Erro SOAP Receiver: handshake failure

Pessoal, boa tarde.
Tenho um Canal de Comunicação SOAP Receiver, com autenticação por usuário e senha.
Ao enviar a requisição para o Channel, é gerado o seguinte erro:
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Category>XIAdapterFramework</SAP:Category>
<SAP:Code area="MESSAGE">GENERAL</SAP:Code>
<SAP:P1 />
<SAP:P2 />
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.RecoverableException: Peer sent alert: Alert Fatal: handshake failure: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure</SAP:AdditionalText>
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack />
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
mencionando problema de handshake.
No log Java, encontrei as seguintes mensagens:
p.aii.af.soapadapter#co
ssl_debug(6603): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(6603): Received v3 server_hello handshake message.
ssl_debug(6603): Server selected SSL version 3.1.
ssl_debug(6603): Server created new session CA:23:B4:0E:C7:16:0A:8F...
ssl_debug(6603): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(6603): CompressionMethod selected by server: NULL
ssl_debug(6603): Received certificate handshake message with server certificate.
ssl_debug(6603): Server sent a 1024 bit RSA certificate, chain has 1 elements.
ssl_debug(6603): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(6603): Received server_hello_done handshake message.
ssl_debug(6603): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(6603): Sending change_cipher_spec message...
ssl_debug(6603): Sending finished message...
ssl_debug(6603): Received alert message: Alert Fatal: handshake failure
ssl_debug(6603): SSLException while handshaking: Peer sent alert: Alert Fatal: handshake failure
ssl_debug(6603): Shutting down SSL layer...
Alguém já viu este erro e teria alguma informação a respeito?
Desde já agradeço.
Pedro Baroni

Carlos,
Em nosso cenário não utilizamos Certificado, porém em contato com o Fornecedor dos WebServices, identificamos o problema na aplicação dele, pois haviam configurado para somente aceitar conexões com Certificado. Porém o problema já foi corrigido na aplicação dele e a Interface voltou a funcionar.
Obrigado.

Similar Messages

SOAP receiver message failure

Hi,
Scenario is an async message from SAP to a third party (SOAP receiver)
This message staus is delivered in adapter logs of RWB.
Also there is the payload (before mapping and after mappings till technical routing also) can be seen from sxmb_moni.
Thre problem is that the message data is not uploaded to that third party.
The communication channel is having correct URL (tried with WSDL home page and URL pointing to WSDL file/code like with '?WSDL' ) and SOAP action is also provided (also tried without SOAP action and got an error related to SOAP action).
These are the only 2 places (target URL & SOAP action) are maintained in communication channel. There is no any proxy/authentication required.
What cld be the reason of this ?
The TP web service is working fine with soapUI.
Regards,
Sachchidanand

Hi Kulwant,
Thanks for ur help.
In sxmb_moni, message status is successful.
As ur suggestion I just checked with soapUI message structure and found that..
1. soapUI tool message structure contains empty header <soapenv:Header/> and in the <soapenv:Body> all the wsdl fields/heirarchy is there.
2. In sxmb_moni payload (@ tech routing) there is no any header , it shows the structure like its in <soapenv:Body> of soapUI or its like message mapping heirarchy.
And there is no any custom authentication part visible in soapUI also.
Thanks,
Sachchidanand

SSL handshake failure

Hi,
I have to establish the connection from SAP WebAS to an Apache server via HTTPS. The Apache authentication is based on client certificates. But I'm still unable to establish a connection. Everything runs fine via HTTPS if client certificate authentication is disabled on Apache (anonymous access). But as soon as client authentication is enabled, the icm log displays the following failure:
[Thr 1800] *** ERROR during SecudeSSL_Read() from SSL_read()==SSL_ERROR_SSL
[Thr 1800] session uses PSE file "/usr/sap/E3T/DVEBMGS00/sec/SAPSSLC.pse";;
[Thr 1800] SecudeSSL_Read: SSL_read() failed --
secude_error 536872195 (0x20000503) = "handshake failure"
[Thr 1800] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 1800] ERROR in ssl3_read_bytes: (536872195/0x20000503) handshake failure
WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSLv3 handshake failure alert message from the peer
[Thr 1800] << ---------- End of Secude-SSL Errorstack ----------
[Thr 1800] <<- ERROR: SapSSLRead(sssl_hdl=0x115f8a310)==SSSLERR_SSL_READ
[Thr 1800] ->> SapSSLErrorName(rc=-58)
[Thr 1800] <<- SapSSLErrorName()==SSSLERR_SSL_READ
[Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): SapSSLRead returned (-58): SSSLERR_SSL_READ [icxxthrio_mt 2539]
[Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): read failed (rc = -1) [icxxthrio_mt 2611]
[Thr 1800] *** ERROR => IcmHandleNetRead(id=3/1967): IcmReadFromConn failed (rc = -1) [icxxthrio_mt 1304]
In the Apache logs, it seems that SAP is not sending a client certificate. So Apache closes the connection. Do you have an idea how I can make SAP WebAS send the certificate ?
Thanks in advance
Christan

Hi,
>Because the third line in your log says that no PSE could be found?
I'm not sure of that.
Here is an extract of the log of an ICM starting without a client certificate in STRUST
[Thr 4392] = secudessl_Create_SSL_CTX(): PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLC.pse" not found,
[Thr 4392] = using PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLS.pse" as fallback
[Thr 4392] ******** Warning ********
[Thr 4392] *** No SSL-client PSE "SAPSSLC.pse" available
[Thr 4392] *** this will probably limit SSL-client side connectivity
[Thr 4392] ********
[Thr 4392] = Success SapCryptoLib SSL ready!
Here is an extract of the log of an ICM starting with a client certificate in STRUST.
[Thr 9208] =================================================
[Thr 9208] = SSL Initialization on PC with Windows NT
[Thr 9208] = (700_REL,Mar 19 2007,mt,ascii,SAP_UC/size_t/void* = 16/64/64)
[Thr 9208] SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
 resulting Filename = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
[Thr 9208] = found SAPCRYPTOLIB 5.5.5C pl17 (Aug 18 2005) MT-safe
[Thr 9208] = current UserID: BT0D0000\SAPServiceDXI
[Thr 9208] = found SECUDIR environment variable
[Thr 9208] = using SECUDIR=I:\usr\sap\DXI\DVEBMGS68\sec
[Thr 9208] = Success SapCryptoLib SSL ready!
Christian,
Could you restart the ICM and check the trace file to find out if you get the message about a missing SAPSSLC.pse ?
Regards,
Olivier
[Thr 9208] =================================================

Soap receiver adapter exception

Hi,
I am using SOAP receiver adapter to access a web service that is hosted on SAP Web AS (in this case it is the integration server Web AS). I use the web services navigator to test the web service and the web service works fine. The name of the web service is 'RemoteCrossReferenceProcessor' and it has one operation 'crossReference'.
But with the soap adapter, I am getting OperationNotFoundException in the logs and my web service is not getting accessed. Here is the server log:
An error occurred while processing the message security. Reason: . See trace entry .#3#com.sap.engine.interfaces.webservices.runtime.OperationNotFoundException#Found 0 operation definitions using keys: Key name:'first-body-element-ns' key value:'urn:RemoteCrossReferenceProcessor'; Key name:'SoapRequestWrapper' key value:'crossReference'; #[no trace for com.sap.security.core.server.ws.service.ServerSecurityProtocol (severity above PATH)]#
#1.5#0003BA0FF9EA0022000000840000688D0003F9349A3C2D61#1118429251382#com.sap.aii.af.ra.ms.impl.core.queue.SendConsumer##com.sap.aii.af.ra.ms.impl.core.queue.SendConsumer.onMessage(QueueMessage)######b40aca80d9be11d994360003ba0ff9ea#SAPEngine_System_Thread[impl:5]_47##0#0#Error##Java###Transmitting the message to endpoint using connection failed, due to: .#3#AFW#com.sap.aii.af.ra.ms.api.RecoverableException: NO_BACK_SYSTEM_IN_HOPLIST:#http://sapsand1:8000/sap/xi/engine?type=entry#
Here is adapter configuration:
Transport Protocol:HTTP
Message Protocol:SOAP 1.1
Adapter Engine:Integration Engine
Target URL: http://<server_name>>:50000/RemoteCrossReferenceProcessor/Config?style=document
User:
Password:
Default SOAP Action:
I imported the WSDL into the external definition and used the messages from the WSDL for defining my interface mappings.
I am using XI 3.0 SR1 (SP 09).
I am out of ideas as to why the SOAP adapter is not calling my web service. Please help me with your suggestions.
Thanks and Regards.

HI Dani,
I was looking for this error and I found this post AXIS SOAP Receiver. This post says about other errors, but sugests many ideas to found the soluction, like:
1- non-deployed all AXIS jars; (but in this case it deployed all)
2- Exists this note for one erro in AXIS: (https://service.sap.com/sap/support/notes/1028961).
3- this document (http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/b092777b-ee47-2a10-17b3-c5f59380957f) that have sets for header parameters. This is interesting becouse one of this parameters is obligatory but isn't filled, can occur error like "null object".
By the way, you can check if have update to AXIS (http://ws.apache.org/axis/), becouse isn't a SAP application and in other systems can have this error.
I hope this helps,
Romerito Silva

Message mapping: SOAP Receiver to IDOC Sender

hi,
i have an idoc sent to SOAP receiver. SOAP Response will have only the "Status code" and the "Reason of failure".
IDOC Sender will have the PO Number and the Vendor Name to which we are sending.
The SOAP Response will not have the PO Number and the Vendor Name.
How can i have the Reason of failure, PO Number and Vendor in one message type?
Thanks in advance,
Tirumal

Praveen -
Thanks for the response and appreciate your observation.
Very tight deadlines with the client and have to finish lot of tasks in short time so putting hands in everything.
There are lot of vendors who run their proprietary web services. So cannot change their stuff.
How would i map the SOAP request to the SOAP Response since some information is in one message type and other half of information available in other message type.
I created a SOAP Response Type with the "Reason Code" information.
I created another message type with all the information that i want.
How would i map the SOAP Request to the SOAP Response msg type and the other message type.
Let me know.
Thanks in advance,
Tirumal

SOAP RECEIVER SSL Problems

Dear Community,
I have configured a SOAP Receiver to an external web service (https://server:7002/service). I have use IE to get the certificate of the server and have imported it into the keystore of the j2ee (using VA). I have imported it to the all current views available. We have SAP PI 7.0 SP18. The problem is that the SSL handshaking is not performed correctly. I have placed a tcp gateway monitor tool to see the messages pass through. As soon as the first message is send to the above URL and a response is received, I get a XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 500 Internal Server Error. Also, in the default trace log I get a no private key found.... Do I need extra steps to configure SSL in the SOAP Receiver? The service does not required a Client authentication certificate and has a certificate with o CA root certificate (since this is only a test system and has issued its own certificate). Any ideas? Any help will be appreciated.
Regards,
S.Socratous

Hello,
Generally it's a connectivity behaviour. Check if you have setup the connection to
the receiver and also check the explanation regarding 500 Internal Server Errors:
*Description: The server encountered an unexpected condition which prevented it from fulfilling the request.
Possible Tips: Have a look into SAP Notes u2013 804124, 807000*
It may be also a problem with the SSL certificate. So, check if it's not expired;
The correct server certificate may be not present in the TrustedCA keystore view of NWA .
Please ensure you have done all the steps described in these url (this is for 7.11):
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi711/helpdata/en/48/d1c7e690d75430e100000
00a42189b/frameset.htm
You may have not imported the certificate chain in the correct order (Own -> Intermediate -> Root);
Last, if the end point of the SOAP Call(Server) is configured to accept
a client certificate(mandatory), then make sure that it is configured
correctly in the SOAP channel and it is also within validity period.
(This certificate is the one which is sent to Server for Client
authentication)
Hope that helps.
With regards,
Caio Cagnani

SOAP Receiver over SSL - server certificate troubles

Hello all,
I have a scenario with SOAP receiver communication channel with comunnication over SSL. In the URL there is a IP address for a reason I will not mention ... simply there must be IP address in URL and not a host name.
When I access the SOAP server with internet browser it gives me a server certificate with HOST NAME in CN. I placed this certificate to the "trusted container" in J2EEVisAdmin - Key Storage.
Now you might already suspect the trouble: the certificate CN doesn't match with URL. This is obvios error we got many times on the internet (even in e-banking sector .. but we are able to skip it with our internet browsers' possibilities.
Could I set up something in J2EE server as same as in internet browser ???
Thank you in advance.
Rgds
Tom

Got it,
SAP Note : 791655
HTTPS/SSL Properties
Property Name = [default]
messaging.ssl.httpsHandler=iaik.protocol.https.Handler
messaging.ssl.securityProvider=iaik.security.provider.IAIK
messaging.ssl.trustedCACerts.viewName=TrustedCAs
messaging.ssl.serverNameCheck=false
Description:
The properties "httpsHandler" and "securityProvider" specify the class names of the HTTPS handler and Security provider used. The AF only supports IAIK. Never change these values! To activate HTTP/SSL, you must install the IAIK libraries on your J2EE Engine as described in the Installation Guide.
The property "trustedCACerts.viewName" defines which J2EE keystore is used during the SSL Handshake for trusted CA certificates. You should never change this value either. With "serverNameCheck" you can specify whether the host name in outbound HTTPS requests should be checked against the host name in the certificate of the server.
Regards,
Bhavesh

Enable communication HTTPS in SOAP Receiver Adapter

Hi gurus,
I have configured the soap receiver adapter with the URL:
"https://www.xxxx.com/yyyyyyyyyy.asmx" without the user authentication.
I have executed the webservice since SOAP-UI and works well. But if I run the webservice from SAP XI does not work. In the transaction SXMB_MONI shows the following error:
<SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Category>XIAdapterFramework</SAP:Category>
<SAP:Code area="MESSAGE">GENERAL</SAP:Code>
<SAP:P1 />
<SAP:P2 />
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: Connection closed by remote host.</SAP:AdditionalText>
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack />
<SAP:Retry>M</SAP:Retry>
</SAP:Error>"
What is happening?
Thanks,
Jose.

Jose,
client certificate is the "top" authentication mechanism during SSL handshake, like this :
- XI authenticate the SSL certificate (server) issued by target server against a (trusted) list of known certification authority, then target will ask XI to present its own certificate (client) and it will make sure this client certificate can be trusted (verifying it has been certified by a known authority). Handshake is "done"
but you can also have
- "anonymous" mode (XI will make sure SSL cert provided by the target has been issued - and so can be trusted - by a (well)known certification authority), that's it. Target does not expected any other security feature
- user/pwd over a SSL connection (like above, but you'll also have to provide a user and pwd for authentication at target level)
Hope this helps
Chris

Handshake failure

Hello everyone
here iam struggling with a problem, of handshake failure. the synoptical story is
1. I am developing a java client to connect a payware merchant server at a port 3443 through SSL, with package JSSE from JDK1.4.1 on windows 2000 using socket API.
2. I got the two server certificates namely ca.pem and client.pem. I feel these are server's public key and CA key. Is it right? I have to keep these certificates in the client's keystore. Here itself, i feel the problem is. How to create a keystore for adding these certificates at client's machine using keytool.
a) If i create using "keytool -genkey" and there after, i try
to add above certificates, i am getting the exceptions,
and not adding these certificates.
3. here i don't want to have client side certificates, i.e one way handshaking, or in otherwards, it is server authentication only.
4. after this process i am using below code and trying to contact, iam getting the handshake failure exception, why I unable to resolve this.
the code i am using:
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.net.ssl.*;
import java.security.cert.X509Certificate;
import java.security.cert.*;
import java.security.KeyStore;
* This example demostrates how to use a SSLSocket as client to
* send a request through SSL socket and get response from a server developed
* in C++. Communication through the SSL layers.
* It assumes that the client is not behind a firewall
public class TestSocketClient {
public static void main(String[] args) throws Exception {
 try {
// System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
// java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
 System.setProperty("javax.net.debug","SSL");
System.setProperty("javax.net.ssl.TrustStore","testkeys");
System.setProperty("javax.net.ssl.TrustStorePassword","passphrase");
 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
 KeyStore ks = KeyStore.getInstance("JKS");
 char[] pass = "passphrase".toCharArray();
 ks.load(new FileInputStream("testkeys"),pass);
 kmf.init(ks,pass);
 TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
 X509TrustManager xtm =new MyX509TrustManager();
 TrustManager[] tm = {xtm};
 tmf.init(ks);
 SSLContext context = SSLContext.getInstance("SSL");
 java.security.SecureRandom sr = new java.security.SecureRandom();
 context.init(kmf.getKeyManagers(),tm,sr);
 SSLSocketFactory sslfactory = context.getSocketFactory();
/* SSLSocketFactory factory =
 (SSLSocketFactory)SSLSocketFactory.getDefault();
 SSLSocket socket =
(SSLSocket)sslfactory.createSocket("10.0.0.20",3443);
 // socket.setNeedClientAuth(true);
String[] protocols = {"SSLv3","TLSv1"};
socket.setEnabledProtocols(protocols);
 // socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
OutputStream os;
System.out.println("socket is created.");
 * send http request
 * Before any application data is sent or received, the
 * SSL socket will do SSL handshaking first to set up
 * the security attributes.
 * SSL handshaking can be initiated by either flushing data
 * down the pipe, or by starting the handshaking by hand.
 * Handshaking is started manually in this example because
 * PrintWriter catches all IOExceptions (including
 * SSLExceptions), sets an internal error flag, and then
 * returns without rethrowing the exception.
 * Unfortunately, this means any error messages are lost,
 * which caused lots of confusion for others using this
 * code. The only way to tell there was an error is to call
 * PrintWriter.checkError().
System.out.println(" just before handshake ");
// socket.setNeedClientAuth(false);
// socket.startHandshake();
// System.out.println(" Hand shake is completed ");
 PrintWriter out = new PrintWriter(
socket.getOutputStream());
System.out.println(" print writer object is created ");
String s="GET http://www.verisign.com/index.html HTTP/1.1";
byte[] b1=s.getBytes("ISO-8859-1");
// out.println("GET http://www.verisign.com/index.html HTTP/1.1");
// os.write(b1);
out.print(b1);
 System.out.println(" print is created ");
 out.flush();
 BufferedReader in = new BufferedReader(
 new InputStreamReader(
 socket.getInputStream()));
String inputLine=null;
System.out.println("The input line is: "+inputLine);
 while ((inputLine = in.readLine()) != null) {
 System.out.println("Received messages from here.");
 System.out.println(inputLine);
// out.close();
System.out.println(" output is trying to flushing the data ");
 * Make sure there were no surprises
 if (out.checkError())
 System.out.println(
 "SSLSocketClient: java.io.PrintWriter error");
 /* read response */
 in.close();
 out.close();
 socket.close();
 } catch (Exception e) {
System.out.println(" the exception is "+e);
e.printStackTrace();
 System.exit(0);
debugging information:
---------- Run the application ----------
found key for : duke
chain [0] = [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
 To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [ 3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V1
Subject: ST=Dublin, L=Leopardstown, OU=Banking Support, O=Trintech Technologies, CN=trintech.com, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@749757
Validity: [From: Fri Aug 23 13:05:43 GMT+03:00 2002,
 To: Sun Sep 22 13:05:43 GMT+03:00 2002]
Issuer: CN=TEST RSA CERTIFICATION AUTHORITY - FOR INTERNAL TESTING PURPOSES ONLY - NO LIABILITY, OU=Banking Division, O=Trintech Technologies Ltd, L=Dublin, ST=County Dublin, C=IE
SerialNumber: [ f0]
Algorithm: [MD5withRSA]
Signature:
0000: 7F 7A 9C F6 9D 6D AF AF 2D D4 4F 92 39 4E 95 9B .z...m..-.O.9N..
0010: 2C 50 76 59 BB E1 27 02 86 DC DB 72 99 7C 97 11 ,PvY..'....r....
0020: 11 36 97 F3 53 E0 68 DB A9 98 B7 94 EF 17 6D 91 .6..S.h.......m.
0030: 81 14 FE B6 33 7C 60 CA 13 12 13 EB 75 E7 23 0C ....3.`.....u.#.
0040: A5 AB 6D F5 0B A2 DA B6 12 DD 48 43 4C AC 80 79 ..m.......HCL..y
0050: 7F EF 98 E7 5A 67 D5 20 C8 91 C2 32 10 F4 F8 02 ....Zg. ...2....
0060: B8 44 45 AC 45 24 57 12 60 12 03 6F 9C 50 CB D4 .DE.E$W.`..o.P..
0070: 8F C5 E5 FB AE 44 0B BC D1 F3 A8 EE 78 64 C0 CF .....D......xd..
adding private entry as trusted cert: [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
 To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [ 3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@dfafd1
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
 To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
adding as trusted cert: [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a8c488
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
 To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
trigger seeding of SecureRandom
done seeding SecureRandom
socket is created.
just before handshake
print writer object is created
print is created
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 987413342 bytes = { 254, 80, 236, 112, 44, 177, 113, 24, 240, 17, 19, 124, 170, 193, 156, 242, 6, 94, 107, 49, 236, 18, 211, 50, 196, 36, 58, 91 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 3B DB BB 5E FE 50 EC 70 2C B1 ...7..;..^.P.p,.
0010: 71 18 F0 11 13 7C AA C1 9C F2 06 5E 6B 31 EC 12 q..........^k1..
0020: D3 32 C4 24 3A 5B 00 00 10 00 05 00 04 00 09 00 .2.$:[..........
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
main, READ: SSL v3.0 Handshake, length = 74
*** ServerHello, v3.0
RandomCookie: GMT: 1019049914 bytes = { 146, 60, 74, 221, 254, 223, 224, 218, 86, 64, 214, 127, 32, 0, 235, 238, 181, 210, 212, 218, 141, 38, 198, 142, 110, 175, 146, 113 }
Session ID: {1, 241, 227, 143, 175, 90, 192, 25, 155, 216, 173, 103, 159, 41, 90, 222, 86, 8, 76, 153, 122, 138, 88, 120, 112, 104, 65, 202, 147, 134, 163, 143}
Cipher Suite: { 0, 10 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
** SSL_RSA_WITH_3DES_EDE_CBC_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 00 3D BD 78 BA 92 3C 4A DD FE DF ...F..=.x..<J...
0010: E0 DA 56 40 D6 7F 20 00 EB EE B5 D2 D4 DA 8D 26 ..V@.. ........&
0020: C6 8E 6E AF 92 71 20 01 F1 E3 8F AF 5A C0 19 9B ..n..q .....Z...
0030: D8 AD 67 9F 29 5A DE 56 08 4C 99 7A 8A 58 78 70 ..g.)Z.V.L.z.Xxp
0040: 68 41 CA 93 86 A3 8F 00 0A 00 hA........
main, READ: SSL v3.0 Handshake, length = 1561
*** Certificate chain
chain [0] = [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d251a3
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
 To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
chain [1] = [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@edc073
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
 To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
[read] MD5 and SHA1 hashes: len = 1561
0000: 0B 00 06 15 00 06 12 00 02 F5 30 82 02 F1 30 82 ..........0...0.
0010: 02 5A A0 03 02 01 02 02 03 08 B1 FA 30 0D 06 09 .Z..........0...
0020: 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 C4 31 0B *.H........0..1.
0030: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0040: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0050: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0060: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0070: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0080: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0090: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
00A0: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
00B0: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00C0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00D0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00E0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00F0: 6F 6D 30 1E 17 0D 30 32 30 31 30 38 31 34 34 38 om0...0201081448
0100: 30 31 5A 17 0D 30 33 30 31 30 38 31 34 34 38 30 01Z..03010814480
0110: 31 5A 30 81 8E 31 0B 30 09 06 03 55 04 06 13 02 1Z0..1.0...U....
0120: 4B 57 31 17 30 15 06 03 55 04 03 13 0E 51 75 61 KW1.0...U....Qua
0130: 6C 69 74 79 6E 65 74 2E 6E 65 74 31 37 30 35 06 litynet.net1705.
0140: 03 55 04 0A 13 2E 51 75 61 6C 69 74 79 6E 65 74 .U....Qualitynet
0150: 20 47 65 6E 65 72 61 6C 20 54 72 61 64 69 6E 67 General Trading
0160: 20 61 6E 64 20 43 6F 6E 74 72 61 63 74 69 6E 67 and Contracting
0170: 20 43 6F 2E 31 0C 30 0A 06 03 55 04 0B 13 03 49 Co.1.0...U....I
0180: 53 50 31 0F 30 0D 06 03 55 04 07 13 06 4B 75 77 SP1.0...U....Kuw
0190: 61 69 74 31 0E 30 0C 06 03 55 04 08 13 05 53 61 ait1.0...U....Sa
01A0: 66 61 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D fat0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: B3 22 23 70 88 16 D8 60 DA A4 CF FF 87 57 54 69 ."#p...`.....WTi
01D0: 53 66 7F 92 A5 38 80 EB E4 AB 12 68 72 AF 91 28 Sf...8.....hr..(
01E0: 26 34 D6 E3 D4 F5 6C C2 69 A3 FF E6 DC 5F C9 A1 &4....l.i...._..
01F0: D9 57 22 45 DB 7F 48 6B 6A 10 8C 85 0D 73 C4 0D .W"E..Hkj....s..
0200: B8 18 5D 89 09 D6 D1 83 B6 1A CF 90 12 80 8B F0 ..].............
0210: 0D 9D CD CC C0 7A 92 86 22 AD A6 EC 4A 57 D5 A2 .....z.."...JW..
0220: 0C 27 C6 3D BC AC 34 6A 3F E6 EC 06 8C 59 8D 1A .'.=..4j?....Y..
0230: 5E 55 9C 28 9B D9 EA 33 B0 D2 82 3B C8 83 02 B5 ^U.(...3...;....
0240: 02 03 01 00 01 A3 25 30 23 30 13 06 03 55 1D 25 ......%0#0...U.%
0250: 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0C ..0...+.......0.
0260: 06 03 55 1D 13 01 01 FF 04 02 30 00 30 0D 06 09 ..U.......0.0...
0270: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 01 *.H.............
0280: 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE 0D &....ih1.Dl.$^..
0290: AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 74 ..'....P."..).0t
02A0: 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 63 8..$5....P..^..c
02B0: B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 F0 ...[..y(+.SJ].0.
02C0: 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 DC rS]=.1u.o...A...
02D0: 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 E6 ,d..ey..M.s.a>..
02E0: 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 56 N *.h...wR...N.V
02F0: 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D 00 ...._. .........
0300: 03 17 30 82 03 13 30 82 02 7C A0 03 02 01 02 02 ..0...0.........
0310: 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
0320: 00 30 81 C4 31 0B 30 09 06 03 55 04 06 13 02 5A .0..1.0...U....Z
0330: 41 31 15 30 13 06 03 55 04 08 13 0C 57 65 73 74 A1.0...U....West
0340: 65 72 6E 20 43 61 70 65 31 12 30 10 06 03 55 04 ern Cape1.0...U.
0350: 07 13 09 43 61 70 65 20 54 6F 77 6E 31 1D 30 1B ...Cape Town1.0.
0360: 06 03 55 04 0A 13 14 54 68 61 77 74 65 20 43 6F ..U....Thawte Co
0370: 6E 73 75 6C 74 69 6E 67 20 63 63 31 28 30 26 06 nsulting cc1(0&.
0380: 03 55 04 0B 13 1F 43 65 72 74 69 66 69 63 61 74 .U....Certificat
0390: 69 6F 6E 20 53 65 72 76 69 63 65 73 20 44 69 76 ion Services Div
03A0: 69 73 69 6F 6E 31 19 30 17 06 03 55 04 03 13 10 ision1.0...U....
03B0: 54 68 61 77 74 65 20 53 65 72 76 65 72 20 43 41 Thawte Server CA
03C0: 31 26 30 24 06 09 2A 86 48 86 F7 0D 01 09 01 16 1&0$..*.H.......
03D0: 17 73 65 72 76 65 72 2D 63 65 72 74 73 40 74 68 .server-certs@th
03E0: 61 77 74 65 2E 63 6F 6D 30 1E 17 0D 39 36 30 38 awte.com0...9608
03F0: 30 31 30 30 30 30 30 30 5A 17 0D 32 30 31 32 33 01000000Z..20123
0400: 31 32 33 35 39 35 39 5A 30 81 C4 31 0B 30 09 06 1235959Z0..1.0..
0410: 03 55 04 06 13 02 5A 41 31 15 30 13 06 03 55 04 .U....ZA1.0...U.
0420: 08 13 0C 57 65 73 74 65 72 6E 20 43 61 70 65 31 ...Western Cape1
0430: 12 30 10 06 03 55 04 07 13 09 43 61 70 65 20 54 .0...U....Cape T
0440: 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 14 54 68 own1.0...U....Th
0450: 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 6E 67 20 awte Consulting
0460: 63 63 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 cc1(0&..U....Cer
0470: 74 69 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 tification Servi
0480: 63 65 73 20 44 69 76 69 73 69 6F 6E 31 19 30 17 ces Division1.0.
0490: 06 03 55 04 03 13 10 54 68 61 77 74 65 20 53 65 ..U....Thawte Se
04A0: 72 76 65 72 20 43 41 31 26 30 24 06 09 2A 86 48 rver CA1&0$..*.H
04B0: 86 F7 0D 01 09 01 16 17 73 65 72 76 65 72 2D 63 ........server-c
04C0: 65 72 74 73 40 74 68 61 77 74 65 2E 63 6F 6D 30 [email protected]
04D0: 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 ..0...*.H.......
04E0: 00 03 81 8D 00 30 81 89 02 81 81 00 D3 A4 50 6E .....0........Pn
04F0: C8 FF 56 6B E6 CF 5D B6 EA 0C 68 75 47 A2 AA C2 ..Vk..]...huG...
0500: DA 84 25 FC A8 F4 47 51 DA 85 B5 20 74 94 86 1E ..%...GQ... t...
0510: 0F 75 C9 E9 08 61 F5 06 6D 30 6E 15 19 02 E9 52 .u...a..m0n....R
0520: C0 62 DB 4D 99 9E E2 6A 0C 44 38 CD FE BE E3 64 .b.M...j.D8....d
0530: 09 70 C5 FE B1 6B 29 B6 2F 49 C8 3B D4 27 04 25 .p...k)./I.;.'.%
0540: 10 97 2F E7 90 6D C0 28 42 99 D7 4C 43 DE C3 F5 ../..m.(B..LC...
0550: 21 6D 54 9F 5D C3 58 E1 C0 E4 D9 5B B0 B8 DC B4 !mT.].X....[....
0560: 7B DF 36 3A C2 B5 66 22 12 D6 87 0D 02 03 01 00 ..6:..f"........
0570: 01 A3 13 30 11 30 0F 06 03 55 1D 13 01 01 FF 04 ...0.0...U......
0580: 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D .0....0...*.H...
0590: 01 01 04 05 00 03 81 81 00 07 FA 4C 69 5C FB 95 ...........Li\..
05A0: CC 46 EE 85 83 4D 21 30 8E CA D9 A8 6F 49 1A E6 .F...M!0....oI..
05B0: DA 51 E3 60 70 6C 84 61 11 A1 1A C8 48 3E 59 43 .Q.`pl.a....H>YC
05C0: 7D 4F 95 3D A1 8B B7 0B 62 98 7A 75 8A DD 88 4E .O.=....b.zu...N
05D0: 4E 9E 40 DB A8 CC 32 74 B9 6F 0D C6 E3 B3 44 0B [email protected].
05E0: D9 8A 6F 9A 29 9B 99 18 28 3B D1 E3 40 28 9A 5A ..o.)...(;..@(.Z
05F0: 3C D5 B5 E7 20 1B 8B CA A4 AB 8D E9 51 D9 E2 4C <... .......Q..L
0600: 2C 59 A9 DA B9 B2 75 1B F6 42 F2 EF C7 F2 18 F9 ,Y....u..B......
0610: 89 BC A3 FF 8A 23 2E 70 47 .....#.pG
main, READ: SSL v3.0 Handshake, length = 210
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
[read] MD5 and SHA1 hashes: len = 210
0000: 0D 00 00 CE 02 01 02 00 C9 00 C7 30 81 C4 31 0B ...........0..1.
0010: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0020: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0030: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0040: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0050: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0060: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0070: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
0080: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
0090: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00A0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00B0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00C0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00D0: 6F 6D om
main, READ: SSL v3.0 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
main, SEND SSL v3.0 ALERT: warning, description = no_certificate
main, WRITE: SSL v3.0 Alert, length = 2
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.0
Random Secret: { 3, 0, 57, 228, 245, 13, 91, 181, 92, 129, 234, 123, 199, 2, 84, 156, 170, 175, 48, 221, 204, 142, 18, 177, 69, 95, 165, 11, 196, 105, 168, 66, 230, 117, 243, 61, 22, 60, 41, 203, 229, 232, 240, 78, 200, 114, 53, 56 }
[write] MD5 and SHA1 hashes: len = 132
0000: 10 00 00 80 78 F9 25 03 98 3E C5 F7 8D 63 17 F2 ....x.%..>...c..
0010: 5A 0F 3D 7C D1 DB 3C 88 69 A1 1F 0F A0 E0 54 AC Z.=...<.i.....T.
0020: 99 8D 4F EC C7 74 F2 BA 8E AD C3 A0 B4 91 E9 1C ..O..t..........
0030: 74 75 2F 89 26 7C 82 6A 70 1F 72 50 F0 07 41 38 tu/.&..jp.rP..A8
0040: 4B 5A 8A F2 DE 61 1A 9D 34 2A 1D 0C C1 9D EC CA KZ...a..4*......
0050: 27 D7 93 3E B1 17 4A 48 62 5E 47 DA 70 6B 10 A2 '..>..JHb^G.pk..
0060: 29 99 3D 17 93 0D B2 FB DF EB 5C 13 91 72 FB 6C ).=.......\..r.l
0070: AD 6D 4D 46 F7 B3 AB 02 76 61 F8 0E 03 7D 32 AF .mMF....va....2.
0080: 3A 53 64 B0 :Sd.
main, WRITE: SSL v3.0 Handshake, length = 132
SESSION KEYGEN:
PreMaster Secret:
0000: 03 00 39 E4 F5 0D 5B B5 5C 81 EA 7B C7 02 54 9C ..9...[.\.....T.
0010: AA AF 30 DD CC 8E 12 B1 45 5F A5 0B C4 69 A8 42 ..0.....E_...i.B
0020: E6 75 F3 3D 16 3C 29 CB E5 E8 F0 4E C8 72 35 38 .u.=.<)....N.r58
CONNECTION KEYGEN:
Client Nonce:
0000: 3B DB BB 5E FE 50 EC 70 2C B1 71 18 F0 11 13 7C ;..^.P.p,.q.....
0010: AA C1 9C F2 06 5E 6B 31 EC 12 D3 32 C4 24 3A 5B .....^k1...2.$:[
Server Nonce:
0000: 3D BD 78 BA 92 3C 4A DD FE DF E0 DA 56 40 D6 7F =.x..<J.....V@..
0010: 20 00 EB EE B5 D2 D4 DA 8D 26 C6 8E 6E AF 92 71 ........&..n..q
Master Secret:
0000: 85 D3 60 38 ED 28 6E 78 A3 1E 6D 6D AB 16 28 00 ..`8.(nx..mm..(.
0010: 43 13 02 A9 27 41 29 52 31 2E E8 4F AD C9 18 2B C...'A)R1..O...+
0020: 32 CE 4F 54 C5 82 24 4D E5 F2 6F 4D 28 E3 F6 BB 2.OT..$M..oM(...
Client MAC write Secret:
0000: CD A6 10 71 07 C6 D4 DE 67 17 3B E1 FD ED D3 1A ...q....g.;.....
0010: 1F C2 0A F0 ....
Server MAC write Secret:
0000: 4D 72 94 AD 25 0C 13 8A 8C 38 99 D7 A7 5C 9C EA Mr..%....8...\..
0010: BC 6D 05 D3 .m..
Client write key:
0000: AF 2E A1 B1 F5 65 C0 DC 06 A9 0B 2F 6D 50 9D AD .....e...../mP..
0010: 9C 54 81 C0 C2 CA 00 1F .T......
Server write key:
0000: C8 D1 05 53 51 AC 90 ED A4 E2 4B ED 9E 51 21 DC ...SQ.....K..Q!.
0010: B6 5C EC 2A AA F9 8F 78 .\.*...x
Client write IV:
0000: 2F 8F 34 8F 63 A6 35 28 /.4.c.5(
Server write IV:
0000: 8F FF D3 C1 AC 32 3D 96 .....2=.
main, WRITE: SSL v3.0 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
*** Finished, v3.0
MD5 Hash: { 210, 197, 57, 55, 38, 216, 173, 32, 214, 81, 225, 100, 54, 5, 93, 247 }
SHA1 Hash: { 183, 114, 192, 183, 141, 75, 236, 153, 35, 197, 117, 135, 145, 199, 218, 137, 187, 186, 216, 148 }
[write] MD5 and SHA1 hashes: len = 40
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 ........
Padded plaintext before ENCRYPTION: len = 64
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 D9 CB BD E2 60 63 C1 09 ............`c..
0030: 3D CD A5 EF 06 89 80 FA 47 D8 4A 9A 03 03 03 03 =.......G.J.....
main, WRITE: SSL v3.0 Handshake, length = 64
main, READ: SSL v3.0 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
the exception is java.net.SocketException: Socket is closed
java.net.SocketException: Socket is closed
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getInputStream(DashoA6275)
 at TestSocketClient.main(TestSocketClient.java:108)
Normal Termination
Output completed (9 sec consumed).
Hope somebody came across this situation....... waiting for your appreciate response.
thanks

Hi,
This might not solve all your problems, but it should allow you to load the certificates into a keystore programmatically in Java.
2. I got the two server certificates namely ca.pem and
client.pem. I feel these are server's public key and
CA key. Is it right?You should proabably find out what they are, and make sure they
are certificates.
How to create a keystore for adding these
certificates at client's machine using keytool. Here is how you can create a keystore (in memory) and load the
certificates (if that's what they are) into the keystore:
// assuming you are using X.509 certificates
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream certFile = new FileInputStream("pathToCert");
Certificate cert = cf.generateCertificate( certFile );
KeyStore trustedks = KeyStore.getInstance("JKS");
// this essentially initializes a keystor in memeory
trustedks.load(null,null);
// substitute "alias" with "server" and "ca" respectively for your case
// though I find it doesn't matter what their alias is.
trustedks.setCertificateEntry( "alias", certificate );
// continue as you did in your example and use this new trusted keystore
Cheers,
Jason

IMAPS handshake failure

I am trying to configure e-mail on NSD 7.0.3 appliance. Our mail server is Lotus Domino 9.0.1 and it supports imaps protocol. A mailbox has been created for NSD and I can successfully connect to it using Thunderbird. I can also connect by using "openssl s_client" from the command line of NSD appliance. But when I configure relevant fields in NSD:
Incoming server: ourserver.ourdomain.com
Protocol: IMAPS
Port: <blank>
Username: ServiceDesk
Password: <correct_password>
...and press Test, I receive an error message:
Error connecting to host: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
(I ran tcpdump on the appliance while pressing Test, and the dump output shows NSD server connecting to IMAP server on port 993, IMAP server sending back the certificate and then NSD server responding with "Handshake failure".
IMAP server admin has enabled the use of SSLv2 on server side, but that doesn't seem to change the situation.
Is there anything that we can do on NSD side to get this working? Obviously we could try using plain IMAP (port 143) with all the security impliactions, but we prefer the traffic to be encrypted.

vatson,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/

No Payload in the soap receiver call adapter ?

Hi Guys,
configured Proxy-SOAP Asynchronus process and in the sxmb_moni, i am unable to see the payload under call adapter in sxmb_moni, but i am able to see the payload under RWB in MDT. The message is checked successful in monitor.
I am not understanding why i am unable to see the payload under call adapter in sxmb_moni. I am not getting the data into my receiver system.
Do i need to mention the QOS as EO in the soap url in the soap receiver adapter configuration ?
any help would be really appreciated
Thanks,
srini

Hi,
You can only see the Payload(both with and without transformation) in MONI. message that is handling by adapter can only seen in Adapter Framework using RWB-Message Monitoring or using Communication Channel Monitoring.
Regards,
Farooq.

Rewards points if you find it usefull.

Error in the SOAP Receiver communication channel

Hi ,
My scenario is RFC - to -SOAP (synchronous ) i have specified the TARGET URL inthe SOAP receiver comminication chanel.. but while testing the interface by providing the test data from R/3 .. I'm not getting any Respose.. ..
If I check in the SXMB_MONI in i'm getting the following message .. but the URL whicjh i provided that is fine.. but my doubt is through XI may be it's not able to connect the Target System... .. so, please suggest me...
<SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Category>XIAdapterFramework</SAP:Category>
<SAP:Code area="MESSAGE">GENERAL</SAP:Code>
<SAP:P1 />
<SAP:P2 />
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: www.webservicex.net</SAP:AdditionalText>
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack />
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
regards
Jain

By default, the SOAP adapter sends the SOAP message with the content type text/xml.
When you check "Do not use SOAP envelope", the default contnet type is application/xml.
You can change the content type like this: Go to the SOAP receiver communication channel module tab. Add the module "localejbs/AF_Modules/MessageTransformBean" before the standard module. Add the parameter name Transform.ContentType and value text/xml.
Check out this
/people/varadharajan.krishnasamy/blog/2007/01/09/troubleshooting-soap-message--xi
One way of testing ur scenario
/people/michal.krawczyk2/blog/2005/08/25/xi-sending-a-message-without-the-use-of-an-adapter-not-possible
Also have a look here
SAP Note 856597
reward points if solution found helpfull
regards
chandrakanth

SOAP Receiver/Sender in IDOC- XI- SOAP receivers?

hi,
i have idoc-> xi-> soap receiver.
1. How can i get a response back from soap receiver?
2. in the above scenario is SOAP the receiver or agian the sender?
3. not sure how i can get a response back from the soap receiver?
any tips would be helpful.
thanks,
tirumal

Hi,
It should be

Under Target URL, enter the complete address (URL) of the Web service provider that you want to send the message to.
http://help.sap.com/saphelp_nw04/helpdata/en/29/5bd93f130f9215e10000000a155106/content.htm
What are you specifying?
Can you give the entry in Target URL...
Regards
Suraj
Message was edited by: S.R.Suraj

Error while signing in SOAP receiver channel

Hi,
I have a Source PI which is sending a XML message to a target PI through SOAP adapter. Its a secure commnication. I am using message level encryption and signing on the source receiver agreement and message level decryption and validation on target sender agreement. The message is failing in the SOAP receiver cahnnel on source PI with the below error message. Also, I am using a certificate which is signed by Verisign and its valid for two years. I have checked the validity, it has not expired yet.
It works fine if the certificate is signed by SAP(that is, test certificate which is valid for 8 weeks).
Error Message
Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: response message contains an error XIServer/UNKNOWN/ADAPTER.JAVA_EXCEPTION - com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte[], CPALookupObject ). Message: SecurityException in method: verify( Message, byte[], CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: [_policy0230] The part /soap:Envelope/soap:Body was required to be signed by the policy with the transformations [], but the signature was not accepted. (Info: number of valid signatures: 1, number of accepted signer certificates: 0.).. To-String: com.sap.security.core.policy.exceptions.VerifyException: [_policy0230] The part /soap:Envelope/soap:Body was required to be signed by the policy with the transformations [], but the signature was not accepted. (Info: number of valid signatures: 1, number of accepted signer certificates: 0.).; To-String: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: run(). Message: [_policy0230] The part /soap:Envelope/soap:Body was required to be signed by the policy with the transformations [], but the signature was not accepted. (Info: number of valid signatures: 1, number of accepted signer certificates: 0.).. To-String: com.sap.security.core.policy.exceptions.VerifyException: [_policy0230] The part /soap:Envelope/soap:Body was required to be signed by the policy with the transformations [], but the signature was not accepted. (Info: number of valid signatures: 1, number of accepted signer certificates: 0.).. To-String: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: verify( Message, byte[], CPALookupObject ). WSSEThread-Exception: SecurityException in method: run(). Message: [_policy0230] The part /soap:Envelope/soap:Body was required to be signed by the policy with the transformations [], but the signature was not accepted. (Info: number of valid signatures: 1, number of accepted signer certificates: 0.).. To-String: com.sap.security.core.policy.exceptions.VerifyException: [_policy0230] The part /soap:Envelope/soap:Body was required to be signed by the policy with the transformations [], but the signature was not accepted. (Info: number of valid signatures: 1, number of accepted signer certificates: 0.).; To-String: com.sap.aii.security.lib.exception.SecurityException: SecurityException in method: run(). Message: [_policy0230] The part /soap:Envelope/soap:Body was required to be signed by the policy with the transformations [], but the signature was not accepted. (Info: number of valid signatures: 1, number of accepted signer certificates: 0.).. To-String: com.sap.security.core.policy.exceptions.VerifyException: [_policy0230] The part /soap:Envelope/soap:Body was required to be signed by the policy with the transformations [], but the signature was not accepted. (Info: number of valid signatures: 1, number of accepted signer certificates: 0.). at com.sap.aii.adapter.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:996) at sun.reflect.GeneratedMethodAccessor546_10002.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sap.engine.services.ejb3.runtime.impl.RequestInvocationContext.proceedFinal(RequestInvocationContext.java:43) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:166) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_StatesTransition.invoke(Interceptors_StatesTransition.java:19) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Resource.invoke(Interceptors_Resource.java:71) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Transaction.doWorkWithAttribute(Interceptors_Transaction.java:38) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Transaction.invoke(Interceptors_Transaction.java:22) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:189) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_StatelessInstanceGetter.invoke(Interceptors_StatelessInstanceGetter.java:16) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_SecurityCheck.invoke(Interceptors_SecurityCheck.java:21) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_ExceptionTracer.invoke(Interceptors_ExceptionTracer.java:16) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.DefaultInvocationChainsManager.startChain(DefaultInvocationChainsManager.java:133) at com.sap.engine.services.ejb3.runtime.impl.DefaultEJBProxyInvocationHandler.invoke(DefaultEJBProxyInvocationHandler.java:164) at $Proxy2684_10002.process(Unknown Source) at com.sap.aii.af.app.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:275) at

Hi,
as per the error message is:
"... The part /soap:Envelope/soap:Body was required to be signed by the policy with the transformations [], but the signature was not accepted. (Info: number of valid signatures: 1, number of accepted signer certificates: 0.) ..."
I guess the cert. setup either on your side or the other system's side is not fully correct. Check whether all cert., priv keys and public keys are exchanged propperly and setup as trusted certs.
Regards,
Kai
Edited by: Kai Lerch-Baier on Jul 9, 2009 1:24 PM

Error in SOAP receiver channel in Synchronous Proxy to SOAP scenario

Hi all,
We are experiencing an issue with a synchronous Proxy to SOAP scenario. Getting below error message in the SOAP receiver communication channel for the response message.
SOAP: Response message contains an errorXIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 500 Internal Server Error
Returning to application. Exception: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error encountered while executing mapping: com.sap.aii.af.service.mapping.MappingException: com.sap.aii.utilxi.misc.api.ResourceException: Could not determine mapping steps for message 1364b76e-ecbf-11e4-85f4-000023acfde6.
We are running PI 7.4.
Any help is appreciated.
Thanks,
Pushpa

Hi,
Seems the Receiver Webservice is not reachable. Did you try to test it using SOAP UI tool.
1. Test a fresh message from local SOAP UI tool.
2. Pick 3rd party WSDL file and Import in SOAP UI tool.
3. Put some dummy data for mandatory fields
4. Trigger it msg and ckh if you get successful / response msg.
5. Check if firewall is open and that URL is not blocked.
Hope it helps
Regards,
Azhar

Erro SOAP Receiver: handshake failure

Similar Messages

Maybe you are looking for