Cannot complete the certificate chain: No trusted cert found

Similar Messages

• "The certificate is not trusted because no issuer chain was provided" error in all browsers for all websites.

  As it says, Chrome, Firefox, and Internet Explorer all give the certificate error message for any and every website attempted - including the Firefox add-ons page. The specific error is the "no issuer chain was provided".
  1) This problem is not on my computer - it is on my mother's computer in another city. Therefore, I cannot attempt every little possibility without flying over there - I'm looking for things I can tell her to do over the phone. The problem started today. I've already given her the list of anti-malware programs to go install and run from here:
  https://support.mozilla.org/en-US/questions/982393
  Note that, of course, she will have to accept the security certificate override to get to these things - I hope this isn't bad.
  2) The problem started after she tried to use Skype, it hung for a very long time and would never log on. So she tried to reinstall it - and she said she clicked through a number of agreement screens and believes she may have installed malicious 3rd party software. This is ridiculous, is Skype now putting malware on people's computers through these bogus 3rd party add-ons at installation? I suppose it is possible Skype was hanging because of some other problem - but she did manage to reinstall Skype and got it to work (but now her internet certificates won't).
  3) She has BitDefender. I am aware that it says here:
  https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
  that she should turn off SSL scanning. She turned it off, it did not solve the problem. She turned it off and restarted, it did not solve the problem. She has had it on for the past 6 months and it has never caused a problem.
  4) In addition, BitDefender reported today that it stopped a malicious program called MySearchDial.exe from attempting something it shouldn't. We went through this removal guide:
  http://malwaretips.com/blogs/start-mysearchdial-removal/
  however, the software MySearchDial was never actually installed into the windows install list, and we did not find any addons/plugins in any of the browser lists (note that Firefox add-ons cannot be accessed with a certificate error, it gives the error message but DOES NOT give you the option to add an exception so you can't access the add-ons). The only thing we found was (a) MySearchDial was default in the IE search engine list, despite there being no add-on, and (b) MySearchDial.exe was in the temp folder (now deleted). I note that I had BitDefender scan the temp folder *before* I deleted MySearchDial.exe, and it claimed no threats were found. What? It was BitDefender that warned me of it in the first place!
  5) Time and date are correct.
  6) Checked the Win 7 install log, only Skype, Skype Click-to-Call, and (for some reason) Mircosoft Visual Studio 2010 and Visual C++ were installed or altered today. I got paranoid about Click-to-call and asked her to uninstall it, but it didn't solve the problem.
  7) The OS is Win7 64bit Home.
  Anything beyond endless Malware removal programs (via list linked above) that we should try?

  The only way to know what is going on is to retrieve the certificate and check who is the issuer.<br />
  It is always possible that the server doesn't send the full certificate chain (intermediate certificates), so it might help to post a link to this website
  Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted and click "Technical Details to expand this section.<br>If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.

• "The certificate chain was issued by an authority that is not trusted" when migrating to SQL 2012

  Environment:
  1 Primary Site (USSCCM-Site.domain.com)
  1 CAS (USSCCM-CAS.domain.com)
  SQL 2008 R2 (USSCCM-CAS.domain.com)
  SQL 2012 SP1 CU6 (USSQL12.domain.com)
  Issue:
  We were successfully able to migrate the CAS to the new SQL 2012 server, almost without incident. When attempting to migrate the Site instance however, we are getting errors. Screenshot below.
  Attached is a copy of the log. But below is a highlight of what I think are the errors… It appears that either SQL or SCCM doesn’t like a certificate somewhere, but it is contradicting because the logs say that it has successfully tested connection to SQL.
  I am lost.
  Logs stating it can connect successfully to SQL
  Machine certificate has been created successfully on server USSQL12.domain.com.        Configuration Manager Setup                10/21/2013 10:20:10
  AM               2100 (0x0834)
  Deinstalled service SMS_SERVER_BOOTSTRAP_USSCCM-Site.domain.com_SMS_SQL_SERVER on USSQL12.domain.com.  Configuration Manager Setup    10/21/2013 10:20:10 AM              
  2100 (0x0834)
  SQL Server instance [sccmsite] is already running under the certificate with thumbprint[f671be844bf39dec7e7fdd725dc30e225991f28a].       Configuration Manager Setup    10/21/2013 10:20:10 AM        
  2100 (0x0834)
  INFO: Testing SQL Server [USSQL12.domain.com] connection ...                Configuration Manager Setup    10/21/2013 10:20:10 AM      
  2100 (0x0834)
  INFO: SQL Connection succeeded. Connection: USSQL12.domain.com SCCMSITE\MASTER, Type: Unsecure                Configuration Manager Setup    10/21/2013 10:20:10 AM              
  2100 (0x0834)
  INFO: Tested SQL Server [USSQL12.domain.com] connection successfully.  Any preceding SQL connection errors may be safely ignored.            Configuration Manager Setup    10/21/2013
  10:20:10 AM               2100 (0x0834)
  INFO: Certificate: 308202FC308201E4A003020102021011BA47041BB0609D4097BC19F5AB96B5300D06092A864886F70D01010B0500301D311B301906035504031312555353514C31322E7063756265642E636F6D3020170D3133313031373139343632345A180F32313133303932343139343632345A301D311B301906035504031312555353514C31322E7063756265642E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100CFAC23CEA8920051C8C24DF4E96D76D9E034931867C4DBF74F8AE863C5BDE6D1EAEAAF363F6B97DEF1D7A1FC292CB870F353D72F04472EBE3D31DCA009BD3F8C58E2AAB69C892C20598306537F5EEAA43FA6DE55D4A784CEB6FD07486AB2CC2DE1A8651648EBC31A5CD918E8ED6E184FC560B3A8B0F76F83E310BBA8C4EB27F46707E3A6377D8DD06C6808146E407EF9DB464F453798B6C1748216665884A7F2CDE03D9DA1CB4E59E67516E4F345755E35450F84F4B039642851EFFA96B22D8E77EC11C01D389989F740923B58799E34FC8F4F19CD55830FA7E786C993A08A1EEDCA87F209268CE9D5E86AC9E2A14668207721D94ACE9FACE3AA55B53507F6BF0203010001A3363034301D0603551D11041630148212555353514C31322E7063756265642E636F6D30130603551D25040C300A06082B06010505070301300D06092A864886F70D01010B05000382010100A0E33BF490B60C2B8A73BF7FA90EBB69D92DA27B439EF0569650F388EBA34B9F382CEF52DAAB543C2924E1B8DC7BEE828FB0C276330B0FF67340CBFA0CC24F47431E5272DC76C7610C290A04411036441E9822FBF8AB52B4BBE43F5FF48074BA420FF690A94D53AFCEF7AC75E2D2723520A9EF64AF06759814AE92D41CEA2F0D6CC8D9E5DEF121234F5DD97A7E886BE55F57DC0B79052A554724E8A0146C08A74AE75672FBD8C8BD6B7FCA82C1CC69906A45128CDDD1BC3985ED9603C16E712FFBAA8AA6878F853367F3E1F69E727DB96864DF6B47EBDA82659036EC82A8B04E77535CEA314D7518D02C401969C77B91C8C210C57AA991A622D679B994AEED3C               
  Configuration Manager Setup    10/21/2013 10:20:10 AM               2100 (0x0834)
  INFO: Created SQL Server machine certificate for Server [USSQL12.domain.com] successfully.    Configuration Manager Setup 10/21/2013 10:20:10 AM               2100 (0x0834)
  INFO: Configuration Manager Setup - Application Shutdown       Configuration Manager Setup    10/21/2013 10:20:10 AM         2100 (0x0834)
  INFO: Running SQL Server test query.    Configuration Manager Setup    10/21/2013 10:20:10 AM               2100 (0x0834)
  INFO: SQL Connection succeeded. Connection: USSQL12.domain.com SCCMSITE\MASTER, Type: Secure                Configuration Manager Setup    10/21/2013 10:20:10 AM              
  2100 (0x0834)
  INFO: SQL Server Test query succeeded.              Configuration Manager Setup    10/21/2013 10:20:10 AM              
  2100 (0x0834)
  INFO: SQLInstance Name: sccmsite         Configuration Manager Setup    10/21/2013 10:20:10 AM               2100 (0x0834)
  INFO: SQL Server version detected is 11.0, 11.0.3381.0 (SP1).      Configuration Manager Setup    10/21/2013 10:20:10 AM         2100 (0x0834)
  Logs saying certificate is not trusted
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
  10/21/2013 10:20:49 AM                2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:20:49
  AM               2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:20:49 AM              
  2100 (0x0834)
  *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:20:49 AM              
  2100 (0x0834)
  INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure         Configuration Manager Setup                10/21/2013 10:20:49
  AM               2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:20:52 AM              
  2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
  10/21/2013 10:20:52 AM                2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:20:52
  AM               2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:20:52 AM              
  2100 (0x0834)
  *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:20:52 AM              
  2100 (0x0834)
  INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure         Configuration Manager Setup                10/21/2013 10:20:52
  AM               2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:20:55 AM              
  2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
  10/21/2013 10:20:55 AM                2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:20:55
  AM               2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:20:55 AM              
  2100 (0x0834)
  *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:20:55 AM              
  2100 (0x0834)
  INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure         Configuration Manager Setup                10/21/2013 10:20:55
  AM               2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:20:58 AM              
  2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
  10/21/2013 10:20:58 AM                2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:20:58
  AM               2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:20:58 AM              
  2100 (0x0834)
  *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:20:58 AM              
  2100 (0x0834)
  INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure         Configuration Manager Setup                10/21/2013 10:20:58
  AM               2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:21:01 AM              
  2100 (0x0834)
  More logs saying cert is not trusted
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:21:20 AM              
  2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
  10/21/2013 10:21:20 AM                2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:21:20
  AM               2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:21:20 AM              
  2100 (0x0834)
  *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:21:20 AM              
  2100 (0x0834)
  INFO: Updated the site control information on the SQL Server USSQL12.domain.com.    Configuration Manager Setup                10/21/2013 10:21:39 AM              
  2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup    10/21/2013 10:21:39 AM              
  2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted.        Configuration Manager Setup   
  10/21/2013 10:21:39 AM                2100 (0x0834)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection                Configuration Manager Setup    10/21/2013 10:21:39
  AM               2100 (0x0834)
  ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection         Configuration Manager Setup    10/21/2013 10:21:39 AM              
  2100 (0x0834)
  *** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS.    Configuration Manager Setup                10/21/2013 10:21:39 AM              
  2100 (0x0834)
  CSiteSettings::WriteActualSCFToDatabase: Failed to get SQL connection                Configuration Manager Setup               
  10/21/2013 10:21:39 AM               2100 (0x0834)
  CSiteSettings::WriteActualSCFToDatabaseForNewSite: WriteActualSCFToDatabase(USA) returns 0x87D20002                Configuration Manager Setup    10/21/2013 10:21:39
  AM               2100 (0x0834)
  ERROR: Failed to insert the recovery site control image to the parent database. Configuration Manager Setup                10/21/2013 10:21:39 AM              
  2100 (0x0834)
  Troubleshooting:
  I have read on a few articles of other people having this issue that states to find the certificate on SQL 2012 that’s being used and export it to the SCCM server – which I’ve done.
  http://damianflynn.com/2012/08/22/sccm-2012-and-sql-certificates/
  http://trevorsullivan.net/2013/05/16/configmgr-2012-sp1-remote-sql-connectivity-problem/
  http://scug.be/sccm/2012/09/19/configmgr-2012-rtm-sp1-and-remote-management-points-not-healthy-when-running-configmgr-db-on-a-sql-cluster/
  -Brad

  Hi,
  How about importing certificate in the personal folder under SQL server computer account into SCCM server computer account or SCCM server service account? That certificate is for SQL Server Identification. And you could
  set the value of the ForceEncryption option to NO. (SQL Server Configuration Manager->SQL Server Network Configuration->
  Protocols for <server instance>->Properties)
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Firefox4: every add-on/extension gives the same error: "Secure Connection Failed - The certificate is not trusted because no issuer chain was provided".

  These are all certs from static.addons.mozilla.net. Even if I add a security exception it does not help
  '''Secure Connection Failed
  static.addons.mozilla.net:443 uses an invalid security certificate
  The certificate is not trusted because no issuer chain was provided
  (Error code: sec_error_unknown_issuer)
  This could be an error with the servers configuration,...
  If you have connected ...'''

  Do you have something like BrowserSafe, Browser Safeguard, or Safeguard installed on your machine?
  If so, get rid of it.

• Hybrid Connection fails for Windows SQL Server 2014 - SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted

  Hello,
  I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
  Azure Management portal shows the status of Hybrid Connection as established.
  However, the website throws an error when trying to open a connection
  <
  addname="DefaultConnection"
  connectionString="Data
  Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
  providerName="System.Data.SqlClient"
  />
  (The same website, with the same connection string deployed on SQL Server machine works correctly).
  I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
  [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
  [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
  I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
  The certificate chain was issued by an authority that is not trusted             
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            
  Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
  Source Error:
  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.                  
  Stack Trace:
  [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
  [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
  System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
  System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
  System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
  System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
  System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
  System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
  System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
  System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
  System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
  System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
  System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
  System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
  System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
  System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
  System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
  System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
  System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
  System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
  System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
  System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
  System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
  System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
  System.Data.SqlClient.SqlConnection.Open() +96
  System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
  [EntityException: The underlying provider failed on Open.]
  System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
  System.Data.EntityClient.EntityConnection.Open() +104
  System.Data.Objects.ObjectContext.EnsureConnection() +75
  System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
  System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
  System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
  System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
  CloudShop.Services.ProductsRepository.GetProducts() +216
  CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
  CloudShop.Controllers.HomeController.Index() +1130
  lambda_method(Closure , ControllerBase , Object[] ) +62
  System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
  System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
  System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
  System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
  System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
  System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
  System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
  System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
  System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
  System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
  System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
  System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
  System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
  System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
  System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
  Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213            
  Regards,
  Michal
  Michal Morciniec

  Same issue here, looking for more information !

• Error code 265: The certificate chain was issued by an authority that is not trusted.

  We are in the process of trying to set up a wireless network that uses NPS servers to authenticate domain users with computers that are not on our domain (BYOD).
  We are using a valid, wildcard SSL (with intermediate certificates) to authenticate via PEAP.  The certificate was issued by Godaddy.
  When trying to connect, we are getting the authentication request.
  The result of a connection attempt is no connection with an event log error code of - “265: The certificate chain was issued by an authority that is not trusted.”
  We have tried ensuring that the certificates are in the correct containers on the respective NPS servers: “Certificates\Personal\Certificates” With the intermediate certificates located: “Certificates/Intermediate Certification Authorities”
  All these attempts have proven fruitless.  Any assistance or direction would be very much appreciated.

  Hi,
  Do you import the intermediate certificate in the right account? It should be imported in the Computer Account.
  Have you imported the intermediate certificate in your client? Client need it to validate the certificate of your NPS server.
  Here is a similar thread in which Greg has explained this issue in detail.
  http://social.technet.microsoft.com/Forums/en-US/b770fcf6-d1e9-4aac-9005-62cb5ff6d485/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted?forum=winserverNAP
  Hope this helps.
  Steven Lee
  TechNet Community Support

• AME Error - Name   lacks a supervisor, so AME cannot complete the chain

  Hi,
  If any one aware of this Issue, Please lets help & Guide me
  While i do the Run Test Case (2) in AME .Its giving a below error message.
  Error: <Name> lacks a supervisor, so AME cannot complete the chain of authority for the transaction
  Regards,
  senthil

  Senthilkumar Chellamuthu wrote:
  Hi,
  If Any one aware of this Issue.please revert back.
  Regards,
  senthilIn addition to the above doc, please see:
  Transaction Fails With "<requestor> lacks a supervisor, so AME cannot complete the chain..." Although TOP_SUPERVISOR_PERSON_ID Is Specified [ID 728725.1]
  Quote Approval Returns Error in ASO_APR_INT.GET_ALL_APPROVERS [ID 452009.1]
  R12: AME Does not Send a Notification to the Preparer if No Approver Found GET_NEXT_APPROVER_AME Exception [ID 557718.1]
  12: AME Does not Send a Notification to the Preparer if No Approver Found GET_NEXT_APPROVER_AME Exception [ID 557718.1]
  R12: AME Contingent Worker Not Able To Create Requisitions Fails At GET_NEXT_APPROVER_AME [ID 781794.1]
  Got Error When Using Hr_approval_custom.Check_final_approver And Hr_approval_custom.Get_next_app [ID 1321264.1]
  Thanks,
  Hussein

• The certificate is not trusted because no issuer chain was provided

  There is an archived thread with this question however in the many replies there isn't an explanation as to why this error is thrown on some systems and not on others and only on FireFox and not on Safari, Chrome, IE, FireFox (on Mac). Not on all Windows systems this error shows up but it shows in some window systems and in all the Linux systems that I have tried. So, is this a problem on the server or is it a FireFox problem?

  You can get this certificate is not trusted error if server doesn't send a required intermediate certificate.
  Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future usage.
  If a server doesn't send a full certificate chain then you won't get an untrusted error when Firefox has stored missing intermediate certificates from visiting a server in the past that has send it, but you do get an untrusted error if this intermediate certificate isn't stored yet.
  You can inspect the certificate chain via a site like this:
  *http://www.networking4all.com/en/support/tools/site+check/

• The certificate is not trusted because no issuer chain was provided - firefox only

  Hi,
  I'm trying to get my website:
  https://mgmt.pixafix.com/
  and I'm getting the following error:
  This Connection is Untrusted
  mgmt.pixafix.com uses an invalid security certificate.
  The certificate is not trusted because no issuer chain was provided.
  (Error code: sec_error_unknown_issuer)
  This is my website, and I've installed the certificate 2 month ago. I didn't check it using Firefox until now.
  Firefox enter all other HTTPS website. All other browser entering my https domain with no warning.
  Tested on 2 different machines:
  Ubuntu - Firefox not working, Chrome - working fine (without any warning)
  Mac - Firefox not working, Safari - working fine (without any warning)
  I've tried the solutions described here:
  https://support.mozilla.org/en-US/kb/connection-untrusted-error-message#w_the-certificate-is-not-trusted-because-the-issuer-certificate-is-unknown
  And unable to use this solution because no firewall installed:
  https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message#w_the-certificate-is-not-trusted-because-no-issuer-chain-was-provided
  Thanks in advance for any help,
  Ziv

  Thanks sahilnmmt but it not helping.
  I'm downloaded the EssentialSSLCA certificate and import it into firefox using:
  Advanced > View certificate > Authorities > import
  Didn't check any checkbox there.
  Restarted my Firefox, and still getting the same message.

• Site name) uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

  I am working with Firefox 35.0 I get the security certificate error message of site name) uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer).
  This happens on each page that I go to. I can pull the page up with no problem with Explorer. Please Help. I don't have any security software that would be stopping or scanning SSL.

  Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted and click "Technical Details" to expand this section.
  If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the <b>issuer of the certificate</b>.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If <b>"I Understand the Risks"</b> is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.

• Getting error "The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)"

  I am using site "https://www.ultimatix.net" for learning purpose. This site directs to another site for web based learning, which is "icalmscontent.ultimatix.net". It is giving error "icalmscontent.ultimatix.net uses an invalid security certificate.
  The certificate is not trusted because no issuer chain was provided.
  (Error code: sec_error_unknown_issuer)",
  and there is no button to add exception. Please help.

  hello nitin2joy, the "add exception"-button is not accessible on framed pages for security purposes (to avoid phishing/impersonating by malicious sites).
  in case the page you're trying to access is embedded in an iframe, right-click the error page, click on "this frame" > "show only this frame" and hopefully you can add an exception in the next step. this should only be necessary once if you choose to permanently store the exception.

• HTTPS Client not sending the certificate chain

  Hi,
  I have HTTPS java programme with client authendication.
  When the server request for the certificate from the client, the client is not sending the certificate chain, the server says Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
  In the client I an setting the keystore properties properly
  Below is the ssl trace from the server and the client.
  The trace clearly says that the client has loded its certificate from the key store.
  One thing I noticed is the validity period of the client certificate is different in client and the server.
  I am not sure why it is different. I followed the steps properly to create the certificate.
  Can anyone help me to resolve this
  ==========================Server Trace==========================
  SecureServer version 1.0
  found key for : server
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  trustStore is: d:\babu\ssltest\sscerts\jsseclient1
  trustStore type is : jks
  init truststore
  adding as trusted cert: [
  Version: V1
  Subject: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@166
  Validity: [From: Sun Jun 07 04:00:00 GMT+04:00 1998,
                 To: Tue Jun 07 03:59:59 GMT+04:00 2011]
  Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
  SerialNumber: [    32f057e7 153096f5 1fb86e5b 5a49104b]
  Algorithm: [SHA1withRSA]
  Signature:
  0000: A6 96 37 75 1C FD 95 95 40 E0 C9 53 25 8D E7 12 [email protected]%...
  0010: AC 44 51 10 AC F2 BA 98 4D 72 EF 0B 75 2D 51 19 .DQ.....Mr..u-Q.
  0020: 11 C9 47 E2 2F 96 67 61 0F 36 1D CA E7 C7 23 48 ..G./.ga.6....#H
  0030: 46 97 63 C4 32 AE FF 7B 5A 65 64 50 CA 67 F7 14 F.c.2...ZedP.g..
  adding as trusted cert: [
  Version: V3
  Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
  Validity: [From: Mon Oct 09 04:00:00 GMT+04:00 2006,
                 To: Tue Oct 24 03:59:59 GMT+04:00 2006]
  Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
  SerialNumber: [    5f2e369d 92ccf119 5d9a0371 c2f19ba4]
  Certificate Extensions: 6
  [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
  0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
  0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
  [2]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
  0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
  0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
  0030: 76 65 72 2E 63 72 6C ver.crl
  [3]: ObjectId: 2.5.29.37 Criticality=false
  ExtendedKeyUsages [
  [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
  [4]: ObjectId: 2.5.29.32 Criticality=false
  CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
  [PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.2
    qualifier: 0000: 30 56 30 15 16 0E 56 65   72 69 53 69 67 6E 2C 20  0V0...VeriSign,
  0010: 49 6E 63 2E 30 03 02 01   01 1A 3D 56 65 72 69 53  Inc.0.....=VeriS
  0020: 69 67 6E 27 73 20 43 50   53 20 69 6E 63 6F 72 70  ign's CPS incorp
  0030: 2E 20 62 79 20 72 65 66   65 72 65 6E 63 65 20 6C  . by reference l
  0040: 69 61 62 2E 20 6C 74 64   2E 20 28 63 29 39 37 20  iab. ltd. (c)97
  0050: 56 65 72 69 53 69 67 6E                            VeriSign
  ], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
  0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 risign.com/CPS
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  DigitalSignature
  Key_Encipherment
  [6]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 9D FC BF B3 A3 5D 94 B8 44 32 23 A5 B4 C2 BD 01 .....]..D2#.....
  0010: 90 54 CE 0F 23 1A 08 9D F3 E2 55 9A 4B C9 FE 3E .T..#.....U.K..>
  0020: F8 AD 45 DF 84 53 52 87 00 FA 66 2D 35 3F 48 53 ..E..SR...f-5?HS
  0030: 4A D5 77 0F FB E4 20 1B E5 4F 19 60 F9 EC 79 FF J.w... ..O.`..y.
  trigger seeding of SecureRandom
  done seeding SecureRandom
  SecureServer is listening on port 443.
  matching alias: server
  Accepted connection to ebms.uae.ebg.com (172.16.178.62) on port 3379.
  ----------1-1-1-----
  [read] MD5 and SHA1 hashes: len = 3
  0000: 01 03 01 ...
  [read] MD5 and SHA1 hashes: len = 74
  0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
  0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
  0020: 12 00 00 03 02 00 80 00 00 11 45 29 F4 B8 D5 0B ..........E)....
  0030: F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 ..R...P..I.PF.-.
  0040: 29 47 67 95 15 48 97 75 97 2C )Gg..H.u.,
  Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
  Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  Cipher suite: SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  *** CertificateRequest
  Cert Types: RSA, DSS,
  Cert Authorities:
  <CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
  <OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
  *** ServerHelloDone
  [write] MD5 and SHA1 hashes: len = 912
  0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
  0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
  0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
  0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
  0040: F4 5B 62 D2 8B A1 D6 00 04 00 0B 00 02 18 00 02 .[b.............
  0050: 15 00 02 12 30 82 02 0E 30 82 01 77 02 04 45 28 ....0...0..w..E(
  0060: B8 A9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
  0070: 00 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 .0N1.0...U....ae
  0080: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
  0090: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
  00A0: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
  00B0: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
  00C0: 37 30 1E 17 0D 30 36 31 30 30 38 30 38 33 36 35 70...06100808365
  00D0: 37 5A 17 0D 30 37 30 31 30 36 30 38 33 36 35 37 7Z..070106083657
  00E0: 5A 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 Z0N1.0...U....ae
  00F0: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
  0100: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
  0110: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
  0120: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
  0130: 37 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 70..0...*.H.....
  0140: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 86 .......0........
  0150: FA C2 EC 96 1B 02 01 27 08 D2 70 4D 3B AE D0 38 .......'..pM;..8
  0160: 15 97 E9 1D 94 D2 BE A1 2A 54 39 F8 2E AF 71 4C ........*T9...qL
  0170: FD 9A 71 BF 8A 1E 92 9F 3A 07 DA E9 5E 49 2C C6 ..q.....:...^I,.
  0180: 7D FD AA 1F C6 13 39 38 BC 16 34 04 FE E8 6B 4C ......98..4...kL
  0190: EA E9 BA 29 58 9E 6C 61 B8 1F B8 29 6F 83 5D 44 ...)X.la...)o.]D
  01A0: 7B 47 E5 BC 8E 2E D0 C1 E0 6F 73 15 E2 03 A8 49 .G.......os....I
  01B0: C9 42 39 87 0B 70 A0 80 0D 11 98 76 AE 2B B6 A3 .B9..p.....v.+..
  01C0: 5A BA 5D 3B BF C0 90 86 F6 E3 AB 9B A0 49 02 03 Z.];.........I..
  01D0: 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 ...0...*.H......
  01E0: 05 00 03 81 81 00 54 CC 61 97 1A 69 6C 1F 4B 53 ......T.a..il.KS
  01F0: 1B 7C 54 B3 65 A9 15 C6 1A C0 1B BD FC E5 15 ED ..T.e...........
  0200: 57 F7 29 E7 5E 34 3F D3 9C 40 4E D8 0B AC 79 5B W.).^[email protected][
  0210: 01 64 4E DD D2 FE 57 6A 02 1E 8F C7 00 11 77 0F .dN...Wj......w.
  0220: C8 20 06 0E DB 78 E3 45 57 9B 7D A4 95 0C 20 85 . ...x.EW..... .
  0230: B8 A4 87 D8 AE 29 69 B5 CC DC A1 B4 32 8C 6F 77 .....)i.....2.ow
  0240: F0 9A A8 12 27 C6 96 98 E9 EB AC 74 6E 39 2C D4 ....'......tn9,.
  0250: 1B 1C A1 4B 81 C8 0B B9 CD 0A 18 DC 01 74 5D 99 ...K.........t].
  0260: 4E 14 7A 2C 37 1E 0D 00 01 22 02 01 02 01 1D 00 N.z,7...."......
  0270: 6D 30 6B 31 0B 30 09 06 03 55 04 06 13 02 41 45 m0k1.0...U....AE
  0280: 31 11 30 0F 06 03 55 04 08 13 08 65 6D 69 72 61 1.0...U....emira
  0290: 74 65 73 31 0E 30 0C 06 03 55 04 07 14 05 64 75 tes1.0...U....du
  02A0: 62 61 69 31 11 30 0F 06 03 55 04 0A 14 08 65 6D bai1.0...U....em
  02B0: 69 72 61 74 65 73 31 15 30 13 06 03 55 04 0B 14 irates1.0...U...
  02C0: 0C 65 6D 69 72 61 74 65 73 62 61 6E 6B 31 0F 30 .ebg1.0
  02D0: 0D 06 03 55 04 03 14 06 69 74 6E 35 34 37 00 AC ...U....ebms..
  02E0: 30 81 A9 31 16 30 14 06 03 55 04 0A 13 0D 56 65 0..1.0...U....Ve
  02F0: 72 69 53 69 67 6E 2C 20 49 6E 63 31 47 30 45 06 riSign, Inc1G0E.
  0300: 03 55 04 0B 13 3E 77 77 77 2E 76 65 72 69 73 69 .U...>www.verisi
  0310: 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 gn.com/repositor
  0320: 79 2F 54 65 73 74 43 50 53 20 49 6E 63 6F 72 70 y/TestCPS Incorp
  0330: 2E 20 42 79 20 52 65 66 2E 20 4C 69 61 62 2E 20 . By Ref. Liab.
  0340: 4C 54 44 2E 31 46 30 44 06 03 55 04 0B 13 3D 46 LTD.1F0D..U...=F
  0350: 6F 72 20 56 65 72 69 53 69 67 6E 20 61 75 74 68 or VeriSign auth
  0360: 6F 72 69 7A 65 64 20 74 65 73 74 69 6E 67 20 6F orized testing o
  0370: 6E 6C 79 2E 20 4E 6F 20 61 73 73 75 72 61 6E 63 nly. No assuranc
  0380: 65 73 20 28 43 29 56 53 31 39 39 37 0E 00 00 00 es (C)VS1997....
  Thread-1, WRITE: TLSv1 Handshake, length = 912
  Thread-1, READ: TLSv1 Handshake, length = 141
  *** Certificate chain
  Thread-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
  Thread-1, WRITE: TLSv1 Alert, length = 2
  Thread-1, called closeSocket()
  Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
  IOException occurred when processing request.
  Thread-1, called close()
  Thread-1, called closeInternal(true)
  ==========================Client Trace==========================
  --->>>--------
  keyStore is : d:\babu\ssltest\sscerts\clientpk1
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  found key for : client
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
  Validity: [From: Mon Oct 09 09:44:01 GMT+04:00 2006,
                 To: Sun Jan 07 09:44:01 GMT+04:00 2007]
  Issuer: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
  SerialNumber: [    4529e1a1]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 20 C7 89 9C 04 64 E8 62 AD D2 64 DD 0A E4 2A A1 ....d.b..d...*.
  0010: B6 9A B5 06 DC 3E F8 AA BE B5 8A 12 B5 75 91 EC .....>.......u..
  0020: 33 77 12 27 85 15 14 15 52 B3 7F 4B 03 18 B5 E0 3w.'....R..K....
  0030: 31 E4 0C A7 0A E1 52 3E 9F D1 58 B7 F2 CC F2 DD 1.....R>..X.....
  0040: D4 61 D6 C8 12 39 60 4D C9 FB DC 01 0C 0D FC 98 .a...9`M........
  0050: C6 AD A6 56 3E 05 1B 4E 20 1B 93 77 16 67 0E D1 ...V>..N ..w.g..
  0060: E0 A1 B6 7F CA 13 53 F2 53 92 14 63 9A 82 01 AE ......S.S..c....
  0070: 83 B2 FD FC 2E 29 22 F9 E7 18 DB 6A 14 73 83 E3 .....)"....j.s..
  trustStore is: d:\babu\ssltest\sscerts\jsseserver
  trustStore type is : jks
  init truststore
  adding as trusted cert: [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  ---<<<--------
  THE HEADERS
  ---111--------
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 59
  0000: 01 00 00 37 03 01 45 29 F4 B8 D5 0B F1 F5 52 D2 ...7..E)......R.
  0010: E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 29 47 67 95 ..P..I.PF.-.)Gg.
  0020: 15 48 97 75 97 2C 00 00 10 00 04 00 05 00 0A 00 .H.u.,..........
  0030: 13 00 09 00 12 00 03 00 11 01 00 ...........
  main, WRITE: TLSv1 Handshake, length = 59
  [write] MD5 and SHA1 hashes: len = 77
  0000: 01 03 01 00 24 00 00 00 20 00 00 04 01 00 80 00 ....$... .......
  0010: 00 05 00 00 0A 07 00 C0 00 00 13 00 00 09 06 00 ................
  0020: 40 00 00 12 00 00 03 02 00 80 00 00 11 45 29 F4 @............E).
  0030: B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 .....R...P..I.PF
  0040: AA 2D A7 29 47 67 95 15 48 97 75 97 2C .-.)Gg..H.u.,
  main, WRITE: SSLv2 client hello message, length = 77
  main, READ: TLSv1 Handshake, length = 912
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
  Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
  0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
  0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
  0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
  0040: F4 5B 62 D2 8B A1 D6 00 04 00 .[b.......
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  stop on trusted cert: [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  [read] MD5 and SHA1 hashes: len = 540
  0000: 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30 82 ..........0...0.
  0010: 01 77 02 04 45 28 B8 A9 30 0D 06 09 2A 86 48 86 .w..E(..0...*.H.
  0020: F7 0D 01 01 04 05 00 30 4E 31 0B 30 09 06 03 55 .......0N1.0...U
  0030: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
  0040: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
  0050: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
  0060: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
  0070: 06 69 74 6E 35 34 37 30 1E 17 0D 30 36 31 30 30 .ebms0...06100
  0080: 38 30 38 33 36 35 37 5A 17 0D 30 37 30 31 30 36 8083657Z..070106
  0090: 30 38 33 36 35 37 5A 30 4E 31 0B 30 09 06 03 55 083657Z0N1.0...U
  00A0: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
  00B0: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
  00C0: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
  00D0: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
  00E0: 06 69 74 6E 35 34 37 30 81 9F 30 0D 06 09 2A 86 .ebms0..0...*.
  00F0: 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 H............0..
  0100: 02 81 81 00 9C 86 FA C2 EC 96 1B 02 01 27 08 D2 .............'..
  0110: 70 4D 3B AE D0 38 15 97 E9 1D 94 D2 BE A1 2A 54 pM;..8........*T
  0120: 39 F8 2E AF 71 4C FD 9A 71 BF 8A 1E 92 9F 3A 07 9...qL..q.....:.
  0130: DA E9 5E 49 2C C6 7D FD AA 1F C6 13 39 38 BC 16 ..^I,.......98..
  0140: 34 04 FE E8 6B 4C EA E9 BA 29 58 9E 6C 61 B8 1F 4...kL...)X.la..
  0150: B8 29 6F 83 5D 44 7B 47 E5 BC 8E 2E D0 C1 E0 6F .)o.]D.G.......o
  0160: 73 15 E2 03 A8 49 C9 42 39 87 0B 70 A0 80 0D 11 s....I.B9..p....
  0170: 98 76 AE 2B B6 A3 5A BA 5D 3B BF C0 90 86 F6 E3 .v.+..Z.];......
  0180: AB 9B A0 49 02 03 01 00 01 30 0D 06 09 2A 86 48 ...I.....0...*.H
  0190: 86 F7 0D 01 01 04 05 00 03 81 81 00 54 CC 61 97 ............T.a.
  01A0: 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 15 C6 1A C0 .il.KS..T.e.....
  01B0: 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 3F D3 9C 40 ......W.).^4?..@
  01C0: 4E D8 0B AC 79 5B 01 64 4E DD D2 FE 57 6A 02 1E N...y[.dN...Wj..
  01D0: 8F C7 00 11 77 0F C8 20 06 0E DB 78 E3 45 57 9B ....w.. ...x.EW.
  01E0: 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 69 B5 CC DC .... ......)i...
  01F0: A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 96 98 E9 EB ..2.ow....'.....
  0200: AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 0B B9 CD 0A .tn9,....K......
  0210: 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E ...t].N.z,7.
  *** CertificateRequest
  Cert Types: RSA, DSS,
  Cert Authorities:
  <CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
  <OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
  [read] MD5 and SHA1 hashes: len = 294
  0000: 0D 00 01 22 02 01 02 01 1D 00 6D 30 6B 31 0B 30 ..."......m0k1.0
  0010: 09 06 03 55 04 06 13 02 41 45 31 11 30 0F 06 03 ...U....AE1.0...
  0020: 55 04 08 13 08 65 6D 69 72 61 74 65 73 31 0E 30 U....emirates1.0
  0030: 0C 06 03 55 04 07 14 05 64 75 62 61 69 31 11 30 ...U....dubai1.0
  0040: 0F 06 03 55 04 0A 14 08 65 6D 69 72 61 74 65 73 ...U....emirates
  0050: 31 15 30 13 06 03 55 04 0B 14 0C 65 6D 69 72 61 1.0...U....emira
  0060: 74 65 73 62 61 6E 6B 31 0F 30 0D 06 03 55 04 03 tesbank1.0...U..
  0070: 14 06 69 74 6E 35 34 37 00 AC 30 81 A9 31 16 30 ..ebms..0..1.0
  0080: 14 06 03 55 04 0A 13 0D 56 65 72 69 53 69 67 6E ...U....VeriSign
  0090: 2C 20 49 6E 63 31 47 30 45 06 03 55 04 0B 13 3E , Inc1G0E..U...>
  00A0: 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D www.verisign.com
  00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 2F 54 65 73 74 /repository/Test
  00C0: 43 50 53 20 49 6E 63 6F 72 70 2E 20 42 79 20 52 CPS Incorp. By R
  00D0: 65 66 2E 20 4C 69 61 62 2E 20 4C 54 44 2E 31 46 ef. Liab. LTD.1F
  00E0: 30 44 06 03 55 04 0B 13 3D 46 6F 72 20 56 65 72 0D..U...=For Ver
  00F0: 69 53 69 67 6E 20 61 75 74 68 6F 72 69 7A 65 64 iSign authorized
  0100: 20 74 65 73 74 69 6E 67 20 6F 6E 6C 79 2E 20 4E testing only. N
  0110: 6F 20 61 73 73 75 72 61 6E 63 65 73 20 28 43 29 o assurances (C)
  0120: 56 53 31 39 39 37 VS1997
  *** ServerHelloDone
  [read] MD5 and SHA1 hashes: len = 4
  0000: 0E 00 00 00 ....
  *** Certificate chain
  JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  Random Secret: { 3, 1, 145, 198, 68, 101, 78, 79, 139, 241, 6, 243, 13, 208, 161, 242, 0, 185, 46, 87, 212, 79, 239, 132, 145, 14, 13, 134, 115, 250, 44, 44, 112, 33, 173, 105, 52, 186, 160, 119, 55, 202, 205, 212, 136, 92, 7, 120 }
  [write] MD5 and SHA1 hashes: len = 141
  0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 3A 83 FA .............:..
  0010: 1E B3 43 52 3B B5 B9 A5 9D 2D 30 5E 71 34 DF 45 ..CR;....-0^q4.E
  0020: 99 99 2D 9A 4A 42 54 3D 47 D8 94 22 BC F3 92 0D ..-.JBT=G.."....
  0030: 23 AA 95 B5 75 EA B2 2B 8B DD DA 91 AA 94 24 4B #...u..+......$K
  0040: 56 34 C8 3C 1D 2D 15 63 CF 03 FF 65 6C DF B9 00 V4.<.-.c...el...
  0050: C3 5E BF 72 F4 70 64 45 D8 5B 58 E2 DF D6 12 1B .^.r.pdE.[X.....
  0060: BE A3 71 E9 1C 49 BB 7E C0 4A 1F CA 1F F5 63 23 ..q..I...J....c#
  0070: 0D 40 0D C6 3B FE 03 E9 DE 2E E5 09 1F 72 D7 6B .@..;........r.k
  0080: D6 ED 5E 99 B0 A8 A0 D3 D2 73 F0 A0 8E ..^......s...
  main, WRITE: TLSv1 Handshake, length = 141
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 91 C6 44 65 4E 4F 8B F1 06 F3 0D D0 A1 F2 ....DeNO........
  0010: 00 B9 2E 57 D4 4F EF 84 91 0E 0D 86 73 FA 2C 2C ...W.O......s.,,
  0020: 70 21 AD 69 34 BA A0 77 37 CA CD D4 88 5C 07 78 p!.i4..w7....\.x
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 45 29 F4 B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E)......R...P..I
  0010: E7 50 46 AA 2D A7 29 47 67 95 15 48 97 75 97 2C .PF.-.)Gg..H.u.,
  Server Nonce:
  0000: 45 29 F4 B8 E3 1F D7 72 74 DB 3B 9F 9C E8 EA 4E E).....rt.;....N
  0010: D1 0F 86 66 2E CF 66 21 CA 92 A4 4A 63 1B 4C E5 ...f..f!...Jc.L.
  Master Secret:
  0000: 3A 36 9A CA 6F 82 0B 32 17 28 04 CD 33 B4 5D BF :6..o..2.(..3.].
  0010: 5F 87 23 71 6B 49 2D 0E 59 DE 2C EA 8E B3 43 C8 _.#qkI-.Y.,...C.
  0020: 5D 3B 3B 4C B7 B9 AB 4E EA A3 E6 CE 54 40 FB 2D ];;[email protected]
  Client MAC write Secret:
  0000: C3 72 45 7B 93 DE 55 FF 0A 8C 9E 91 43 48 6E E4 .rE...U.....CHn.
  Server MAC write Secret:
  0000: E2 05 07 CB 3F 2D 95 41 EF 69 3F 09 6D CB 81 EE ....?-.A.i?.m...
  Client write key:
  0000: EE 7E EE 7D D8 5F 46 CD 88 15 9E F6 C7 EC 05 5F ....._F........_
  Server write key:
  0000: 43 DE B1 D2 FA 54 F0 E6 CA EC E8 1E 6C AD 77 EC C....T......l.w.
  ... no IV for cipher
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  JsseJCE: Using JSSE internal implementation for cipher RC4
  *** Finished
  verify_data: { 196, 3, 24, 202, 107, 99, 158, 203, 62, 203, 204, 35 }
  [write] MD5 and SHA1 hashes: len = 16
  0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
  Plaintext before ENCRYPTION: len = 32
  0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
  0010: 22 2A 55 36 5F 75 DB D4 CF 19 6F 40 93 AF B8 3B "*U6_u....o@...;
  main, WRITE: TLSv1 Handshake, length = 32
  waiting for close_notify or alert: state 1
  Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
  main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
  main, SEND TLSv1 ALERT: fatal, description = unexpected_message
  Plaintext before ENCRYPTION: len = 18
  0000: 02 0A 3E CA 24 9F 8F 40 B8 65 A6 44 5D 7E 0B B5 ..>[email protected]]...
  0010: A9 C7 ..
  main, WRITE: TLSv1 Alert, length = 18
  Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
  main, called closeSocket()
  ---000--------

  Here are the steps I am perfoming to create the certificates. Can anyone please validate the steps...
  //Create private key
  keytool -genkey -keystore clientpk1 -keyalg rsa -alias client -storepass password -keypass password
  //Create CSR
  keytool -certreq -alias client -file client.csr -keypass password -keystore clientpk1 -storepass password
  //Received client-ca.cer and root certificate from verisign
  //Import signed certificate to client keystore
  keytool -import -keystore clientpk1 -keyalg RSA -import -trustcacerts -file client-ca.cer
  //Import signed certificate and the root certificate to keystore(server thruststore)
  keytool -import -keystore jsseclient1 -alias client -file getcacert.cer
  keytool -import -keystore jsseclient1 -alias client -file client-ca.cer
  Thanks in advance,
  Babu

• Go Daddy UCC Certificate: "ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update"

  Hello,
  I have this issue regarding certificate chains while performing Outlook Anywhere connectivity test
  by Microsoft Remote Connectivity Analyzer:
  "ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled."
  Note: even if I got the error, Outlook Anywhere and
  ActiveSync services work fine.
  Environment:
  - Exchange 2007 with SP3
  - Go Daddy Multiple Domains UCC certificate (up to 5 Subject Alternative Names)
  I already read and followed instructions on this TechNet post
  Can I safely ignore this warning about the SSL cert? Using GoDaddy UCC cert but it is a little bit different by this case.
  So after an investigation I understand the issue above is related to SSL certificate
  Certification Path (see screenshots below).
  NO ERRORS on ExRCA checking
  Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
  repository
  Go Daddy Class 2 Certification Authority is under Intermediate Certification Authorities
  repository
  Starfield Technologies (http://www.valicert.com)
  is under Trusted Root Certification Authorities repository
  ERROR on ExRCA checking
  Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
  repository
  Go Daddy Class 2 Certification Authority is under Trusted Root Certification Authorities
  repository
  Can you add some useful information ?
  I'm opening a support ticket at Go Daddy; I hope they could me some positive feedbacks.
  Regards,
  Luca Fabbri
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

  Strange I have a feeling the exrca tool can't validate the godaddy class2 root authority due some older compability and wants to use the older original root authority valicert owned godaddy. Or when the exrca tool is validating the root CA it only has the
  goaddy class2 root ca that was issued by valicert and not the standalone cert when doing the comparision. I sent the question to MS and will let you know when I hear back.
  You can get rid of it
  https://certs.godaddy.com/anonymous/repository.seam
  Download the cert
  ◦gd_cross_intermediate.crt
  Then import it into the trusted root cert authority on your CAS boxes. Then you need to delete the other godaddy class2 root authority. Make sure you see the one you imported both will be named goaddy class2 root authority but one will be issued by valicert.
  Re-run the test and it will go away, I also saw the error with my domain as well using godaddy and got rid of it by using the new cert authority.
  James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

• External HD issue. Finder cannot complete the operation because some data..

  Last night I had a drive throw the error "finder cannot complete the operation because some data in "<file>" could not be read or written. Error code-36". I thought it was a bad disk. Then tonight I plugged in a flash drive, formatted it on the machine and now I am getting the same error on that disk as well. Any thoughts???

  Yes, you can have bad blocks or other physical damage on a usb drive, the same as a firewire, or eSATA. Just because you can reformat the drive, doesn't mean the drive is okay. You reformat, yet the problem recurs. That is a sign of a bad drive. If it were an OS issue then the reformat should fix it.
  You might want to check the drives with a utility from Prosoft called DriveGenius It's the "Swiss Army Knife" of utilities, including the ability to repartition "on the fly" (A little scary for my tastes). But Prosoft is a trusted software manufacturer. Downloaded the trial (it has more bells & whistles than you can believe) But the trial will run all hardware tests without the repair feature, and give you a report.
  Also, you can download and use Applejack for repair.
  -mj

• Simple SSL test: failing with "The certificate is not trusted ..."

  WebLogic 10.3.4 on Win7.
  I created a new domain and enabled SSL,with listen ports 7001 and 7002 for http and https respectively.
  I deployed a trivial webapp whose main page runs in http, but it opens an iframe with https for a different page in the app.
  I loaded the main page, but the iframe fails to load, giving the following error:
  The certificate is not trusted because no issuer chain was provided.
  (Error code: sec_error_unknown_issuer)
  What is the easiest path to get this working?

  Hi David,
  I dont think that the Demo Certificate shall cause the issue.You can enable the SSL debug in weblogic and check what exactly is wrong,while loading the iframe window.
  Error code: sec_error_unknown_issuer
  Moreover,you can try to add the root certificate to your IE browser and check it
  Tools -> Internet options -> content ->Certificates ->
  After your import,You can verify the same by checking it from the list and then verify by accessing it again