Error with SSL Message

Hello Guys,
I am implementing solution where in I need to post http request to a secure server. I am using following mechanisam to talk to the ssl server. But when I run the program on my local machine I get following error. Can you guys please help me out since I have limited knowledge of security API and I need to get this done in very short time. Please help me understand necessary steps required to resolve this issue.
Thanks
Code
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
tunnelHost = "<my proxy server >";
tunnelPort = "<proxy server port>";
tunnel = new Socket(tunnelHost, tunnelPort);
doTunnelHandshake(tunnel, host, port ,username , password);
socket =(SSLSocket)factory.createSocket(tunnel, host, port, true);
socket.addHandshakeCompletedListener(
new HandshakeCompletedListener()
     public void handshakeCompleted(
     HandshakeCompletedEvent event)
          {"\t CipherSuite:" + event.getCipherSuite());
          System.out.println(
          "\t SessionId " + event.getSession());
          System.out.println(
          "\t PeerHost "+
          event.getSession().getPeerHost());
socket.startHandshake();
socket.close();
tunnel.close();
} catch (Exception e) {
     e.printStackTrace();
private void doTunnelHandshake(Socket tunnel, String host, int port , String username , String password)
throws IOException
OutputStream out = tunnel.getOutputStream();
String AuthString = new String("NORTHAMERICA\\"+username+ ":" + password );
byte [] AuthBytes = AuthString.getBytes();
char []AuthChar = Base64encode(AuthBytes);
String test = String.valueOf(AuthChar);
String ProxyAuthorization = new String("Proxy-Authorization: Basic " + test);
String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
+ "User-Agent: Java SSL Sample\n"
+ "Host: FSM Gateway\n"
+ "Proxy-Connection: Keep-Alive\n"
+ "Pragma: No-Cache\n"
+ ProxyAuthorization
+ "\r\n\r\n";
byte b[];
try {
b = msg.getBytes("ASCII7");
} catch (UnsupportedEncodingException ignored) {
* If ASCII7 isn't there, something serious is wrong, but
* Paranoia Is Good �
b = msg.getBytes();
out.write(b);
out.flush();
byte reply[] = new byte[200];
int replyLen = 0;
int newlinesSeen = 0;
boolean headerDone = false; /* Done on first newline */
InputStream in = tunnel.getInputStream();
boolean error = false;
while (newlinesSeen < 2) {
int i = in.read();
if (i < 0) {
throw new IOException("Unexpected EOF from proxy");
if (i == '\n') {
headerDone = true;
++newlinesSeen;
} else if (i != '\r') {
newlinesSeen = 0;
if (!headerDone && replyLen < reply.length) {
reply[replyLen++] = (byte) i;
* Converting the byte array to a string is slightly wasteful
* in the case where the connection was successful, but it's
* insignificant compared to the network overhead.
String replyStr;
try {
replyStr = new String(reply, 0, replyLen, "ASCII7");
} catch (UnsupportedEncodingException ignored) {
replyStr = new String(reply, 0, replyLen);
/* We asked for HTTP/1.0, so we should get that back */
if (!replyStr.startsWith("HTTP/1.0 200")) {
throw new IOException("Unable to tunnel through "
+ tunnelHost + ":" + tunnelPort
+ ". Proxy returns \"" + replyStr + "\"");
System.out.println("tunneling Handshake was successful!");
Exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at SSLSocketClient.doIt(SSLSocketClient.java:166)
at SSLSocketClient.main(SSLSocketClient.java:54)
Debug information is
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\j2re1.4.2_06\lib\security\cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 09:01:00 CDT 2000 until Sat May 17 18:59:00 CDT 2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 11:09:40 CDT 1999 until Sat May 25 11:39:40 CDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 13:46:00 CDT 2000 until Mon May 12 18:59:00 CDT 2025
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Net
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Net
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
init context
trigger seeding of SecureRandom
done seeding SecureRandom
tunneling Handshake was successful!
Socket is 15e83f9[SSL_NULL_WITH_NULL_NULL: Socket[addr=/10.0.1.38,port=80,localport=2133]]
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1115833203 bytes = { 119, 0, 234, 70, 240, 74, 55, 9, 64, 89, 133, 251, 64, 160, 105, 25, 113, 219, 252, 65, 240, 228, 184, 117, 235,
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_
Compression Methods:  { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source)
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at SSLSocketClient.doIt(SSLSocketClient.java:166)
at SSLSocketClient.main(SSLSocketClient.java:54)

No it is not correct.
The socket creation should be provided with the proper host and the port. the resource on the host is something you should ask your server (HTTP GET ... whatever).
The https://abc.com:443 is equal to https://abc.com as the default port for https is 443. the host variable should be "abc.com" and the port "443" and the rest negotiated in application level (HTTP GET /XYZ [is not the proper syntax]).
Further, with this description, the first url (https://server/resource:port) is not making any sense.
You problem in first place is probably the host and port parameters (specifically the port has been set to 80 which most likely is wrong) . you need to consider the other port regarding newline and CRs buildging the proxy authentication header, but you debug logs suggest that your test proxy server takes it.

Similar Messages

  • SOAP Receiver via https - Error:  Invalid SSL message, peer seems to be tal

    Hi,
    I have a SOAP Adapter that send a message to a HTTPS WebService.
    I'm having the following error:
    Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: Invalid SSL message, peer seems to be talking plain!: iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain!
    If I check the URL via Internet Explorer it showme a confirmation dialog with a security Alert, and ask me if I want to continue, then, I can reach the WS with any problem (from de IE).
    I checked the steps of this PDF:
    http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
    and all seems to be right.
    Any bode can help me with this problem?
    Thanks
    Martin

    Hello,
    finally you run your request from your ERP System about your ICF.
    To establish a SSL Connection to the Web Service target system about an SAP WebAS and ICF, it is necessary to create a certificate on client site about Internet explorer using target URL and importing it on STRUST. Take the junction "SSL-Client (Anonym)" to include your certificate for your system.
    Take a reboot of ICM Monitor.
    Then create a HTTP Connection to rhe external server via SM59 (Typ G).
    Don't forget to configure the following points:
    Under the menu tab Registration&Security:
    - Registration Process: No Registration
    - status of security protocols: activ and ANONYM SSL-Client (Anonym)
    In most cases, you don't need to edit your user data.
    Mostly only then one can usually connect about SAP XI or PI to some servers with SSL method.

  • Error "Invalid SSL message, peer seems to be talking plain" receiver SOAP

    Hello All,
    I have configured the AXIS as the receiver adapter, and sending an invoice over HTTPS protocol. The Call is a synchronous process where I get a response back from the service provider.
    Getting the error message as below, the authentication is a simple user ID and password authentication. The same URL works well in Test environment but having this problem on deploying to production.
    - <SAP:Error SOAP:mustUnderstand="1" xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
      <SAP:Category>XIAdapterFramework</SAP:Category>
      <SAP:Code area="MESSAGE">GENERAL</SAP:Code>
      <SAP:P1 />
      <SAP:P2 />
      <SAP:P3 />
      <SAP:P4 />
      <SAP:AdditionalText>com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain!</SAP:AdditionalText>
      <SAP:Stack />
      <SAP:Retry>M</SAP:Retry>
      </SAP:Error>
    Any suggestions where I should be checking the configuration.
    Prashanth

    Hi Glenn,
    My scenario is a File-to-SOAP scenario, the receiver communication channel is an synchronous external webservice call over SOAP adapter.
    Screen shots of the communication channel config are as below
    [CC Parameters|http://yfrog.com/h0bx67j]
    [CC Modules|http://yfrog.com/h025s5j]
    --Prashanth

  • Conntrans error with SENDING messages

    Hello everybody.
    Still using a CRM 4.0 SR01 SP08 build, this time I am facing a Conntrans error : sending messages keep failing, while the reception process is OK.
    If I select "SEND & RECEIVE", the SEND status becomes orange, RECEIVE is blue (OK) and I get in the summary the error related to the failure. Synchronizing another time gives the same result. When I close Conntrans, I get a "GUI MFC Error" crash popup.
    If I select "SEND only", the SEND status stays gray and I get the error related to the failure. When synchronizing again, I get a "GUI MFC Error" crash popup while in the background the SEND status becomes orange, with the error related in the summary.
    What we have tried so far is :
    - deleting the 1st message from outbound queue (table = MW_Q_OUT, where MSG_ORDER = 1 ), gave no result
    - testing connections to Comm Station : connection is OK
    - launching the Check Environment from the Client Console : it reports that ADO version seems to be less than 2.5, and the registry setup is not complete (it misses HKLMsoftwaresapmtsoptions) but as all was working before, I don't think it is very important.
    Here follow the data from the logs :
    c:TempDotNetQmtClient.log
    22/02/2007 09:48:50 : PushFirstTime ('CRM_SITE_000000000000503', '', '0', 3)
    22/02/2007 09:48:50 : GetMessageCountToSend : Found 50 message to send.
    22/02/2007 09:48:50 : Updating pending confirmation table for queue CRM_SITE_000000000000503
    22/02/2007 09:48:50 : TransferPushMessages (2, 20)
    22/02/2007 09:48:50 : Total messages read from the out queue : 20
    22/02/2007 09:48:50 : Sending data to the server without compression.
    22/02/2007 09:48:50 : Sending messages to server :  Single_Send
    Error In TransferPushMessage() : Type is not resolved for member System.Data.SerializationFormat, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089.
    22/02/2007 09:48:57 : PullFirstTime (CRM_SITE_000000000000503, )
    22/02/2007 09:48:57 : ConfirmMessageRecvd ()
    22/02/2007 09:48:57 : LastReceived MsgOrder = 0
    22/02/2007 09:48:57 : TransferPullMessage (20, 0)
    22/02/2007 09:48:57 : PullMessage LastTID : 0AF90185-0998-0059-45DC4AA3
    22/02/2007 09:48:57 : Next Pull: msg_count = <20> msg_size = <0>
    22/02/2007 09:48:57 : TransferPullMessage : ActualPullMsg = <0> ActualSizeRcvd = <0>  MsgOnServer = <0>
    22/02/2007 09:48:57 : Calling Confirm Messages after Recv end !!
    22/02/2007 09:48:57 : Confirming unprocessed messages to server
    22/02/2007 09:48:57 : ConfirmMessageRecvd ()
    22/02/2007 09:48:57 : LastReceived MsgOrder = 0
    22/02/2007 09:48:57 : GetReceiveStatistics (...)
    22/02/2007 09:48:57 : GetSendStatistics (...)
    22/02/2007 09:48:57 : Finish (0, 0, 296, 62, 0)
    22/02/2007 09:48:57 : Finally ()
    C:Documents and Settings feugierLocal SettingsTempTransferService.log
    868        828                               ! Entering PreConnect
    868        828                               ! Entering BeforeTransfer
    868        828      Thu Feb 22 09:48:50 2007 ! Initialization for Site 'AE08F6F235D1C84BA36C73DE2CA25F54' succeeded, Server version info: - unknown -
    868        828                               ! Leaving BeforeTransfer with 'OK'
    868        828                               ! Entering Transfer
    868        828                               ! Entering PushTransfer
    868        828                               ! Entering 'PushMessages' for queue 'CRM_SITE_000000000000503' / limit 20 messages
    868        828                               ! First time: Messages found to send in Outbound Queue: 50 (125 msecs)
    868        828      Thu Feb 22 09:48:57 2007 E
      ERROR in TransferService - Send: 'Send' call to Communication Station/CRM Server
    failed with fffffffb:
    (null)
    868        828                               E
      NO ERROR POPUP DISPLAYED !!!
    868        828                               E
      _TransferPushMessages failed with fffffffb
    868        828                               E
      Process modules loaded:
    108 modules found in process:
    Location  Module name                                                                                File version     Prog.version   File size  File date/time
    00400000  C:Program FilesSAPMobilebinConnTrans.exe                                                                                1,210,863,0      1,210,863,0      376895  17.11.2004  18:07
    011a0000  C:Program FilesCommon FilesSystemadomsado15.dll                                                                                2.80.1022.0 (srv03_rtm.030324-2048)      2.80.1022.0      565248  25. 3.2003  12:00
    01230000  C:Program FilesCommon FilesSystemOle DBMSDASQLR.DLL                                                                                2.80.1022.0 (srv03_rtm.030324-2048)      2.80.1022.0       16384  25. 3.2003  12:00
    01ed0000  C:Program FilesCommon FilesSystemOle DBoledb32.dll                                                                                2.80.1022.0 (srv03_rtm.030324-2048)      2.80.1022.0      512000  25. 3.2003  12:00
    01f50000  C:Program FilesCommon FilesSystemOle DBOLEDB32R.DLL                                                                                2.80.1022.0 (srv03_rtm.030324-2048)      2.80.1022.0       69632  25. 3.2003  12:00
    01f70000  C:Program FilesCommon FilesSystemOle DBmsdasql.dll                    
    {...}  follow the list of what I think to be all the stuff loaded at that moment...
    If anyone has a clue, a hint, a solution...
    Thanks and Regards,
    François

    If you require Framework 2.0, upgrade to SP07. In this support package conntrans becomes compatible with 2.0.
    EDIT: Sorry you are using 4.0, I meant SP07 for 5.0
    Message was edited by:
            João Sousa

  • SAPGui 720 and RRMX - RFC Error with a Message server

    I am testing SAPGui 7.20 before installing it on all workstations. I found an error RFC_ERROR_COMMUNICATION in the following situation.
    Client side:
    WIndows XP SP3
    Office 2003
    SAPGui 720 + patch 2 (gui720_2-10007878.exe)
    BI 7.0 ADDON FOR SAP GUI 7.20 (bi720sp02_200-20006596.exe)
    BW 3.5 ADDON FOR SAP GUI 7.20 (bw350gui720_2-20006857.exe)
    Server side:
    Installed the following notes: 1471630, 1499568, 1477686, 1473879
    I connect to P1B (Production systrem) with my login/password. Then I launch RRMX and the following error appears:
    RFC_ERROR_COMMUNICATION
    SAP_CMINIT3 : rc=20 > Connect to SAP gateway failed
    Connect_PM GWHOST=tosatti, GWSERV=sapgw50, SYSNR=50
    LOCATION CPIC (TCP/IP) on local host
    ERROR hostname 'tosatti' unknown
    TIME Fri Sep 10 10:37:09 2010
    RELEASE 720
    COMPONENT NI (network interface)
    VERSION 40
    RC -2
    MODULE nixxhl.cpp
    LINE 183
    DETAIL NiHLGetNodeAddr: hostname cached as unknown
    COUNTER 2
    This error happens only on Production system. On Development and Quality systems it is ok. The difference between these systems is that Production has a message server (po1bwsc.sapmi.telecomitalia.local) and a Group server defined
    (PROD_P1B that leads to 4 application servers).
    If I force the application server to logon to po1bwsc.sapmi.telecomitalia.local everything works well, but using the
    group server I get the error above.
    Furthermore I found out that:
    if I add the IP address of the GWHOST (tosatti in this case, but I have also donald and alexey) in c:\windows\system32\drivers\etc\hosts file, everything works fine.
    Please notice that with SAPGui 640 there is not this problem, even without adding the above IP addresses to etc\hosts file.
    How can I avoid this problem?
    Thanks
    Roberto Pezzano

    What parameter did yiou have to change for this?
    We are experiencing same issue.
    Thanks in advance!

  • Why generic error with SSL?

    in mail.log I read much lines like:
    date hour server postfix/tlsmgr[XXXXX]: warning: encryption keys etc. may be predictable
    date hour server postfix/tlsmgr[XXXXX]: warning: no entropy source specified with parameter
    It's a real warning? If yes can be solved?

    Yes I know the limits of CACert, this require to gave at every client the .cer file before connect to mail server. But if no one never start the politics of cacert... Thanks for info confirmation.
    Use, not Require: yes I have understand this thing and from initial configuration I have always set Use.
    But, from this, I'm more surprised of the false warn
    warning: encryption keys etc. may be predictable
    warning: no entropy source specified with parameter
    I desume that this warning message must be considered as normal?

  • Error with No Message on Button Click Event

    Hi,
    I am getting a framework error on button click event.
    I have a page in which shuttle component is there,on click of the commit button the page traversed to main jsp page there i am getting error like ERROR and only '-'.
    In application module java file i have written the code for the shuttle component which creates the new row and set the values.

    Hi Frank. Thanks for the answer. Kindly check the code for shuttle component below. This is written in the Application Module (..ServicesImpl.java)
    public void multipleShuttle(List productIds,String reqRefNumber,Date orderDate,String hoSectionCd)
    System.out.println("Its entering into the test method");
    System.out.println("Inside updateSkillsForCurrentStaff method");
    System.out.println("reqRefNumber:"+reqRefNumber);
    System.out.println("orderDate:"+orderDate);
    System.out.println("hoSectionCd:"+hoSectionCd);
    if (productIds != null && productIds.size() > 0)
    List<Number> copyOfProductIds = (List<Number>)Utils.cloneList(productIds);
    //List copyOfProductIdsNames=Utils.cloneList(productIds);
    System.out.println("list values "+copyOfProductIds);;
    //System.out.println("list values "+copyOfProductIdsNames);;
    ViewObject skills = getMsMsOrderHdrUO2();
    RowSetIterator rsi = skills.createRowSetIterator(null);
    // remove any rows for the current user that aren't in the list of product keys
    while (rsi.hasNext())
    Row r = rsi.next();
    Number productId = (Number)r.getAttribute("MsDepotCd");
    System.out.println("depot from row setter "+productId);
    // if the existing row is in the list, we're ok, so remove from list.
    if (copyOfProductIds.contains(productId))
    copyOfProductIds.remove(productId);
    // if the existing row is in not list, remove it.
    else {
    r.remove();
    rsi.closeRowSetIterator();
    // at this point, we need to add new rows for the keys that are left
    for (Number productIdToAdd: copyOfProductIds)
    Row newRow = skills.createRow();
    skills.insertRow(newRow);
    try
    System.out.println("productIdToAdd"+productIdToAdd);
    System.out.println("inside attributes setter try method");
    //AS PER THE NEW REQUIREMENT ORDER STAUTS WIL BE 'DRAFT' AND ON APPROVAL BY JGM THEN IT WILL BE 'APPROVED'
    newRow.setAttribute("OrderStatus","DRAFT");
    System.out.println("Depot Code set is"+newRow.getAttribute("DepotCd"));
    if(productIdToAdd.equals("0"))
    System.out.println("inside the HO method to set section");
    newRow.setAttribute("HoSections",hoSectionCd);
    System.out.println("After setting the values");
    catch(Exception e)
    System.out.println("Exception Caught"+e);
    getDBTransaction().commit();
    orderDetailInsertProcedure(reqRefNumber);
    }

  • TIME_OUT error with /sapapo/rtsinput_cube

    We are in the process of cutting over to a new
    planning area ZPA2 with data from a backup InfoCube
    (ZIC21), and the /sapapo/rtsinput_cube program
    is failing with a TIME_OUT error.
    The overall job finishes with a success message,
    although data is only partially loaded in to the
    planning area. When you look at the spool, the first
    steps are green, then the job times out for the
    subsequent steps.
    We ran this first with 3 key figures being loaded
    from cube to planning area for approx 1/5 of 464000
    CVCs for 5 years in monthly buckets only.
    This errored with SAPSQL_INVALID_FIELDNAME message as
    well as the TIME_OUT error message, and data was
    loaded partially in the ZPA2 planning area (only 2
    months).
    We then reduced the time horizon from 5 years of
    months to be only 1 year in months.
    This errored with the TIME_OUT error message. Again,
    data was partially loaded in to the planning area
    (about 7 of the 12 months was loaded).
    The prime issue is with the constant time out.
    Has anyone any idea how to solve this problem ?

    not sure what version you are using but if you are on the latesr versions, its a good idea to use parallel processing - you can find it on the additonal settings tab
    you can also set it to copy only the specified period (previously it copied the whole bucket in the planning area to cover the time period)
    if you are in versions that dont support this - then you can create parallel jobs that get triggered by an event or use a process chain and run this in parallel. As long as you dont overlap the periods it should be fine
    you should also ask your basis team to check the time out set up for the application and get it extended (you can see this in rz11 i think and choosing the correct parameter - would leave it to the basis folks to help in this) Alternately check your processing power and see if you can get it increased

  • Weblogic app server wsdl web service call with SSL Validation error = 16

    Weblogic app server wsdl web service call with SSL Validation error = 16
    I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
    Cannot complete the certificate chain: No trusted cert found
    Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
    Validation error = 16
    From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
    Here is how I load trustStore and keyStore in my java program:
         System.setProperty("javax.net.ssl.trustStore",”cacerts”);
         System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
         System.setProperty("javax.net.ssl.trustStoreType","JKS");
    System.setProperty("javax.net.ssl.keyStoreType","JKS");
    System.setProperty("javax.net.ssl.keyStore", keyStoreName);
         System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd);      System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
    Here is how I create cacerts using verisign hierarchy certs (in this order)
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
    1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
    Because my program is a weblogic app server, when I start the program, I have java command line options set as:
    -Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
    -Dweblogic.security.SSL.ignoreHostnameVerification=true
    -Dweblogic.security.SSL.enforceConstraints=strong
    That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
    In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
    I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
    1.     Do I create “cacerts” the correct order with right keeltool options?
    2.     Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
    3.     Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
    4.     Do I need to put the “cacerts” to some specific weblogic directory?
    ---------------------------------wsdl file
    <wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
         <wsp:Policy wsu:Id="TokenServices_policy">
              <wsp:ExactlyOne>
                   <wsp:All>
                        <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                             <wsp:Policy>
                                  <sp:TransportToken>
                                       <wsp:Policy>
                                            <sp:HttpsToken RequireClientCertificate="true"/>
                                       </wsp:Policy>
                                  </sp:TransportToken>
                                  <sp:AlgorithmSuite>
                                       <wsp:Policy>
                                            <sp:Basic256/>
                                       </wsp:Policy>
                                  </sp:AlgorithmSuite>
                                  <sp:Layout>
                                       <wsp:Policy>
                                            <sp:Strict/>
                                       </wsp:Policy>
                                  </sp:Layout>
                             </wsp:Policy>
                        </sp:TransportBinding>
                        <wsaw:UsingAddressing/>
                   </wsp:All>
              </wsp:ExactlyOne>
         </wsp:Policy>
         <wsdl:types>
              <xsd:schema targetNamespace="http://tempuri.org/Imports">
                   <xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
                   <xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
              </xsd:schema>
         </wsdl:types>
         <wsdl:message name="ITokenServices_GetUserToken_InputMessage">
              <wsdl:part name="parameters" element="tns:GetUserToken"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
              <wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
              <wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
         </wsdl:message>
         <wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
              <wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
         </wsdl:message>
         <wsdl:portType name="ITokenServices">
              <wsdl:operation name="GetUserToken">
                   <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
                   <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
              </wsdl:operation>
              <wsdl:operation name="GetSSOUserToken">
                   <wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
                   <wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
              </wsdl:operation>
         </wsdl:portType>
         <wsdl:binding name="TokenServices" type="tns:ITokenServices">
              <wsp:PolicyReference URI="#TokenServices_policy"/>
              <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
              <wsdl:operation name="GetUserToken">
                   <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
                   <wsdl:input>
                        <soap12:body use="literal"/>
                   </wsdl:input>
                   <wsdl:output>
                        <soap12:body use="literal"/>
                   </wsdl:output>
              </wsdl:operation>
              <wsdl:operation name="GetSSOUserToken">
                   <soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
                   <wsdl:input>
                        <soap12:body use="literal"/>
                   </wsdl:input>
                   <wsdl:output>
                        <soap12:body use="literal"/>
                   </wsdl:output>
              </wsdl:operation>
         </wsdl:binding>
         <wsdl:service name="TokenServices">
              <wsdl:port name="TokenServices" binding="tns:TokenServices">
                   <soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
                   <wsa10:EndpointReference>
                        <wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
                   </wsa10:EndpointReference>
              </wsdl:port>
         </wsdl:service>
    </wsdl:definitions>
    ----------------------------------application log
    adding as trusted cert:
    Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
    Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
    adding as trusted cert:
    Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
    Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
    adding as trusted cert:
    Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
    Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
    <Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
         at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
         at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
         at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
         at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
         at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
         at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
         at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
         at javax.xml.ws.Service.<init>(Service.java:56)
         at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
         at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
         at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
         at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
         at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
    Not Valid Before:Tue Dec 18 19:00:00 EST 2012
    Not Valid After:Wed Jan 07 18:59:59 EST 2015
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
    Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
    Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
    Not Valid Before:Sun Feb 07 19:00:00 EST 2010
    Not Valid After:Fri Feb 07 18:59:59 EST 2020
    Signature Algorithm:SHA1withRSA
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    <Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
         at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
         at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
         at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
         at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
         at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
         at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
         at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
         at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
         at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
         at javax.xml.ws.Service.<init>(Service.java:56)
         at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
         at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
         at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
         at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
         at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
         at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
    <Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>

    I received a workaround by an internal message.
    The how to guide is :
    -Download the wsdl file (with bindings, not the one from ESR)
    -Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
    -Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
    -Create a new logicial destination that point to the wsdl file modified
    -Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
    Then the received data is check by the metadata logical destination but the data is retrieved from the correct server.

  • Error in scenario "FILE to HTTP(with SSL)" - HTTP client code 110 reason.

    Hi friends,
    Our scenario is as follows:
    We are trying to send XML file from our SAP-XI to external tool "COMMunix XC" (a multi-protocol EDI platform tool).
    We have configured " FILE TO HTTP(with SSL)" scenario (trying to connect HTTPS/port)
    1. We have created RFC destination of type G and refered the same RFC in Communication channel (Adapter type: HTTP)
    2. We have send the SSL Server certificate to other party and ensure that they have imported at thier end.
    3. We have included the certificates from other party in our SAP XI STRUST under SSL Client (Standard) node.
    4. We have tried " CONNECTION TEST " in the RFC destination created in type G (in STEP 1) and it shows the GREEN TICK at bottom, no other message nor any error message
    When we trigger the communication we recieve the error: HTTP client code 110 reason in SXMB_MONI.
    Please let us know if we have missed out some step.
    What does error message indicate,
    Regards,
    Rehan

    Hi Rehan,
    I see that the PROCTIMEOUT was already at a very high value.
    Does this occur for messages of a particularly large size?  If yes, you could increase the parameter
       icm/HTTP/max_request_size_KB = 2097152
    This would need to be done in the sender/receiver system as well as XI.
    Otherwise you could try reproducing the issue and checking the dev_icm log in the work directory, or go to SMICM -> Goto -> Display trace file
    check for errors like NIECONN_REFUSED or "no service for protocol HTTPS" which can often be related to this type of issue.
    Kind regards,
    Sarah

  • Have a  problem with Lightroom 5.4.  Since the program crashed yesterday it won't launch, it comes up with the message "Lightroom encountered an error when reading its preview cache and needs to quit".  "  Lightroom will attempt to fix this problem net ti

    Have a  problem with Lightroom 5.4.  Since the program crashed yesterday it won't launch, it comes up with the message "Lightroom encountered an error when reading its preview cache and needs to quit".  "  Lightroom will attempt to fix this problem next time it launches".  Except that it doesn't, I keep getting the same message and the program closes.  Does anyone know what I  can do to repair it?  Can't back up, can't do anything.

    There are dozens of threads in this forum that describe the fix

  • I'm having problems with a message that says: An error occurred while Attempting to create the directory: C:/program files/itunes/cd configuarion

    I know this is a long story, but I'll be damned if I'm not going to get the most specific help I can (as Apple seems to specialize in assuming user error for all its demonic software). I've never had issues with iTunes before (barring a "Connect to iTunes" snafu with my iPod Touch) -- and never, in fact, with Windows Vista, if you believe that -- but this is the most bizarre thing I've seen.
    I recently downloaded the new iTunes v 9.0.3 as I am occasionally prompted to do whenever a new version comes out, and immediately I had problems. Access to the iTunes and Quicktime folders was mysteriously denied after the update, and after several hours of frustration, I was able to grant my own Administrative access to these two folders and installation went through. Thank God.
    Then I bought some music. No problems -- downloaded just fine, along with a copy of Cinderella Man and the new episode of Smallville. Life was good for a few days.
    Then I connected my iPod Touch to the computer. All of a sudden, Microsoft Windows informs me that the "Apple Mobile Device Service stopped working and was closed," with subtext, "A problem caused the application to stop working correctly. Windows will notify you if a solution is available."
    Bullsh*t Windows can help me with anything from Apple.
    So I've tried to get iTunes to work with me on this. I've come up against the infamous "iTunes could not connect to this iPhone because an unknown error occurred (OxE8000001)" message. My God, when does it ever end?
    So I go into Control Panel > Administrative Tools > Services > Apple Mobile Device and start it back up... only to watch it stop again inexplicably moments later. Hmm... Restart. Stays on. Unplug the iPod and plug it back in. Apple Mobile Device Service stops again. Maybe it's the iPod Service itself. Hey, that one's not started! [Start] "Windows could not start the iPod Service service on Local Computer -- Error 5: Access is denied."
    What the f*ck is it with this "Access denied" crap? I've never been denied access to even the most intimate functions, files and folders on my freaking computer before! What has Apple created!?
    I thought, perhaps Apple Mobile Device software was somehow removed. Okay, let's redownload iTunes (aka Repair the program from the Programs and Features menu in the Control Panel -- same thing). Huh. "An error occurred while attempting to create directory C:\Program Files\iTunes\CD Configuration," and I can choose to Retry or Cancel. So, instinctively, I deleted the CD Configuration folder, assuming iTunes Setup would just recreate it.
    Well, that didn't work now, did it? I deleted it and hit Retry, and it said, "The installer has insufficient priveleges to access the directory: C:\Program Files\iTunes\CD Configuration. Log on as administrator or contact your system administrator." Running the .exe file as an adminstrator changes NOTHING about this predicament.
    So that's where it stands. No CD Configuration folder; full access to all files and folders involved; Apple Mobile Device Service still keeps going off for no reason; iPod Service still doesn't run; Repairing/Reinstalling iTunes, Quicktime, Bonjour, etc. does nothing; and God (aka Steve Jobs, apparently) hates me.
    . . . . . . . . . . . . Help me.

    Hi there,
    I would recommend taking a look at the troubleshooting steps found in the article below.
    Trouble installing iTunes or QuickTime for Windows
    http://support.apple.com/kb/ht1926
    -Griff W.

  • My iPod doesn't sync it keeps coming up with the message "The iPod 'iPod Nano' cannot be synced. An unknown error occurred (13019)." What does this mean and how can I fix it.

    My iPod doesn't sync it keeps coming up with the message "The iPod 'iPod Nano' cannot be synced. An unknown error occurred (13019)." What does this mean and how can I fix it?

    I am getting the same error message. Have you figured it out?

  • "Serious Error has Occurred" message with Windows 7

    Just upgraded to Windows 7 64-bit and when trying to open a CS4 project I'd been working on in XP 32-bit I get an error message saying:
    Adobe Premiere Pro
         Sorry, a serious error has occurred that requires Adobe Premiere Pro to shut down.  We will
    attempt to save your current project.
    The error occurs over and over until the entire page is filled with this message.
    I just installed Production Premium CS4 and did the updates.  I can start a new project without a problem.

    Was able to get it to open by starting a new project and importing it, but I can't get it to save.  When I go to save, the Save Project box opens up, but the bar never fills at all, it just freezes up.
    I realize Windows 7 is new and most people haven't had a lot of experience with it yet, but was just wondering if anyone else had come across this problem.
    Thanks.

  • I have received an error message when trying to install 13 new apps for Creative Cloud. It reads: "Error There was an error with this action. Try again later.  7b1f5f56-79b3-4a0d-8fd2-137b1a3e6b67" I don't know what to do.

    I have received an error message when trying to install 13 new apps for Creative Cloud. It reads: "Error There was an error with this action. Try again later.  7b1f5f56-79b3-4a0d-8fd2-137b1a3e6b67" I don't know what to do.

    AppTrial1 where are you seeing this error exactly?  For information on how to install the Adobe Creative applications included with the Creative Cloud please see Install and update apps - https://helpx.adobe.com/creative-cloud/help/install-apps.html.

Maybe you are looking for

  • Can't manually add songs/video

    So I've read the help file, which says to go to the "Summary" tab and select "Manually manage music and video" or something like that. The only problem is, no such button or checkbox or anything exists on the Summary tab, or anywhere else that I've b

  • EMac monitor problem: bad caps or rastor shift or... ?

    Something is wrong with my brother's eMac. About three years or so ago he had the bad caps (leaky capacitators) problem, and sent it off to Apple and got it repaired. But that wasn't the end of it. About a year ago the problem returned, though not in

  • SAP Script - Editor Window

    Hi, I am working on SAP SCRIPTS and the Editor Window has a maximum of 72 characters per line. I want to use BOX command 'BOX YPOS '1.75' CM HEIGHT '0.30' IN WIDTH '8.26' IN FRAME 10 TW INTENSITY 15' and I am unable to write this in 1 command line. H

  • I cant remove the pictures ive taken from my phone to my computer

    im using a iphone 4 on ios 5.0.1. and i cant remove the pictures ive taken from my phone to my computer on my mac or pc. it wont let me access them. i here theres a way on mac to auto sync the them with icloud and photo stream. and to make it clear i

  • Tables that provide information on infoproviders

    HI , I need a table in BW/BI system which must have details of the infoproviders 1) How often they are loaded ? 2)  whether been used in reports? It is OK if the information is spread across multiple tables Thanks