Create UserName Token Service over SSL
Hi,
How to Create Username token service over SSL in PI 7.1 or XI 7.0
Please help me out.
Regards,
Kevin
Hi,
Check this URL for more clarification:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/405b38d1-9f8b-2a10-e1af-dd187a2ba104
Thanks,
Boopathi
Similar Messages
-
Web Service over SSL failing in BEA Workshop
I have deployed a web service on weblogic 9.2
I have enabled one-way ssl on it. got a trial ssl certificate from verisign. installed them on the keystore/truststore on the server as well as the jre (cacerts and jssecacerts truststores) being used by the client. the client is on different machine than the server.
i have developed the service through 'bea weblogic workshop 9.2' now when i try to test the service through the 'web services explorer' within bea weblogic workshop i receive the following error:
IWAB0135E An unexpected error has occurred.
IOException
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
on server:
<Jul 13, 2009 6:45:44 PM EDT> <Warning> <Security> <BEA-090485> <CERTIFICATE_UNKNOWN alert was received from yunus.l1id.local - 10.10.2.72. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.>
if i try to access the web service (over ssl) through the browser (ie/firefox), it works fine. i have generated a proxy class to access this web service through the same bea workshop and that works fine too. certificates are identified and all. i also created a small .net (c#) application that calls this secure web service over ssl from another machine and it works fine too!
of course non-secure url for the web service is working fine in every case.
what can be the reason for this failing only in 'web services explorer' in bea workshop?
cross posted at: http://www.coderanch.com/t/453879/Web-Services/java/Web-Service-over-SSL-failing
thanks.Hello,
I used this example, when I made my experiments with SSL and Glassfish (GF):
http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1
If you have problems with GF I suggest to post a message here:
http://forums.java.net/jive/forum.jspa?forumID=56
e.g. here is one thread:
http://forums.java.net/jive/thread.jspa?threadID=59993&tstart=0
Miro. -
BAD_CERTIFICATE error calling a web service over SSL in ALSB 2.6
We have a business service on an ALSB 2.6 server (running on WL 9.2.1) that connects to a web service over SSL. When we try to run it, we get the following exception:
<Sep 17, 2009 7:49:17 AM PDT> <Error> <ALSB Kernel> <BEA-380001> <Exception on TransportManagerImpl.sendMessageToService, com.bea.
wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
com.bea.wli.sb.transports.TransportException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.bea.wli.sb.transports.TransportException.newInstance(TransportException.java:146)
at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.send(HttpOu
tboundMessageContext.java:310)
at com.bea.wli.sb.transports.http.HttpsTransportProvider.sendMessageAsync(HttpsTransportProvider.java:435)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
Truncated. see log file for complete stacktrace
This exception only occurs when hitting the web service through the bus. I have written a standalone Java application that posts to the web service and it works fine. I ran the application on the server where the ALSB is running using the same jdk (1.5.0_06 - the version that ships with 9.2.1) and the same cacerts file so I know it's not a problem with the certificate not being trusted. I have tried updating the cacerts file to the latest one distributed with JRE 1.6 and it still doesn't work.
After 8 hours of troubleshooting, I'm out of ideas. Does anyone have any suggestiosn?
Thanks.
Matt
Edited by: user6946981 on Sep 17, 2009 7:58 AMAre you sure that your standalone application is using the same keystore (eg. cacert)? Default WebLogic configuration uses different keystore (demo).
I saw BAD_CERTIFICATE error only once and the cause was in keytool that somehow corrupted certificate during import. Deleting and importing certificate again helped me, but I doubt you have the same problem as your standalone application works.
Another idea ... Is hostname varification used? I know that the error message would look different if this was the cause, but try to add this parameter to your weblogic startup script: -Dweblogic.security.SSL.ignoreHostnameVerification=true
Last but not least, there is difference between your standalone application and ALSB runtime as WebLogic uses Certicom SSL provider. If you don't find the reason, contact Oracle support. Maybe they can help you to tweak Certicom provider in some way. -
Web service client behind a proxy server connecting to web service over SSL
Hi Friends,
A web service is exposed by an external system over SSL. We are behind a proxy server and are trying to get connected to web service over SSL. <p>
We are getting the following error on the test browser of workshop<p><p>
External Service Failure: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.<p><p>
the whole trace is <p>
<p>JDIProxy attached
<Sep 24, 2005 9:27:25 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl:salesExpertServiceControl; Method=creditcheckcontr
ol.SalesExpertServiceControl.doCreditVerification(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
Code:javax.net.ssl.SSLHandshakeException
String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
Detail:
END SERVICE FAULT>
<Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl; Method=creditcheckcontrol.CreditCheck.testCreditC
heck(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
Code:javax.net.ssl.SSLHandshakeException
String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
Detail:
END SERVICE FAULT [ServiceException]>
<Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=top-level; Method=processes.CreditCheck_wf.$__clientRequest(); Fai
lure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled process exception [ServiceException]>
<Sep 24, 2005 9:27:26 AM EDT> <Error> <WLW> <000000> <Failure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled pr
ocess exception [ServiceException]><p>
I am not able to make out what could be possibly wrong. Please let me know if you guys have any ideas about how to resolve it.
Thanks
Sridhardid you resolve this problem. I am looking at the same issue. If you did I would really appreciate your response.
Thanks. -
BizTalk WCF service over SSL -WSDL is not working
we are exposed BizTalk Schema as Service and deployed in both IIS servers.BTW IIS cluster working as a loadbalancer.
First Question:
The service is exposed over SSL and shared URL like https://DNSName/abc.svc.When they browse the URL with WSDL nothing is getting (i.e.https://DNSName/abc.svc?wsdl).
Please help me why WSDL is not generating
Second Question:
Exposing service over SSL and in web.config making httpgetenabled=true and endpoint name="HttpMexEndpoint enabled.
Then when we browse URL(i.e.https://DNSName/abc.svc) it displaying like http://ipadress/abc.service?wsdl.
So when we click on http://ipadress/abc.service?wsdl ,the wsdl is generated.
Why when we try http://DNSName/abc.service?wsdl ,wsdl not generated.
Instead of displaying IPAddress to end user, we want to display DNSName.how to do it?
Regards BizTalkWorshipHi,
For the problem of SVC file changing to WSDL when you bowse, this normally happens when "httpsHelpPageEnabled" property (in case of HTTPS as your case otherwise httpHelpPageEnabled) of you service is set to "false"
in service's web.config file. When the help page option is set to "false" in the service's web.config file, this happens. Change it to "true"
<serviceDebug httpHelpPageEnabled="true"
Regards,
M.R.Ashwin Prabhu
If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply. -
Web Service over SSL exception
Hi,
Using NetBeans 6.5 (updated), I have created a web service like this:
package test.webservice;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import javax.ejb.Stateless;
@WebService()
@Stateless()
public class TestWebService {
@WebMethod(operationName = "testOperation")
public String testOperation(@WebParam(name = "firstParameter") String firstParameter) {
//TODO write your implementation code here:
return "This method has executed " + (firstParameter == null ? "no strings attached." : firstParameter);
}I've deployed and tested it on a local Glassfish server. Some additional information:
- Sun GlassFish Enterprise Server v2.1 (9.1.1) (build b60e-fcs)
- jdk1.6.0_13
It worked fine when accessing it through 'http://localhost:8080/TestWebServiceService/TestWebService?Tester', however, when accessing it through the SSL port (using this link: 'https://localhost:8181/TestWebServiceService/TestWebService?Tester'), it has produced an exception with the following stack trace:
Exceptions details : null
java.lang.NullPointerException at java.io.File.(File.java:222) at com.sun.enterprise.webservice.monitoring.WebServiceTesterServlet.initializePort(WebServiceTesterServlet.java:524) at com.sun.enterprise.webservice.monitoring.WebServiceTesterServlet.doGet(WebServiceTesterServlet.java:184) at com.sun.enterprise.webservice.monitoring.WebServiceTesterServlet.invoke(WebServiceTesterServlet.java:119) at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:142) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:114) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:87) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:288) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:647) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:579) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:831) at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341) at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:440) at com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:228) at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265) at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Question 1: Why isn't the tester working when using the SSL port? A reason or a bug (possibly fixed in later releases)?
Question 2: Will the Web Service itself also not work when invoked through the SSL port? Is it possible to invoke a simple web service over the simple SSL port?
Question 3: When accessing the WSDL description through the SSL port it produces a blank (empty) response - a blank page. Why so?
Thank you very much in advance!
Best regards
MatejHello,
I used this example, when I made my experiments with SSL and Glassfish (GF):
http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1
If you have problems with GF I suggest to post a message here:
http://forums.java.net/jive/forum.jspa?forumID=56
e.g. here is one thread:
http://forums.java.net/jive/thread.jspa?threadID=59993&tstart=0
Miro. -
Web Service over SSL hangs if sent data size exceeds around 12Kb
Hi,
I have a Web Service running on a WebLogic Server 10.3. One of its purposes is to send and receive documents over a one-way SSL connection. The service runs fine if the documents are smaller than around 12Kb, however if its larger than that, the service simply hangs. From SSL debug information it looks like some data is sent but afterwards it simply stops. When testing the Web Service without SSL it works fine, which points to an SSL issue. Also, surprisingly, when it receives documents over the SSL, it also works fine. I assumed there is a parameter that limits the size of the POST message sent over SSL, however all the parameters that I found, that could do that, were already set to unlimited.We ended up resolving this issue. It turned out to be something really simple. The client that was sending the soap traffic did not have the proper SSL certificate installed on the server that was generating the soap traffic.
-
Hi Ashwinprabhu,
thank you very much for your answer.
i have one more query, I have orchestration published as wcf service in IIS and internally orchestration calling one more service , it means orchestration sending a request and getting response back from the service.
actually we are implementing the copy of that called service through biztalk orchestration for system automatic and tracking failed messages and n/w failures.
But tracking profiler not tracking the Data.
And we need to develop the http service as https(Over SSL), we implemented in iis using self
signed certificate, it is working just browser for wsdl(in browser), we are not able to test the service in wcf test client, it is giving wsdl error, in wsdl schema reference showing with HTTP only,
please help me how to resolve the issue.
TeegalaFirst things first, I think it's best to publish only schemas as WCF service for dependency management reasons. That said - WSDL availability is covered in the WCF adapter under the behaviors. If you're using HTTPBasic this may be hard to modify, but using
WCFCustom allows you to add the WSDL behavior and specify that it should be available via HTTPS.
As to the BAM, are you using TPE within the orchestration or at the port level? I'd imagine your TPE tracks the start and end events of your orchestration using the Orchestration Schedule. If you're fairly confident that the TPE is correct and
yet don't see BAM data 1) make sure your SQL Agent is running healthy and all jobs look OK and 2) check the TDDS tables in both the message box and the BAMPrimaryImport databases. These will show you if there has been some sort of sync issue. There's
even a TDDS errors tables - so check that out.
Kind Regards,
-Dan
If this answers your question, please Mark as Answer -
Hi,
1) Used clientgen utility to create stub classes based on wsdl file
application is build using following ant task
2) Created a java application which acts as a client for invoking generated stubs (in step 1) for comunicating with webservice over HTTPS protocol.
3) Able to comunicate with required webservice through normal java client.
4) Integrate the above created java application in weblogic workflows. All the required jar (stubs and application) files are available in APP-INF/lib directory ofworrkflow application.
5) While invoking java application from work flow (to communicate with webservice) we get the following error
SOAP Fault:javax.xml.rpc.soap.SOAPFaultException: The server at https://www.3pv.
net/3PVWebServices/3PVWebServices.asmx returned a 403 error code (Forbidden). P
lease ensure that your URL is correct and that the correct protocol is in use.
Detail:
<detail>
<bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webse
rvice/fault/1.0.0">weblogic.webservice.util.AccessException: The server at https
://www.3pv.net/3PVWebServices/3PVWebServices.asmx returned a 403 error code (For
bidden). Please ensure that your URL is correct and that the correct protocol i
s in use.
at weblogic.webservice.binding.soap.HttpClientBinding.handleErrorRespons
e(HttpClientBinding.java:371)
at weblogic.webservice.binding.soap.HttpClientBinding.receive(HttpClient
Binding.java:233)
at weblogic.webservice.core.handler.ClientHandler.handleResponse(ClientH
Thanks
Sandip MehtaHey exact problem i am facing
1. Can access webservice through my thin java client using the stubs generated by clientgen.
2. But get 403 error when running inside weblogic.
8.1 SP2
Also saw in SP4 release notes....
CR185228:
The WebService SSL client failed to connect the service when "weblogic.webservice.client.ssl.strictcertchecking" was not set to false. WebLogic Server now connects to the service with this property set to either true or false."
Does this mean if i set
weblogic.webservice.client.ssl.strictcertchecking =false in SP2 my call from within weblogic will work
I appreciate immediate feedback.
Sachin -
Problema with web services over ssl
I'm trying to consume a web service that require ssql. i enabled ssl debug, but i can't understand what's wrong. :-(
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Arquivos de programas\Java\jdk1.6.0_06\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x20000000000d678b79405
Valid from Tue Sep 01 09:00:00 GMT-03:00 1998 until Tue Jan 28 09:00:00 GMT-03:00 2014
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 21:00:00 GMT-03:00 1996 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:44:50 GMT-03:00 2000 until Sat May 30 07:44:50 GMT-03:00 2020
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Mon Jun 21 01:00:00 GMT-03:00 1999 until Sun Jun 21 01:00:00 GMT-03:00 2020
adding as trusted cert:
Subject: CN=ZEMA CIA DE PETROLEO LTDA, OU=GIT, O=ICP-SEFAZGO, ST=GO, C=BR
Issuer: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
Algorithm: RSA; Serial number: 0x10a
Valid from Wed Feb 14 14:58:31 GMT-03:00 2007 until Mon Feb 13 14:58:31 GMT-03:00 2012
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 21:29:00 GMT-03:00 1998 until Mon Aug 13 20:59:00 GMT-03:00 2018
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 15:46:00 GMT-03:00 2000 until Mon May 12 20:59:00 GMT-03:00 2025
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 13:16:40 GMT-03:00 2000 until Fri Feb 07 13:46:40 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 11:01:00 GMT-03:00 2000 until Sat May 17 20:59:00 GMT-03:00 2025
adding as trusted cert:
Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
Valid from Thu Mar 23 11:10:23 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 13:09:40 GMT-03:00 1999 until Sat May 25 13:39:40 GMT-03:00 2019
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
Valid from Wed Mar 22 12:54:28 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 21:00:00 GMT-03:00 1996 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 16:24:30 GMT-03:00 1999 until Sat Oct 12 16:54:30 GMT-03:00 2019
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 GMT-03:00 1999 until Tue Jun 25 21:19:54 GMT-03:00 2019
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:38:31 GMT-03:00 2000 until Sat May 30 07:38:31 GMT-03:00 2020
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:48:38 GMT-03:00 2000 until Sat May 30 07:48:38 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 13:41:51 GMT-03:00 1998 until Wed Aug 22 13:41:51 GMT-03:00 2018
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 14:39:16 GMT-03:00 2004 until Thu Jun 29 14:39:16 GMT-03:00 2034
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 01:00:00 GMT-03:00 1999 until Sun Jun 21 01:00:00 GMT-03:00 2020
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Wed Dec 31 21:00:00 GMT-03:00 2003 until Sun Dec 31 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 09:14:45 GMT-03:00 1999 until Sun Jun 23 09:14:45 GMT-03:00 2019
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 05:00:00 GMT-03:00 2006 until Wed Dec 15 05:00:00 GMT-03:00 2021
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 14:20:00 GMT-03:00 2000 until Tue Feb 04 14:50:00 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Tue Nov 08 21:00:00 GMT-03:00 1994 until Thu Jan 07 20:59:59 GMT-03:00 2010
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 01:00:00 GMT-03:00 2002 until Sat May 21 01:00:00 GMT-03:00 2022
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 07:49:13 GMT-03:00 2001 until Tue Apr 06 07:49:13 GMT-03:00 2021
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 14:06:20 GMT-03:00 2004 until Thu Jun 29 14:06:20 GMT-03:00 2034
adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 15:10:42 GMT-03:00 1999 until Tue Jul 09 15:19:22 GMT-03:00 2019
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 14:28:50 GMT-03:00 1999 until Tue Jul 09 14:36:58 GMT-03:00 2019
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 03:00:00 GMT-03:00 2002 until Thu Nov 19 17:43:00 GMT-03:00 2037
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 14:50:51 GMT-03:00 1999 until Tue Dec 24 15:20:51 GMT-03:00 2019
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 11:50:00 GMT-03:00 1998 until Wed Aug 14 20:59:00 GMT-03:00 2013
adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 15:31:20 GMT-03:00 1999 until Tue Jul 09 15:40:36 GMT-03:00 2019
adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 15:57:21 GMT-03:00 1999 until Mon Jun 24 16:06:30 GMT-03:00 2019
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 04:29:40 GMT-03:00 2001 until Tue Apr 06 04:29:40 GMT-03:00 2021
adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 11:38:43 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1213102186 bytes = { 150, 70, 222, 91, 1, 159, 135, 122, 245, 66, 221, 50, 113, 8, 128, 154, 68, 232, 127, 215, 140, 215, 148, 147, 58, 93, 236, 23 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 10761
*** ServerHello, TLSv1
RandomCookie: GMT: 1213102414 bytes = { 186, 36, 22, 99, 140, 117, 31, 5, 231, 216, 148, 205, 190, 127, 202, 37, 111, 176, 39, 77, 137, 208, 110, 239, 167, 210, 211, 160 }
Session ID: {72, 78, 121, 78, 23, 96, 172, 97, 143, 196, 65, 95, 90, 198, 182, 217, 85, 189, 237, 255, 214, 174, 250, 18, 138, 100, 13, 130, 185, 47, 30, 194}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=homolog.sefaz.go.gov.br, OU=Equipamento A1, OU=SEFAZ, OU=Autoridade Certificadora SERPROACF, O=ICP-Brasil, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 121822830792857140980544413730208327423965418338836769494531514391506636002202311770038004646445375567736723855328246700773881808368957013969090425291780159678803518407365187798936095103086486699406270894225547100200566740997780387564247231686362223169873014182514927324634241630443664842180597672619260289963
public exponent: 65537
Validity: [From: Mon Aug 20 15:22:15 GMT-03:00 2007,
To: Tue Aug 19 15:22:15 GMT-03:00 2008]
Issuer: CN=Autoridade Certificadora do SERPRO Final v1, OU=CSPB-1, OU=Servico Federal de Processamento de Dados - SERPRO, O=ICP-Brasil, C=BR
SerialNumber: [ 32303037 30383230 31373434 35343032]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 32 38 96 C7 EE 44 64 E9 9A AA 15 5D E0 08 B4 8D 28...Dd....]....
0010: 89 47 51 A2 .GQ.
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://ccd.serpro.gov.br/lcr/serproacfv1.crl]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.4
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.2
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.3
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.7
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.8
RFC822Name: [email protected]
[4]: ObjectId: 2.5.29.37 Criticality=true
ExtendedKeyUsages [
serverAuth
clientAuth
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.76.1.2.1.16]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 39 68 74 74 70 73 3A 2F 2F 63 63 64 2E 73 65 .9https://ccd.se
0010: 72 70 72 6F 2E 67 6F 76 2E 62 72 2F 73 65 72 70 rpro.gov.br/serp
0020: 72 6F 61 63 66 2F 64 6F 63 73 2F 64 70 63 73 65 roacf/docs/dpcse
0030: 72 70 72 6F 61 63 66 2E 70 64 66 rproacf.pdf
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 5B 3B 86 9B 76 9A 9E 5A 21 53 38 A2 38 F8 53 00 [;..v..Z!S8.8.S.
0010: DA 12 46 B4 18 77 7E 12 8F A8 BE 36 DC C8 FB 50 ..F..w.....6...P
0020: 75 AA 4B 53 62 68 8A 5E 89 BB A5 96 54 75 4B DE u.KSbh.^....TuK.
0030: A5 C8 B8 85 5F 37 D5 A9 AC 9D 06 9E 31 B3 E0 E7 ...._7......1...
0040: BF AC B5 87 9F 24 AB 9D B5 C1 20 6B 63 B4 77 7E .....$.... kc.w.
0050: 83 1D 59 2F 81 B7 3D 02 45 D3 26 C4 A8 09 6E 3A ..Y/..=.E.&...n:
0060: 16 A3 0B 35 EE 06 4E 98 20 BD B3 92 90 50 C1 ED ...5..N. ....P..
0070: 2D 00 66 2D D0 C7 7D 7A 54 2B 1F 7D 68 11 C9 D8 -.f-...zT+..h...
0080: D4 45 5A 7D C4 C3 55 E6 0F 6D A1 5C D4 69 AC 04 .EZ...U..m.\.i..
0090: DB 0F FC 02 DF 63 17 17 A2 DD 9D 3E C6 6A 1E F2 .....c.....>.j..
00A0: 9B 6B 27 48 B2 52 75 8A B1 8B 6B 05 0D 7A 83 7E .k'H.Ru...k..z..
00B0: 3B 4D 5F 13 4D 69 7D 98 BF D0 29 86 43 01 1F F0 ;M_.Mi....).C...
00C0: DD D9 4D 41 D2 27 82 B3 D6 48 3B A6 CA 7B 18 21 ..MA.'...H;....!
00D0: E0 8A D0 07 EF 1F 4F 6D DA 74 BC AC 64 99 9C 80 ......Om.t..d...
00E0: FD EC 89 22 AE 18 D3 1A 1B C8 D4 D8 EC 69 80 99 ...".........i..
00F0: 43 5B 91 1C E3 28 5F 4C 51 71 F4 4D 85 01 71 E7 C[...(_LQq.M..q.
chain [1] = [
Version: V3
Subject: CN=Autoridade Certificadora do SERPRO Final v1, OU=CSPB-1, OU=Servico Federal de Processamento de Dados - SERPRO, O=ICP-Brasil, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 23659367425961339986383814473655435770305076360336120846402324294010759604691167341796796450718297422937486485989173997689009435615853573479123246742093161509679795253583183150516996100507241385700603597169864442790237544440295928051568067762067963906038465181975829517141032706152589802921982785603244093509126659971216775796468681697846064212891335993008177024582806600140619329189802486109058177503824508848203446928569492107040513868017002818333597993397664228505910643929070063949422917116775478325433437537593716368812763202859366097841062831999053298446527212103412654663554371896386629504450969081314886684871
public exponent: 58865
Validity: [From: Mon Apr 04 13:26:59 GMT-03:00 2005,
To: Mon Oct 24 20:59:00 GMT-03:00 2011]
Issuer: CN=Autoridade Certificadora do SERPRO v1, OU=Servico Federal de Processamento de Dados - SERPRO, O=ICP-Brasil, C=BR
SerialNumber: [ 32303035 30343034 31353530 35363030 3031]
Certificate Extensions: 6
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 32 38 96 C7 EE 44 64 E9 9A AA 15 5D E0 08 B4 8D 28...Dd....]....
0010: 89 47 51 A2 .GQ.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E2 8B 15 41 DB 75 39 29 BC 1C 54 7B FB 51 3F 14 ...A.u9)..T..Q?.
0010: 09 12 F2 B4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://ccd.serpro.gov.br/lcr/acserpro.crl]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.76.1.2.1.16]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 37 68 74 74 70 73 3A 2F 2F 63 63 64 2E 73 65 .7https://ccd.se
0010: 72 70 72 6F 2E 67 6F 76 2E 62 72 2F 61 63 73 65 rpro.gov.br/acse
0020: 72 70 72 6F 2F 64 6F 63 73 2F 64 70 63 61 63 73 rpro/docs/dpcacs
0030: 65 72 70 72 6F 2E 70 64 66 erpro.pdf
[CertificatePolicyId: [2.16.76.1.2.3.13]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 37 68 74 74 70 73 3A 2F 2F 63 63 64 2E 73 65 .7https://ccd.se
0010: 72 70 72 6F 2E 67 6F 76 2E 62 72 2F 61 63 73 65 rpro.gov.br/acse
0020: 72 70 72 6F 2F 64 6F 63 73 2F 64 70 63 61 63 73 rpro/docs/dpcacs
0030: 65 72 70 72 6F 2E 70 64 66 erpro.pdf
[CertificatePolicyId: [2.16.76.1.2.1.17]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 37 68 74 74 70 73 3A 2F 2F 63 63 64 2E 73 65 .7https://ccd.se
0010: 72 70 72 6F 2E 67 6F 76 2E 62 72 2F 61 63 73 65 rpro.gov.br/acse
0020: 72 70 72 6F 2F 64 6F 63 73 2F 64 70 63 61 63 73 rpro/docs/dpcacs
0030: 65 72 70 72 6F 2E 70 64 66 erpro.pdf
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
Algorithm: [SHA1withRSA]
Signature:
0000: 20 D5 4E 17 91 54 10 D5 3C 8C A0 3F F3 5D 23 FB .N..T..<..?.]#.
0010: 03 83 C8 92 59 13 58 E1 DA 37 3E B6 85 00 F2 F5 ....Y.X..7>.....
0020: C2 5E 27 DE C6 DD 30 F1 F8 8D CB DF E0 79 42 52 .^'...0......yBR
0030: E8 8A 9C C0 39 40 67 E2 32 19 05 0F C3 8A 62 7C [email protected].
0040: 44 D8 AB 1C 02 90 BF 4A 0D 85 89 D9 28 3C 19 6A D......i get a new certificate and now i'm getting the following error:
run:
keyStore is : D:\NFe\FiboNFe\Codigo\binarios\Certificados\00647154000250.p12
keyStore type is : PKCS12
keyStore provider is :
init keystore
init keymanager of type SunX509
found key for : ac sefazgo - zema cia de petroleo ltda
chain [0] = [
Version: V3
Subject: CN=ZEMA CIA DE PETROLEO LTDA, OU=GIT, O=ICP-SEFAZGO, ST=GO, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 156165028103689130512128042499152839841454193332056593988973957180679312477722424100906759434445855868490108915782950316422470489371768181578031249674215052225925638629814529894401995141383245975637710610778796528775386241354343792138837300923183596668288077189084522054268656963846045071234921096231142045503
public exponent: 65537
Validity: [From: Wed Feb 14 14:58:31 GMT-03:00 2007,
To: Mon Feb 13 14:58:31 GMT-03:00 2012]
Issuer: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
SerialNumber: [ 010a]
Certificate Extensions: 8
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 34 16 32 43 65 72 74 69 66 69 63 61 64 6F 20 .4.2Certificado
0010: 63 6C 69 65 6E 74 65 20 70 61 72 61 20 5A 45 4D cliente para ZEM
0020: 41 20 43 49 41 20 44 45 20 50 45 54 52 4F 4C 45 A CIA DE PETROLE
0030: 4F 20 4C 54 44 41 O LTDA
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 98 9E 12 CE 90 93 05 1A D5 22 DA 37 86 DE FA DF .........".7....
0010: 82 DA 3D 76 ..=v
[3]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
S/MIME
Object Signing
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR]
SerialNumber: [ fddca941 482ec9a8]
[5]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: [email protected]
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.4
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.2
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.3
Other-Name: Unrecognized ObjectIdentifier: 2.16.76.1.3.7
[6]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://homolog.sefaz.go.gov.br/acsefazgo/acsefazgo.crl]
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 5D C2 B6 D0 46 C7 62 75 0B C9 4B 33 6C DC C9 59 ]...F.bu..K3l..Y
0010: 5E 2C C0 DB 5E 4A 1D 92 E7 07 D6 57 A8 42 F3 9C ^,..^J.....W.B..
0020: 20 73 06 2F 85 C3 7F D7 4B 9C 37 01 78 CE F5 D6 s./....K.7.x...
0030: 0A 4E 73 E3 97 D4 91 AB E5 36 FD E1 72 0A 52 81 .Ns......6..r.R.
0040: E4 7C 71 C9 ED 3B 07 CF 5F 92 23 6E BD D1 41 B4 ..q..;.._.#n..A.
0050: 0E 63 98 34 30 58 45 BC F2 8B 79 CC 42 35 C4 9E .c.40XE...y.B5..
0060: 11 60 4A 4D 18 E8 5C 5D E0 DE 00 62 92 3E 5C 3A .`JM..\]...b.>\:
0070: F8 1B 22 F3 25 0D F1 44 19 0F 4D 39 AB 28 2A D9 ..".%..D..M9.(*.
chain [1] = [
Version: V1
Subject: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 127802546146235830576140179493601283095940595321418162651326663347027489542570383903029994774550120601063051515739969496712154341918329211265045381248247800442115925457899222625312701264189136966705127659226917208209098405021110477504756857490937404558470512168426299183317779894163270945711882621802732846421
public exponent: 65537
Validity: [From: Mon Feb 12 21:49:13 GMT-03:00 2007,
To: Thu Feb 09 21:49:13 GMT-03:00 2017]
Issuer: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
SerialNumber: [ fddca941 482ec9a8]
Algorithm: [SHA1withRSA]
Signature:
0000: 9C FC A1 04 AC D5 EB E6 27 EC B3 F8 5F 77 96 C6 ........'..._w..
0010: 3D 65 8D C7 83 C4 3E 17 E3 AF D2 8C 66 48 C0 38 =e....>.....fH.8
0020: 12 41 41 18 58 92 91 6D 64 E1 8C B5 5A 3C 18 5B .AA.X..md...Z<.[
0030: E6 42 79 97 1B 50 4D 7B 49 C5 55 95 7B 73 EC 42 .By..PM.I.U..s.B
0040: A5 BE E5 A7 4A 2A 00 59 0C B3 0D B9 23 F6 D5 70 ....J*.Y....#..p
0050: 1B 9A 2B 75 97 46 25 EF 1C 7C 57 41 43 7B 37 53 ..+u.F%...WAC.7S
0060: E3 D7 BF 04 AE EA 83 26 B7 AF D2 8D 50 4B 04 60 .......&....PK.`
0070: 3A CE 5A A6 4B 0E 27 BA A6 7D 49 02 34 CD EB F6 :.Z.K.'...I.4...
trustStore is: C:\Arquivos de programas\Java\jdk1.6.0_06\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x20000000000d678b79405
Valid from Tue Sep 01 09:00:00 GMT-03:00 1998 until Tue Jan 28 09:00:00 GMT-03:00 2014
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 21:00:00 GMT-03:00 1996 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:44:50 GMT-03:00 2000 until Sat May 30 07:44:50 GMT-03:00 2020
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Mon Jun 21 01:00:00 GMT-03:00 1999 until Sun Jun 21 01:00:00 GMT-03:00 2020
adding as trusted cert:
Subject: CN=ZEMA CIA DE PETROLEO LTDA, OU=GIT, O=ICP-SEFAZGO, ST=GO, C=BR
Issuer: CN=Autoridade Certificadora SEFAZ Goias, OU=GIT, O=ICP-SEFAZGO, L=Goiania, ST=GO, C=BR
Algorithm: RSA; Serial number: 0x10a
Valid from Wed Feb 14 14:58:31 GMT-03:00 2007 until Mon Feb 13 14:58:31 GMT-03:00 2012
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 21:29:00 GMT-03:00 1998 until Mon Aug 13 20:59:00 GMT-03:00 2018
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 15:46:00 GMT-03:00 2000 until Mon May 12 20:59:00 GMT-03:00 2025
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 13:16:40 GMT-03:00 2000 until Fri Feb 07 13:46:40 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 11:01:00 GMT-03:00 2000 until Sat May 17 20:59:00 GMT-03:00 2025
adding as trusted cert:
Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
Valid from Thu Mar 23 11:10:23 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 13:09:40 GMT-03:00 1999 until Sat May 25 13:39:40 GMT-03:00 2019
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
Valid from Wed Mar 22 12:54:28 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 21:00:00 GMT-03:00 1996 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 16:24:30 GMT-03:00 1999 until Sat Oct 12 16:54:30 GMT-03:00 2019
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 GMT-03:00 1999 until Tue Jun 25 21:19:54 GMT-03:00 2019
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:38:31 GMT-03:00 2000 until Sat May 30 07:38:31 GMT-03:00 2020
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 07:48:38 GMT-03:00 2000 until Sat May 30 07:48:38 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 13:41:51 GMT-03:00 1998 until Wed Aug 22 13:41:51 GMT-03:00 2018
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 14:39:16 GMT-03:00 2004 until Thu Jun 29 14:39:16 GMT-03:00 2034
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 01:00:00 GMT-03:00 1999 until Sun Jun 21 01:00:00 GMT-03:00 2020
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Wed Dec 31 21:00:00 GMT-03:00 2003 until Sun Dec 31 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Thu Nov 09 21:00:00 GMT-03:00 2006 until Sun Nov 09 21:00:00 GMT-03:00 2031
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 21:00:00 GMT-03:00 1998 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 09:14:45 GMT-03:00 1999 until Sun Jun 23 09:14:45 GMT-03:00 2019
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 05:00:00 GMT-03:00 2006 until Wed Dec 15 05:00:00 GMT-03:00 2021
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 14:20:00 GMT-03:00 2000 until Tue Feb 04 14:50:00 GMT-03:00 2020
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Tue Nov 08 21:00:00 GMT-03:00 1994 until Thu Jan 07 20:59:59 GMT-03:00 2010
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 21:00:00 GMT-03:00 1995 until Thu Dec 31 20:59:59 GMT-03:00 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 01:00:00 GMT-03:00 2002 until Sat May 21 01:00:00 GMT-03:00 2022
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 21:00:00 GMT-03:00 1996 until Tue Aug 01 20:59:59 GMT-03:00 2028
adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 07:49:13 GMT-03:00 2001 until Tue Apr 06 07:49:13 GMT-03:00 2021
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 14:06:20 GMT-03:00 2004 until Thu Jun 29 14:06:20 GMT-03:00 2034
adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 15:10:42 GMT-03:00 1999 until Tue Jul 09 15:19:22 GMT-03:00 2019
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 14:28:50 GMT-03:00 1999 until Tue Jul 09 14:36:58 GMT-03:00 2019
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 03:00:00 GMT-03:00 2002 until Thu Nov 19 17:43:00 GMT-03:00 2037
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 21:00:00 GMT-03:00 1999 until Wed Jul 16 20:59:59 GMT-03:00 2036
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 14:50:51 GMT-03:00 1999 until Tue Dec 24 15:20:51 GMT-03:00 2019
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 11:50:00 GMT-03:00 1998 until Wed Aug 14 20:59:00 GMT-03:00 2013
adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 15:31:20 GMT-03:00 1999 until Tue Jul 09 15:40:36 GMT-03:00 2019
adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 15:57:21 GMT-03:00 1999 until Mon Jun 24 16:06:30 GMT-03:00 2019
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 04:29:40 GMT-03:00 2001 until Tue Apr 06 04:29:40 GMT-03:00 2021
adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 11:38:43 GMT-03:00 2006 until Wed Dec 31 19:59:59 GMT-03:00 2025
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1213286062 bytes = { 175, 119, 88, 156, 122, 87, 49, 44, 101, 238, 155, 248, 50, 93, 130, 181, 230, 183, 242, 175, 99, 73, 45, 213, 138, 159, 67, 2 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 48 51 47 AE AF 77 58 9C 7A 57 ...E..HQG..wX.zW
0010: 31 2C 65 EE 9B F8 32 5D 82 B5 E6 B7 F2 AF 63 49 1,e...2]......cI
0020: 2D D5 8A 9F 43 02 00 00 1E 00 04 00 05 00 2F 00 -...C........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 48 51 47 AE AF 77 58 9C 7A 57 31 2C 65 EE ..HQG..wX.zW1,e.
0050: 9B F8 32 5D 82 B5 E6 B7 F2 AF 63 49 2D D5 8A 9F ..2]......cI-...
0060: 43 02 C.
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2...
0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@.
0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................
0040: 14 00 00 11 48 51 47 AE AF 77 58 9C 7A 57 31 2C ....HQG..wX.zW1,
0050: 65 EE 9B F8 32 5D 82 B5 E6 B7 F2 AF 63 49 2D D5 e...2]......cI-.
0060: 8A 9F 43 02 ..C.
[Raw read]: length = 5
0000: 16 03 01 2A 09 ...*.
[Raw read]: length = 1447
0000: 02 00 00 46 03 01 48 51 48 9A E1 59 9B EA B2 68 ...F..HQH..Y...h
0010: 3E 94 C8 47 A5 D6 1B 61 84 A6 09 1D 59 5D 16 1E >..G...a....Y]..
0020: B2 20 9C FF 2C B2 20 48 51 48 9A 01 56 28 85 90 . ..,. HQH..V(..
0030: 5C D9 06 F0 DC B0 A4 7E DB 4C 64 25 0D 3D 4E FF \........Ld%.=N.
0040: B3 89 4D 54 E7 0E AF 00 04 00 0B 00 14 09 00 14 ..MT............
0050: 06 00 05 47 30 82 05 43 30 82 04 2B A0 03 02 01 ...G0..C0..+....
0060: 02 02 10 32 30 30 37 30 38 32 30 31 37 34 34 35 ...2007082017445
0070: 34 30 32 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 4020...*.H......
0080: 05 00 30 81 A6 31 0B 30 09 06 03 55 04 06 13 02 ..0..1.0...U....
0090: 42 52 31 13 30 11 06 03 55 04 0A 13 0A 49 43 50 BR1.0...U....ICP
00A0: 2D 42 72 61 73 69 6C 31 3B 30 39 06 03 55 04 0B -Brasil1;09..U..
00B0: 13 32 53 65 72 76 69 63 6F 20 46 65 64 65 72 61 .2Servico Federa
00C0: 6C 20 64 65 20 50 72 6F 63 65 73 73 61 6D 65 6E l de Processamen
00D0: 74 6F 20 64 65 20 44 61 64 6F 73 20 2D 20 53 45 to de Dados - SE
00E0: 52 50 52 4F 31 0F 30 0D 06 03 55 04 0B 13 06 43 RPRO1.0...U....C
00F0: 53 50 42 2D 31 31 34 30 32 06 03 55 04 03 13 2B SPB-11402..U...+
0100: 41 75 74 6F 72 69 64 61 64 65 20 43 65 72 74 69 Autoridade Certi
0110: 66 69 63 61 64 6F 72 61 20 64 6F 20 53 45 52 50 ficadora do SERP
0120: 52 4F 20 46 69 6E 61 6C 20 76 31 30 1E 17 0D 30 RO Final v10...0
0130: 37 30 38 32 30 31 38 32 32 31 35 5A 17 0D 30 38 70820182215Z..08
0140: 30 38 31 39 31 38 32 32 31 35 5A 30 81 9A 31 0B 0819182215Z0..1.
0150: 30 09 06 03 55 04 06 13 02 42 52 31 13 30 11 06 0...U....BR1.0..
0160: 03 55 04 0A 13 0A 49 43 50 2D 42 72 61 73 69 6C .U....ICP-Brasil
0170: 31 2B 30 29 06 03 55 04 0B 13 22 41 75 74 6F 72 1+0)..U..."Autor
0180 -
Error while invoking web service over SSL
While making a SSL Connections to web service i am getting the below mentioned error in spite of configuring the certificate provided by the client onto WLS.
I tried adding the certificate to the default DemoTrust and DemoIdentity Keystores. The error still persisted.
I also tried importing the certificate(into cacerts keystore) as Java Standard Trust as well as tried pointing it to the custom keystores. None of it worked :(
Could somebody please give a solution to resolve this error ASAP.
The error is:
Message:exception occured, due to org.apache.axis2.AxisFault: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.apache.axis2.AxisFault: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:83)
at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:346)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:542)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:76)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:400)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:225)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:435)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at com.intel.services.warrantyservice.Get_Warranty_Details_OutServiceStub.get_Warranty_Details_Out(Get_Warranty_Details_OutServiceStub.java:184)
at com.intel.www.PortalServices.PortalServicesSOAPImpl.getWarrantyDetails(PortalServicesSOAPImpl.java:1865)
at com.intel.www.PortalServices.PortalServicesSOAPSkeleton.getWarrantyDetails(PortalServicesSOAPSkeleton.java:213)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3590)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at weblogic.xml.stax.XMLWriterBase.flush(XMLWriterBase.java:504)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:168)
at org.apache.axis2.databinding.utils.writer.MTOMAwareXMLSerializer.flush(MTOMAwareXMLSerializer.java:79)
at org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:94)
at org.apache.axiom.om.impl.llom.OMSourcedElementImpl.internalSerializeAndConsume(OMSourcedElementImpl.java:738)
at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:966)
at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerializeAndConsume(OMElementImpl.java:995)
at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.serializeInternally(SOAPEnvelopeImpl.java:254)
at org.apache.axiom.soap.impl.llom.SOAPEnvelopeImpl.internalSerialize(SOAPEnvelopeImpl.java:242)
at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerializeAndConsume(OMElementImpl.java:995)
at org.apache.axiom.om.impl.llom.OMNodeImpl.serializeAndConsume(OMNodeImpl.java:486)
at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:79)
... 48 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:278)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212)
at java.io.BufferedWriter.flush(BufferedWriter.java:236)
at weblogic.xml.stax.XMLWriterBase.flush(XMLWriterBase.java:502)
... 59 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
... 74 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
... 80 moreWhich version/platform are you using?
The thing you need to consider here is that the JDev proxy settings do not affect the BPEL server.
So if the BPEL server cannot connect to your webservice, it will not be because of any Jdev setting.
Check the proxy settings on your BPEL server (on 10.1.2 developer install it will be in obsetenv.bat, on 10.1.3 it will be a commandline property of the JVM - see AS Control administration page for the JVM) -
Http service over ssl with IE8 not working works in all other browsers
Hi,
The web server is running ssl (https) and the server as a valid certificate. The main swf loads but then I make a http service call to a relative address on the same server for some database information I get an IO error
This works fine in all browsers except internet explorer, however IE will work if I don't use ssl and use normal http.
Is there a setting in IE that would allow this, is there a known issue and better still a workaround. I have tried trusted site setting and everything else I can think off.
TIA
HarryI had this problem, and it was related to the way IE8 handled ssl certificate revocation checking. I had to turn off the check box in IE8 options that told it to check for revocation.
Mark -
Unable to call Web Service with Username Token
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I posted this in the JDeveloper forum but got no response.
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I have JDeveloper 10g release 3.
I created a regular Java application. Added a Web service proxy with no special mappings or anything. Right clicked on the proxy and said "Secure Proxy". I only used basic plain text username token. Added a method to my class that call instantiates a client, and called the operation.
However when I run this I get the following error message.
SEVERE: No username found
Error::oracle.j2ee.ws.common.soap.fault.SOAP11FaultException: No username found
The Web Service Security Proxy Wizard created an xml in my src file, that I updated to put the username and password of the web service. Below is the xml file.
<oracle-webservice-clients xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation='http://xmlns.oracle.com/oracleas/schema/oracle-webservices-client-10_0.xsd'>
<webservice-client>
<service-qname namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1"/>
<port-info>
<wsdl-port namespaceURI="http://tempuri.org/SOAPTestWS/Service1" localpart="Service1Soap"/>
<runtime enabled="security">
<security>
<inbound/>
<outbound>
<username-token name="myusername" password="xxxxx" password-type="PLAINTEXT" add-nonce="false" add-created="false"/>
</outbound>
</security>
</runtime>
<operations>
<operation name='TryMe'>
</operation>
</operations>
</port-info>
</webservice-client>
</oracle-webservice-clients>
And this configuration file is processed in the stub file.
setupConfig("project2/runtime/Service1Soap_Stub.xml");
What am I doing wrong. I cannot find any documentation on the secure web service client wizard and it's generated code.
Thanks, MIke L.Mike,
I updated the 3 xml files with the name and password and I get a different error now ...
WARNING: Unable to connect to URL: https://dssd001.ca.boeing.com:443/bartinterface/SOAP/resSetup.cgi due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
I am using the simple text based username auth, but jdev for some reason still goes and looks for the x509 cert? How did you get yours to work?
Thanks
Sriram -
Consuming Web Service using WS-Security: USERNAME Token
Hi ABAP Experts,
we like to consume a self defined web service between to SAP systems (ECC6 701/006). Without any security settings the connection is successfully. But we like to setup a message security like USERNAME Token.
The wss profiles are already created by using TX: WSSPROFILE. Therefore we used the templates "SET_USERNAME" and "CHECK_USERNAME". The service user "DELAY_L<sid>" has been generated as well. The problem is in SOAMANAGER we can't find the related configuration (For Provider and Consumer) to set the parameters "PROFILE In" and "Profile Out" like it was in the obsolete TX "LPCONFIG".
Can anybody help me to find out how to configure USERNAME Token using SOAMANAGER.
Thank you very much in advance.
Kind regards
AxelHi,
The following articles would be helpful:
.net call WS-Security enabled web service (created in java)
http://stackoverflow.com/questions/2138129/net-call-ws-security-enabled-web-service-created-in-java
WS-Security Protocol with .NET – A Overview
http://www.c-sharpcorner.com/UploadFile/mahesha/WSSecurityProtocol11232005052243AM/WSSecurityProtocol.aspx
An introduction to Web Service Security using WSE - Part I
http://www.codeproject.com/Articles/7062/An-introduction-to-Web-Service-Security-using-WSE
As this question is not relate to SharePoint, I suggest you post it to a suitable Forum, you will get more help and confirmed answers from there.
Best Regards
Dennis Guo
TechNet Community Support -
Pass Username token in Web Service Client
I am totally new to Java....I work primarily with .Net. I am trying to send a Username token to a web service. I looked at the examples...can't get them to run.
My question is, without using config files, can I specify username token in the class. You can do this in .Net.
I am working with .NetBeans IDE 5.0.I looked at this example....didn't get to far because I couldn't setup the samples.
http://java.sun.com/webservices/docs/1.6/tutorial/doc/XWS-SecuritySamples5.html#wp569635
Here is the guide I followed to setup the samples.
http://java.sun.com/webservices/docs/1.6/tutorial/doc/XWS-SecuritySamples2.html
I didn't do the part about the keystore. I got stuck on the "Setting Build Properties", and I don't know how to run the samples.
Are you saying there is no way of creating a java application, creating the web service client with JWSDP 2.0 and then modifying either the generated code or my main.class to set the username and token properties?
Thanks, Mike L.
Maybe you are looking for
-
Separating two phones on one iTunes account
My wife and I have iPhone 4s. During the back up, we have encountered a problem with cross mingling our contacts, apps, etc. Ideally, I would like to create a separate iTunes account for her so our phone info doesn't get merged. If I create an accoun
-
How do you delete pages from a PDF?
I have an 8 page Adobe PDF file that I need 4 pages deleted from. How can perform this task? Thanks!
-
I created a package for my JSP and import it to be used in a JSP. It works great a couple of times, but for some reason, it displays an error message saying it can't find the class in import. Can anyone explain that? Thanks. null
-
IMovie 10.0.7 - Adjust Colours Numerically?
I have a question about iMovie 10.0.7, which is currently the latest version of iMovie. If you Adjust colours (using the Multislider control, the Saturation slider, or Color Temperature slider) is there a way to bring up numbers, so that you can Adju
-
Time sync gets 6 minutes wrong
Hi! SInce a few days back, the clock on my iPhone shows 6 minutes too late. If I disable the automatic sync, I can set the time correctly, but if I re-enable the sync, it moves back 6 minutes again. I contacted my operator, and they said that the clo