Certificate chain validation

I got a strange behaviour.
I created a keystore with a key entry and a chain of 3 certificate:
mycert -> intermediary CA cert -> root CA cert
when I validate this chain with utils.ValidateCertChain utility it works:
> java -cp weblogic.jar utils.ValidateCertChain -jks mykey newkeystore.jks
Certificate chain appears valid
But when I exported the 3 certificates (keytool -export) in 3 .pem files, concatenating them
> cat mycert.pem intca.pem rootca.pem > chain.pem
and I retry validation
> java -cp weblogic.jar utils.ValidateCertChain -pem chain.pem
it doesnt' work:
Certificate chain is invalid
How should I concatenate the pem files ?
Edited by pacionet at 01/23/2008 7:44 AM
Edited by pacionet at 01/23/2008 7:46 AM

Similar Messages

Adobe Air Apps for OS X: Unable to build a valid certificate chain for the signer. // Code Signing on OS X 10.10 Yosemite

Hi,
I created several OS X Apps using Adobe Air. That worked quite well before. Now I have do update my OS X Apps - therefore I also needed update my certificates. [ I'm using Flash CC 2014 on OS X Yosemite 10.10 ]. But whatever I do it doesn’t work anymore. I always get this Message saying:
Unable to build a valid certificate chain for the signer.
I googled a lot and the only "guide" I found is this post (from April 2013) about code singing - http://scottgaertner.com/code_signing/
I’m not used to deal with this kind of stuff (CA etc.) - so it's quite confusing to me.
Would anybody please be so kind and tell me what I have to do?
Is there any instruction from Adobe? (I didn't find one yet)
A step by step instruction for absolute dummies would be great!
Best regards and thank you in advance
Jan

Hi Mukesh,
I installed the Flash CC 2014 update and added some Certificates from Apple to my Keychain. Now EVERYTHING works fine again!! :-)
Thank you very much for the Update! :-) Good job!
Best regards
Jan

Error message generating Adobe Air output Unable to build a valid certificate chain for the signer

error message generating Adobe Air Output: Unable to build a valid certificate chain for the signer.

Are you talking about AIR Help produced by RoboHelp or an AIR application that you are creating?
If the latter, please see the notice at http://forums.adobe.com/community/robohelp/airhelp
If you are using RoboHelp, which version?
See www.grainge.org for RoboHelp and Authoring tips
@petergrainge

Code signing cert error using Digicert - Unable to build a valid certificate chain for the signer

Steps to fix this error on code signing adobe air using .p12 cert from Digicert - Unable to build a valid certificate chain for the signer
a. Open Firefox and browse to https://www.digicert.com/digicert-root-certificates.htm
b. On the middle of the page, download -
DigiCert Assured ID Code Signing CA-1
Valid until: 10/Feb/2026
Serial #: 07:F4:73:6F:AF:EF:40:8A:1F:66:40:F2:65:D1:0A:C1
Thumbprint: B170A10819BEA936905D719E643399783E1F4567
Download
c. Install the cert in Firefox
d. Once done, export again the code signing cert from digicert, through (click Firefox -> Preferences -> View Certificates -> HIghlight the digicert code signing cert -> click Backup)
e. Done, the newly exported file should now have the valid certificate chain and that should fix the error "Unable to build a valid certificate chain for the signer"
Even though this is from Digicert, this should also work for other Certificate Authority providers assuming you download your provider's root cert for code signing.
Regards,
Reigner S. Yrastorza

Are you talking about AIR Help produced by RoboHelp or an AIR application that you are creating?
If the latter, please see the notice at http://forums.adobe.com/community/robohelp/airhelp
If you are using RoboHelp, which version?
See www.grainge.org for RoboHelp and Authoring tips
@petergrainge

Unable to build valid certificate chain

Hi,
I am trying to sign my AIR application using the Code Signing Certificate I got from Apple (iPhone Dev). I have Apple's Root Certificate and my certificate. I installed both and then exported my certificate as pkcs12 (.p12 file) using many methods like Windows Certificate Manager and Firefox. I also used Keychain Access on my Mac. However, when I try to sign, I get the following error:
Unable to build a valid certificate chain for the signer.
Some help would be great. Thanks.

Ok, I am making progress here.
I signed on to a fresh mac with an empty keychain. I imported AppleWWDRCA and then developer_identity. Now it shows that the certificate is valid. Now I deleted the certificate and I imported cert.p12 file that I had made. Now the certificate re-appeared in keychain along with a private key. I had to put a password set by me earlier when I made the p12 file.
The certificate is displayed under my private key. So it means that the p12 file has the private key and the certificate.
Now the only thing is that AIR gives me the error stating that it cannot build a certificate chain, which means there's no Root CA in the p12 file, or WWDRCA for that matter. From what I understand, these 2 certs need to be put inside the p12 file.
On second note, Apple also provides a distribution cert besides the developer cert. But when I try to export the distribution cert, it asks for a password that I don't know (not got one for that). But I still think that I need to use the developer cert. nd not the distribution cert. by Apple.
The question again boils down to putting the Apple Root CA inside the p12 in order for AIR SDK to build the chain.

Unable to build a valid certificate chain for the signer

Updating an AIR application after a few years and needed a new signing certificate which I purchased from Comodo. Imported it successfully into Keychain Access and exported it as a pfx file. When I identified this certificate to Flash Builder it went all the way through the build process and then came up with the error "Unable to build a valid certificate chain for the signer".
I can see there was a discussion on this matter in October 2011 but this did not seem to answer my question as that guy was trying to use an Apple Dev Centre key rather than paying for one like I did.
TIA
David

In Keychain Access, command-click your Class 2/3 certificate, the CA's intermediate certificate, and the CA's root certificate before hitting export.
Short guide: Code Signing Certificates for Adobe Air in OS X

Certificate validation against multiple certificate chain

Hello everyone,
I would like to have your opinion on a specific use case of the java.security.cert API.
I've a set of trusted certificate chains provided in a trusted way by a CA. An example of a chain would be: R->I1->I2, R being a root certificate and I1/I2 being intermediates CAs.
I receive messages from some untrusted sources. These message are signed using some end-user certificate, let's call it U. The certificate U is only transmitted along the message (ie. it's not available from a trusted source).
Verifying the validity of the signed message is therefore a two step process:
- Check that the signature made by U is valid.
- Check that a valid certificate path could be build from U (querying a CRL if needed) back to a trusted anchor, such as R->I1->I2->U.
Now, my question is, how to efficiently achieve the latter one with the java.security.cert API?
The most straightforward way i've found so far to validate a certificate against a set of certificate chain is to use the CertPathBuilder interface:
1) I build a CertStore (of type "Collection") with all my trusted certificate chain in it.
2) I add the received U certificate to the store.
3) I try to build a certificate path specifying "U" as the target certificate in the search constraints (X509CertSelector).
If the algorithm find a valid path, it returns it, and U could possibly be kept in the store for future use.
If no valid path could be deduced, U is removed from the store, and a corresponding error is returned.
This sounds like a good way of doing ?
All suggestions are most welcome,
Thanks,
M. H.

Ok, I think I've found my solution.
Actually, if you specify a target certificate using the X509CertSelector.setCertificate methode, the said certificate don't have to be in a CertStore in order to perform the validation:
// the 'store' variable contains only the trusted certificate chains.
CertStore store = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certCol));
CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setCertificate(userCertificate);
PKIXBuilderParameters params = new PKIXBuilderParameters(anchors, targetConstraints);
params.addCertStore(store);
/* params.setRevocationEnabled(false); */ // If needed.
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) cpb.build(params);
CertPath path = result.getCertPath();This is it, on validation, the "path" variable will contains the complete certificate chain including the tested certificate.
I've still a problem with OCSP validations though, but i'll create a new topic for that...
Thank you for your time, ejp,
++
Edited by: marc_h on May 14, 2010 5:54 AM

Error creating AIR file: Unable to build a valid certificate chain for the signer.

Hi, My boss got a certificate from Thawte, and I'm getting this error message when building my AIR app.
Error creating AIR file: Unable to build a valid certificate chain for the signer.
I'm on windows XP.
thanks,
steve

To manage your code signing certificate, please see
http://www.adobe.com/devnet/air/articles/signing_air_applications_print.html
The error you are seeing is typically caused by exporting a cert without the trust chain. On Windows, in IE, you can manage your keystore by going to
Internet Options > Content > Certificates
When you export the certificate needed for signing your app, be sure to check “Include all certificates in the certificate path, if possible”.

How do I control the certificate chain construction performed by Acrobat Reader during digital signature validation?

I work in the federal government where there are many certificate authorities and cross certified certificate authorities. Acrobat Reader is building hundreds of certificate chains in attempting to find a trusted root for the signers certificate. It is taking 4 minutes to validate the signature!
The image is the 15th screen shot showing three chains per screen shot. The window elevator has barely moved!

I am now using Adobe Acrobat Reader 11. Signature validation is much better! Perhaps 10 seconds. The only issue I see that the detail pages have misleading messages. The Signature Properties window has no complaints about the signature but the Show Signer's Certificate page still complains about not valid trust anchor.

TMG - 0x80090325 -Certificate Chain was issued by an authority that is not trusted

Hello,
I am having some problems with testing a OWA (SSL) rule. I get that message.
The TMG belongs to the domain and therefore as far as I know it gets the root certificate of my CA (I have deployed a Enterprise CA for my domain).
That is why I don't understand the message: "...that is not trusted."
The exact message:
Testing https://mail.mydomain.eu/owa
Category: Destination server certificate error
Error details: 0x80090325 - The certificate chain was issued by an authority that is not trusted
Thanks in advance!
Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

Thanks Keith for your reply and apologies for the delay in my answer.
I coud not wait and I reinstalled the whole machine (W28k R2 + TMG 2010) . I suppose I am still a bad troubleshooter, I have experience setting up ISA, TMG, PKI, Active directory but to a certain extent.
1. Yes, I saw it when hitting the button "Test Rule" in the Publising rule in the TMG machine.
2. No, it did not work in this implementation but it has worked in others, this is not difficult to set up, until now, hehe.
3. You said: "...If you are seeing it when running "Test Rule" then it simply means that TMG does not trust something about the certificate that is on your Exchange Server...."
But the certificates are auto-enrolled, and when I saw the details of the certificates they all are "valid" , there is a "valid" message.
4. You wrote: "...Easiest way see everything is create an access rule that allows traffic from the LocalHost of TMG to the CAS and open up a web browser. Does the web browser complain?..."
But as I said, I re-installed the whole thing because nobody jumped in here , and I needed to move forward, I hope you understand.
5. S Guna kindly proposed this:
If you are using internal CA,
You need to import the Root CA certificate to TMG servers.
Import Private Key of the certificate to Server personal
Create a Exchange publishing Rule and Point the lisitner to the Correct certificate.
Since you are using internal CA, You need to import the Root CA certificate to all the client browers from where you are accessing OWA
But I think I do not have to perform any of those tasks, although I am not an expert but have worked with Certificate for one year or so.
Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

Error code 265: The certificate chain was issued by an authority that is not trusted.

We are in the process of trying to set up a wireless network that uses NPS servers to authenticate domain users with computers that are not on our domain (BYOD).
We are using a valid, wildcard SSL (with intermediate certificates) to authenticate via PEAP. The certificate was issued by Godaddy.
When trying to connect, we are getting the authentication request.
The result of a connection attempt is no connection with an event log error code of - “265: The certificate chain was issued by an authority that is not trusted.”
We have tried ensuring that the certificates are in the correct containers on the respective NPS servers: “Certificates\Personal\Certificates” With the intermediate certificates located: “Certificates/Intermediate Certification Authorities”
All these attempts have proven fruitless. Any assistance or direction would be very much appreciated.

Hi,
Do you import the intermediate certificate in the right account? It should be imported in the Computer Account.
Have you imported the intermediate certificate in your client? Client need it to validate the certificate of your NPS server.
Here is a similar thread in which Greg has explained this issue in detail.
http://social.technet.microsoft.com/Forums/en-US/b770fcf6-d1e9-4aac-9005-62cb5ff6d485/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted?forum=winserverNAP
Hope this helps.
Steven Lee
TechNet Community Support

HTTPS Client not sending the certificate chain

Hi,
I have HTTPS java programme with client authendication.
When the server request for the certificate from the client, the client is not sending the certificate chain, the server says Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
In the client I an setting the keystore properties properly
Below is the ssl trace from the server and the client.
The trace clearly says that the client has loded its certificate from the key store.
One thing I noticed is the validity period of the client certificate is different in client and the server.
I am not sure why it is different. I followed the steps properly to create the certificate.
Can anyone help me to resolve this
==========================Server Trace==========================
SecureServer version 1.0
found key for : server
chain [0] = [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
               To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [    4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
trustStore is: d:\babu\ssltest\sscerts\jsseclient1
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V1
Subject: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@166
Validity: [From: Sun Jun 07 04:00:00 GMT+04:00 1998,
               To: Tue Jun 07 03:59:59 GMT+04:00 2011]
Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
SerialNumber: [    32f057e7 153096f5 1fb86e5b 5a49104b]
Algorithm: [SHA1withRSA]
Signature:
0000: A6 96 37 75 1C FD 95 95 40 E0 C9 53 25 8D E7 12 [email protected]%...
0010: AC 44 51 10 AC F2 BA 98 4D 72 EF 0B 75 2D 51 19 .DQ.....Mr..u-Q.
0020: 11 C9 47 E2 2F 96 67 61 0F 36 1D CA E7 C7 23 48 ..G./.ga.6....#H
0030: 46 97 63 C4 32 AE FF 7B 5A 65 64 50 CA 67 F7 14 F.c.2...ZedP.g..
adding as trusted cert: [
Version: V3
Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
Validity: [From: Mon Oct 09 04:00:00 GMT+04:00 2006,
               To: Tue Oct 24 03:59:59 GMT+04:00 2006]
Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
SerialNumber: [    5f2e369d 92ccf119 5d9a0371 c2f19ba4]
Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
[2]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
0030: 76 65 72 2E 63 72 6C ver.crl
[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 56 30 15 16 0E 56 65   72 69 53 69 67 6E 2C 20 0V0...VeriSign,
0010: 49 6E 63 2E 30 03 02 01   01 1A 3D 56 65 72 69 53 Inc.0.....=VeriS
0020: 69 67 6E 27 73 20 43 50   53 20 69 6E 63 6F 72 70 ign's CPS incorp
0030: 2E 20 62 79 20 72 65 66   65 72 65 6E 63 65 20 6C . by reference l
0040: 69 61 62 2E 20 6C 74 64   2E 20 28 63 29 39 37 20 iab. ltd. (c)97
0050: 56 65 72 69 53 69 67 6E                            VeriSign
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 risign.com/CPS
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 9D FC BF B3 A3 5D 94 B8 44 32 23 A5 B4 C2 BD 01 .....]..D2#.....
0010: 90 54 CE 0F 23 1A 08 9D F3 E2 55 9A 4B C9 FE 3E .T..#.....U.K..>
0020: F8 AD 45 DF 84 53 52 87 00 FA 66 2D 35 3F 48 53 ..E..SR...f-5?HS
0030: 4A D5 77 0F FB E4 20 1B E5 4F 19 60 F9 EC 79 FF J.w... ..O.`..y.
trigger seeding of SecureRandom
done seeding SecureRandom
SecureServer is listening on port 443.
matching alias: server
Accepted connection to ebms.uae.ebg.com (172.16.178.62) on port 3379.
----------1-1-1-----
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 74
0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
0020: 12 00 00 03 02 00 80 00 00 11 45 29 F4 B8 D5 0B ..........E)....
0030: F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 ..R...P..I.PF.-.
0040: 29 47 67 95 15 48 97 75 97 2C )Gg..H.u.,
Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
*** ClientHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
               To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [    4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
<OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 912
0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
0040: F4 5B 62 D2 8B A1 D6 00 04 00 0B 00 02 18 00 02 .[b.............
0050: 15 00 02 12 30 82 02 0E 30 82 01 77 02 04 45 28 ....0...0..w..E(
0060: B8 A9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
0070: 00 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 .0N1.0...U....ae
0080: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
0090: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
00A0: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
00B0: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
00C0: 37 30 1E 17 0D 30 36 31 30 30 38 30 38 33 36 35 70...06100808365
00D0: 37 5A 17 0D 30 37 30 31 30 36 30 38 33 36 35 37 7Z..070106083657
00E0: 5A 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 Z0N1.0...U....ae
00F0: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
0100: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
0110: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
0120: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
0130: 37 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 70..0...*.H.....
0140: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 86 .......0........
0150: FA C2 EC 96 1B 02 01 27 08 D2 70 4D 3B AE D0 38 .......'..pM;..8
0160: 15 97 E9 1D 94 D2 BE A1 2A 54 39 F8 2E AF 71 4C ........*T9...qL
0170: FD 9A 71 BF 8A 1E 92 9F 3A 07 DA E9 5E 49 2C C6 ..q.....:...^I,.
0180: 7D FD AA 1F C6 13 39 38 BC 16 34 04 FE E8 6B 4C ......98..4...kL
0190: EA E9 BA 29 58 9E 6C 61 B8 1F B8 29 6F 83 5D 44 ...)X.la...)o.]D
01A0: 7B 47 E5 BC 8E 2E D0 C1 E0 6F 73 15 E2 03 A8 49 .G.......os....I
01B0: C9 42 39 87 0B 70 A0 80 0D 11 98 76 AE 2B B6 A3 .B9..p.....v.+..
01C0: 5A BA 5D 3B BF C0 90 86 F6 E3 AB 9B A0 49 02 03 Z.];.........I..
01D0: 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 ...0...*.H......
01E0: 05 00 03 81 81 00 54 CC 61 97 1A 69 6C 1F 4B 53 ......T.a..il.KS
01F0: 1B 7C 54 B3 65 A9 15 C6 1A C0 1B BD FC E5 15 ED ..T.e...........
0200: 57 F7 29 E7 5E 34 3F D3 9C 40 4E D8 0B AC 79 5B W.).^[email protected][
0210: 01 64 4E DD D2 FE 57 6A 02 1E 8F C7 00 11 77 0F .dN...Wj......w.
0220: C8 20 06 0E DB 78 E3 45 57 9B 7D A4 95 0C 20 85 . ...x.EW..... .
0230: B8 A4 87 D8 AE 29 69 B5 CC DC A1 B4 32 8C 6F 77 .....)i.....2.ow
0240: F0 9A A8 12 27 C6 96 98 E9 EB AC 74 6E 39 2C D4 ....'......tn9,.
0250: 1B 1C A1 4B 81 C8 0B B9 CD 0A 18 DC 01 74 5D 99 ...K.........t].
0260: 4E 14 7A 2C 37 1E 0D 00 01 22 02 01 02 01 1D 00 N.z,7...."......
0270: 6D 30 6B 31 0B 30 09 06 03 55 04 06 13 02 41 45 m0k1.0...U....AE
0280: 31 11 30 0F 06 03 55 04 08 13 08 65 6D 69 72 61 1.0...U....emira
0290: 74 65 73 31 0E 30 0C 06 03 55 04 07 14 05 64 75 tes1.0...U....du
02A0: 62 61 69 31 11 30 0F 06 03 55 04 0A 14 08 65 6D bai1.0...U....em
02B0: 69 72 61 74 65 73 31 15 30 13 06 03 55 04 0B 14 irates1.0...U...
02C0: 0C 65 6D 69 72 61 74 65 73 62 61 6E 6B 31 0F 30 .ebg1.0
02D0: 0D 06 03 55 04 03 14 06 69 74 6E 35 34 37 00 AC ...U....ebms..
02E0: 30 81 A9 31 16 30 14 06 03 55 04 0A 13 0D 56 65 0..1.0...U....Ve
02F0: 72 69 53 69 67 6E 2C 20 49 6E 63 31 47 30 45 06 riSign, Inc1G0E.
0300: 03 55 04 0B 13 3E 77 77 77 2E 76 65 72 69 73 69 .U...>www.verisi
0310: 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 gn.com/repositor
0320: 79 2F 54 65 73 74 43 50 53 20 49 6E 63 6F 72 70 y/TestCPS Incorp
0330: 2E 20 42 79 20 52 65 66 2E 20 4C 69 61 62 2E 20 . By Ref. Liab.
0340: 4C 54 44 2E 31 46 30 44 06 03 55 04 0B 13 3D 46 LTD.1F0D..U...=F
0350: 6F 72 20 56 65 72 69 53 69 67 6E 20 61 75 74 68 or VeriSign auth
0360: 6F 72 69 7A 65 64 20 74 65 73 74 69 6E 67 20 6F orized testing o
0370: 6E 6C 79 2E 20 4E 6F 20 61 73 73 75 72 61 6E 63 nly. No assuranc
0380: 65 73 20 28 43 29 56 53 31 39 39 37 0E 00 00 00 es (C)VS1997....
Thread-1, WRITE: TLSv1 Handshake, length = 912
Thread-1, READ: TLSv1 Handshake, length = 141
*** Certificate chain
Thread-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
Thread-1, WRITE: TLSv1 Alert, length = 2
Thread-1, called closeSocket()
Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
IOException occurred when processing request.
Thread-1, called close()
Thread-1, called closeInternal(true)
==========================Client Trace==========================
--->>>--------
keyStore is : d:\babu\ssltest\sscerts\clientpk1
keyStore type is : jks
init keystore
init keymanager of type SunX509
found key for : client
chain [0] = [
Version: V1
Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
Validity: [From: Mon Oct 09 09:44:01 GMT+04:00 2006,
               To: Sun Jan 07 09:44:01 GMT+04:00 2007]
Issuer: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
SerialNumber: [    4529e1a1]
Algorithm: [MD5withRSA]
Signature:
0000: 20 C7 89 9C 04 64 E8 62 AD D2 64 DD 0A E4 2A A1 ....d.b..d...*.
0010: B6 9A B5 06 DC 3E F8 AA BE B5 8A 12 B5 75 91 EC .....>.......u..
0020: 33 77 12 27 85 15 14 15 52 B3 7F 4B 03 18 B5 E0 3w.'....R..K....
0030: 31 E4 0C A7 0A E1 52 3E 9F D1 58 B7 F2 CC F2 DD 1.....R>..X.....
0040: D4 61 D6 C8 12 39 60 4D C9 FB DC 01 0C 0D FC 98 .a...9`M........
0050: C6 AD A6 56 3E 05 1B 4E 20 1B 93 77 16 67 0E D1 ...V>..N ..w.g..
0060: E0 A1 B6 7F CA 13 53 F2 53 92 14 63 9A 82 01 AE ......S.S..c....
0070: 83 B2 FD FC 2E 29 22 F9 E7 18 DB 6A 14 73 83 E3 .....)"....j.s..
trustStore is: d:\babu\ssltest\sscerts\jsseserver
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
               To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [    4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
init context
trigger seeding of SecureRandom
done seeding SecureRandom
---<<<--------
THE HEADERS
---111--------
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 45 29 F4 B8 D5 0B F1 F5 52 D2 ...7..E)......R.
0010: E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 29 47 67 95 ..P..I.PF.-.)Gg.
0020: 15 48 97 75 97 2C 00 00 10 00 04 00 05 00 0A 00 .H.u.,..........
0030: 13 00 09 00 12 00 03 00 11 01 00 ...........
main, WRITE: TLSv1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 04 01 00 80 00 ....$... .......
0010: 00 05 00 00 0A 07 00 C0 00 00 13 00 00 09 06 00 ................
0020: 40 00 00 12 00 00 03 02 00 80 00 00 11 45 29 F4 @............E).
0030: B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 .....R...P..I.PF
0040: AA 2D A7 29 47 67 95 15 48 97 75 97 2C .-.)Gg..H.u.,
main, WRITE: SSLv2 client hello message, length = 77
main, READ: TLSv1 Handshake, length = 912
*** ServerHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
0040: F4 5B 62 D2 8B A1 D6 00 04 00 .[b.......
*** Certificate chain
chain [0] = [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
               To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [    4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
stop on trusted cert: [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
               To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [    4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
[read] MD5 and SHA1 hashes: len = 540
0000: 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30 82 ..........0...0.
0010: 01 77 02 04 45 28 B8 A9 30 0D 06 09 2A 86 48 86 .w..E(..0...*.H.
0020: F7 0D 01 01 04 05 00 30 4E 31 0B 30 09 06 03 55 .......0N1.0...U
0030: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
0040: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
0050: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
0060: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
0070: 06 69 74 6E 35 34 37 30 1E 17 0D 30 36 31 30 30 .ebms0...06100
0080: 38 30 38 33 36 35 37 5A 17 0D 30 37 30 31 30 36 8083657Z..070106
0090: 30 38 33 36 35 37 5A 30 4E 31 0B 30 09 06 03 55 083657Z0N1.0...U
00A0: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
00B0: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
00C0: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
00D0: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
00E0: 06 69 74 6E 35 34 37 30 81 9F 30 0D 06 09 2A 86 .ebms0..0...*.
00F0: 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 H............0..
0100: 02 81 81 00 9C 86 FA C2 EC 96 1B 02 01 27 08 D2 .............'..
0110: 70 4D 3B AE D0 38 15 97 E9 1D 94 D2 BE A1 2A 54 pM;..8........*T
0120: 39 F8 2E AF 71 4C FD 9A 71 BF 8A 1E 92 9F 3A 07 9...qL..q.....:.
0130: DA E9 5E 49 2C C6 7D FD AA 1F C6 13 39 38 BC 16 ..^I,.......98..
0140: 34 04 FE E8 6B 4C EA E9 BA 29 58 9E 6C 61 B8 1F 4...kL...)X.la..
0150: B8 29 6F 83 5D 44 7B 47 E5 BC 8E 2E D0 C1 E0 6F .)o.]D.G.......o
0160: 73 15 E2 03 A8 49 C9 42 39 87 0B 70 A0 80 0D 11 s....I.B9..p....
0170: 98 76 AE 2B B6 A3 5A BA 5D 3B BF C0 90 86 F6 E3 .v.+..Z.];......
0180: AB 9B A0 49 02 03 01 00 01 30 0D 06 09 2A 86 48 ...I.....0...*.H
0190: 86 F7 0D 01 01 04 05 00 03 81 81 00 54 CC 61 97 ............T.a.
01A0: 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 15 C6 1A C0 .il.KS..T.e.....
01B0: 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 3F D3 9C 40 ......W.).^4?..@
01C0: 4E D8 0B AC 79 5B 01 64 4E DD D2 FE 57 6A 02 1E N...y[.dN...Wj..
01D0: 8F C7 00 11 77 0F C8 20 06 0E DB 78 E3 45 57 9B ....w.. ...x.EW.
01E0: 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 69 B5 CC DC .... ......)i...
01F0: A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 96 98 E9 EB ..2.ow....'.....
0200: AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 0B B9 CD 0A .tn9,....K......
0210: 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E ...t].N.z,7.
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
<OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
[read] MD5 and SHA1 hashes: len = 294
0000: 0D 00 01 22 02 01 02 01 1D 00 6D 30 6B 31 0B 30 ..."......m0k1.0
0010: 09 06 03 55 04 06 13 02 41 45 31 11 30 0F 06 03 ...U....AE1.0...
0020: 55 04 08 13 08 65 6D 69 72 61 74 65 73 31 0E 30 U....emirates1.0
0030: 0C 06 03 55 04 07 14 05 64 75 62 61 69 31 11 30 ...U....dubai1.0
0040: 0F 06 03 55 04 0A 14 08 65 6D 69 72 61 74 65 73 ...U....emirates
0050: 31 15 30 13 06 03 55 04 0B 14 0C 65 6D 69 72 61 1.0...U....emira
0060: 74 65 73 62 61 6E 6B 31 0F 30 0D 06 03 55 04 03 tesbank1.0...U..
0070: 14 06 69 74 6E 35 34 37 00 AC 30 81 A9 31 16 30 ..ebms..0..1.0
0080: 14 06 03 55 04 0A 13 0D 56 65 72 69 53 69 67 6E ...U....VeriSign
0090: 2C 20 49 6E 63 31 47 30 45 06 03 55 04 0B 13 3E , Inc1G0E..U...>
00A0: 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D www.verisign.com
00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 2F 54 65 73 74 /repository/Test
00C0: 43 50 53 20 49 6E 63 6F 72 70 2E 20 42 79 20 52 CPS Incorp. By R
00D0: 65 66 2E 20 4C 69 61 62 2E 20 4C 54 44 2E 31 46 ef. Liab. LTD.1F
00E0: 30 44 06 03 55 04 0B 13 3D 46 6F 72 20 56 65 72 0D..U...=For Ver
00F0: 69 53 69 67 6E 20 61 75 74 68 6F 72 69 7A 65 64 iSign authorized
0100: 20 74 65 73 74 69 6E 67 20 6F 6E 6C 79 2E 20 4E testing only. N
0110: 6F 20 61 73 73 75 72 61 6E 63 65 73 20 28 43 29 o assurances (C)
0120: 56 53 31 39 39 37 VS1997
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 145, 198, 68, 101, 78, 79, 139, 241, 6, 243, 13, 208, 161, 242, 0, 185, 46, 87, 212, 79, 239, 132, 145, 14, 13, 134, 115, 250, 44, 44, 112, 33, 173, 105, 52, 186, 160, 119, 55, 202, 205, 212, 136, 92, 7, 120 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 3A 83 FA .............:..
0010: 1E B3 43 52 3B B5 B9 A5 9D 2D 30 5E 71 34 DF 45 ..CR;....-0^q4.E
0020: 99 99 2D 9A 4A 42 54 3D 47 D8 94 22 BC F3 92 0D ..-.JBT=G.."....
0030: 23 AA 95 B5 75 EA B2 2B 8B DD DA 91 AA 94 24 4B #...u..+......$K
0040: 56 34 C8 3C 1D 2D 15 63 CF 03 FF 65 6C DF B9 00 V4.<.-.c...el...
0050: C3 5E BF 72 F4 70 64 45 D8 5B 58 E2 DF D6 12 1B .^.r.pdE.[X.....
0060: BE A3 71 E9 1C 49 BB 7E C0 4A 1F CA 1F F5 63 23 ..q..I...J....c#
0070: 0D 40 0D C6 3B FE 03 E9 DE 2E E5 09 1F 72 D7 6B .@..;........r.k
0080: D6 ED 5E 99 B0 A8 A0 D3 D2 73 F0 A0 8E ..^......s...
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 91 C6 44 65 4E 4F 8B F1 06 F3 0D D0 A1 F2 ....DeNO........
0010: 00 B9 2E 57 D4 4F EF 84 91 0E 0D 86 73 FA 2C 2C ...W.O......s.,,
0020: 70 21 AD 69 34 BA A0 77 37 CA CD D4 88 5C 07 78 p!.i4..w7....\.x
CONNECTION KEYGEN:
Client Nonce:
0000: 45 29 F4 B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E)......R...P..I
0010: E7 50 46 AA 2D A7 29 47 67 95 15 48 97 75 97 2C .PF.-.)Gg..H.u.,
Server Nonce:
0000: 45 29 F4 B8 E3 1F D7 72 74 DB 3B 9F 9C E8 EA 4E E).....rt.;....N
0010: D1 0F 86 66 2E CF 66 21 CA 92 A4 4A 63 1B 4C E5 ...f..f!...Jc.L.
Master Secret:
0000: 3A 36 9A CA 6F 82 0B 32 17 28 04 CD 33 B4 5D BF :6..o..2.(..3.].
0010: 5F 87 23 71 6B 49 2D 0E 59 DE 2C EA 8E B3 43 C8 _.#qkI-.Y.,...C.
0020: 5D 3B 3B 4C B7 B9 AB 4E EA A3 E6 CE 54 40 FB 2D ];;[email protected]
Client MAC write Secret:
0000: C3 72 45 7B 93 DE 55 FF 0A 8C 9E 91 43 48 6E E4 .rE...U.....CHn.
Server MAC write Secret:
0000: E2 05 07 CB 3F 2D 95 41 EF 69 3F 09 6D CB 81 EE ....?-.A.i?.m...
Client write key:
0000: EE 7E EE 7D D8 5F 46 CD 88 15 9E F6 C7 EC 05 5F ....._F........_
Server write key:
0000: 43 DE B1 D2 FA 54 F0 E6 CA EC E8 1E 6C AD 77 EC C....T......l.w.
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data: { 196, 3, 24, 202, 107, 99, 158, 203, 62, 203, 204, 35 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
0010: 22 2A 55 36 5F 75 DB D4 CF 19 6F 40 93 AF B8 3B "*U6_u....o@...;
main, WRITE: TLSv1 Handshake, length = 32
waiting for close_notify or alert: state 1
Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
Plaintext before ENCRYPTION: len = 18
0000: 02 0A 3E CA 24 9F 8F 40 B8 65 A6 44 5D 7E 0B B5 ..>[email protected]]...
0010: A9 C7 ..
main, WRITE: TLSv1 Alert, length = 18
Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
---000--------

Here are the steps I am perfoming to create the certificates. Can anyone please validate the steps...
//Create private key
keytool -genkey -keystore clientpk1 -keyalg rsa -alias client -storepass password -keypass password
//Create CSR
keytool -certreq -alias client -file client.csr -keypass password -keystore clientpk1 -storepass password
//Received client-ca.cer and root certificate from verisign
//Import signed certificate to client keystore
keytool -import -keystore clientpk1 -keyalg RSA -import -trustcacerts -file client-ca.cer
//Import signed certificate and the root certificate to keystore(server thruststore)
keytool -import -keystore jsseclient1 -alias client -file getcacert.cer
keytool -import -keystore jsseclient1 -alias client -file client-ca.cer
Thanks in advance,
Babu

Ssl empty certificate chain? (correct message format)

I am having Problems with client certificate/setup.
I have a client behind proxy that connect to Web Services.
I have only a client certificate that I import (use keytool) in my keystore.
I have this setting in my program:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", keystorePass);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePass);
[proxy setting is ok]
But when I invoke a service I have a empty certificate chain.
I use jdk1.3.1_08 and jsse-1_0_3_03
Please Help me. I have read hundred pages.
Many thanks in advance for any help.
My client log:
adding as trusted cert: [
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@10c424
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
               To: Sat Jan 01 00:59:59 CET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [    02a60000 01]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@238bd2
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
               To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [    01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
adding as trusted cert: [
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@198891
Validity: [From: Wed Nov 09 01:00:00 CET 1994,
               To: Fri Jan 08 00:59:59 CET 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [    02ad667e 4e45fe5e 576f3c98 195eddc0 ]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
trigger seeding of SecureRandom
done seeding SecureRandom
Providers com.sun.net.ssl.internal.www.protocol
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1127228533 bytes = { 44, 211, 84, 116, 141, 40, 133, 180, 48, 96, 213, 147, 123, 141, 244, 71, 107, 242, 94, 105, 247, 101, 92, 8, 78, 176, 226, 133 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 30 24 75 2C D3 54 74 8D 28 ...7..C0$u,.Tt.(
0010: 85 B4 30 60 D5 93 7B 8D F4 47 6B F2 5E 69 F7 65 ..0`.....Gk.^i.e
0020: 5C 08 4E B0 E2 85 00 00 10 00 05 00 04 00 09 00 \.N.............
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 30 24 .............C0$
0030: 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 7B 8D F4 u,.Tt.(..0`.....
0040: 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 Gk.^i.e\.N...
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 944
*** ServerHello, v3.1
RandomCookie: GMT: 1127228167 bytes = { 57, 3, 100, 77, 244, 140, 105, 242, 70, 226, 115, 205, 144, 85, 197, 193, 174, 24, 87, 199, 88, 124, 184, 79, 20, 170, 150, 186 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suite: { 0, 4 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 43 30 23 07 39 03 64 4D F4 8C ...F..C0#.9.dM..
0010: 69 F2 46 E2 73 CD 90 55 C5 C1 AE 18 57 C7 58 7C i.F.s..U....W.X.
0020: B8 4F 14 AA 96 BA 20 26 02 00 00 87 7D 0D FE D1 .O.... &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 04 00 .v..7.....
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
               To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [    01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
updated/found trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
               To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [    01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
[read] MD5 and SHA1 hashes: len = 866
0000: 0B 00 03 5E 00 03 5B 00 03 58 30 82 03 54 30 82 ...^..[..X0..T0.
0010: 02 FE A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 04 05 00 30 81 85 31 0B 30 09 H........0..1.0.
0030: 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 03 55 ..U....IT1.0...U
0040: 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D 06 03 ....Teramo1.0...
0050: 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 0C 06 U....Teramo1.0..
0060: 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 0A 06 .U....IZSAM1.0..
0070: 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 03 55 .U....CED1.0...U
0080: 04 03 13 0E 64 6E 73 2E 74 65 78 2E 69 7A 73 2E ....dns.tex.izs.
0090: 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D 01 09 it1.0...*.H.....
00A0: 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 [email protected]
00B0: 74 30 1E 17 0D 30 35 30 34 30 35 31 34 30 35 34 t0...05040514054
00C0: 31 5A 17 0D 30 36 30 34 30 35 31 34 30 35 34 31 1Z..060405140541
00D0: 5A 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 Z0..1.0...U....I
00E0: 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 T1.0...U....Tera
00F0: 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 mo1.0...U....Ter
0100: 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A amo1.0...U....IZ
0110: 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 SAM1.0...U....CE
0120: 44 31 17 30 15 06 03 55 04 03 13 0E 62 64 72 74 D1.0...U....bdrt
0130: 65 73 74 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 est.izs.it1.0...
0140: 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 *.H........d.zip
0150: 70 6F 40 69 7A 73 2E 69 74 30 81 9F 30 0D 06 09 [email protected]...
0160: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0
0170: 81 89 02 81 81 00 F6 E3 70 EC 18 8B B7 1D D6 11 ........p.......
0180: 11 59 3E 43 09 2D AE F1 06 A3 0C 21 F7 00 09 C2 .Y>C.-.....!....
0190: 07 52 0B 29 35 CF 65 38 2C 6C 0A 61 06 50 B9 20 .R.)5.e8,l.a.P.
01A0: 8C 5F A0 B9 B7 E2 8B 2B 10 89 B9 7F 40 0F 49 A1 [email protected].
01B0: D8 9E A2 C8 BE 4E 63 20 F2 49 35 25 F1 5D 64 00 .....Nc .I5%.]d.
01C0: ED 02 FD D7 96 51 73 C7 E9 DA 61 AA 88 FB 5D 0A .....Qs...a...].
01D0: 41 56 EC 36 4F 85 B2 A1 8F E6 DE DC E2 2D B2 DF AV.6O........-..
01E0: AA 3D 99 51 23 14 19 02 8A 2C D4 F0 4C 83 39 1C .=.Q#....,..L.9.
01F0: 1B E5 8F 65 06 05 02 03 01 00 01 A3 82 01 11 30 ...e...........0
0200: 82 01 0D 30 09 06 03 55 1D 13 04 02 30 00 30 2C ...0...U....0.0,
0210: 06 09 60 86 48 01 86 F8 42 01 0D 04 1F 16 1D 4F ..`.H...B......O
0220: 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 74 65 64 penSSL Generated
0230: 20 43 65 72 74 69 66 69 63 61 74 65 30 1D 06 03 Certificate0...
0240: 55 1D 0E 04 16 04 14 4D 11 53 D1 7A 92 69 3B 36 U......M.S.z.i;6
0250: F7 D6 BA 53 6A 81 4A D5 38 98 59 30 81 B2 06 03 ...Sj.J.8.Y0....
0260: 55 1D 23 04 81 AA 30 81 A7 80 14 2D F5 B5 55 88 U.#...0....-..U.
0270: 86 E9 14 60 F1 E6 1C AD E2 71 79 29 A0 F1 8F A1 ...`.....qy)....
0280: 81 8B A4 81 88 30 81 85 31 0B 30 09 06 03 55 04 .....0..1.0...U.
0290: 06 13 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 ...IT1.0...U....
02A0: 54 65 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 Teramo1.0...U...
02B0: 06 54 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A .Teramo1.0...U..
02C0: 13 05 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B ..IZSAM1.0...U..
02D0: 13 03 43 45 44 31 17 30 15 06 03 55 04 03 13 0E ..CED1.0...U....
02E0: 64 6E 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D dns.tex.izs.it1.
02F0: 30 1B 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 0...*.H........d
0300: 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 74 82 01 00 [email protected]...
0310: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 0...*.H.........
0320: 41 00 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 A.s...o..D.<...D
0330: 4A C4 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 J..q_f.........r
0340: C6 FD B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 ...<..8r.....^[.
0350: 09 4E CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 .N..).z..u.#<...
0360: 35 E0 5.
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 60, 231, 207, 10, 49, 242, 250, 171, 53, 8, 41, 187, 100, 227, 91, 207, 240, 75, 233, 38, 44, 239, 48, 98, 118, 122, 4, 85, 50, 152, 59, 82, 172, 186, 169, 235, 87, 214, 155, 243, 41, 52, 92, 5, 252, 141 }
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 86 7D 83 84 8C 38 3A 3A C3 37 ...........8::.7
0010: D1 4E 69 55 77 6D 14 C8 04 F4 AB 62 3D 71 32 6F .NiUwm.....b=q2o
0020: A4 0D 16 F6 99 0C FD FD 39 08 C3 B2 B8 BF 93 BA ........9.......
0030: 23 CE 3E 8D 91 75 EC 29 D0 30 72 00 1B 00 F2 71 #.>..u.).0r....q
0040: 8D C2 FF 78 16 89 C5 8B 99 4A 1E 17 8F 86 A9 F9 ...x.....J......
0050: B3 46 04 B5 5C 0B 27 84 22 E4 0A 7D 0E 9E 8A CC .F..\.'.".......
0060: 5D 52 FB 63 77 11 FF 54 FB FC 96 89 F6 15 BC 0F ]R.cw..T........
0070: 6C EE C9 43 1D 51 97 D0 4B 48 31 FA D5 0B 63 6A l..C.Q..KH1...cj
0080: B2 9B 99 2C 99 CA ...,..
main, WRITE: SSL v3.1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 3C E7 CF 0A 31 F2 FA AB 35 08 29 BB 64 E3 ..<...1...5.).d.
0010: 5B CF F0 4B E9 26 2C EF 30 62 76 7A 04 55 32 98 [..K.&,.0bvz.U2.
0020: 3B 52 AC BA A9 EB 57 D6 9B F3 29 34 5C 05 FC 8D ;R....W...)4\...
CONNECTION KEYGEN:
Client Nonce:
0000: 43 30 24 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 C0$u,.Tt.(..0`..
0010: 7B 8D F4 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 ...Gk.^i.e\.N...
Server Nonce:
0000: 43 30 23 07 39 03 64 4D F4 8C 69 F2 46 E2 73 CD C0#.9.dM..i.F.s.
0010: 90 55 C5 C1 AE 18 57 C7 58 7C B8 4F 14 AA 96 BA .U....W.X..O....
Master Secret:
0000: 6E 47 12 2F BD 40 E5 30 E2 0E 0C 24 23 DD FC 53 nG./[email protected]...$#..S
0010: DD 7C A8 6C 9F 36 48 82 03 B1 63 21 64 73 A6 E3 ...l.6H...c!ds..
0020: 4D E6 6B 06 77 7D A6 38 4A EB 76 C1 34 85 75 31 M.k.w..8J.v.4.u1
Client MAC write Secret:
0000: 95 7D A9 28 CA 82 E9 69 3E DC 79 8D C0 36 70 30 ...(...i>.y..6p0
Server MAC write Secret:
0000: 7D 10 E4 35 B4 D9 62 BA 83 1D F3 16 B0 D1 14 AC ...5..b.........
Client write key:
0000: 44 0E 25 5D AC 78 51 19 21 66 06 CF 3D 8C 98 98 D.%].xQ.!f..=...
Server write key:
0000: 3D C2 21 97 4C E3 D3 69 9E D9 8A CC 63 E0 0C 8E =.!.L..i....c...
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
*** Finished, v3.1
verify_data: { 65, 234, 65, 174, 47, 136, 37, 130, 121, 68, 222, 210 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
0010: E8 81 F0 28 5A 40 91 C8 BA 85 76 8F 34 EB 95 C7 ...([email protected]...
main, WRITE: SSL v3.1 Handshake, length = 32
main, READ: SSL v3.1 Change Cipher Spec, length = 1
main, READ: SSL v3.1 Handshake, length = 32
Plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
0010: 61 F9 5F E0 B3 90 BA B2 63 8A 45 8F 61 84 40 39 a._.....c.E.a.@9
*** Finished, v3.1
verify_data: { 23, 71, 110, 41, 17, 6, 160, 65, 160, 12, 157, 65 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
Plaintext before ENCRYPTION: len = 63
0000: 50 4F 53 54 20 2F 77 73 73 75 69 6E 69 41 75 74 POST /wssuiniAut
0010: 43 65 72 74 2F 77 73 53 75 69 6E 69 55 70 64 2E Cert/wsSuiniUpd.
0020: 61 73 6D 78 20 48 54 54 50 2F 31 2E 31 0D 0A 2F asmx HTTP/1.1../
0030: 83 FA 4C 02 2F 83 20 D3 49 7C CD 39 A2 95 53 ..L./. .I..9..S
main, WRITE: SSL v3.1 Application Data, length = 63
Plaintext before ENCRYPTION: len = 57
0000: 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 Content-Type: te
0010: 78 74 2F 78 6D 6C 3B 20 63 68 61 72 73 65 74 3D xt/xml; charset=
0020: 22 75 74 66 2D 38 22 0D 0A 54 E1 A0 DE 70 E4 92 "utf-8"..T...p..
0030: 12 58 C1 C6 58 9A 44 39 E2 .X..X.D9.
main, WRITE: SSL v3.1 Application Data, length = 57
Plaintext before ENCRYPTION: len = 37
0000: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
0010: 38 34 38 0D 0A 86 C7 70 1C 67 47 DC 1C D4 E7 67 848....p.gG....g
0020: CB 64 69 5A 44 .diZD
main, WRITE: SSL v3.1 Application Data, length = 37
Plaintext before ENCRYPTION: len = 69
0000: 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74 Proxy-Authorizat
0010: 69 6F 6E 3A 20 42 61 73 69 63 20 5A 47 35 68 64 ion: Basic ZG5hd
0020: 47 56 73 62 47 45 36 59 7A 46 7A 61 57 52 70 4D GVsbGE6YzFzaWRpM
0030: 44 45 3D 0D 0A C1 74 CC F1 05 89 84 2C B1 69 45 DE=...t.....,.iE
0040: 2A 6F B3 7A 23 *o.z#
main, WRITE: SSL v3.1 Application Data, length = 69
Plaintext before ENCRYPTION: len = 71
0000: 53 4F 41 50 41 63 74 69 6F 6E 3A 20 68 74 74 70 SOAPAction: http
0010: 3A 2F 2F 62 64 72 2E 69 7A 73 2E 69 74 2F 77 65 ://bdr.izs.it/we
0020: 62 73 65 72 76 69 63 65 73 2F 49 6E 73 65 72 74 bservices/Insert
0030: 5F 4E 6F 74 65 0D 0A 4B 7C 0F A5 D6 00 58 78 BC _Note..K.....Xx.
0040: 0B 59 52 E1 FC 70 86 .YR..p.
main, WRITE: SSL v3.1 Application Data, length = 71
Plaintext before ENCRYPTION: len = 42
0000: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0010: 31 2E 33 2E 31 5F 30 38 0D 0A 61 25 77 68 A0 C2 1.3.1_08..a%wh..
0020: AC 52 CA F3 A3 F7 75 8A B0 FE .R....u...
main, WRITE: SSL v3.1 Application Data, length = 42
Plaintext before ENCRYPTION: len = 38
0000: 48 6F 73 74 3A 20 62 64 72 74 65 73 74 2E 69 7A Host: bdrtest.iz
0010: 73 2E 69 74 0D 0A D3 39 F0 0E C3 28 D0 12 1A 58 s.it...9...(...X
0020: 83 A4 BB 23 11 48 ...#.H
main, WRITE: SSL v3.1 Application Data, length = 38
Plaintext before ENCRYPTION: len = 78
0000: 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D Accept: text/htm
0010: 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D l, image/gif, im
0020: 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 3D 2E age/jpeg, *; q=.
0030: 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 89 64 2, */*; q=.2...d
0040: F7 A9 7F 6C 29 07 22 6F AC F3 B4 D4 7F C1 ...l)."o......
main, WRITE: SSL v3.1 Application Data, length = 78
Plaintext before ENCRYPTION: len = 40
0000: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0010: 2D 61 6C 69 76 65 0D 0A 1E D0 BD FD 9C 84 0A E0 -alive..........
0020: 9D 3D 26 26 99 09 BB FB .=&&....
main, WRITE: SSL v3.1 Application Data, length = 40
Plaintext before ENCRYPTION: len = 18
0000: 0D 0A C9 79 35 92 83 D8 A1 BF 46 B9 3E FC B9 78 ...y5.....F.>..x
0010: 07 89 ..
main, WRITE: SSL v3.1 Application Data, length = 18
Plaintext before ENCRYPTION: len = 864
0000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
0010: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 .0" encoding="UT
0020: 46 2D 38 22 3F 3E 0A 3C 73 6F 61 70 2D 65 6E 76 F-8"?>.<soap-env
0030: 3A 45 6E 76 65 6C 6F 70 65 20 78 6D 6C 6E 73 3A :Envelope xmlns:
0040: 73 6F 61 70 2D 65 6E 76 3D 22 68 74 74 70 3A 2F soap-env="http:/
0050: 2F 73 63 68 65 6D 61 73 2E 78 6D 6C 73 6F 61 70 /schemas.xmlsoap
0060: 2E 6F 72 67 2F 73 6F 61 70 2F 65 6E 76 65 6C 6F .org/soap/envelo
0070: 70 65 2F 22 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 pe/" xmlns:xsi="
main, WRITE: SSL v3.1 Application Data, length = 864
main, READ: SSL v3.1 Handshake, length = 20
Plaintext after DECRYPTION: len = 20
0000: 00 00 00 00 AC FA A9 49 7D 8A 0B A9 50 2F 74 A3 .......I....P/t.
0010: D2 BA 7A 39 ..z9
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 4625
*** ClientHello, v3.1
RandomCookie: GMT: 1127228534 bytes = { 18, 49, 204, 75, 133, 78, 163, 164, 250, 200, 97, 100, 19, 143, 176, 205, 50, 166, 159, 21, 80, 181, 243, 41, 64, 166, 190, 104 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 91
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
Plaintext before ENCRYPTION: len = 107
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 06 4B 44 B4 6C ............KD.l
0060: 9E B4 85 36 A4 D9 93 23 DB 49 0C ...6...#.I.
main, WRITE: SSL v3.1 Handshake, length = 107
main, READ: SSL v3.1 Handshake, length = 4076
Plaintext after DECRYPTION: len = 4076
0000: 02 00 00 46 03 01 43 30 23 09 DD 0A F6 93 D0 16 ...F..C0#.......
0010: CE 00 CC 72 55 92 92 12 4A B3 B7 92 8F 94 02 CA ...rU...J.......
0020: FE 25 A6 65 88 CF 20 2D 10 00 00 0F 1A 6E 56 46 .%.e.. -.....nVF
0030: 1B AD 9F E9 00 B2 DD 00 07 60 94 08 43 9E AC 9B .........`..C...
0040: 89 EA 73 79 EA 00 D1 00 04 00 0B 00 03 5E 00 03 ..sy.........^..
0050: 5B 00 03 58 30 82 03 54 30 82 02 FE A0 03 02 01 [..X0..T0.......
0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 85 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 .IT1.0...U....Te
0090: 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 ramo1.0...U....T
00A0: 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 eramo1.0...U....
00B0: 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 IZSAM1.0...U....
00C0: 43 45 44 31 17 30 15 06 03 55 04 03 13 0E 64 6E CED1.0...U....dn
00D0: 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D 30 1B s.tex.izs.it1.0.
00E0: 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A ..*.H........d.z
00F0: 69 70 70 6F 40 69 7A 73 2E 69 74 30 1E 17 0D 30 [email protected]
0100: 35 30 34 30 35 31 34 30 35 34 31 5A 17 0D 30 36 50405140541Z..06
0110: 30 34 30 35 31 34 30 35 34 31 5A 30 81 85 31 0B 0405140541Z0..1.
0120: 30 09 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 0...U....IT1.0..
0130: 03 55 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D .U....Teramo1.0.
0140: 06 03 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 ..U....Teramo1.0
0150: 0C 06 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 ...U....IZSAM1.0
0160: 0A 06 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 ...U....CED1.0..
0170: 03 55 04 03 13 0E 62 64 72 74 65 73 74 2E 69 7A .U....bdrtest.iz
0180: 73 2E 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D s.it1.0...*.H...
0190: 01 09 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 .....d.zippo@izs
01A0: 2E 69 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D .it0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: F6 E3 70 EC 18 8B B7 1D D6 11 11 59 3E 43 09 2D ..p........Y>C.-
01D0: AE F1 06 A3 0C 21 F7 00 09 C2 07 52 0B 29 35 CF .....!.....R.)5.
01E0: 65 38 2C 6C 0A 61 06 50 B9 20 8C 5F A0 B9 B7 E2 e8,l.a.P. ._....
01F0: 8B 2B 10 89 B9 7F 40 0F 49 A1 D8 9E A2 C8 BE 4E [email protected]
0200: 63 20 F2 49 35 25 F1 5D 64 00 ED 02 FD D7 96 51 c .I5%.]d......Q
0210: 73 C7 E9 DA 61 AA 88 FB 5D 0A 41 56 EC 36 4F 85 s...a...].AV.6O.
0220: B2 A1 8F E6 DE DC E2 2D B2 DF AA 3D 99 51 23 14 .......-...=.Q#.
0230: 19 02 8A 2C D4 F0 4C 83 39 1C 1B E5 8F 65 06 05 ...,..L.9....e..
0240: 02 03 01 00 01 A3 82 01 11 30 82 01 0D 30 09 06 .........0...0..
0250: 03 55 1D 13 04 02 30 00 30 2C 06 09 60 86 48 01 .U....0.0,..`.H.
0260: 86 F8 42 01 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C ..B......OpenSSL
0270: 20 47 65 6E 65 72 61 74 65 64 20 43 65 72 74 69 Generated Certi
0280: 66 69 63 61 74 65 30 1D 06 03 55 1D 0E 04 16 04 ficate0...U.....
0290: 14 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 .M.S.z.i;6...Sj.
02A0: 4A D5 38 98 59 30 81 B2 06 03 55 1D 23 04 81 AA J.8.Y0....U.#...
02B0: 30 81 A7 80 14 2D F5 B5 55 88 86 E9 14 60 F1 E6 0....-..U....`..
02C0: 1C AD E2 71 79 29 A0 F1 8F A1 81 8B A4 81 88 30 ...qy).........0
02D0: 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 54 31 ..1.0...U....IT1
02E0: 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 6D 6F .0...U....Teramo
02F0: 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 61 6D 1.0...U....Teram
0300: 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A 53 41 o1.0...U....IZSA
0310: 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 44 31 M1.0...U....CED1
0320: 17 30 15 06 03 55 04 03 13 0E 64 6E 73 2E 74 65 .0...U....dns.te
0330: 78 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 2A 86 x.izs.it1.0...*.
0340: 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 70 6F H........d.zippo
0350: 40 69 7A 73 2E 69 74 82 01 00 30 0D 06 09 2A 86 @izs.it...0...*.
0360: 48 86 F7 0D 01 01 04 05 00 03 41 00 73 D0 96 DD H.........A.s...
0370: 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 11 71 5F 66 o..D.<...DJ..q_f
0380: 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD B6 3C 90 1F .........r...<..
0390: 38 72 E3 A9 13 84 97 5E 5B 95 09 4E CB 86 29 7D 8r.....^[..N..).
03A0: 7A BB 07 75 97 23 3C D5 B1 16 35 E0 0D 00 0C 28 z..u.#<...5....(
03B0: 01 01 0C 24 00 C4 30 81 C1 31 0B 30 09 06 03 55 ...$..0..1.0...U
03C0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
03D0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
*** ServerHello, v3.1
RandomCookie: GMT: 1127228169 bytes = { 221, 10, 246, 147, 208, 22, 206, 0, 204, 114, 85, 146, 146, 18, 74, 179, 183, 146, 143, 148, 2, 202, 254, 37, 166, 101, 136, 207 }
Session ID: {45, 16, 0, 0, 15, 26,

Thanks very much for reply.
I'm sorry, I missed a piece in previous post.
This is Server response:
Plaintext after DECRYPTION: len = 4316
0000: 48 54 54 50 2F 31 2E 31 20 34 30 33 20 41 63 63 HTTP/1.1 403 Acc
0010: 65 73 73 20 46 6F 72 62 69 64 64 65 6E 0D 0A 53 ess Forbidden..S
0020: 65 72 76 65 72 3A 20 4D 69 63 72 6F 73 6F 66 74 erver: Microsoft
0030: 2D 49 49 53 2F 35 2E 30 0D 0A 44 61 74 65 3A 20 -IIS/5.0..Date:
0040: 57 65 64 2C 20 32 31 20 53 65 70 20 32 30 30 35 Wed, 21 Sep 2005
0050: 20 30 37 3A 32 34 3A 33 39 20 47 4D 54 0D 0A 43 07:24:39 GMT..C
0060: 6F 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 onnection: close
0070: 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 ..Content-Length
0080: 3A 20 34 32 33 37 0D 0A 43 6F 6E 74 65 6E 74 2D : 4237..Content-
0090: 54 79 70 65 3A 20 74 65 78 74 2F 68 74 6D 6C 0D Type: text/html.
00A0: 0A 0D 0A 3C 21 44 4F 43 54 59 50 45 20 48 54 4D ...<!DOCTYPE HTM
00B0: 4C 20 50 55 42 4C 49 43 20 22 2D 2F 2F 57 33 43 L PUBLIC "-//W3C
00C0: 2F 2F 44 54 44 20 48 54 4D 4C 20 33 2E 32 20 46 //DTD HTML 3.2 F
00D0: 69 6E 61 6C 2F 2F 45 4E 22 3E 0D 0A 3C 68 74 6D inal//EN">..<htm
00E0: 6C 20 64 69 72 3D 6C 74 72 3E 0D 0A 0D 0A 3C 68 l dir=ltr>....<h
00F0: 65 61 64 3E 0D 0A 3C 73 74 79 6C 65 3E 0D 0A 61 ead>..<style>..a
0100: 3A 6C 69 6E 6B 09 09 09 7B 66 6F 6E 74 3A 38 70 :link....font:8p
0110: 74 2F 31 31 70 74 20 76 65 72 64 61 6E 61 3B 20 t/11pt verdana;
0120: 63 6F 6C 6F 72 3A 46 46 30 30 30 30 7D 0D 0A 61 color:FF0000...a
0130: 3A 76 69 73 69 74 65 64 09 09 7B 66 6F 6E 74 3A :visited...font:
0140: 38 70 74 2F 31 31 70 74 20 76 65 72 64 61 6E 61 8pt/11pt verdana
0150: 3B 20 63 6F 6C 6F 72 3A 23 34 65 34 65 34 65 7D ; color:#4e4e4e.
0160: 0D 0A 3C 2F 73 74 79 6C 65 3E 0D 0A 0D 0A 3C 4D ..</style>....<M
0170: 45 54 41 20 4E 41 4D 45 3D 22 52 4F 42 4F 54 53 ETA NAME="ROBOTS
0180: 22 20 43 4F 4E 54 45 4E 54 3D 22 4E 4F 49 4E 44 " CONTENT="NOIND
0190: 45 58 22 3E 0D 0A 0D 0A 3C 74 69 74 6C 65 3E 54 EX">....<title>T
01A0: 68 65 20 70 61 67 65 20 72 65 71 75 69 72 65 73 he page requires
01B0: 20 61 20 63 6C 69 65 6E 74 20 63 65 72 74 69 66 a client certif
01C0: 69 63 61 74 65 3C 2F 74 69 74 6C 65 3E 0D 0A 0D icate</title>...
Please Help me.
Regards.

Ssl empty certificate chain?

I am having Problems with client certificate/setup.
I have a client behind proxy that connect to Web Services.
I have only a client certificate that I import (use keytool) in my keystore.
I have this setting in my program:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", keystorePass);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePass);
[proxy setting is ok]
But when I invoke a service I have a empty certificate chain.
I use jdk1.3.1_08 and jsse-1_0_3_03
Please Help me. I have read hundred pages.
Many thanks in advance for any help.
My client log:
adding as trusted cert: [
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@10c424
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
               To: Sat Jan 01 00:59:59 CET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [    02a60000 01]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@238bd2
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
               To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [    01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
adding as trusted cert: [
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@198891
Validity: [From: Wed Nov 09 01:00:00 CET 1994,
               To: Fri Jan 08 00:59:59 CET 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [    02ad667e 4e45fe5e 576f3c98 195eddc0 ]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
trigger seeding of SecureRandom
done seeding SecureRandom
Providers com.sun.net.ssl.internal.www.protocol
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1127228533 bytes = { 44, 211, 84, 116, 141, 40, 133, 180, 48, 96, 213, 147, 123, 141, 244, 71, 107, 242, 94, 105, 247, 101, 92, 8, 78, 176, 226, 133 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 30 24 75 2C D3 54 74 8D 28 ...7..C0$u,.Tt.(
0010: 85 B4 30 60 D5 93 7B 8D F4 47 6B F2 5E 69 F7 65 ..0`.....Gk.^i.e
0020: 5C 08 4E B0 E2 85 00 00 10 00 05 00 04 00 09 00 \.N.............
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 30 24 .............C0$
0030: 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 7B 8D F4 u,.Tt.(..0`.....
0040: 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 Gk.^i.e\.N...
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 944
*** ServerHello, v3.1
RandomCookie: GMT: 1127228167 bytes = { 57, 3, 100, 77, 244, 140, 105, 242, 70, 226, 115, 205, 144, 85, 197, 193, 174, 24, 87, 199, 88, 124, 184, 79, 20, 170, 150, 186 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suite: { 0, 4 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 43 30 23 07 39 03 64 4D F4 8C ...F..C0#.9.dM..
0010: 69 F2 46 E2 73 CD 90 55 C5 C1 AE 18 57 C7 58 7C i.F.s..U....W.X.
0020: B8 4F 14 AA 96 BA 20 26 02 00 00 87 7D 0D FE D1 .O.... &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 04 00 .v..7.....
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
               To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [    01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
updated/found trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
               To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [    01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
[read] MD5 and SHA1 hashes: len = 866
0000: 0B 00 03 5E 00 03 5B 00 03 58 30 82 03 54 30 82 ...^..[..X0..T0.
0010: 02 FE A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 04 05 00 30 81 85 31 0B 30 09 H........0..1.0.
0030: 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 03 55 ..U....IT1.0...U
0040: 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D 06 03 ....Teramo1.0...
0050: 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 0C 06 U....Teramo1.0..
0060: 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 0A 06 .U....IZSAM1.0..
0070: 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 03 55 .U....CED1.0...U
0080: 04 03 13 0E 64 6E 73 2E 74 65 78 2E 69 7A 73 2E ....dns.tex.izs.
0090: 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D 01 09 it1.0...*.H.....
00A0: 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 [email protected]
00B0: 74 30 1E 17 0D 30 35 30 34 30 35 31 34 30 35 34 t0...05040514054
00C0: 31 5A 17 0D 30 36 30 34 30 35 31 34 30 35 34 31 1Z..060405140541
00D0: 5A 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 Z0..1.0...U....I
00E0: 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 T1.0...U....Tera
00F0: 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 mo1.0...U....Ter
0100: 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A amo1.0...U....IZ
0110: 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 SAM1.0...U....CE
0120: 44 31 17 30 15 06 03 55 04 03 13 0E 62 64 72 74 D1.0...U....bdrt
0130: 65 73 74 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 est.izs.it1.0...
0140: 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 *.H........d.zip
0150: 70 6F 40 69 7A 73 2E 69 74 30 81 9F 30 0D 06 09 [email protected]...
0160: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0
0170: 81 89 02 81 81 00 F6 E3 70 EC 18 8B B7 1D D6 11 ........p.......
0180: 11 59 3E 43 09 2D AE F1 06 A3 0C 21 F7 00 09 C2 .Y>C.-.....!....
0190: 07 52 0B 29 35 CF 65 38 2C 6C 0A 61 06 50 B9 20 .R.)5.e8,l.a.P.
01A0: 8C 5F A0 B9 B7 E2 8B 2B 10 89 B9 7F 40 0F 49 A1 [email protected].
01B0: D8 9E A2 C8 BE 4E 63 20 F2 49 35 25 F1 5D 64 00 .....Nc .I5%.]d.
01C0: ED 02 FD D7 96 51 73 C7 E9 DA 61 AA 88 FB 5D 0A .....Qs...a...].
01D0: 41 56 EC 36 4F 85 B2 A1 8F E6 DE DC E2 2D B2 DF AV.6O........-..
01E0: AA 3D 99 51 23 14 19 02 8A 2C D4 F0 4C 83 39 1C .=.Q#....,..L.9.
01F0: 1B E5 8F 65 06 05 02 03 01 00 01 A3 82 01 11 30 ...e...........0
0200: 82 01 0D 30 09 06 03 55 1D 13 04 02 30 00 30 2C ...0...U....0.0,
0210: 06 09 60 86 48 01 86 F8 42 01 0D 04 1F 16 1D 4F ..`.H...B......O
0220: 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 74 65 64 penSSL Generated
0230: 20 43 65 72 74 69 66 69 63 61 74 65 30 1D 06 03 Certificate0...
0240: 55 1D 0E 04 16 04 14 4D 11 53 D1 7A 92 69 3B 36 U......M.S.z.i;6
0250: F7 D6 BA 53 6A 81 4A D5 38 98 59 30 81 B2 06 03 ...Sj.J.8.Y0....
0260: 55 1D 23 04 81 AA 30 81 A7 80 14 2D F5 B5 55 88 U.#...0....-..U.
0270: 86 E9 14 60 F1 E6 1C AD E2 71 79 29 A0 F1 8F A1 ...`.....qy)....
0280: 81 8B A4 81 88 30 81 85 31 0B 30 09 06 03 55 04 .....0..1.0...U.
0290: 06 13 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 ...IT1.0...U....
02A0: 54 65 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 Teramo1.0...U...
02B0: 06 54 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A .Teramo1.0...U..
02C0: 13 05 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B ..IZSAM1.0...U..
02D0: 13 03 43 45 44 31 17 30 15 06 03 55 04 03 13 0E ..CED1.0...U....
02E0: 64 6E 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D dns.tex.izs.it1.
02F0: 30 1B 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 0...*.H........d
0300: 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 74 82 01 00 [email protected]...
0310: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 0...*.H.........
0320: 41 00 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 A.s...o..D.<...D
0330: 4A C4 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 J..q_f.........r
0340: C6 FD B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 ...<..8r.....^[.
0350: 09 4E CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 .N..).z..u.#<...
0360: 35 E0 5.
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 60, 231, 207, 10, 49, 242, 250, 171, 53, 8, 41, 187, 100, 227, 91, 207, 240, 75, 233, 38, 44, 239, 48, 98, 118, 122, 4, 85, 50, 152, 59, 82, 172, 186, 169, 235, 87, 214, 155, 243, 41, 52, 92, 5, 252, 141 }
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 86 7D 83 84 8C 38 3A 3A C3 37 ...........8::.7
0010: D1 4E 69 55 77 6D 14 C8 04 F4 AB 62 3D 71 32 6F .NiUwm.....b=q2o
0020: A4 0D 16 F6 99 0C FD FD 39 08 C3 B2 B8 BF 93 BA ........9.......
0030: 23 CE 3E 8D 91 75 EC 29 D0 30 72 00 1B 00 F2 71 #.>..u.).0r....q
0040: 8D C2 FF 78 16 89 C5 8B 99 4A 1E 17 8F 86 A9 F9 ...x.....J......
0050: B3 46 04 B5 5C 0B 27 84 22 E4 0A 7D 0E 9E 8A CC .F..\.'.".......
0060: 5D 52 FB 63 77 11 FF 54 FB FC 96 89 F6 15 BC 0F ]R.cw..T........
0070: 6C EE C9 43 1D 51 97 D0 4B 48 31 FA D5 0B 63 6A l..C.Q..KH1...cj
0080: B2 9B 99 2C 99 CA ...,..
main, WRITE: SSL v3.1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 3C E7 CF 0A 31 F2 FA AB 35 08 29 BB 64 E3 ..<...1...5.).d.
0010: 5B CF F0 4B E9 26 2C EF 30 62 76 7A 04 55 32 98 [..K.&,.0bvz.U2.
0020: 3B 52 AC BA A9 EB 57 D6 9B F3 29 34 5C 05 FC 8D ;R....W...)4\...
CONNECTION KEYGEN:
Client Nonce:
0000: 43 30 24 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 C0$u,.Tt.(..0`..
0010: 7B 8D F4 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 ...Gk.^i.e\.N...
Server Nonce:
0000: 43 30 23 07 39 03 64 4D F4 8C 69 F2 46 E2 73 CD C0#.9.dM..i.F.s.
0010: 90 55 C5 C1 AE 18 57 C7 58 7C B8 4F 14 AA 96 BA .U....W.X..O....
Master Secret:
0000: 6E 47 12 2F BD 40 E5 30 E2 0E 0C 24 23 DD FC 53 nG./[email protected]...$#..S
0010: DD 7C A8 6C 9F 36 48 82 03 B1 63 21 64 73 A6 E3 ...l.6H...c!ds..
0020: 4D E6 6B 06 77 7D A6 38 4A EB 76 C1 34 85 75 31 M.k.w..8J.v.4.u1
Client MAC write Secret:
0000: 95 7D A9 28 CA 82 E9 69 3E DC 79 8D C0 36 70 30 ...(...i>.y..6p0
Server MAC write Secret:
0000: 7D 10 E4 35 B4 D9 62 BA 83 1D F3 16 B0 D1 14 AC ...5..b.........
Client write key:
0000: 44 0E 25 5D AC 78 51 19 21 66 06 CF 3D 8C 98 98 D.%].xQ.!f..=...
Server write key:
0000: 3D C2 21 97 4C E3 D3 69 9E D9 8A CC 63 E0 0C 8E =.!.L..i....c...
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
*** Finished, v3.1
verify_data: { 65, 234, 65, 174, 47, 136, 37, 130, 121, 68, 222, 210 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
0010: E8 81 F0 28 5A 40 91 C8 BA 85 76 8F 34 EB 95 C7 ...([email protected]...
main, WRITE: SSL v3.1 Handshake, length = 32
main, READ: SSL v3.1 Change Cipher Spec, length = 1
main, READ: SSL v3.1 Handshake, length = 32
Plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
0010: 61 F9 5F E0 B3 90 BA B2 63 8A 45 8F 61 84 40 39 a._.....c.E.a.@9
*** Finished, v3.1
verify_data: { 23, 71, 110, 41, 17, 6, 160, 65, 160, 12, 157, 65 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
Plaintext before ENCRYPTION: len = 63
0000: 50 4F 53 54 20 2F 77 73 73 75 69 6E 69 41 75 74 POST /wssuiniAut
0010: 43 65 72 74 2F 77 73 53 75 69 6E 69 55 70 64 2E Cert/wsSuiniUpd.
0020: 61 73 6D 78 20 48 54 54 50 2F 31 2E 31 0D 0A 2F asmx HTTP/1.1../
0030: 83 FA 4C 02 2F 83 20 D3 49 7C CD 39 A2 95 53 ..L./. .I..9..S
main, WRITE: SSL v3.1 Application Data, length = 63
Plaintext before ENCRYPTION: len = 57
0000: 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 Content-Type: te
0010: 78 74 2F 78 6D 6C 3B 20 63 68 61 72 73 65 74 3D xt/xml; charset=
0020: 22 75 74 66 2D 38 22 0D 0A 54 E1 A0 DE 70 E4 92 "utf-8"..T...p..
0030: 12 58 C1 C6 58 9A 44 39 E2 .X..X.D9.
main, WRITE: SSL v3.1 Application Data, length = 57
Plaintext before ENCRYPTION: len = 37
0000: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
0010: 38 34 38 0D 0A 86 C7 70 1C 67 47 DC 1C D4 E7 67 848....p.gG....g
0020: CB 64 69 5A 44 .diZD
main, WRITE: SSL v3.1 Application Data, length = 37
Plaintext before ENCRYPTION: len = 69
0000: 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74 Proxy-Authorizat
0010: 69 6F 6E 3A 20 42 61 73 69 63 20 5A 47 35 68 64 ion: Basic ZG5hd
0020: 47 56 73 62 47 45 36 59 7A 46 7A 61 57 52 70 4D GVsbGE6YzFzaWRpM
0030: 44 45 3D 0D 0A C1 74 CC F1 05 89 84 2C B1 69 45 DE=...t.....,.iE
0040: 2A 6F B3 7A 23 *o.z#
main, WRITE: SSL v3.1 Application Data, length = 69
Plaintext before ENCRYPTION: len = 71
0000: 53 4F 41 50 41 63 74 69 6F 6E 3A 20 68 74 74 70 SOAPAction: http
0010: 3A 2F 2F 62 64 72 2E 69 7A 73 2E 69 74 2F 77 65 ://bdr.izs.it/we
0020: 62 73 65 72 76 69 63 65 73 2F 49 6E 73 65 72 74 bservices/Insert
0030: 5F 4E 6F 74 65 0D 0A 4B 7C 0F A5 D6 00 58 78 BC _Note..K.....Xx.
0040: 0B 59 52 E1 FC 70 86 .YR..p.
main, WRITE: SSL v3.1 Application Data, length = 71
Plaintext before ENCRYPTION: len = 42
0000: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0010: 31 2E 33 2E 31 5F 30 38 0D 0A 61 25 77 68 A0 C2 1.3.1_08..a%wh..
0020: AC 52 CA F3 A3 F7 75 8A B0 FE .R....u...
main, WRITE: SSL v3.1 Application Data, length = 42
Plaintext before ENCRYPTION: len = 38
0000: 48 6F 73 74 3A 20 62 64 72 74 65 73 74 2E 69 7A Host: bdrtest.iz
0010: 73 2E 69 74 0D 0A D3 39 F0 0E C3 28 D0 12 1A 58 s.it...9...(...X
0020: 83 A4 BB 23 11 48 ...#.H
main, WRITE: SSL v3.1 Application Data, length = 38
Plaintext before ENCRYPTION: len = 78
0000: 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D Accept: text/htm
0010: 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D l, image/gif, im
0020: 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 3D 2E age/jpeg, *; q=.
0030: 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 89 64 2, */*; q=.2...d
0040: F7 A9 7F 6C 29 07 22 6F AC F3 B4 D4 7F C1 ...l)."o......
main, WRITE: SSL v3.1 Application Data, length = 78
Plaintext before ENCRYPTION: len = 40
0000: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0010: 2D 61 6C 69 76 65 0D 0A 1E D0 BD FD 9C 84 0A E0 -alive..........
0020: 9D 3D 26 26 99 09 BB FB .=&&....
main, WRITE: SSL v3.1 Application Data, length = 40
Plaintext before ENCRYPTION: len = 18
0000: 0D 0A C9 79 35 92 83 D8 A1 BF 46 B9 3E FC B9 78 ...y5.....F.>..x
0010: 07 89 ..
main, WRITE: SSL v3.1 Application Data, length = 18
Plaintext before ENCRYPTION: len = 864
0000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
0010: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 .0" encoding="UT
0020: 46 2D 38 22 3F 3E 0A 3C 73 6F 61 70 2D 65 6E 76 F-8"?>.<soap-env
0030: 3A 45 6E 76 65 6C 6F 70 65 20 78 6D 6C 6E 73 3A :Envelope xmlns:
0040: 73 6F 61 70 2D 65 6E 76 3D 22 68 74 74 70 3A 2F soap-env="http:/
0050: 2F 73 63 68 65 6D 61 73 2E 78 6D 6C 73 6F 61 70 /schemas.xmlsoap
0060: 2E 6F 72 67 2F 73 6F 61 70 2F 65 6E 76 65 6C 6F .org/soap/envelo
0070: 70 65 2F 22 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 pe/" xmlns:xsi="
main, WRITE: SSL v3.1 Application Data, length = 864
main, READ: SSL v3.1 Handshake, length = 20
Plaintext after DECRYPTION: len = 20
0000: 00 00 00 00 AC FA A9 49 7D 8A 0B A9 50 2F 74 A3 .......I....P/t.
0010: D2 BA 7A 39 ..z9
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 4625
*** ClientHello, v3.1
RandomCookie: GMT: 1127228534 bytes = { 18, 49, 204, 75, 133, 78, 163, 164, 250, 200, 97, 100, 19, 143, 176, 205, 50, 166, 159, 21, 80, 181, 243, 41, 64, 166, 190, 104 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 91
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
Plaintext before ENCRYPTION: len = 107
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 06 4B 44 B4 6C ............KD.l
0060: 9E B4 85 36 A4 D9 93 23 DB 49 0C ...6...#.I.
main, WRITE: SSL v3.1 Handshake, length = 107
main, READ: SSL v3.1 Handshake, length = 4076
Plaintext after DECRYPTION: len = 4076
0000: 02 00 00 46 03 01 43 30 23 09 DD 0A F6 93 D0 16 ...F..C0#.......
0010: CE 00 CC 72 55 92 92 12 4A B3 B7 92 8F 94 02 CA ...rU...J.......
0020: FE 25 A6 65 88 CF 20 2D 10 00 00 0F 1A 6E 56 46 .%.e.. -.....nVF
0030: 1B AD 9F E9 00 B2 DD 00 07 60 94 08 43 9E AC 9B .........`..C...
0040: 89 EA 73 79 EA 00 D1 00 04 00 0B 00 03 5E 00 03 ..sy.........^..
0050: 5B 00 03 58 30 82 03 54 30 82 02 FE A0 03 02 01 [..X0..T0.......
0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 85 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 .IT1.0...U....Te
0090: 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 ramo1.0...U....T
00A0: 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 eramo1.0...U....
00B0: 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 IZSAM1.0...U....
00C0: 43 45 44 31 17 30 15 06 03 55 04 03 13 0E 64 6E CED1.0...U....dn
00D0: 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D 30 1B s.tex.izs.it1.0.
00E0: 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A ..*.H........d.z
00F0: 69 70 70 6F 40 69 7A 73 2E 69 74 30 1E 17 0D 30 [email protected]
0100: 35 30 34 30 35 31 34 30 35 34 31 5A 17 0D 30 36 50405140541Z..06
0110: 30 34 30 35 31 34 30 35 34 31 5A 30 81 85 31 0B 0405140541Z0..1.
0120: 30 09 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 0...U....IT1.0..
0130: 03 55 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D .U....Teramo1.0.
0140: 06 03 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 ..U....Teramo1.0
0150: 0C 06 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 ...U....IZSAM1.0
0160: 0A 06 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 ...U....CED1.0..
0170: 03 55 04 03 13 0E 62 64 72 74 65 73 74 2E 69 7A .U....bdrtest.iz
0180: 73 2E 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D s.it1.0...*.H...
0190: 01 09 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 .....d.zippo@izs
01A0: 2E 69 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D .it0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: F6 E3 70 EC 18 8B B7 1D D6 11 11 59 3E 43 09 2D ..p........Y>C.-
01D0: AE F1 06 A3 0C 21 F7 00 09 C2 07 52 0B 29 35 CF .....!.....R.)5.
01E0: 65 38 2C 6C 0A 61 06 50 B9 20 8C 5F A0 B9 B7 E2 e8,l.a.P. ._....
01F0: 8B 2B 10 89 B9 7F 40 0F 49 A1 D8 9E A2 C8 BE 4E [email protected]
0200: 63 20 F2 49 35 25 F1 5D 64 00 ED 02 FD D7 96 51 c .I5%.]d......Q
0210: 73 C7 E9 DA 61 AA 88 FB 5D 0A 41 56 EC 36 4F 85 s...a...].AV.6O.
0220: B2 A1 8F E6 DE DC E2 2D B2 DF AA 3D 99 51 23 14 .......-...=.Q#.
0230: 19 02 8A 2C D4 F0 4C 83 39 1C 1B E5 8F 65 06 05 ...,..L.9....e..
0240: 02 03 01 00 01 A3 82 01 11 30 82 01 0D 30 09 06 .........0...0..
0250: 03 55 1D 13 04 02 30 00 30 2C 06 09 60 86 48 01 .U....0.0,..`.H.
0260: 86 F8 42 01 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C ..B......OpenSSL
0270: 20 47 65 6E 65 72 61 74 65 64 20 43 65 72 74 69 Generated Certi
0280: 66 69 63 61 74 65 30 1D 06 03 55 1D 0E 04 16 04 ficate0...U.....
0290: 14 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 .M.S.z.i;6...Sj.
02A0: 4A D5 38 98 59 30 81 B2 06 03 55 1D 23 04 81 AA J.8.Y0....U.#...
02B0: 30 81 A7 80 14 2D F5 B5 55 88 86 E9 14 60 F1 E6 0....-..U....`..
02C0: 1C AD E2 71 79 29 A0 F1 8F A1 81 8B A4 81 88 30 ...qy).........0
02D0: 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 54 31 ..1.0...U....IT1
02E0: 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 6D 6F .0...U....Teramo
02F0: 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 61 6D 1.0...U....Teram
0300: 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A 53 41 o1.0...U....IZSA
0310: 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 44 31 M1.0...U....CED1
0320: 17 30 15 06 03 55 04 03 13 0E 64 6E 73 2E 74 65 .0...U....dns.te
0330: 78 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 2A 86 x.izs.it1.0...*.
0340: 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 70 6F H........d.zippo
0350: 40 69 7A 73 2E 69 74 82 01 00 30 0D 06 09 2A 86 @izs.it...0...*.
0360: 48 86 F7 0D 01 01 04 05 00 03 41 00 73 D0 96 DD H.........A.s...
0370: 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 11 71 5F 66 o..D.<...DJ..q_f
0380: 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD B6 3C 90 1F .........r...<..
0390: 38 72 E3 A9 13 84 97 5E 5B 95 09 4E CB 86 29 7D 8r.....^[..N..).
03A0: 7A BB 07 75 97 23 3C D5 B1 16 35 E0 0D 00 0C 28 z..u.#<...5....(
03B0: 01 01 0C 24 00 C4 30 81 C1 31 0B 30 09 06 03 55 ...$..0..1.0...U
03C0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
03D0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
*** ServerHello, v3.1
RandomCookie: GMT: 1127228169 bytes = { 221, 10, 246, 147, 208, 22, 206, 0, 204, 114, 85, 146, 146, 18, 74, 179, 183, 146, 143, 148, 2, 202, 254, 37, 166, 101, 136, 207 }
Session ID: {45, 16, 0, 0, 15,

I am having Problems with client certificate/setup.
I have a client behind proxy that connect to Web Services.
I have only a client certificate that I import (use keytool) in my keystore.
I have this setting in my program:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", keystorePass);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePass);
[proxy setting is ok]
But when I invoke a service I have a empty certificate chain.
I use jdk1.3.1_08 and jsse-1_0_3_03
Please Help me. I have read hundred pages.
Many thanks in advance for any help.
My client log:
adding as trusted cert: [
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@10c424
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
               To: Sat Jan 01 00:59:59 CET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [    02a60000 01]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@238bd2
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
               To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [    01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
adding as trusted cert: [
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@198891
Validity: [From: Wed Nov 09 01:00:00 CET 1994,
               To: Fri Jan 08 00:59:59 CET 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [    02ad667e 4e45fe5e 576f3c98 195eddc0 ]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
trigger seeding of SecureRandom
done seeding SecureRandom
Providers com.sun.net.ssl.internal.www.protocol
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1127228533 bytes = { 44, 211, 84, 116, 141, 40, 133, 180, 48, 96, 213, 147, 123, 141, 244, 71, 107, 242, 94, 105, 247, 101, 92, 8, 78, 176, 226, 133 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 30 24 75 2C D3 54 74 8D 28 ...7..C0$u,.Tt.(
0010: 85 B4 30 60 D5 93 7B 8D F4 47 6B F2 5E 69 F7 65 ..0`.....Gk.^i.e
0020: 5C 08 4E B0 E2 85 00 00 10 00 05 00 04 00 09 00 \.N.............
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 30 24 .............C0$
0030: 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 7B 8D F4 u,.Tt.(..0`.....
0040: 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 Gk.^i.e\.N...
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 944
*** ServerHello, v3.1
RandomCookie: GMT: 1127228167 bytes = { 57, 3, 100, 77, 244, 140, 105, 242, 70, 226, 115, 205, 144, 85, 197, 193, 174, 24, 87, 199, 88, 124, 184, 79, 20, 170, 150, 186 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suite: { 0, 4 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 43 30 23 07 39 03 64 4D F4 8C ...F..C0#.9.dM..
0010: 69 F2 46 E2 73 CD 90 55 C5 C1 AE 18 57 C7 58 7C i.F.s..U....W.X.
0020: B8 4F 14 AA 96 BA 20 26 02 00 00 87 7D 0D FE D1 .O.... &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 04 00 .v..7.....
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
               To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [    01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
updated/found trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
               To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [    01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
[read] MD5 and SHA1 hashes: len = 866
0000: 0B 00 03 5E 00 03 5B 00 03 58 30 82 03 54 30 82 ...^..[..X0..T0.
0010: 02 FE A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 04 05 00 30 81 85 31 0B 30 09 H........0..1.0.
0030: 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 03 55 ..U....IT1.0...U
0040: 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D 06 03 ....Teramo1.0...
0050: 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 0C 06 U....Teramo1.0..
0060: 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 0A 06 .U....IZSAM1.0..
0070: 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 03 55 .U....CED1.0...U
0080: 04 03 13 0E 64 6E 73 2E 74 65 78 2E 69 7A 73 2E ....dns.tex.izs.
0090: 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D 01 09 it1.0...*.H.....
00A0: 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 [email protected]
00B0: 74 30 1E 17 0D 30 35 30 34 30 35 31 34 30 35 34 t0...05040514054
00C0: 31 5A 17 0D 30 36 30 34 30 35 31 34 30 35 34 31 1Z..060405140541
00D0: 5A 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 Z0..1.0...U....I
00E0: 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 T1.0...U....Tera
00F0: 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 mo1.0...U....Ter
0100: 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A amo1.0...U....IZ
0110: 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 SAM1.0...U....CE
0120: 44 31 17 30 15 06 03 55 04 03 13 0E 62 64 72 74 D1.0...U....bdrt
0130: 65 73 74 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 est.izs.it1.0...
0140: 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 *.H........d.zip
0150: 70 6F 40 69 7A 73 2E 69 74 30 81 9F 30 0D 06 09 [email protected]...
0160: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0
0170: 81 89 02 81 81 00 F6 E3 70 EC 18 8B B7 1D D6 11 ........p.......
0180: 11 59 3E 43 09 2D AE F1 06 A3 0C 21 F7 00 09 C2 .Y>C.-.....!....
0190: 07 52 0B 29 35 CF 65 38 2C 6C 0A 61 06 50 B9 20 .R.)5.e8,l.a.P.
01A0: 8C 5F A0 B9 B7 E2 8B 2B 10 89 B9 7F 40 0F 49 A1 [email protected].
01B0: D8 9E A2 C8 BE 4E 63 20 F2 49 35 25 F1 5D 64 00 .....Nc .I5%.]d.
01C0: ED 02 FD D7 96 51 73 C7 E9 DA 61 AA 88 FB 5D 0A .....Qs...a...].
01D0: 41 56 EC 36 4F 85 B2 A1 8F E6 DE DC E2 2D B2 DF AV.6O........-..
01E0: AA 3D 99 51 23 14 19 02 8A 2C D4 F0 4C 83 39 1C .=.Q#....,..L.9.
01F0: 1B E5 8F 65 06 05 02 03 01 00 01 A3 82 01 11 30 ...e...........0
0200: 82 01 0D 30 09 06 03 55 1D 13 04 02 30 00 30 2C ...0...U....0.0,
0210: 06 09 60 86 48 01 86 F8 42 01 0D 04 1F 16 1D 4F ..`.H...B......O
0220: 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 74 65 64 penSSL Generated
0230: 20 43 65 72 74 69 66 69 63 61 74 65 30 1D 06 03 Certificate0...
0240: 55 1D 0E 04 16 04 14 4D 11 53 D1 7A 92 69 3B 36 U......M.S.z.i;6
0250: F7 D6 BA 53 6A 81 4A D5 38 98 59 30 81 B2 06 03 ...Sj.J.8.Y0....
0260: 55 1D 23 04 81 AA 30 81 A7 80 14 2D F5 B5 55 88 U.#...0....-..U.
0270: 86 E9 14 60 F1 E6 1C AD E2 71 79 29 A0 F1 8F A1 ...`.....qy)....
0280: 81 8B A4 81 88 30 81 85 31 0B 30 09 06 03 55 04 .....0..1.0...U.
0290: 06 13 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 ...IT1.0...U....
02A0: 54 65 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 Teramo1.0...U...
02B0: 06 54 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A .Teramo1.0...U..
02C0: 13 05 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B ..IZSAM1.0...U..
02D0: 13 03 43 45 44 31 17 30 15 06 03 55 04 03 13 0E ..CED1.0...U....
02E0: 64 6E 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D dns.tex.izs.it1.
02F0: 30 1B 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 0...*.H........d
0300: 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 74 82 01 00 [email protected]...
0310: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 0...*.H.........
0320: 41 00 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 A.s...o..D.<...D
0330: 4A C4 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 J..q_f.........r
0340: C6 FD B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 ...<..8r.....^[.
0350: 09 4E CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 .N..).z..u.#<...
0360: 35 E0 5.
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 60, 231, 207, 10, 49, 242, 250, 171, 53, 8, 41, 187, 100, 227, 91, 207, 240, 75, 233, 38, 44, 239, 48, 98, 118, 122, 4, 85, 50, 152, 59, 82, 172, 186, 169, 235, 87, 214, 155, 243, 41, 52, 92, 5, 252, 141 }
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 86 7D 83 84 8C 38 3A 3A C3 37 ...........8::.7
0010: D1 4E 69 55 77 6D 14 C8 04 F4 AB 62 3D 71 32 6F .NiUwm.....b=q2o
0020: A4 0D 16 F6 99 0C FD FD 39 08 C3 B2 B8 BF 93 BA ........9.......
0030: 23 CE 3E 8D 91 75 EC 29 D0 30 72 00 1B 00 F2 71 #.>..u.).0r....q
0040: 8D C2 FF 78 16 89 C5 8B 99 4A 1E 17 8F 86 A9 F9 ...x.....J......
0050: B3 46 04 B5 5C 0B 27 84 22 E4 0A 7D 0E 9E 8A CC .F..\.'.".......
0060: 5D 52 FB 63 77 11 FF 54 FB FC 96 89 F6 15 BC 0F ]R.cw..T........
0070: 6C EE C9 43 1D 51 97 D0 4B 48 31 FA D5 0B 63 6A l..C.Q..KH1...cj
0080: B2 9B 99 2C 99 CA ...,..
main, WRITE: SSL v3.1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 3C E7 CF 0A 31 F2 FA AB 35 08 29 BB 64 E3 ..<...1...5.).d.
0010: 5B CF F0 4B E9 26 2C EF 30 62 76 7A 04 55 32 98 [..K.&,.0bvz.U2.
0020: 3B 52 AC BA A9 EB 57 D6 9B F3 29 34 5C 05 FC 8D ;R....W...)4\...
CONNECTION KEYGEN:
Client Nonce:
0000: 43 30 24 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 C0$u,.Tt.(..0`..
0010: 7B 8D F4 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 ...Gk.^i.e\.N...
Server Nonce:
0000: 43 30 23 07 39 03 64 4D F4 8C 69 F2 46 E2 73 CD C0#.9.dM..i.F.s.
0010: 90 55 C5 C1 AE 18 57 C7 58 7C B8 4F 14 AA 96 BA .U....W.X..O....
Master Secret:
0000: 6E 47 12 2F BD 40 E5 30 E2 0E 0C 24 23 DD FC 53 nG./[email protected]...$#..S
0010: DD 7C A8 6C 9F 36 48 82 03 B1 63 21 64 73 A6 E3 ...l.6H...c!ds..
0020: 4D E6 6B 06 77 7D A6 38 4A EB 76 C1 34 85 75 31 M.k.w..8J.v.4.u1
Client MAC write Secret:
0000: 95 7D A9 28 CA 82 E9 69 3E DC 79 8D C0 36 70 30 ...(...i>.y..6p0
Server MAC write Secret:
0000: 7D 10 E4 35 B4 D9 62 BA 83 1D F3 16 B0 D1 14 AC ...5..b.........
Client write key:
0000: 44 0E 25 5D AC 78 51 19 21 66 06 CF 3D 8C 98 98 D.%].xQ.!f..=...
Server write key:
0000: 3D C2 21 97 4C E3 D3 69 9E D9 8A CC 63 E0 0C 8E =.!.L..i....c...
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
*** Finished, v3.1
verify_data: { 65, 234, 65, 174, 47, 136, 37, 130, 121, 68, 222, 210 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
0010: E8 81 F0 28 5A 40 91 C8 BA 85 76 8F 34 EB 95 C7 ...([email protected]...
main, WRITE: SSL v3.1 Handshake, length = 32
main, READ: SSL v3.1 Change Cipher Spec, length = 1
main, READ: SSL v3.1 Handshake, length = 32
Plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
0010: 61 F9 5F E0 B3 90 BA B2 63 8A 45 8F 61 84 40 39 a._.....c.E.a.@9
*** Finished, v3.1
verify_data: { 23, 71, 110, 41, 17, 6, 160, 65, 160, 12, 157, 65 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
Plaintext before ENCRYPTION: len = 63
0000: 50 4F 53 54 20 2F 77 73 73 75 69 6E 69 41 75 74 POST /wssuiniAut
0010: 43 65 72 74 2F 77 73 53 75 69 6E 69 55 70 64 2E Cert/wsSuiniUpd.
0020: 61 73 6D 78 20 48 54 54 50 2F 31 2E 31 0D 0A 2F asmx HTTP/1.1../
0030: 83 FA 4C 02 2F 83 20 D3 49 7C CD 39 A2 95 53 ..L./. .I..9..S
main, WRITE: SSL v3.1 Application Data, length = 63
Plaintext before ENCRYPTION: len = 57
0000: 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 Content-Type: te
0010: 78 74 2F 78 6D 6C 3B 20 63 68 61 72 73 65 74 3D xt/xml; charset=
0020: 22 75 74 66 2D 38 22 0D 0A 54 E1 A0 DE 70 E4 92 "utf-8"..T...p..
0030: 12 58 C1 C6 58 9A 44 39 E2 .X..X.D9.
main, WRITE: SSL v3.1 Application Data, length = 57
Plaintext before ENCRYPTION: len = 37
0000: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
0010: 38 34 38 0D 0A 86 C7 70 1C 67 47 DC 1C D4 E7 67 848....p.gG....g
0020: CB 64 69 5A 44 .diZD
main, WRITE: SSL v3.1 Application Data, length = 37
Plaintext before ENCRYPTION: len = 69
0000: 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74 Proxy-Authorizat
0010: 69 6F 6E 3A 20 42 61 73 69 63 20 5A 47 35 68 64 ion: Basic ZG5hd
0020: 47 56 73 62 47 45 36 59 7A 46 7A 61 57 52 70 4D GVsbGE6YzFzaWRpM
0030: 44 45 3D 0D 0A C1 74 CC F1 05 89 84 2C B1 69 45 DE=...t.....,.iE
0040: 2A 6F B3 7A 23 *o.z#
main, WRITE: SSL v3.1 Application Data, length = 69
Plaintext before ENCRYPTION: len = 71
0000: 53 4F 41 50 41 63 74 69 6F 6E 3A 20 68 74 74 70 SOAPAction: http
0010: 3A 2F 2F 62 64 72 2E 69 7A 73 2E 69 74 2F 77 65 ://bdr.izs.it/we
0020: 62 73 65 72 76 69 63 65 73 2F 49 6E 73 65 72 74 bservices/Insert
0030: 5F 4E 6F 74 65 0D 0A 4B 7C 0F A5 D6 00 58 78 BC _Note..K.....Xx.
0040: 0B 59 52 E1 FC 70 86 .YR..p.
main, WRITE: SSL v3.1 Application Data, length = 71
Plaintext before ENCRYPTION: len = 42
0000: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0010: 31 2E 33 2E 31 5F 30 38 0D 0A 61 25 77 68 A0 C2 1.3.1_08..a%wh..
0020: AC 52 CA F3 A3 F7 75 8A B0 FE .R....u...
main, WRITE: SSL v3.1 Application Data, length = 42
Plaintext before ENCRYPTION: len = 38
0000: 48 6F 73 74 3A 20 62 64 72 74 65 73 74 2E 69 7A Host: bdrtest.iz
0010: 73 2E 69 74 0D 0A D3 39 F0 0E C3 28 D0 12 1A 58 s.it...9...(...X
0020: 83 A4 BB 23 11 48 ...#.H
main, WRITE: SSL v3.1 Application Data, length = 38
Plaintext before ENCRYPTION: len = 78
0000: 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D Accept: text/htm
0010: 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D l, image/gif, im
0020: 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 3D 2E age/jpeg, *; q=.
0030: 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 89 64 2, */*; q=.2...d
0040: F7 A9 7F 6C 29 07 22 6F AC F3 B4 D4 7F C1 ...l)."o......
main, WRITE: SSL v3.1 Application Data, length = 78
Plaintext before ENCRYPTION: len = 40
0000: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0010: 2D 61 6C 69 76 65 0D 0A 1E D0 BD FD 9C 84 0A E0 -alive..........
0020: 9D 3D 26 26 99 09 BB FB .=&&....
main, WRITE: SSL v3.1 Application Data, length = 40
Plaintext before ENCRYPTION: len = 18
0000: 0D 0A C9 79 35 92 83 D8 A1 BF 46 B9 3E FC B9 78 ...y5.....F.>..x
0010: 07 89 ..
main, WRITE: SSL v3.1 Application Data, length = 18
Plaintext before ENCRYPTION: len = 864
0000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
0010: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 .0" encoding="UT
0020: 46 2D 38 22 3F 3E 0A 3C 73 6F 61 70 2D 65 6E 76 F-8"?>.<soap-env
0030: 3A 45 6E 76 65 6C 6F 70 65 20 78 6D 6C 6E 73 3A :Envelope xmlns:
0040: 73 6F 61 70 2D 65 6E 76 3D 22 68 74 74 70 3A 2F soap-env="http:/
0050: 2F 73 63 68 65 6D 61 73 2E 78 6D 6C 73 6F 61 70 /schemas.xmlsoap
0060: 2E 6F 72 67 2F 73 6F 61 70 2F 65 6E 76 65 6C 6F .org/soap/envelo
0070: 70 65 2F 22 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 pe/" xmlns:xsi="
main, WRITE: SSL v3.1 Application Data, length = 864
main, READ: SSL v3.1 Handshake, length = 20
Plaintext after DECRYPTION: len = 20
0000: 00 00 00 00 AC FA A9 49 7D 8A 0B A9 50 2F 74 A3 .......I....P/t.
0010: D2 BA 7A 39 ..z9
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 4625
*** ClientHello, v3.1
RandomCookie: GMT: 1127228534 bytes = { 18, 49, 204, 75, 133, 78, 163, 164, 250, 200, 97, 100, 19, 143, 176, 205, 50, 166, 159, 21, 80, 181, 243, 41, 64, 166, 190, 104 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 91
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
Plaintext before ENCRYPTION: len = 107
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 06 4B 44 B4 6C ............KD.l
0060: 9E B4 85 36 A4 D9 93 23 DB 49 0C ...6...#.I.
main, WRITE: SSL v3.1 Handshake, length = 107
main, READ: SSL v3.1 Handshake, length = 4076
Plaintext after DECRYPTION: len = 4076
0000: 02 00 00 46 03 01 43 30 23 09 DD 0A F6 93 D0 16 ...F..C0#.......
0010: CE 00 CC 72 55 92 92 12 4A B3 B7 92 8F 94 02 CA ...rU...J.......
0020: FE 25 A6 65 88 CF 20 2D 10 00 00 0F 1A 6E 56 46 .%.e.. -.....nVF
0030: 1B AD 9F E9 00 B2 DD 00 07 60 94 08 43 9E AC 9B .........`..C...
0040: 89 EA 73 79 EA 00 D1 00 04 00 0B 00 03 5E 00 03 ..sy.........^..
0050: 5B 00 03 58 30 82 03 54 30 82 02 FE A0 03 02 01 [..X0..T0.......
0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 85 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 .IT1.0...U....Te
0090: 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 ramo1.0...U....T
00A0: 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 eramo1.0...U....
00B0: 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 IZSAM1.0...U....
00C0: 43 45 44 31 17 30 15 06 03 55 04 03 13 0E 64 6E CED1.0...U....dn
00D0: 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D 30 1B s.tex.izs.it1.0.
00E0: 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A ..*.H........d.z
00F0: 69 70 70 6F 40 69 7A 73 2E 69 74 30 1E 17 0D 30 [email protected]
0100: 35 30 34 30 35 31 34 30 35 34 31 5A 17 0D 30 36 50405140541Z..06
0110: 30 34 30 35 31 34 30 35 34 31 5A 30 81 85 31 0B 0405140541Z0..1.
0120: 30 09 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 0...U....IT1.0..
0130: 03 55 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D .U....Teramo1.0.
0140: 06 03 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 ..U....Teramo1.0
0150: 0C 06 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 ...U....IZSAM1.0
0160: 0A 06 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 ...U....CED1.0..
0170: 03 55 04 03 13 0E 62 64 72 74 65 73 74 2E 69 7A .U....bdrtest.iz
0180: 73 2E 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D s.it1.0...*.H...
0190: 01 09 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 .....d.zippo@izs
01A0: 2E 69 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D .it0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: F6 E3 70 EC 18 8B B7 1D D6 11 11 59 3E 43 09 2D ..p........Y>C.-
01D0: AE F1 06 A3 0C 21 F7 00 09 C2 07 52 0B 29 35 CF .....!.....R.)5.
01E0: 65 38 2C 6C 0A 61 06 50 B9 20 8C 5F A0 B9 B7 E2 e8,l.a.P. ._....
01F0: 8B 2B 10 89 B9 7F 40 0F 49 A1 D8 9E A2 C8 BE 4E [email protected]
0200: 63 20 F2 49 35 25 F1 5D 64 00 ED 02 FD D7 96 51 c .I5%.]d......Q
0210: 73 C7 E9 DA 61 AA 88 FB 5D 0A 41 56 EC 36 4F 85 s...a...].AV.6O.
0220: B2 A1 8F E6 DE DC E2 2D B2 DF AA 3D 99 51 23 14 .......-...=.Q#.
0230: 19 02 8A 2C D4 F0 4C 83 39 1C 1B E5 8F 65 06 05 ...,..L.9....e..
0240: 02 03 01 00 01 A3 82 01 11 30 82 01 0D 30 09 06 .........0...0..
0250: 03 55 1D 13 04 02 30 00 30 2C 06 09 60 86 48 01 .U....0.0,..`.H.
0260: 86 F8 42 01 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C ..B......OpenSSL
0270: 20 47 65 6E 65 72 61 74 65 64 20 43 65 72 74 69 Generated Certi
0280: 66 69 63 61 74 65 30 1D 06 03 55 1D 0E 04 16 04 ficate0...U.....
0290: 14 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 .M.S.z.i;6...Sj.
02A0: 4A D5 38 98 59 30 81 B2 06 03 55 1D 23 04 81 AA J.8.Y0....U.#...
02B0: 30 81 A7 80 14 2D F5 B5 55 88 86 E9 14 60 F1 E6 0....-..U....`..
02C0: 1C AD E2 71 79 29 A0 F1 8F A1 81 8B A4 81 88 30 ...qy).........0
02D0: 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 54 31 ..1.0...U....IT1
02E0: 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 6D 6F .0...U....Teramo
02F0: 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 61 6D 1.0...U....Teram
0300: 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A 53 41 o1.0...U....IZSA
0310: 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 44 31 M1.0...U....CED1
0320: 17 30 15 06 03 55 04 03 13 0E 64 6E 73 2E 74 65 .0...U....dns.te
0330: 78 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 2A 86 x.izs.it1.0...*.
0340: 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 70 6F H........d.zippo
0350: 40 69 7A 73 2E 69 74 82 01 00 30 0D 06 09 2A 86 @izs.it...0...*.
0360: 48 86 F7 0D 01 01 04 05 00 03 41 00 73 D0 96 DD H.........A.s...
0370: 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 11 71 5F 66 o..D.<...DJ..q_f
0380: 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD B6 3C 90 1F .........r...<..
0390: 38 72 E3 A9 13 84 97 5E 5B 95 09 4E CB 86 29 7D 8r.....^[..N..).
03A0: 7A BB 07 75 97 23 3C D5 B1 16 35 E0 0D 00 0C 28 z..u.#<...5....(
03B0: 01 01 0C 24 00 C4 30 81 C1 31 0B 30 09 06 03 55 ...$..0..1.0...U
03C0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
03D0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
*** ServerHello, v3.1
RandomCookie: GMT: 1127228169 bytes = { 221, 10, 246, 147, 208, 22, 206, 0, 204, 114, 85, 146, 146, 18, 74, 179, 183, 146, 143, 148, 2, 202, 254, 37, 166, 101, 136, 207 }
Session ID: {45, 16, 0, 0, 15,

Site Recovery Manager (SRM) v6.0 fails to pair sites - certificate chain not verified

I have used the default self-signed certificates throughout the vCenter and SRM setup. When going to pair the vCenters, I get "Server certificate chain not verified". These are 2 new VCSA 6.0 VMs (embedded PSCs for each) and 2 new Windows 2012 R2 servers to run SRM 6.0. I can view the Site in each respective vCenter but can't pair them. Does anyone have suggestions? We have tried valid SSL certs before on our original 6.0 deployment and continuously run into these certificate chain not valid errors.

Yes, I always used the FQDN. This issue was actually the result of having an incorrect vCenter topology. The error resulted in us spending hours with support all around valid or self-signed certs. In the end, I had to completely redeploy new VCSA 6.0 appliances and follow the 3rd recommend topology.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2108548
With this setup, it also links the vCenters and it seems to be much quicker than Linked Mode in previous versions. I was able to pair the sites in SRM without issue. FYI, I am using self-signed certs all around at the moment. SRM is very finicky about trust with SSL certs so I won't try implementing valid SSL certs until I get some working failovers.

Certificate chain validation

Similar Messages

Maybe you are looking for