Chain certificate : PKCS#7 format

I have received set of certificates from CA. I have added all the certs except the chain into ACE chaingroup configuration. https is working fine without issues. Do I need to install the chain certificate as well. Chain is given in PKCS#7 format whereas ACE does not accept PKCS#7. Please suggest.

Well I haven't had any luck getting an iPhone to present an SSL certificate to an IIS7 ASP.Net webserver.
The same .p12 certificate works on IE7, PocketIE (WM6), Firefox and Safari (PC version). The website is set to Require an SSL certificate. From the Windows Mobile or PC browsers, you get a prompt for the client certificate. I have tried Nick's website and the iPhone will prompt to choose between his and my certificates, however with IIS7 you just get a 403.7 client SSL certificate required error.
I have turned on SSL tracing in HTTP.Sys and get the following (edited for length) :
<Opcode>SslInititateSslRcvClientCert</Opcode>
- <Keywords>
<Keyword>Flagged on all HTTP events handling ssl interactions</Keyword>
</Keywords>
<Task>HTTP SSL Trace Task</Task>
<Message>Server application is attempting to receive the SSL client certificate, which will be provided if available. If the client certificate is not available, a renegotiation will be initiated.</Message>
<Channel>HTTP Service Channel</Channel>
<Provider>Microsoft-Windows-HttpService</Provider>
... then after various SSL negotiations and receive raw data traces I see...
<Opcode>SslRcvClientCertFailed</Opcode>
- <Keywords>
<Keyword>Flagged on all HTTP events handling ssl interactions</Keyword>
</Keywords>
<Task>HTTP SSL Trace Task</Task>
<Message>Attempt by server application to receive client certificate failed with status: 0xC0000225.</Message>
<Channel>HTTP Service Channel</Channel>
<Provider>Microsoft-Windows-HttpService</Provider>
Which basically seems to mean a "not found" error.
Anyone had any luck with iPhone to IIS 7 (which we have to use as it is an ASP.Net website)?

Similar Messages

How to generate CSR (certificate signing request) in PKCS#10 format

Hi,
First, I am a novice in security issues.
Problem:
I know how to generate CSR using PKCS#10 format with keytool. However I need to implement this functionality in my application. Unfortunately I can't find any docs describing this issue.
Do anybody know about some API where I just pass data and it will generate CSR for me?
Many Thanks,
Miso

Hi again,
After a long research I am finally able to generate PKCS#10 cert. request files:
public static void generatePKCS10() throws Exception {
        // generate PKCS10 certificate request
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
        String sigAlg = "MD5WithRSA";
        // generate private key - use java.util.SecureRandom for entropy
        keyGen.initialize(1024, new SecureRandom());
        KeyPair keypair = keyGen.generateKeyPair();
        PublicKey publicKey = keypair.getPublic();
        PrivateKey privateKey = keypair.getPrivate();
        PKCS10 pkcs10 = new PKCS10(publicKey);
        Signature signature = Signature.getInstance(sigAlg);
        signature.initSign(privateKey);
             //common, orgUnit, org, locality, state, country
        X500Name x500Name = new X500Name(
                  "CName",               // CN
                  "OUnit",               // OU
                  "Organization",          // O
                  "Bratislava",          // L
                  "Slovakia",               // S
                  "SK");               // C
        pkcs10.encodeAndSign(new X500Signer(signature, x500Name));
        // PKCS10 request generated
        pkcs10.print(System.out);
Problem 1:
However, this generates only a request with X500 subject's name ("CN, OU, O, ..."). But I also want to specify other things like "Key Usage" (example: "Digital Signature, Key Encipherment, etc.") or "Generic IA5 String" (example: "Only for test purposes."). How to do that?
Problem 2:
I'm also having trouble to find javadoc for "sun.security" package. As you can see, I'm using "sun.security.pkcs.PKCS10" class for generating CSR in PKCS10 format, but can't find any javadoc for it.
Many thanks,
Miso

Converting a .pfx certificate to x509 format

Hi Java Gurus,
I am not able to convert .pfx certificate to x509 format. The jdk1.3 keytool command is not recognizing it.
I have to do the following.
1. Open internet explorer
2. Type website address, click on go
3. Browser pops a "Client Authencitation" window.
I click the required certificate and click on ok
4. Get connected to the website
Now how do I do the same thing from the command line using a Java Client.
Any help/hints/guidance is highly appericiated.
Thanx in advance
Moses

If you have windows 2000, you can convert the cert to PKCS#7 format by (1) install the cert within windows; (2) goto Run and type in MMC and add the component "Certificates"; (3) find the cert listed and right-click and select Export. This will allow you to export the file out in a couple differing formats, including PKCS#7 (*.p7b) which keytool will see as a valid cert chain. (Make sure when you export as *p7b file, you check the option for "Include all certificates...")

Converting Signature data into PKCS#7 format

Hi All,
Is there any java api available to convert signature bytes in to PKCS#7 format.
Here is the scenario.
downloaded a trail digital id(abc.pfx) file from verisign site.
then retrieved the private key, certificate and public key information from the pfx file.
with the help of private key and pdf data, digital signature created.
Sample code:
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// aa.pfx is the Digital ID got from VeriSign
keyStore.load(new FileInputStream("aa.pfx"), storepswd);
for(Enumeration e = keyStore.aliases() ; e.hasMoreElements() ;) {
alias = e.nextElement().toString();
PrivateKey privKey = (PrivateKey)keyStore.getKey(alias, storepswd);
java.security.cert.Certificate cert = keyStore.getCertificate(alias);
PublicKey pubKey = cert.getPublicKey();
Signature rsa = Signature.getInstance("MD5withRSA");
rsa.initSign(privKey);
/* Update and sign the data */
FileInputStream fis = new FileInputStream("Testing.pdf");
BufferedInputStream bufin = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
rsa.update(buffer, 0, len);
bufin.close();
/* Returns the signature of all the data updated*/
byte[] rsaSign = rsa.sign();
now i want to convert this signature(rsaSign bytes) in to PKCS#7 format and embed in to pdf file. so acrobat reader can verify the signature in pdf file.
I've found the PdfSignature class in the iText lib. But it is poor.
so plz let me know if any body know how to convert signature in to PKCS#7 format. any sample code or any URL.
Thanks in Advance.
Subhani.

Use BouncyCastle provider
http://www.bouncycastle.org/docs/mdocs1.4/index.html
The package: org.bouncycastle.cms
Download the package and get the examples in the package org.bouncycastle.cms.test .
(CMS stands for Cryptographic Message Syntax and is defined in RFC 3369, and is an evolution of PKCS#7 v. 1.5, that is defined in RFC 2315. )

Is PKCS#7 format supported by Mac OS X 10.6 to 10.7?

Hi,
Couple of questions on Mac OS X 10.6 to 10.7.
1) Can a Mac OS X 10.6 to 10.7 version supports PKCS#7 format for SSL certificate installation?
2) If PKCS#7 format is supported, is the file extension .p7b file?
Thanks!
J

SSL certificates are a function of the browser and its support. Are you trying to to add one to Safari, or a different browser?

Is PKCS#7 format supported by Mac OS X 10.6 server or above?

Couple of questions on Mac OS X 10.6 server or above.
1) Can a Mac OS X 10.6 server or above version supports PKCS#7 format for SSL certificate installation?
2) If PKCS#7 format is supported, is the file extension .p7b file?
Thank you!
J

Try it. Unfortunately, sometimes certificates can be mis-generated or can become corrupted.
X.509 is the overarching standard, and comprises various formats including PKCS7. I'd usually want a PEM format certificate file, though OS X 10.6 does support various formats. Including PKCS7.
Depending on exactly what you're up to here with OS X and OS X Server and these certificates, there might be Server Admin.app or Server.app service-specific steps required; additional general info here here or here.
If these are your own servers, clients and your own family and friends accessing these systems, then there's no need for a purchased certificate. Self-generated certificates work just as well and are just as secure as purchased certificates (if you have a trusted and secure way to perform the initial load), and — if you're inclined, and want to learn a little about OS X and certificates — you can set up your own certificate authority and load your own root certificate, and then your own client certificates are automatically honored.

PKCS#7 format signing

Hi,
How to sign the data in PKCS#7 format. anyone help me.

Try it. Unfortunately, sometimes certificates can be mis-generated or can become corrupted.
X.509 is the overarching standard, and comprises various formats including PKCS7. I'd usually want a PEM format certificate file, though OS X 10.6 does support various formats. Including PKCS7.
Depending on exactly what you're up to here with OS X and OS X Server and these certificates, there might be Server Admin.app or Server.app service-specific steps required; additional general info here here or here.
If these are your own servers, clients and your own family and friends accessing these systems, then there's no need for a purchased certificate. Self-generated certificates work just as well and are just as secure as purchased certificates (if you have a trusted and secure way to perform the initial load), and — if you're inclined, and want to learn a little about OS X and certificates — you can set up your own certificate authority and load your own root certificate, and then your own client certificates are automatically honored.

SHA1 Signature not in PKCS#7 Format

Hello,
we got a Problem with a Signet XML request.
We want to Communicate with a service Provider via XML request. The interface of the Service Provider want to have a SHA1 signature of the Data we send. As fare es I now the SSF Library is only supporting Signatures in PKCS#7 Format my question is if there is a solution just to gernerate the SHA1 Signature without having it in PKCS#7 Format.
king regards
Floran

Hi oliver,
thank you for your Answer. You are right. The Problem is the partner don't want the container format pkcs#7. He just want to have a SHA1/RSA signature value. No Container. Can I somhow extract the encryptet digest part out of the container in ABAP? Or is there a function module where I can generate a sha1/rsa signatur with the Keys from the SSF Keystore?
king regards
Florian

How to get a server chain certificate

Hi all,
I'm installing SSL on Bea Logic server 6.0, but i dont know how to get a server
chain certificate.
Does any body know how to get this certificate?
Also, I read in the e-docs site that we can use utility der2pem and vice versa
to convert between them, but i odnt know where to get the tools.(It's not in the
utils.jar)
thanks for any answer.
Uy

Hi all,
I'm installing SSL on Bea Logic server 6.0, but i dont know how to get a server
chain certificate.
Does any body know how to get this certificate?
Also, I read in the e-docs site that we can use utility der2pem and vice versa
to convert between them, but i odnt know where to get the tools.(It's not in the
utils.jar)
thanks for any answer.
Uy

OpenSSL - Alternative chains certificate forgery

Hello,is any of F-Secure bussines product affected by "Alternative chains certificate forgery" problem?If yes, how can I tread installed applications? http://openssl.org/news/secadv_20150709.txt

Hello Jachym,
Good day to you!
My name is Calvin, and I’m the primary contact for security vulnerabilities concerning F-Secure’s products and services.
With regards to your question about the latest OpenSSL fix and our F-Secure business products, allow me to respond to you:
F-Secure corporate server products (Policy Manager, PSB Server Security, PSB Email and Server Security, Server Security, Email and Server Security) are not affected by this vulnerability.
F-Secure Virtual Appliances products (IGK VA and SRS VA) are not affected by this vulnerability.
F-Secure Internet Gatekeeper is not affected by this vulnerability.
F-Secure Linux Security is not affected by this vulnerability.
F-Secure Messaging Security Gateway and Protection Service for Email products are affected and a patch is currently in the works. This will be released as soon as it is made available.
If you have additional questions or concerns, please do not hesitate to reply and I will gladly assist you further.
Best regards,
Calvin Gan
F-Secure Security Vulnerability Expert

Multiple Customers having Problems with .pem files -chain certificate

I have 2 different customers who recently started using weblogic. My Applications are ASP hosted web services and require digital certificates. For added security, our CSO uses a chain certificate. The private cert is signed by an intermediary verisign cert which is signed by the Root CA. 
Embaressingly, I just found out one Customer completed side-stepped the BEA implementation for .pem files and implemented a non BEA class to work around based on difficulty they had trying to get the .pem file for the intermediary verisign cert to work. I am stuck in that I don't want to advise the second client to do the same thing, but I can't find great support on what to do and some of the BLOGS are conflicting. From what I understand, this first client struggled on this for 2 weeks and gave up. What I am trying to ascertain is whether the private .pem file is suppossed to have both the RSA PRIVATE KEY as well as the CERTIFICATE of the intermediate cert inside that one .pem file or not. I can see their needs to be a .pem for the intermediary and a .pem for the private but not sure if any of the data should repeat.

Also, good samples of how these should look would help. The .pem files my client showed me looked incorrect.

Please note both these clients are top Investment Banks and I think it's in both Bea's interest and my interest to see this work on Weblogic without coding around the default Weblogic security implementation.

Hi Patrick,
If you fixed the issue changing your PowerShell code, would you mind posting the working code here for reference for other people that might experience this problem?
Thanks in advance.
Nico Martens - MCTS, MCITP
SharePoint Infrastructure Consultant / Trainer

Certificate in landscape format

Hi,
I'm still wondering that I found nothing about printing certificats in landscape format.
I'm not looking for a solution to change the page oriantation. This shouldn't be a big deal.
The standards certificate function print each characteristic into a single line including limits value and so on.
In the case you have multiple batches and print all on the cert you will get for each batch the block of characteristics.
I'm wondering that there is a solution to print the results in kind of table. So the header should be the charcateristic name and limits for example. And each line shows all the information for a batch.
example :
batch * mic1 * mic2 * mic3 *...
limit range * 2 -4 * <200 * 100 - 500 *
unit of measurement * ms * g * Ohm *
batch A * 2,4 * pass * 425 *
batch B * 2,2 * pass * 435 *
batch C * 3,1 * pass * 250 *
Is there a way get the output in that format?
Thanks for your feedback.
Jens
Edited by: Jens Hoene on Jun 9, 2010 4:22 PM

HI FireFighter,
good to know that I wasn't blind about that. And that was nearly that what I was looking for.
But you mentioned a interesting way to get this done. Currently we use our own SAP script for the special requirements we have (only some canges from standard form)
But based on the line by line style for the characteristics I wasn't sure how to create the landscape style. So I started the idea to change the print program, because I would like still to have the fexibility from the cert profile. But I was not very happy about this idea.
But I like your idea only to change the SAP script. The numbers of column will not very high and I think this should work if the printout is done in landscape mode, but what column is printed will be different from printout to printout and that is the reson that I would like to use the functon of cert profile.
At the moment I think an "matrix" could work, but not checked yet if this is possible within SAPscript. To work only with hard defined numbers ov SAP script veriable will be very taff, because of the numbers of batches that could be printed on a cert.
So the best case would be if there could be used a dynamic matrix in SAP script. Do you know if this is possible?
Thanks
Jens
Edited by: Jens Hoene on Jun 15, 2010 1:22 PM

How to use Chained Certificates from CA (Thawte) ?

Hi,
I have an application which does the communication over secured channel to another site(Say www.XYZ.com) over internet, for this xyz.com has given a certificate which is used for secured communication. Till the time certificate was self signed certificate i did not have any problem. I use to import certificate in trusted store and use it with the help of JSSE.
Now the problem is xyz.com has given a new certificate, which is chained and issued by Thawte. Now as i understand JDK Does not come with thawte as trusted CA. so we need to add the same in the keystore. The problem i am facing is how do the chain certificates work under JAVA i.e. how the chain of certificates is created in keystore file. When i import CA's self signed certificate as documented in keytool tools documentation this completes without problem. In the documentation theres is a mention regarding importing "Certificate Reply from the CA" but there is no mention about how to import a certificate given by 3rd Party i.e. xyz.com in our case. Is "Certificate Reply from the CA" and certificate from 3rd party the same. or there is some specific way in which we have to do the import to keystore?
Thanks in advance
Sachin

Thank you for taking time to reply, but this is solved now. You are right, need to import all the certificates. So what is did is exported all the certificates which were in chain from IE. Then starting from Root's self signed certificate imported all of them one by one into keystore and then provided this keystore while communication and it works
Thanks once again
Sachin

Azure Management Cmdlet Add-AzureCertificate not working for chained certificate

Hi,
While running the Azure cmdlet Add-AzureCertificate against a public certificate that I have, it is
not able to upload all the chained certificates to the cloud service certificate store. All it does is just
upload one certificate.
However, when I manually load them via Azure management portal, I see 3 of them uploaded.
Is there a bug in the cmdlet?
Thanks!

Hi,
Apparently it looks like a limitation with the cmdlet.
you can refer to the following link for a workaround using REST Api
http://blogs.msdn.com/b/arunrakwal/archive/2012/04/16/windows-azure-adding-multiple-certificate-to-hosted-service-using-powershell-and-c.aspx
Regards,
Nithin Rathnakar

Ssl empty certificate chain? (correct message format)

I am having Problems with client certificate/setup.
I have a client behind proxy that connect to Web Services.
I have only a client certificate that I import (use keytool) in my keystore.
I have this setting in my program:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", keystorePass);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePass);
[proxy setting is ok]
But when I invoke a service I have a empty certificate chain.
I use jdk1.3.1_08 and jsse-1_0_3_03
Please Help me. I have read hundred pages.
Many thanks in advance for any help.
My client log:
adding as trusted cert: [
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@10c424
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
 To: Sat Jan 01 00:59:59 CET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 02a60000 01]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@238bd2
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
 To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
adding as trusted cert: [
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@198891
Validity: [From: Wed Nov 09 01:00:00 CET 1994,
 To: Fri Jan 08 00:59:59 CET 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0 ]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
trigger seeding of SecureRandom
done seeding SecureRandom
Providers com.sun.net.ssl.internal.www.protocol
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1127228533 bytes = { 44, 211, 84, 116, 141, 40, 133, 180, 48, 96, 213, 147, 123, 141, 244, 71, 107, 242, 94, 105, 247, 101, 92, 8, 78, 176, 226, 133 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 30 24 75 2C D3 54 74 8D 28 ...7..C0$u,.Tt.(
0010: 85 B4 30 60 D5 93 7B 8D F4 47 6B F2 5E 69 F7 65 ..0`.....Gk.^i.e
0020: 5C 08 4E B0 E2 85 00 00 10 00 05 00 04 00 09 00 \.N.............
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 30 24 .............C0$
0030: 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 7B 8D F4 u,.Tt.(..0`.....
0040: 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 Gk.^i.e\.N...
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 944
*** ServerHello, v3.1
RandomCookie: GMT: 1127228167 bytes = { 57, 3, 100, 77, 244, 140, 105, 242, 70, 226, 115, 205, 144, 85, 197, 193, 174, 24, 87, 199, 88, 124, 184, 79, 20, 170, 150, 186 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suite: { 0, 4 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 43 30 23 07 39 03 64 4D F4 8C ...F..C0#.9.dM..
0010: 69 F2 46 E2 73 CD 90 55 C5 C1 AE 18 57 C7 58 7C i.F.s..U....W.X.
0020: B8 4F 14 AA 96 BA 20 26 02 00 00 87 7D 0D FE D1 .O.... &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 04 00 .v..7.....
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
 To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
updated/found trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
 To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
[read] MD5 and SHA1 hashes: len = 866
0000: 0B 00 03 5E 00 03 5B 00 03 58 30 82 03 54 30 82 ...^..[..X0..T0.
0010: 02 FE A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 04 05 00 30 81 85 31 0B 30 09 H........0..1.0.
0030: 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 03 55 ..U....IT1.0...U
0040: 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D 06 03 ....Teramo1.0...
0050: 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 0C 06 U....Teramo1.0..
0060: 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 0A 06 .U....IZSAM1.0..
0070: 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 03 55 .U....CED1.0...U
0080: 04 03 13 0E 64 6E 73 2E 74 65 78 2E 69 7A 73 2E ....dns.tex.izs.
0090: 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D 01 09 it1.0...*.H.....
00A0: 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 [email protected]
00B0: 74 30 1E 17 0D 30 35 30 34 30 35 31 34 30 35 34 t0...05040514054
00C0: 31 5A 17 0D 30 36 30 34 30 35 31 34 30 35 34 31 1Z..060405140541
00D0: 5A 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 Z0..1.0...U....I
00E0: 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 T1.0...U....Tera
00F0: 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 mo1.0...U....Ter
0100: 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A amo1.0...U....IZ
0110: 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 SAM1.0...U....CE
0120: 44 31 17 30 15 06 03 55 04 03 13 0E 62 64 72 74 D1.0...U....bdrt
0130: 65 73 74 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 est.izs.it1.0...
0140: 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 *.H........d.zip
0150: 70 6F 40 69 7A 73 2E 69 74 30 81 9F 30 0D 06 09 [email protected]...
0160: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0
0170: 81 89 02 81 81 00 F6 E3 70 EC 18 8B B7 1D D6 11 ........p.......
0180: 11 59 3E 43 09 2D AE F1 06 A3 0C 21 F7 00 09 C2 .Y>C.-.....!....
0190: 07 52 0B 29 35 CF 65 38 2C 6C 0A 61 06 50 B9 20 .R.)5.e8,l.a.P.
01A0: 8C 5F A0 B9 B7 E2 8B 2B 10 89 B9 7F 40 0F 49 A1 [email protected].
01B0: D8 9E A2 C8 BE 4E 63 20 F2 49 35 25 F1 5D 64 00 .....Nc .I5%.]d.
01C0: ED 02 FD D7 96 51 73 C7 E9 DA 61 AA 88 FB 5D 0A .....Qs...a...].
01D0: 41 56 EC 36 4F 85 B2 A1 8F E6 DE DC E2 2D B2 DF AV.6O........-..
01E0: AA 3D 99 51 23 14 19 02 8A 2C D4 F0 4C 83 39 1C .=.Q#....,..L.9.
01F0: 1B E5 8F 65 06 05 02 03 01 00 01 A3 82 01 11 30 ...e...........0
0200: 82 01 0D 30 09 06 03 55 1D 13 04 02 30 00 30 2C ...0...U....0.0,
0210: 06 09 60 86 48 01 86 F8 42 01 0D 04 1F 16 1D 4F ..`.H...B......O
0220: 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 74 65 64 penSSL Generated
0230: 20 43 65 72 74 69 66 69 63 61 74 65 30 1D 06 03 Certificate0...
0240: 55 1D 0E 04 16 04 14 4D 11 53 D1 7A 92 69 3B 36 U......M.S.z.i;6
0250: F7 D6 BA 53 6A 81 4A D5 38 98 59 30 81 B2 06 03 ...Sj.J.8.Y0....
0260: 55 1D 23 04 81 AA 30 81 A7 80 14 2D F5 B5 55 88 U.#...0....-..U.
0270: 86 E9 14 60 F1 E6 1C AD E2 71 79 29 A0 F1 8F A1 ...`.....qy)....
0280: 81 8B A4 81 88 30 81 85 31 0B 30 09 06 03 55 04 .....0..1.0...U.
0290: 06 13 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 ...IT1.0...U....
02A0: 54 65 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 Teramo1.0...U...
02B0: 06 54 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A .Teramo1.0...U..
02C0: 13 05 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B ..IZSAM1.0...U..
02D0: 13 03 43 45 44 31 17 30 15 06 03 55 04 03 13 0E ..CED1.0...U....
02E0: 64 6E 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D dns.tex.izs.it1.
02F0: 30 1B 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 0...*.H........d
0300: 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 74 82 01 00 [email protected]...
0310: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 0...*.H.........
0320: 41 00 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 A.s...o..D.<...D
0330: 4A C4 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 J..q_f.........r
0340: C6 FD B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 ...<..8r.....^[.
0350: 09 4E CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 .N..).z..u.#<...
0360: 35 E0 5.
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 60, 231, 207, 10, 49, 242, 250, 171, 53, 8, 41, 187, 100, 227, 91, 207, 240, 75, 233, 38, 44, 239, 48, 98, 118, 122, 4, 85, 50, 152, 59, 82, 172, 186, 169, 235, 87, 214, 155, 243, 41, 52, 92, 5, 252, 141 }
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 86 7D 83 84 8C 38 3A 3A C3 37 ...........8::.7
0010: D1 4E 69 55 77 6D 14 C8 04 F4 AB 62 3D 71 32 6F .NiUwm.....b=q2o
0020: A4 0D 16 F6 99 0C FD FD 39 08 C3 B2 B8 BF 93 BA ........9.......
0030: 23 CE 3E 8D 91 75 EC 29 D0 30 72 00 1B 00 F2 71 #.>..u.).0r....q
0040: 8D C2 FF 78 16 89 C5 8B 99 4A 1E 17 8F 86 A9 F9 ...x.....J......
0050: B3 46 04 B5 5C 0B 27 84 22 E4 0A 7D 0E 9E 8A CC .F..\.'.".......
0060: 5D 52 FB 63 77 11 FF 54 FB FC 96 89 F6 15 BC 0F ]R.cw..T........
0070: 6C EE C9 43 1D 51 97 D0 4B 48 31 FA D5 0B 63 6A l..C.Q..KH1...cj
0080: B2 9B 99 2C 99 CA ...,..
main, WRITE: SSL v3.1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 3C E7 CF 0A 31 F2 FA AB 35 08 29 BB 64 E3 ..<...1...5.).d.
0010: 5B CF F0 4B E9 26 2C EF 30 62 76 7A 04 55 32 98 [..K.&,.0bvz.U2.
0020: 3B 52 AC BA A9 EB 57 D6 9B F3 29 34 5C 05 FC 8D ;R....W...)4\...
CONNECTION KEYGEN:
Client Nonce:
0000: 43 30 24 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 C0$u,.Tt.(..0`..
0010: 7B 8D F4 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 ...Gk.^i.e\.N...
Server Nonce:
0000: 43 30 23 07 39 03 64 4D F4 8C 69 F2 46 E2 73 CD C0#.9.dM..i.F.s.
0010: 90 55 C5 C1 AE 18 57 C7 58 7C B8 4F 14 AA 96 BA .U....W.X..O....
Master Secret:
0000: 6E 47 12 2F BD 40 E5 30 E2 0E 0C 24 23 DD FC 53 nG./[email protected]...$#..S
0010: DD 7C A8 6C 9F 36 48 82 03 B1 63 21 64 73 A6 E3 ...l.6H...c!ds..
0020: 4D E6 6B 06 77 7D A6 38 4A EB 76 C1 34 85 75 31 M.k.w..8J.v.4.u1
Client MAC write Secret:
0000: 95 7D A9 28 CA 82 E9 69 3E DC 79 8D C0 36 70 30 ...(...i>.y..6p0
Server MAC write Secret:
0000: 7D 10 E4 35 B4 D9 62 BA 83 1D F3 16 B0 D1 14 AC ...5..b.........
Client write key:
0000: 44 0E 25 5D AC 78 51 19 21 66 06 CF 3D 8C 98 98 D.%].xQ.!f..=...
Server write key:
0000: 3D C2 21 97 4C E3 D3 69 9E D9 8A CC 63 E0 0C 8E =.!.L..i....c...
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
*** Finished, v3.1
verify_data: { 65, 234, 65, 174, 47, 136, 37, 130, 121, 68, 222, 210 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
0010: E8 81 F0 28 5A 40 91 C8 BA 85 76 8F 34 EB 95 C7 ...([email protected]...
main, WRITE: SSL v3.1 Handshake, length = 32
main, READ: SSL v3.1 Change Cipher Spec, length = 1
main, READ: SSL v3.1 Handshake, length = 32
Plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
0010: 61 F9 5F E0 B3 90 BA B2 63 8A 45 8F 61 84 40 39 a._.....c.E.a.@9
*** Finished, v3.1
verify_data: { 23, 71, 110, 41, 17, 6, 160, 65, 160, 12, 157, 65 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
Plaintext before ENCRYPTION: len = 63
0000: 50 4F 53 54 20 2F 77 73 73 75 69 6E 69 41 75 74 POST /wssuiniAut
0010: 43 65 72 74 2F 77 73 53 75 69 6E 69 55 70 64 2E Cert/wsSuiniUpd.
0020: 61 73 6D 78 20 48 54 54 50 2F 31 2E 31 0D 0A 2F asmx HTTP/1.1../
0030: 83 FA 4C 02 2F 83 20 D3 49 7C CD 39 A2 95 53 ..L./. .I..9..S
main, WRITE: SSL v3.1 Application Data, length = 63
Plaintext before ENCRYPTION: len = 57
0000: 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 Content-Type: te
0010: 78 74 2F 78 6D 6C 3B 20 63 68 61 72 73 65 74 3D xt/xml; charset=
0020: 22 75 74 66 2D 38 22 0D 0A 54 E1 A0 DE 70 E4 92 "utf-8"..T...p..
0030: 12 58 C1 C6 58 9A 44 39 E2 .X..X.D9.
main, WRITE: SSL v3.1 Application Data, length = 57
Plaintext before ENCRYPTION: len = 37
0000: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
0010: 38 34 38 0D 0A 86 C7 70 1C 67 47 DC 1C D4 E7 67 848....p.gG....g
0020: CB 64 69 5A 44 .diZD
main, WRITE: SSL v3.1 Application Data, length = 37
Plaintext before ENCRYPTION: len = 69
0000: 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74 Proxy-Authorizat
0010: 69 6F 6E 3A 20 42 61 73 69 63 20 5A 47 35 68 64 ion: Basic ZG5hd
0020: 47 56 73 62 47 45 36 59 7A 46 7A 61 57 52 70 4D GVsbGE6YzFzaWRpM
0030: 44 45 3D 0D 0A C1 74 CC F1 05 89 84 2C B1 69 45 DE=...t.....,.iE
0040: 2A 6F B3 7A 23 *o.z#
main, WRITE: SSL v3.1 Application Data, length = 69
Plaintext before ENCRYPTION: len = 71
0000: 53 4F 41 50 41 63 74 69 6F 6E 3A 20 68 74 74 70 SOAPAction: http
0010: 3A 2F 2F 62 64 72 2E 69 7A 73 2E 69 74 2F 77 65 ://bdr.izs.it/we
0020: 62 73 65 72 76 69 63 65 73 2F 49 6E 73 65 72 74 bservices/Insert
0030: 5F 4E 6F 74 65 0D 0A 4B 7C 0F A5 D6 00 58 78 BC _Note..K.....Xx.
0040: 0B 59 52 E1 FC 70 86 .YR..p.
main, WRITE: SSL v3.1 Application Data, length = 71
Plaintext before ENCRYPTION: len = 42
0000: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0010: 31 2E 33 2E 31 5F 30 38 0D 0A 61 25 77 68 A0 C2 1.3.1_08..a%wh..
0020: AC 52 CA F3 A3 F7 75 8A B0 FE .R....u...
main, WRITE: SSL v3.1 Application Data, length = 42
Plaintext before ENCRYPTION: len = 38
0000: 48 6F 73 74 3A 20 62 64 72 74 65 73 74 2E 69 7A Host: bdrtest.iz
0010: 73 2E 69 74 0D 0A D3 39 F0 0E C3 28 D0 12 1A 58 s.it...9...(...X
0020: 83 A4 BB 23 11 48 ...#.H
main, WRITE: SSL v3.1 Application Data, length = 38
Plaintext before ENCRYPTION: len = 78
0000: 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D Accept: text/htm
0010: 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D l, image/gif, im
0020: 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 3D 2E age/jpeg, *; q=.
0030: 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 89 64 2, */*; q=.2...d
0040: F7 A9 7F 6C 29 07 22 6F AC F3 B4 D4 7F C1 ...l)."o......
main, WRITE: SSL v3.1 Application Data, length = 78
Plaintext before ENCRYPTION: len = 40
0000: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0010: 2D 61 6C 69 76 65 0D 0A 1E D0 BD FD 9C 84 0A E0 -alive..........
0020: 9D 3D 26 26 99 09 BB FB .=&&....
main, WRITE: SSL v3.1 Application Data, length = 40
Plaintext before ENCRYPTION: len = 18
0000: 0D 0A C9 79 35 92 83 D8 A1 BF 46 B9 3E FC B9 78 ...y5.....F.>..x
0010: 07 89 ..
main, WRITE: SSL v3.1 Application Data, length = 18
Plaintext before ENCRYPTION: len = 864
0000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
0010: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 .0" encoding="UT
0020: 46 2D 38 22 3F 3E 0A 3C 73 6F 61 70 2D 65 6E 76 F-8"?>.<soap-env
0030: 3A 45 6E 76 65 6C 6F 70 65 20 78 6D 6C 6E 73 3A :Envelope xmlns:
0040: 73 6F 61 70 2D 65 6E 76 3D 22 68 74 74 70 3A 2F soap-env="http:/
0050: 2F 73 63 68 65 6D 61 73 2E 78 6D 6C 73 6F 61 70 /schemas.xmlsoap
0060: 2E 6F 72 67 2F 73 6F 61 70 2F 65 6E 76 65 6C 6F .org/soap/envelo
0070: 70 65 2F 22 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 pe/" xmlns:xsi="
main, WRITE: SSL v3.1 Application Data, length = 864
main, READ: SSL v3.1 Handshake, length = 20
Plaintext after DECRYPTION: len = 20
0000: 00 00 00 00 AC FA A9 49 7D 8A 0B A9 50 2F 74 A3 .......I....P/t.
0010: D2 BA 7A 39 ..z9
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 4625
*** ClientHello, v3.1
RandomCookie: GMT: 1127228534 bytes = { 18, 49, 204, 75, 133, 78, 163, 164, 250, 200, 97, 100, 19, 143, 176, 205, 50, 166, 159, 21, 80, 181, 243, 41, 64, 166, 190, 104 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 91
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
Plaintext before ENCRYPTION: len = 107
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 06 4B 44 B4 6C ............KD.l
0060: 9E B4 85 36 A4 D9 93 23 DB 49 0C ...6...#.I.
main, WRITE: SSL v3.1 Handshake, length = 107
main, READ: SSL v3.1 Handshake, length = 4076
Plaintext after DECRYPTION: len = 4076
0000: 02 00 00 46 03 01 43 30 23 09 DD 0A F6 93 D0 16 ...F..C0#.......
0010: CE 00 CC 72 55 92 92 12 4A B3 B7 92 8F 94 02 CA ...rU...J.......
0020: FE 25 A6 65 88 CF 20 2D 10 00 00 0F 1A 6E 56 46 .%.e.. -.....nVF
0030: 1B AD 9F E9 00 B2 DD 00 07 60 94 08 43 9E AC 9B .........`..C...
0040: 89 EA 73 79 EA 00 D1 00 04 00 0B 00 03 5E 00 03 ..sy.........^..
0050: 5B 00 03 58 30 82 03 54 30 82 02 FE A0 03 02 01 [..X0..T0.......
0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 85 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 .IT1.0...U....Te
0090: 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 ramo1.0...U....T
00A0: 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 eramo1.0...U....
00B0: 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 IZSAM1.0...U....
00C0: 43 45 44 31 17 30 15 06 03 55 04 03 13 0E 64 6E CED1.0...U....dn
00D0: 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D 30 1B s.tex.izs.it1.0.
00E0: 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A ..*.H........d.z
00F0: 69 70 70 6F 40 69 7A 73 2E 69 74 30 1E 17 0D 30 [email protected]
0100: 35 30 34 30 35 31 34 30 35 34 31 5A 17 0D 30 36 50405140541Z..06
0110: 30 34 30 35 31 34 30 35 34 31 5A 30 81 85 31 0B 0405140541Z0..1.
0120: 30 09 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 0...U....IT1.0..
0130: 03 55 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D .U....Teramo1.0.
0140: 06 03 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 ..U....Teramo1.0
0150: 0C 06 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 ...U....IZSAM1.0
0160: 0A 06 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 ...U....CED1.0..
0170: 03 55 04 03 13 0E 62 64 72 74 65 73 74 2E 69 7A .U....bdrtest.iz
0180: 73 2E 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D s.it1.0...*.H...
0190: 01 09 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 .....d.zippo@izs
01A0: 2E 69 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D .it0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: F6 E3 70 EC 18 8B B7 1D D6 11 11 59 3E 43 09 2D ..p........Y>C.-
01D0: AE F1 06 A3 0C 21 F7 00 09 C2 07 52 0B 29 35 CF .....!.....R.)5.
01E0: 65 38 2C 6C 0A 61 06 50 B9 20 8C 5F A0 B9 B7 E2 e8,l.a.P. ._....
01F0: 8B 2B 10 89 B9 7F 40 0F 49 A1 D8 9E A2 C8 BE 4E [email protected]
0200: 63 20 F2 49 35 25 F1 5D 64 00 ED 02 FD D7 96 51 c .I5%.]d......Q
0210: 73 C7 E9 DA 61 AA 88 FB 5D 0A 41 56 EC 36 4F 85 s...a...].AV.6O.
0220: B2 A1 8F E6 DE DC E2 2D B2 DF AA 3D 99 51 23 14 .......-...=.Q#.
0230: 19 02 8A 2C D4 F0 4C 83 39 1C 1B E5 8F 65 06 05 ...,..L.9....e..
0240: 02 03 01 00 01 A3 82 01 11 30 82 01 0D 30 09 06 .........0...0..
0250: 03 55 1D 13 04 02 30 00 30 2C 06 09 60 86 48 01 .U....0.0,..`.H.
0260: 86 F8 42 01 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C ..B......OpenSSL
0270: 20 47 65 6E 65 72 61 74 65 64 20 43 65 72 74 69 Generated Certi
0280: 66 69 63 61 74 65 30 1D 06 03 55 1D 0E 04 16 04 ficate0...U.....
0290: 14 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 .M.S.z.i;6...Sj.
02A0: 4A D5 38 98 59 30 81 B2 06 03 55 1D 23 04 81 AA J.8.Y0....U.#...
02B0: 30 81 A7 80 14 2D F5 B5 55 88 86 E9 14 60 F1 E6 0....-..U....`..
02C0: 1C AD E2 71 79 29 A0 F1 8F A1 81 8B A4 81 88 30 ...qy).........0
02D0: 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 54 31 ..1.0...U....IT1
02E0: 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 6D 6F .0...U....Teramo
02F0: 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 61 6D 1.0...U....Teram
0300: 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A 53 41 o1.0...U....IZSA
0310: 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 44 31 M1.0...U....CED1
0320: 17 30 15 06 03 55 04 03 13 0E 64 6E 73 2E 74 65 .0...U....dns.te
0330: 78 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 2A 86 x.izs.it1.0...*.
0340: 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 70 6F H........d.zippo
0350: 40 69 7A 73 2E 69 74 82 01 00 30 0D 06 09 2A 86 @izs.it...0...*.
0360: 48 86 F7 0D 01 01 04 05 00 03 41 00 73 D0 96 DD H.........A.s...
0370: 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 11 71 5F 66 o..D.<...DJ..q_f
0380: 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD B6 3C 90 1F .........r...<..
0390: 38 72 E3 A9 13 84 97 5E 5B 95 09 4E CB 86 29 7D 8r.....^[..N..).
03A0: 7A BB 07 75 97 23 3C D5 B1 16 35 E0 0D 00 0C 28 z..u.#<...5....(
03B0: 01 01 0C 24 00 C4 30 81 C1 31 0B 30 09 06 03 55 ...$..0..1.0...U
03C0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
03D0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
*** ServerHello, v3.1
RandomCookie: GMT: 1127228169 bytes = { 221, 10, 246, 147, 208, 22, 206, 0, 204, 114, 85, 146, 146, 18, 74, 179, 183, 146, 143, 148, 2, 202, 254, 37, 166, 101, 136, 207 }
Session ID: {45, 16, 0, 0, 15, 26,

Thanks very much for reply.
I'm sorry, I missed a piece in previous post.
This is Server response:
Plaintext after DECRYPTION: len = 4316
0000: 48 54 54 50 2F 31 2E 31 20 34 30 33 20 41 63 63 HTTP/1.1 403 Acc
0010: 65 73 73 20 46 6F 72 62 69 64 64 65 6E 0D 0A 53 ess Forbidden..S
0020: 65 72 76 65 72 3A 20 4D 69 63 72 6F 73 6F 66 74 erver: Microsoft
0030: 2D 49 49 53 2F 35 2E 30 0D 0A 44 61 74 65 3A 20 -IIS/5.0..Date:
0040: 57 65 64 2C 20 32 31 20 53 65 70 20 32 30 30 35 Wed, 21 Sep 2005
0050: 20 30 37 3A 32 34 3A 33 39 20 47 4D 54 0D 0A 43 07:24:39 GMT..C
0060: 6F 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 onnection: close
0070: 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 ..Content-Length
0080: 3A 20 34 32 33 37 0D 0A 43 6F 6E 74 65 6E 74 2D : 4237..Content-
0090: 54 79 70 65 3A 20 74 65 78 74 2F 68 74 6D 6C 0D Type: text/html.
00A0: 0A 0D 0A 3C 21 44 4F 43 54 59 50 45 20 48 54 4D ...<!DOCTYPE HTM
00B0: 4C 20 50 55 42 4C 49 43 20 22 2D 2F 2F 57 33 43 L PUBLIC "-//W3C
00C0: 2F 2F 44 54 44 20 48 54 4D 4C 20 33 2E 32 20 46 //DTD HTML 3.2 F
00D0: 69 6E 61 6C 2F 2F 45 4E 22 3E 0D 0A 3C 68 74 6D inal//EN">..<htm
00E0: 6C 20 64 69 72 3D 6C 74 72 3E 0D 0A 0D 0A 3C 68 l dir=ltr>....<h
00F0: 65 61 64 3E 0D 0A 3C 73 74 79 6C 65 3E 0D 0A 61 ead>..<style>..a
0100: 3A 6C 69 6E 6B 09 09 09 7B 66 6F 6E 74 3A 38 70 :link....font:8p
0110: 74 2F 31 31 70 74 20 76 65 72 64 61 6E 61 3B 20 t/11pt verdana;
0120: 63 6F 6C 6F 72 3A 46 46 30 30 30 30 7D 0D 0A 61 color:FF0000...a
0130: 3A 76 69 73 69 74 65 64 09 09 7B 66 6F 6E 74 3A :visited...font:
0140: 38 70 74 2F 31 31 70 74 20 76 65 72 64 61 6E 61 8pt/11pt verdana
0150: 3B 20 63 6F 6C 6F 72 3A 23 34 65 34 65 34 65 7D ; color:#4e4e4e.
0160: 0D 0A 3C 2F 73 74 79 6C 65 3E 0D 0A 0D 0A 3C 4D ..</style>....<M
0170: 45 54 41 20 4E 41 4D 45 3D 22 52 4F 42 4F 54 53 ETA NAME="ROBOTS
0180: 22 20 43 4F 4E 54 45 4E 54 3D 22 4E 4F 49 4E 44 " CONTENT="NOIND
0190: 45 58 22 3E 0D 0A 0D 0A 3C 74 69 74 6C 65 3E 54 EX">....<title>T
01A0: 68 65 20 70 61 67 65 20 72 65 71 75 69 72 65 73 he page requires
01B0: 20 61 20 63 6C 69 65 6E 74 20 63 65 72 74 69 66 a client certif
01C0: 69 63 61 74 65 3C 2F 74 69 74 6C 65 3E 0D 0A 0D icate</title>...
Please Help me.
Regards.

Chain certificate : PKCS#7 format

Similar Messages

Maybe you are looking for