts as a truststore at the same time.
When I use self signed certificates and import them to the other keystores (using keytool) everything works as it should.
My setup using ca-signed certificates fails.
At the beginning the server has all the certificates in his keystore (A & B & S, which were signed with the servers secret key, who acts as my CA). A contains the servers certificate and his own, which has been signed with the servers private key (A &S). B contains the servers certificate and his own, which has been signed with the servers private key (B & S).
As far as I understand ssl, if A wants to talk to B, it needs the certificate of B (and needs to trust it).
In my scenario, A is receiving the certificate of B, when it queries the server for information about B. The certificate is imported into As keystore (works), but the method call fails with:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Is rmi ssl creating and using selfsigned certificates from the private keys in the keystore? Maybe I made a mistake, but I don't see it.
A has a certificate of B (and trusts it, because it was signed by an authority whose certificate is trusted from the beginning). B should trust the certificate of A (because it was signed by the same authority). So why is there a bad certificate?
My guess is, in the ssl handshake, A is using his private key to create a self signed certificate and is sending this to B. B has no reason of trusting a self-signed certificate and the handshake fails.
If you have any ideas, I appreciate them a lot.

ejp wrote:
So for now, I create my own certificate authority and sign the certificates for my services (who interact with each other via ssl).So all you have to do is ensure that every client trusts your CA.This is done by importing the CA's certificate into each trust store.
Each component uses a keystore, which acts as a truststore at the same time.That's a really bad idea. They serve completely different purposes. Don't do that.Ok, I will change that. So the trust store is used for certificates I trust (which then can be used by ssl), the keystore is used to store secret keys or if I want to do "cryptography by hand".
As far as I understand ssl, if A wants to talk to B, it needs the certificate of B (and needs to trust it).That's true if B is a server. If A is the server in this scenario it is B that needs to trust A.
In my scenario, A is receiving the certificate of B, when it queries the server for information about B. The certificate is imported into As keystore (works)Should be truststoreI will change that it's only imported into the trust store (-> will do the separation of trust/key store).
but the method call fails with:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificateSo there is something wrong with the certificate that B sent.Yes, but I don't know why. I created a certificate signing request (csr) for B (using keytool) and then used openssl to create the certificate. When I use a private key and openssl to create a selfsigned certificate e.g. create csr for B, export private key of B, use openssl to create the certificate with the private key of B), it has the same checksum as a self signed certificate using keytool.
The trust store of B contains the CA signed certificate of B and the CA certificate. I don't understand why it is a "bad certificate".
Maybe separating key and trust store will solve the problem or give some new hints.
Is rmi ssl creating and using selfsigned certificates from the private keys in the keystore?No. SSL doesn't generate certificates at all. You do. SSL just looks in the keystore for a certificate to send that matches what the peer will accept, and sending that.
So maybe the CA cert is used for it, which would be fault. I'm going to check that.
A has a certificate of B (and trusts it, because it was signed by an authority whose certificate is trusted from the beginning). B should trust the certificate of A (because it was signed by the same authority).> A and B don't need mutual trust unless you have needClientAuth set 'true' somewhere, which you haven't mentioned.I mentioned it, but it came to my mind at the end of my post, so it's kind of hidden in the text. So, I do use client authentication.> > My guess is, in the ssl handshake, A is using his private key to create a self signed certificate> No. See above.> > and is sending this to B. B has no reason of trusting a self-signed certificate and the handshake fails.> No. There is something wrong with the certificate that was received by the side that first got the bad_certificate alert.Thanks a lot. I see several things clearer now.

No client certificate available, sending empty certificate message

Dear Experts,
    I am trying to establish SSL client certificate connection to external partner. What puzzles me is that the certificate is not picked up by SAP PI. The intermediate and root CA for the partner are OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign, Inc.,O=VeriSign Trust Network and OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US, respectively. You will be able to spot them in the Accepted Certificate Authority list, yet PI insists on sending empty certificate.
    Below is trace gathered from J2EE default trace. Please help shed some light
Date : 11/16/2011
Time : 8:49:11:423
Message : additional info ssl_debug(9): Starting handshake (iSaSiLk 4.3)...
ssl_debug(9): Sending v3 client_hello message to preprod.connect.elemica.com:443, requesting version 3.2...
ssl_debug(9): Received v3 server_hello handshake message.
ssl_debug(9): Server selected SSL version 3.1.
ssl_debug(9): Server created new session 22:E7:C0:9E:C1:D2:78:83...
ssl_debug(9): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(9): CompressionMethod selected by server: NULL
ssl_debug(9): Received certificate handshake message with server certificate.
ssl_debug(9): Server sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(9): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(9): Received certificate_request handshake message.
ssl_debug(9): Accepted certificate types: RSA, DSA
ssl_debug(9): Accepted certificate authorities:
ssl_debug(9):   CN=QuoVadis Global SSL ICA,OU=www.quovadisglobal.com,O=QuoVadis Limited,C=BM
ssl_debug(9):   CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
ssl_debug(9):   CN=CSF - Classe III - Sign et Crypt,OU=Certification Professionnelle,O=Autorite Consulaire
ssl_debug(9):   CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions, Inc.,O=GTE Corporation,C=US
ssl_debug(9):   CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
ssl_debug(9):   CN=DPWN SSL CA I2 PS,OU=I2 PS,O=Deutsche Post World Net
ssl_debug(9):   CN=CSF,O=Autorite Consulaire
ssl_debug(9):   C=BE,O=GlobalSign nv-sa,OU=RootSign Partners CA,CN=GlobalSign RootSign Partners CA
ssl_debug(9):   CN=Dell Inc. Enterprise Utility CA1,O=Dell Inc.
ssl_debug(9):   EMAIL=premium-server(a)thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
ssl_debug(9):   CN=TC TrustCenter Class 2 L1 CA XI,OU=TC TrustCenter Class 2 L1 CA,O=TC TrustCenter GmbH,C=DE
ssl_debug(9):   CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9):   OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign, Inc.,C=US
ssl_debug(9):   CN=TC TrustCenter SSL CA I,OU=TC TrustCenter SSL CA,O=TC TrustCenter GmbH,C=DE
ssl_debug(9):   CN=Entrust Root Certification Authority,OU=(c) 2006 Entrust, Inc.,OU=www.entrust.net/CPS is incorporated by reference,O=Entrust, Inc.,C=US
ssl_debug(9):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9):   CN=Meijer ipprod,OU=IT,OU=Merch,O=Meijer Stores Limited,L=Walker,ST=MI,C=US
ssl_debug(9):   CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
ssl_debug(9):   OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign, Inc.,O=VeriSign Trust Network
ssl_debug(9):   CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
ssl_debug(9):   CN=Deutsche Telekom CA 5,OU=Trust Center Deutsche Telekom,O=T-Systems Enterprise Services GmbH,C=DE
ssl_debug(9):   CN=TC TrustCenter Class 2 CA II,OU=TC TrustCenter Class 2 CA,O=TC TrustCenter GmbH,C=DE
ssl_debug(9):   CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9):   OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign, Inc.,O=VeriSign Trust Network
ssl_debug(9):   CN=Thawte SGC CA,O=Thawte Consulting (Pty) Ltd.,C=ZA
ssl_debug(9):   CN=Bertschi CA,O=Bertschi AG (Schweiz),L=Duerrenaesch,ST=Switzerland,C=CH
ssl_debug(9):   CN=Cybertrust SureServer CA,O=GlobalSign Inc
ssl_debug(9):   CN=VeriSign Class 3 Secure Server CA,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9):   EMAIL=server-certs(a)thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
ssl_debug(9):   CN=Mark Van Hamme,O=Brain2 BVBA,L=Brussels,ST=Brabant,C=BE
ssl_debug(9):   CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
ssl_debug(9):   EMAIL=bis.at(a)siemens.com,CN=bis.siemens.at,OU=SBS ORS EDO,O=Siemens Business Services,L=Vienna,ST=Vienna,C=AT
ssl_debug(9):   CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9):   CN=mail2.adr-logistics.hu,O=ADR Logistics Kft.,L=Gyu00E1l,ST=Pest,C=HU
ssl_debug(9):   EMAIL=brent.kemp(a)sscoop.com,CN=bacchusdevp.sscoop.com,OU=IS,O=Southern States Cooperative Inc,L=Richmond,ST=VA,C=US
ssl_debug(9):   CN=Cybertrust SureServer Standard Validation CA,O=Cybertrust Inc
ssl_debug(9):   OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group, Inc.,C=US
ssl_debug(9):   CN=Certipost E-Trust Secondary Normalised CA for Legal Persons,O=Certipost s.a./n.v.,C=BE
ssl_debug(9):   EMAIL=cert(a)bit-serv.de,CN=BIT-SERV GmbH Root CA,O=BIT-SERV GmbH,C=DE
ssl_debug(9):   CN=SAP_elemica_tester
ssl_debug(9):   CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
ssl_debug(9):   OU=Class 1 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
ssl_debug(9):   CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
ssl_debug(9):   CN=Montova Root CA,OU=Root CA,O=Montova,C=BE
ssl_debug(9):   CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
ssl_debug(9):   CN=Dell Inc. Enterprise CA,O=Dell Inc.
ssl_debug(9):   CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
ssl_debug(9):   EMAIL=support(a)tamgroup.com,OU=Engineering,O=Tamgroup,ST=California,L=San Anselmo,C=US,CN=Tamgroup
ssl_debug(9):   CN=GlobalSign Organization Validation CA,O=GlobalSign,OU=Organization Validation CA
ssl_debug(9):   CN=Certinomis AC 1 u00E9toile,OU=0002 433998903,O=Certinomis,C=FR
ssl_debug(9):   CN=GlobalSign ServerSign CA,OU=ServerSign CA,O=GlobalSign nv-sa,C=BE
ssl_debug(9):   CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
ssl_debug(9):   CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
ssl_debug(9):   CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
ssl_debug(9):   CN=GlobalSign Organization Validation CA,O=GlobalSign,OU=Organization Validation CA
ssl_debug(9):   CN=thawte Primary Root CA,OU=(c) 2006 thawte, Inc. - For authorized use only,OU=Certification Services Division,O=thawte, Inc.,C=US
ssl_debug(9):   CN=Certipost E-Trust Primary Normalised CA,O=Certipost s.a./n.v.,C=BE
ssl_debug(9):   CN=Thawte DV SSL CA,OU=Domain Validated SSL,O=Thawte, Inc.,C=US
ssl_debug(9):   OU=Equifax Secure Certificate Authority,O=Equifax,C=US
ssl_debug(9):   CN=preprod.connect.elemica.com,OU=CONNECTED SOLUTIONS,O=Elemica,L=Wayne,ST=Pennsylvania,C=US
ssl_debug(9):   CN=Certinomis - Autoritu00E9 Racine,OU=0002 433998903,O=Certinomis,C=FR
ssl_debug(9):   CN=DPWN Root CA R2 PS,OU=IT Services,O=Deutsche Post World Net,DC=com
ssl_debug(9):   CN=Thawte Test CA Root,OU=TEST TEST TEST,O=Thawte Certification,ST=FOR TESTING PURPOSES ONLY,C=ZA
ssl_debug(9):   OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
ssl_debug(9):   EMAIL=santiago.tolosa(a)eu.rhodia.com,CN=Rhodia Development CA,OU=ISF - WARTE,O=Rhodia,L=La Villette,ST=France,C=FR
ssl_debug(9):   CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
ssl_debug(9):   CN=DigiCert High Assurance CA-3,OU=www.digicert.com,O=DigiCert Inc,C=US
ssl_debug(9):   CN=Groep H. Essers TEST (99805D6DA33FCC1700010002),O=Montova,C=BE
ssl_debug(9):   serialNumber=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com, Inc.,L=Scottsdale,ST=Arizona,C=US
ssl_debug(9):   CN=VeriSign Class 3 Secure Server 1024-bit CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9):   serialNumber=10688435,CN=Starfield Secure Certification Authority,OU=http://certificates.starfieldtech.com/repository,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US
ssl_debug(9):   CN=Conextrade,OU=Swisscom IT,O=Swisscom AG,L=Zurich,ST=Zurich,C=CH,EMAIL=ccc.eTrade(a)swisscom.com
ssl_debug(9):   CN=b2bproto.basf-corp.com,OU=Corporate IS,O=BASF Corporation,L=Mount Olive,ST=New Jersey,C=US
ssl_debug(9):   CN=GlobalSign Domain Validation CA - G2,O=GlobalSign nv-sa,C=BE
ssl_debug(9):   CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
ssl_debug(9):   CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US
ssl_debug(9):   EMAIL=!sysadmin(a)elemica.com,CN=www.elemica.com,OU=Connected Solutions,O=Elemica, Inc,L=Wayne,ST=Pennsylvania,C=US
ssl_debug(9):   CN=GeoTrust SSL CA,O=GeoTrust, Inc.,C=US
ssl_debug(9):   CN=RapidSSL CA,O=GeoTrust, Inc.,C=US
ssl_debug(9):   CN=Entrust Certification Authority - L1E,OU=(c) 2009 Entrust, Inc.,OU=www.entrust.net/rpa is incorporated by reference,O=Entrust, Inc.,C=US
ssl_debug(9):   CN=EAS,O=COMPUDATA EDI Dienstleister,C=CH,EMAIL=helpdesk.dl(a)compudata.ch
ssl_debug(9):   CN=GlobalSign Domain Validation CA,O=GlobalSign nv-sa,OU=Domain Validation CA,C=BE
ssl_debug(9):   CN=GlobalSign Primary Secure Server CA,OU=Primary Secure Server CA,O=GlobalSign nv-sa,C=BE
ssl_debug(9):   CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
ssl_debug(9):   CN=Entrust Root Certification Authority,OU=(c) 2006 Entrust, Inc.,OU=www.entrust.net/CPS is incorporated by reference,O=Entrust, Inc.,C=US
ssl_debug(9):   CN=Thawte SSL CA,O=Thawte, Inc.,C=US
ssl_debug(9):   CN=Entrust Certification Authority - L1C,OU=(c) 2009 Entrust, Inc.,OU=www.entrust.net/rpa is incorporated by reference,O=Entrust, Inc.,C=US
ssl_debug(9):   CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
ssl_debug(9):   EMAIL=vladimir.polak(a)esa.ch,CN=Vladimir Polak,O=Einkaufsorganisation des Schweizerischen Auto- und Motorfahrzeuggewerbes,C=CH
ssl_debug(9):   CN=IT Directions and Strategies,OU=ITDS EDI,ST=WI,C=US,L=Hartland,EMAIL=aklumpp(a)itdsllc.com,O=ITDS EDI
ssl_debug(9):   CN=Entrust Certification Authority - L1B,OU=(c) 2008 Entrust, Inc.,OU=www.entrust.net/CPS is incorporated by reference,OU=CPS CONTAINS IMPORTANT LIMITATIONS OF WARRANTIES AND LIABILITY,OU=AND ADDITIONAL TERMS GOVERNING USE AND RELIANCE,O=Entrust, Inc.,C=US
ssl_debug(9):   CN=GlobalSign Organization Validation CA - G2,O=GlobalSign nv-sa,C=BE
ssl_debug(9):   CN=VeriSign Class 1 Individual Subscriber CA - G3,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9):   CN=VeriSign Class 1 Individual Subscriber CA - G2,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9):   CN=TeleSec ServerPass CA 1,OU=Trust Center Services,O=T-Systems International GmbH,C=DE
ssl_debug(9):   CN=TC TrustCenter Class 3 L1 CA V,OU=TC TrustCenter Class 3 L1 CA,O=TC TrustCenter GmbH,C=DE
ssl_debug(9):   C=NL,ST=Zuid-Holland,L=Spijkenisse,O=De Rijke Transport,OU=ICT,CN=smtphost.derijke.com
ssl_debug(9):   CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9):   CN=Comodo Class 3 Security Services CA,OU=(c)2002 Comodo Limited,OU=Terms and Conditions of use: http://www.comodo.net/repository,OU=Comodo Trust Network,O=Comodo Limited,C=GB
ssl_debug(9):   CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
ssl_debug(9):   OU=Starfield Class 2 Certification Authority,O=Starfield Technologies, Inc.,C=US
ssl_debug(9):   EMAIL=ftp(a)csx.com,C=US,O=CSX Corporation Inc,CN=CSX_CORPORATION_AS2_02062009
ssl_debug(9):   CN=EssentialSSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
ssl_debug(9):   CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
ssl_debug(9):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(9): Received server_hello_done handshake message.
ssl_debug(9): No client certificate available, sending empty certificate message...
ssl_debug(9): Sending client_key_exchange handshake...
ssl_debug(9): Sending change_cipher_spec message...
ssl_debug(9): Sending finished message...
ssl_debug(9): Received alert message: Alert Fatal: bad certificate
ssl_debug(9): SSLException while handshaking: Peer sent alert: Alert Fatal: bad certificate
ssl_debug(9): Shutting down SSL layer...
Severity : Error
Category : /Applications/ExchangeInfrastructure/AdapterFramework/SAPLibraries/SAPXDK
Location : com.sap.aii.messaging.net.HTTPClientConnection.call(Object)
Application : sap.com/com.sap.xi.rwb
Thread : SAPEngine_Application_Thread[impl:3]_0
Datasource : 7662250:E:\usr\sap\T37\DVEBMGS00\j2ee\cluster\server0\log\defaultTrace.trc
Message ID : 00505688007A006A0000005100001B8C0004B1CF78E9602A
Source Name : com.sap.aii.messaging.net.HTTPClientConnection
Argument Objs :
Arguments :
Dsr Component :
Dsr Transaction : cc6d1cee0fec11e1c90200000074eaaa
Dsr User :
Indent : 0
Level : 0
Message Code :
Message Type : 0
Relatives : /Applications/ExchangeInfrastructure/AdapterFramework/SAPLibraries/SAPXDK
Resource Bundlename :
Session : 365
Source : com.sap.aii.messaging.net.HTTPClientConnection
ThreadObject : SAPEngine_Application_Thread[impl:3]_0
Transaction :
User : CPWONG
Dsr Root Context ID :
Dsr Connection :
Dsr Counter : -1

Hi ,
Is the above problem solved , can you share the solution.
Thanks

Army Bad Certificates

Similar Messages

Maybe you are looking for