HTTPS Client not sending the certificate chain
Hi,
I have HTTPS java programme with client authendication.
When the server request for the certificate from the client, the client is not sending the certificate chain, the server says Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
In the client I an setting the keystore properties properly
Below is the ssl trace from the server and the client.
The trace clearly says that the client has loded its certificate from the key store.
One thing I noticed is the validity period of the client certificate is different in client and the server.
I am not sure why it is different. I followed the steps properly to create the certificate.
Can anyone help me to resolve this
==========================Server Trace==========================
SecureServer version 1.0
found key for : server
chain [0] = [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
trustStore is: d:\babu\ssltest\sscerts\jsseclient1
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V1
Subject: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@166
Validity: [From: Sun Jun 07 04:00:00 GMT+04:00 1998,
To: Tue Jun 07 03:59:59 GMT+04:00 2011]
Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
SerialNumber: [ 32f057e7 153096f5 1fb86e5b 5a49104b]
Algorithm: [SHA1withRSA]
Signature:
0000: A6 96 37 75 1C FD 95 95 40 E0 C9 53 25 8D E7 12 [email protected]%...
0010: AC 44 51 10 AC F2 BA 98 4D 72 EF 0B 75 2D 51 19 .DQ.....Mr..u-Q.
0020: 11 C9 47 E2 2F 96 67 61 0F 36 1D CA E7 C7 23 48 ..G./.ga.6....#H
0030: 46 97 63 C4 32 AE FF 7B 5A 65 64 50 CA 67 F7 14 F.c.2...ZedP.g..
adding as trusted cert: [
Version: V3
Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
Validity: [From: Mon Oct 09 04:00:00 GMT+04:00 2006,
To: Tue Oct 24 03:59:59 GMT+04:00 2006]
Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
SerialNumber: [ 5f2e369d 92ccf119 5d9a0371 c2f19ba4]
Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
[2]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
0030: 76 65 72 2E 63 72 6C ver.crl
[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 56 30 15 16 0E 56 65 72 69 53 69 67 6E 2C 20 0V0...VeriSign,
0010: 49 6E 63 2E 30 03 02 01 01 1A 3D 56 65 72 69 53 Inc.0.....=VeriS
0020: 69 67 6E 27 73 20 43 50 53 20 69 6E 63 6F 72 70 ign's CPS incorp
0030: 2E 20 62 79 20 72 65 66 65 72 65 6E 63 65 20 6C . by reference l
0040: 69 61 62 2E 20 6C 74 64 2E 20 28 63 29 39 37 20 iab. ltd. (c)97
0050: 56 65 72 69 53 69 67 6E VeriSign
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 risign.com/CPS
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 9D FC BF B3 A3 5D 94 B8 44 32 23 A5 B4 C2 BD 01 .....]..D2#.....
0010: 90 54 CE 0F 23 1A 08 9D F3 E2 55 9A 4B C9 FE 3E .T..#.....U.K..>
0020: F8 AD 45 DF 84 53 52 87 00 FA 66 2D 35 3F 48 53 ..E..SR...f-5?HS
0030: 4A D5 77 0F FB E4 20 1B E5 4F 19 60 F9 EC 79 FF J.w... ..O.`..y.
trigger seeding of SecureRandom
done seeding SecureRandom
SecureServer is listening on port 443.
matching alias: server
Accepted connection to ebms.uae.ebg.com (172.16.178.62) on port 3379.
----------1-1-1-----
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 74
0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
0020: 12 00 00 03 02 00 80 00 00 11 45 29 F4 B8 D5 0B ..........E)....
0030: F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 ..R...P..I.PF.-.
0040: 29 47 67 95 15 48 97 75 97 2C )Gg..H.u.,
Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
*** ClientHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
<OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 912
0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
0040: F4 5B 62 D2 8B A1 D6 00 04 00 0B 00 02 18 00 02 .[b.............
0050: 15 00 02 12 30 82 02 0E 30 82 01 77 02 04 45 28 ....0...0..w..E(
0060: B8 A9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
0070: 00 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 .0N1.0...U....ae
0080: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
0090: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
00A0: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
00B0: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
00C0: 37 30 1E 17 0D 30 36 31 30 30 38 30 38 33 36 35 70...06100808365
00D0: 37 5A 17 0D 30 37 30 31 30 36 30 38 33 36 35 37 7Z..070106083657
00E0: 5A 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 Z0N1.0...U....ae
00F0: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
0100: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
0110: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
0120: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
0130: 37 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 70..0...*.H.....
0140: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 86 .......0........
0150: FA C2 EC 96 1B 02 01 27 08 D2 70 4D 3B AE D0 38 .......'..pM;..8
0160: 15 97 E9 1D 94 D2 BE A1 2A 54 39 F8 2E AF 71 4C ........*T9...qL
0170: FD 9A 71 BF 8A 1E 92 9F 3A 07 DA E9 5E 49 2C C6 ..q.....:...^I,.
0180: 7D FD AA 1F C6 13 39 38 BC 16 34 04 FE E8 6B 4C ......98..4...kL
0190: EA E9 BA 29 58 9E 6C 61 B8 1F B8 29 6F 83 5D 44 ...)X.la...)o.]D
01A0: 7B 47 E5 BC 8E 2E D0 C1 E0 6F 73 15 E2 03 A8 49 .G.......os....I
01B0: C9 42 39 87 0B 70 A0 80 0D 11 98 76 AE 2B B6 A3 .B9..p.....v.+..
01C0: 5A BA 5D 3B BF C0 90 86 F6 E3 AB 9B A0 49 02 03 Z.];.........I..
01D0: 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 ...0...*.H......
01E0: 05 00 03 81 81 00 54 CC 61 97 1A 69 6C 1F 4B 53 ......T.a..il.KS
01F0: 1B 7C 54 B3 65 A9 15 C6 1A C0 1B BD FC E5 15 ED ..T.e...........
0200: 57 F7 29 E7 5E 34 3F D3 9C 40 4E D8 0B AC 79 5B W.).^[email protected][
0210: 01 64 4E DD D2 FE 57 6A 02 1E 8F C7 00 11 77 0F .dN...Wj......w.
0220: C8 20 06 0E DB 78 E3 45 57 9B 7D A4 95 0C 20 85 . ...x.EW..... .
0230: B8 A4 87 D8 AE 29 69 B5 CC DC A1 B4 32 8C 6F 77 .....)i.....2.ow
0240: F0 9A A8 12 27 C6 96 98 E9 EB AC 74 6E 39 2C D4 ....'......tn9,.
0250: 1B 1C A1 4B 81 C8 0B B9 CD 0A 18 DC 01 74 5D 99 ...K.........t].
0260: 4E 14 7A 2C 37 1E 0D 00 01 22 02 01 02 01 1D 00 N.z,7...."......
0270: 6D 30 6B 31 0B 30 09 06 03 55 04 06 13 02 41 45 m0k1.0...U....AE
0280: 31 11 30 0F 06 03 55 04 08 13 08 65 6D 69 72 61 1.0...U....emira
0290: 74 65 73 31 0E 30 0C 06 03 55 04 07 14 05 64 75 tes1.0...U....du
02A0: 62 61 69 31 11 30 0F 06 03 55 04 0A 14 08 65 6D bai1.0...U....em
02B0: 69 72 61 74 65 73 31 15 30 13 06 03 55 04 0B 14 irates1.0...U...
02C0: 0C 65 6D 69 72 61 74 65 73 62 61 6E 6B 31 0F 30 .ebg1.0
02D0: 0D 06 03 55 04 03 14 06 69 74 6E 35 34 37 00 AC ...U....ebms..
02E0: 30 81 A9 31 16 30 14 06 03 55 04 0A 13 0D 56 65 0..1.0...U....Ve
02F0: 72 69 53 69 67 6E 2C 20 49 6E 63 31 47 30 45 06 riSign, Inc1G0E.
0300: 03 55 04 0B 13 3E 77 77 77 2E 76 65 72 69 73 69 .U...>www.verisi
0310: 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 gn.com/repositor
0320: 79 2F 54 65 73 74 43 50 53 20 49 6E 63 6F 72 70 y/TestCPS Incorp
0330: 2E 20 42 79 20 52 65 66 2E 20 4C 69 61 62 2E 20 . By Ref. Liab.
0340: 4C 54 44 2E 31 46 30 44 06 03 55 04 0B 13 3D 46 LTD.1F0D..U...=F
0350: 6F 72 20 56 65 72 69 53 69 67 6E 20 61 75 74 68 or VeriSign auth
0360: 6F 72 69 7A 65 64 20 74 65 73 74 69 6E 67 20 6F orized testing o
0370: 6E 6C 79 2E 20 4E 6F 20 61 73 73 75 72 61 6E 63 nly. No assuranc
0380: 65 73 20 28 43 29 56 53 31 39 39 37 0E 00 00 00 es (C)VS1997....
Thread-1, WRITE: TLSv1 Handshake, length = 912
Thread-1, READ: TLSv1 Handshake, length = 141
*** Certificate chain
Thread-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
Thread-1, WRITE: TLSv1 Alert, length = 2
Thread-1, called closeSocket()
Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
IOException occurred when processing request.
Thread-1, called close()
Thread-1, called closeInternal(true)
==========================Client Trace==========================
--->>>--------
keyStore is : d:\babu\ssltest\sscerts\clientpk1
keyStore type is : jks
init keystore
init keymanager of type SunX509
found key for : client
chain [0] = [
Version: V1
Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
Validity: [From: Mon Oct 09 09:44:01 GMT+04:00 2006,
To: Sun Jan 07 09:44:01 GMT+04:00 2007]
Issuer: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
SerialNumber: [ 4529e1a1]
Algorithm: [MD5withRSA]
Signature:
0000: 20 C7 89 9C 04 64 E8 62 AD D2 64 DD 0A E4 2A A1 ....d.b..d...*.
0010: B6 9A B5 06 DC 3E F8 AA BE B5 8A 12 B5 75 91 EC .....>.......u..
0020: 33 77 12 27 85 15 14 15 52 B3 7F 4B 03 18 B5 E0 3w.'....R..K....
0030: 31 E4 0C A7 0A E1 52 3E 9F D1 58 B7 F2 CC F2 DD 1.....R>..X.....
0040: D4 61 D6 C8 12 39 60 4D C9 FB DC 01 0C 0D FC 98 .a...9`M........
0050: C6 AD A6 56 3E 05 1B 4E 20 1B 93 77 16 67 0E D1 ...V>..N ..w.g..
0060: E0 A1 B6 7F CA 13 53 F2 53 92 14 63 9A 82 01 AE ......S.S..c....
0070: 83 B2 FD FC 2E 29 22 F9 E7 18 DB 6A 14 73 83 E3 .....)"....j.s..
trustStore is: d:\babu\ssltest\sscerts\jsseserver
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
init context
trigger seeding of SecureRandom
done seeding SecureRandom
---<<<--------
THE HEADERS
---111--------
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 45 29 F4 B8 D5 0B F1 F5 52 D2 ...7..E)......R.
0010: E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 29 47 67 95 ..P..I.PF.-.)Gg.
0020: 15 48 97 75 97 2C 00 00 10 00 04 00 05 00 0A 00 .H.u.,..........
0030: 13 00 09 00 12 00 03 00 11 01 00 ...........
main, WRITE: TLSv1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 04 01 00 80 00 ....$... .......
0010: 00 05 00 00 0A 07 00 C0 00 00 13 00 00 09 06 00 ................
0020: 40 00 00 12 00 00 03 02 00 80 00 00 11 45 29 F4 @............E).
0030: B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 .....R...P..I.PF
0040: AA 2D A7 29 47 67 95 15 48 97 75 97 2C .-.)Gg..H.u.,
main, WRITE: SSLv2 client hello message, length = 77
main, READ: TLSv1 Handshake, length = 912
*** ServerHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
0040: F4 5B 62 D2 8B A1 D6 00 04 00 .[b.......
*** Certificate chain
chain [0] = [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
stop on trusted cert: [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
[read] MD5 and SHA1 hashes: len = 540
0000: 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30 82 ..........0...0.
0010: 01 77 02 04 45 28 B8 A9 30 0D 06 09 2A 86 48 86 .w..E(..0...*.H.
0020: F7 0D 01 01 04 05 00 30 4E 31 0B 30 09 06 03 55 .......0N1.0...U
0030: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
0040: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
0050: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
0060: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
0070: 06 69 74 6E 35 34 37 30 1E 17 0D 30 36 31 30 30 .ebms0...06100
0080: 38 30 38 33 36 35 37 5A 17 0D 30 37 30 31 30 36 8083657Z..070106
0090: 30 38 33 36 35 37 5A 30 4E 31 0B 30 09 06 03 55 083657Z0N1.0...U
00A0: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
00B0: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
00C0: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
00D0: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
00E0: 06 69 74 6E 35 34 37 30 81 9F 30 0D 06 09 2A 86 .ebms0..0...*.
00F0: 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 H............0..
0100: 02 81 81 00 9C 86 FA C2 EC 96 1B 02 01 27 08 D2 .............'..
0110: 70 4D 3B AE D0 38 15 97 E9 1D 94 D2 BE A1 2A 54 pM;..8........*T
0120: 39 F8 2E AF 71 4C FD 9A 71 BF 8A 1E 92 9F 3A 07 9...qL..q.....:.
0130: DA E9 5E 49 2C C6 7D FD AA 1F C6 13 39 38 BC 16 ..^I,.......98..
0140: 34 04 FE E8 6B 4C EA E9 BA 29 58 9E 6C 61 B8 1F 4...kL...)X.la..
0150: B8 29 6F 83 5D 44 7B 47 E5 BC 8E 2E D0 C1 E0 6F .)o.]D.G.......o
0160: 73 15 E2 03 A8 49 C9 42 39 87 0B 70 A0 80 0D 11 s....I.B9..p....
0170: 98 76 AE 2B B6 A3 5A BA 5D 3B BF C0 90 86 F6 E3 .v.+..Z.];......
0180: AB 9B A0 49 02 03 01 00 01 30 0D 06 09 2A 86 48 ...I.....0...*.H
0190: 86 F7 0D 01 01 04 05 00 03 81 81 00 54 CC 61 97 ............T.a.
01A0: 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 15 C6 1A C0 .il.KS..T.e.....
01B0: 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 3F D3 9C 40 ......W.).^4?..@
01C0: 4E D8 0B AC 79 5B 01 64 4E DD D2 FE 57 6A 02 1E N...y[.dN...Wj..
01D0: 8F C7 00 11 77 0F C8 20 06 0E DB 78 E3 45 57 9B ....w.. ...x.EW.
01E0: 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 69 B5 CC DC .... ......)i...
01F0: A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 96 98 E9 EB ..2.ow....'.....
0200: AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 0B B9 CD 0A .tn9,....K......
0210: 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E ...t].N.z,7.
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
<OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
[read] MD5 and SHA1 hashes: len = 294
0000: 0D 00 01 22 02 01 02 01 1D 00 6D 30 6B 31 0B 30 ..."......m0k1.0
0010: 09 06 03 55 04 06 13 02 41 45 31 11 30 0F 06 03 ...U....AE1.0...
0020: 55 04 08 13 08 65 6D 69 72 61 74 65 73 31 0E 30 U....emirates1.0
0030: 0C 06 03 55 04 07 14 05 64 75 62 61 69 31 11 30 ...U....dubai1.0
0040: 0F 06 03 55 04 0A 14 08 65 6D 69 72 61 74 65 73 ...U....emirates
0050: 31 15 30 13 06 03 55 04 0B 14 0C 65 6D 69 72 61 1.0...U....emira
0060: 74 65 73 62 61 6E 6B 31 0F 30 0D 06 03 55 04 03 tesbank1.0...U..
0070: 14 06 69 74 6E 35 34 37 00 AC 30 81 A9 31 16 30 ..ebms..0..1.0
0080: 14 06 03 55 04 0A 13 0D 56 65 72 69 53 69 67 6E ...U....VeriSign
0090: 2C 20 49 6E 63 31 47 30 45 06 03 55 04 0B 13 3E , Inc1G0E..U...>
00A0: 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D www.verisign.com
00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 2F 54 65 73 74 /repository/Test
00C0: 43 50 53 20 49 6E 63 6F 72 70 2E 20 42 79 20 52 CPS Incorp. By R
00D0: 65 66 2E 20 4C 69 61 62 2E 20 4C 54 44 2E 31 46 ef. Liab. LTD.1F
00E0: 30 44 06 03 55 04 0B 13 3D 46 6F 72 20 56 65 72 0D..U...=For Ver
00F0: 69 53 69 67 6E 20 61 75 74 68 6F 72 69 7A 65 64 iSign authorized
0100: 20 74 65 73 74 69 6E 67 20 6F 6E 6C 79 2E 20 4E testing only. N
0110: 6F 20 61 73 73 75 72 61 6E 63 65 73 20 28 43 29 o assurances (C)
0120: 56 53 31 39 39 37 VS1997
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 145, 198, 68, 101, 78, 79, 139, 241, 6, 243, 13, 208, 161, 242, 0, 185, 46, 87, 212, 79, 239, 132, 145, 14, 13, 134, 115, 250, 44, 44, 112, 33, 173, 105, 52, 186, 160, 119, 55, 202, 205, 212, 136, 92, 7, 120 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 3A 83 FA .............:..
0010: 1E B3 43 52 3B B5 B9 A5 9D 2D 30 5E 71 34 DF 45 ..CR;....-0^q4.E
0020: 99 99 2D 9A 4A 42 54 3D 47 D8 94 22 BC F3 92 0D ..-.JBT=G.."....
0030: 23 AA 95 B5 75 EA B2 2B 8B DD DA 91 AA 94 24 4B #...u..+......$K
0040: 56 34 C8 3C 1D 2D 15 63 CF 03 FF 65 6C DF B9 00 V4.<.-.c...el...
0050: C3 5E BF 72 F4 70 64 45 D8 5B 58 E2 DF D6 12 1B .^.r.pdE.[X.....
0060: BE A3 71 E9 1C 49 BB 7E C0 4A 1F CA 1F F5 63 23 ..q..I...J....c#
0070: 0D 40 0D C6 3B FE 03 E9 DE 2E E5 09 1F 72 D7 6B .@..;........r.k
0080: D6 ED 5E 99 B0 A8 A0 D3 D2 73 F0 A0 8E ..^......s...
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 91 C6 44 65 4E 4F 8B F1 06 F3 0D D0 A1 F2 ....DeNO........
0010: 00 B9 2E 57 D4 4F EF 84 91 0E 0D 86 73 FA 2C 2C ...W.O......s.,,
0020: 70 21 AD 69 34 BA A0 77 37 CA CD D4 88 5C 07 78 p!.i4..w7....\.x
CONNECTION KEYGEN:
Client Nonce:
0000: 45 29 F4 B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E)......R...P..I
0010: E7 50 46 AA 2D A7 29 47 67 95 15 48 97 75 97 2C .PF.-.)Gg..H.u.,
Server Nonce:
0000: 45 29 F4 B8 E3 1F D7 72 74 DB 3B 9F 9C E8 EA 4E E).....rt.;....N
0010: D1 0F 86 66 2E CF 66 21 CA 92 A4 4A 63 1B 4C E5 ...f..f!...Jc.L.
Master Secret:
0000: 3A 36 9A CA 6F 82 0B 32 17 28 04 CD 33 B4 5D BF :6..o..2.(..3.].
0010: 5F 87 23 71 6B 49 2D 0E 59 DE 2C EA 8E B3 43 C8 _.#qkI-.Y.,...C.
0020: 5D 3B 3B 4C B7 B9 AB 4E EA A3 E6 CE 54 40 FB 2D ];;[email protected]
Client MAC write Secret:
0000: C3 72 45 7B 93 DE 55 FF 0A 8C 9E 91 43 48 6E E4 .rE...U.....CHn.
Server MAC write Secret:
0000: E2 05 07 CB 3F 2D 95 41 EF 69 3F 09 6D CB 81 EE ....?-.A.i?.m...
Client write key:
0000: EE 7E EE 7D D8 5F 46 CD 88 15 9E F6 C7 EC 05 5F ....._F........_
Server write key:
0000: 43 DE B1 D2 FA 54 F0 E6 CA EC E8 1E 6C AD 77 EC C....T......l.w.
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data: { 196, 3, 24, 202, 107, 99, 158, 203, 62, 203, 204, 35 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
0010: 22 2A 55 36 5F 75 DB D4 CF 19 6F 40 93 AF B8 3B "*U6_u....o@...;
main, WRITE: TLSv1 Handshake, length = 32
waiting for close_notify or alert: state 1
Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
Plaintext before ENCRYPTION: len = 18
0000: 02 0A 3E CA 24 9F 8F 40 B8 65 A6 44 5D 7E 0B B5 ..>[email protected]]...
0010: A9 C7 ..
main, WRITE: TLSv1 Alert, length = 18
Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
---000--------
Here are the steps I am perfoming to create the certificates. Can anyone please validate the steps...
//Create private key
keytool -genkey -keystore clientpk1 -keyalg rsa -alias client -storepass password -keypass password
//Create CSR
keytool -certreq -alias client -file client.csr -keypass password -keystore clientpk1 -storepass password
//Received client-ca.cer and root certificate from verisign
//Import signed certificate to client keystore
keytool -import -keystore clientpk1 -keyalg RSA -import -trustcacerts -file client-ca.cer
//Import signed certificate and the root certificate to keystore(server thruststore)
keytool -import -keystore jsseclient1 -alias client -file getcacert.cer
keytool -import -keystore jsseclient1 -alias client -file client-ca.cer
Thanks in advance,
Babu
Similar Messages
-
"The certificate chain was issued by an authority that is not trusted" when migrating to SQL 2012
Environment:
1 Primary Site (USSCCM-Site.domain.com)
1 CAS (USSCCM-CAS.domain.com)
SQL 2008 R2 (USSCCM-CAS.domain.com)
SQL 2012 SP1 CU6 (USSQL12.domain.com)
Issue:
We were successfully able to migrate the CAS to the new SQL 2012 server, almost without incident. When attempting to migrate the Site instance however, we are getting errors. Screenshot below.
Attached is a copy of the log. But below is a highlight of what I think are the errors… It appears that either SQL or SCCM doesn’t like a certificate somewhere, but it is contradicting because the logs say that it has successfully tested connection to SQL.
I am lost.
Logs stating it can connect successfully to SQL
Machine certificate has been created successfully on server USSQL12.domain.com. Configuration Manager Setup 10/21/2013 10:20:10
AM 2100 (0x0834)
Deinstalled service SMS_SERVER_BOOTSTRAP_USSCCM-Site.domain.com_SMS_SQL_SERVER on USSQL12.domain.com. Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
SQL Server instance [sccmsite] is already running under the certificate with thumbprint[f671be844bf39dec7e7fdd725dc30e225991f28a]. Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: Testing SQL Server [USSQL12.domain.com] connection ... Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: SQL Connection succeeded. Connection: USSQL12.domain.com SCCMSITE\MASTER, Type: Unsecure Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: Tested SQL Server [USSQL12.domain.com] connection successfully. Any preceding SQL connection errors may be safely ignored. Configuration Manager Setup 10/21/2013
10:20:10 AM 2100 (0x0834)
INFO: Certificate: 308202FC308201E4A003020102021011BA47041BB0609D4097BC19F5AB96B5300D06092A864886F70D01010B0500301D311B301906035504031312555353514C31322E7063756265642E636F6D3020170D3133313031373139343632345A180F32313133303932343139343632345A301D311B301906035504031312555353514C31322E7063756265642E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100CFAC23CEA8920051C8C24DF4E96D76D9E034931867C4DBF74F8AE863C5BDE6D1EAEAAF363F6B97DEF1D7A1FC292CB870F353D72F04472EBE3D31DCA009BD3F8C58E2AAB69C892C20598306537F5EEAA43FA6DE55D4A784CEB6FD07486AB2CC2DE1A8651648EBC31A5CD918E8ED6E184FC560B3A8B0F76F83E310BBA8C4EB27F46707E3A6377D8DD06C6808146E407EF9DB464F453798B6C1748216665884A7F2CDE03D9DA1CB4E59E67516E4F345755E35450F84F4B039642851EFFA96B22D8E77EC11C01D389989F740923B58799E34FC8F4F19CD55830FA7E786C993A08A1EEDCA87F209268CE9D5E86AC9E2A14668207721D94ACE9FACE3AA55B53507F6BF0203010001A3363034301D0603551D11041630148212555353514C31322E7063756265642E636F6D30130603551D25040C300A06082B06010505070301300D06092A864886F70D01010B05000382010100A0E33BF490B60C2B8A73BF7FA90EBB69D92DA27B439EF0569650F388EBA34B9F382CEF52DAAB543C2924E1B8DC7BEE828FB0C276330B0FF67340CBFA0CC24F47431E5272DC76C7610C290A04411036441E9822FBF8AB52B4BBE43F5FF48074BA420FF690A94D53AFCEF7AC75E2D2723520A9EF64AF06759814AE92D41CEA2F0D6CC8D9E5DEF121234F5DD97A7E886BE55F57DC0B79052A554724E8A0146C08A74AE75672FBD8C8BD6B7FCA82C1CC69906A45128CDDD1BC3985ED9603C16E712FFBAA8AA6878F853367F3E1F69E727DB96864DF6B47EBDA82659036EC82A8B04E77535CEA314D7518D02C401969C77B91C8C210C57AA991A622D679B994AEED3C
Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: Created SQL Server machine certificate for Server [USSQL12.domain.com] successfully. Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: Configuration Manager Setup - Application Shutdown Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: Running SQL Server test query. Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: SQL Connection succeeded. Connection: USSQL12.domain.com SCCMSITE\MASTER, Type: Secure Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: SQL Server Test query succeeded. Configuration Manager Setup 10/21/2013 10:20:10 AM
2100 (0x0834)
INFO: SQLInstance Name: sccmsite Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
INFO: SQL Server version detected is 11.0, 11.0.3381.0 (SP1). Configuration Manager Setup 10/21/2013 10:20:10 AM 2100 (0x0834)
Logs saying certificate is not trusted
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:20:49 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:49
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:49 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:20:49 AM
2100 (0x0834)
INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure Configuration Manager Setup 10/21/2013 10:20:49
AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:20:52 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:20:52 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:52
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:52 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:20:52 AM
2100 (0x0834)
INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure Configuration Manager Setup 10/21/2013 10:20:52
AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:20:55 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:20:55 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:55
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:55 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:20:55 AM
2100 (0x0834)
INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure Configuration Manager Setup 10/21/2013 10:20:55
AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:20:58 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:20:58 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:58
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:20:58 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:20:58 AM
2100 (0x0834)
INFO: SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Secure Configuration Manager Setup 10/21/2013 10:20:58
AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:21:01 AM
2100 (0x0834)
More logs saying cert is not trusted
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:21:20 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:21:20 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:21:20
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:21:20 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:21:20 AM
2100 (0x0834)
INFO: Updated the site control information on the SQL Server USSQL12.domain.com. Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup
10/21/2013 10:21:39 AM 2100 (0x0834)
*** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:21:39
AM 2100 (0x0834)
ERROR: SQL Server error: [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
*** Failed to connect to the SQL Server, connection type: CCAR_DB_ACCESS. Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
CSiteSettings::WriteActualSCFToDatabase: Failed to get SQL connection Configuration Manager Setup
10/21/2013 10:21:39 AM 2100 (0x0834)
CSiteSettings::WriteActualSCFToDatabaseForNewSite: WriteActualSCFToDatabase(USA) returns 0x87D20002 Configuration Manager Setup 10/21/2013 10:21:39
AM 2100 (0x0834)
ERROR: Failed to insert the recovery site control image to the parent database. Configuration Manager Setup 10/21/2013 10:21:39 AM
2100 (0x0834)
Troubleshooting:
I have read on a few articles of other people having this issue that states to find the certificate on SQL 2012 that’s being used and export it to the SCCM server – which I’ve done.
http://damianflynn.com/2012/08/22/sccm-2012-and-sql-certificates/
http://trevorsullivan.net/2013/05/16/configmgr-2012-sp1-remote-sql-connectivity-problem/
http://scug.be/sccm/2012/09/19/configmgr-2012-rtm-sp1-and-remote-management-points-not-healthy-when-running-configmgr-db-on-a-sql-cluster/
-BradHi,
How about importing certificate in the personal folder under SQL server computer account into SCCM server computer account or SCCM server service account? That certificate is for SQL Server Identification. And you could
set the value of the ForceEncryption option to NO. (SQL Server Configuration Manager->SQL Server Network Configuration->
Protocols for <server instance>->Properties)
Best Regards,
Joyce Li
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Error code 265: The certificate chain was issued by an authority that is not trusted.
We are in the process of trying to set up a wireless network that uses NPS servers to authenticate domain users with computers that are not on our domain (BYOD).
We are using a valid, wildcard SSL (with intermediate certificates) to authenticate via PEAP. The certificate was issued by Godaddy.
When trying to connect, we are getting the authentication request.
The result of a connection attempt is no connection with an event log error code of - “265: The certificate chain was issued by an authority that is not trusted.”
We have tried ensuring that the certificates are in the correct containers on the respective NPS servers: “Certificates\Personal\Certificates” With the intermediate certificates located: “Certificates/Intermediate Certification Authorities”
All these attempts have proven fruitless. Any assistance or direction would be very much appreciated.Hi,
Do you import the intermediate certificate in the right account? It should be imported in the Computer Account.
Have you imported the intermediate certificate in your client? Client need it to validate the certificate of your NPS server.
Here is a similar thread in which Greg has explained this issue in detail.
http://social.technet.microsoft.com/Forums/en-US/b770fcf6-d1e9-4aac-9005-62cb5ff6d485/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted?forum=winserverNAP
Hope this helps.
Steven Lee
TechNet Community Support -
Untrusted server cert chain & does not recognize the certificate authority
I have java code that makes an ssl connection to an HTTPS server.
The code workes fine when I connect to a server that has a
certificate that was issued by a recognizable authority.
But when I try to connect to our test HTTPS server which has a
certificate that was created by ourselves for debug, I get this
java exception: "untrusted server cert chain".
When I connect to our test HTTPS server with a browser, I get
this message from the browser in a popup window:
"www.xyz.com is a web site that uses a security certifcate to
identify itself. However netscape 6 does not recognize the
certificate authority that issued this certificate."
At this point I am able to accept the certificate in the popup
window and continue.
Question: In my java code how can I accept a certificate
that was signed by an unrecognizable authority just like the
browser can. Or during debug, how can I set an override
to accept ALL certs no matter what.
Thanks.....PaulYou will have to import your server test certificate into your client machine keystore. By default the keystore will be the 'cacerts' file in JAVA_HOME/jre/lib/security, get your server certificate in .pem format and use keytool to import it to the client.
keytool -import -alias <anything> -file <full path of .pem file> -keystore <full path of cacerts file>
The keystore password is 'changeit' by default, keytool comes with the JDK.
The reasoning behind this is to prevent the misuse of test certificates, the client has to consciously import an untrusted certificate. When you install a real certificate on your server the client will be automatically validated if bought from a trusted CA (Thawte, Verisign).
Take a look at the java.security.KeyStore class, you can use it to view your certificate chain.
Ronny. -
Scenario is HTTP to db. In HTTP client, when Sender is Business Component, Pi is getting data successfully but when Business system is used as sender Pi is not getting any message in sxi monitor. Please help
Hi Ankita,
Try to trace at ICM level, Go to smicm transaction
Set level to 3.
Later send your request. Finally trace the request in:
When you have seen the log, check if any exception is raised with your request or the request and share it here.
Regards. -
Hello,
I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
Azure Management portal shows the status of Hybrid Connection as established.
However, the website throws an error when trying to open a connection
<
addname="DefaultConnection"
connectionString="Data
Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
providerName="System.Data.SqlClient"
/>
(The same website, with the same connection string deployed on SQL Server machine works correctly).
I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
[Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
The certificate chain was issued by an authority that is not trusted
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
System.Data.SqlClient.SqlConnection.Open() +96
System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
[EntityException: The underlying provider failed on Open.]
System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
System.Data.EntityClient.EntityConnection.Open() +104
System.Data.Objects.ObjectContext.EnsureConnection() +75
System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
CloudShop.Services.ProductsRepository.GetProducts() +216
CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
CloudShop.Controllers.HomeController.Index() +1130
lambda_method(Closure , ControllerBase , Object[] ) +62
System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213
Regards,
Michal
Michal MorciniecSame issue here, looking for more information !
-
Cannot complete the certificate chain: No trusted cert found
Hi:
I am currently working on a application that makes a web service call to a third party service provider. I am using weblogic 10 application server and session bean makes a call to the gateway class which in turn initiates a web service call using SSL layer. I get the following error when gateway class is trying to make a SSL connection with the third party server. I have set the keystore to be custom and java standard and both Identity key store and turst key store points to C:\bea10\jdk160_05\jre\lib\security\cacerts key store. The interesting thing is when I tried with different other URLs www.bankofamerica.com and www.freshdirect.com
I get the same error. I am not sure why certificate validation fails even if it is a trusted CA and I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net
Can someone shed me somelight whats going on here? I also took a look at thread Re: SSL issues tried to import the server certificates into java keystore. but nothing worked out. Appreciate your help.
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Cannot complete the certificate chain: No trusted cert found
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Validating certificate 0 in the chain: Serial number: 805312903
Issuer:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
Subject:C=CA, ST=Ontario, L=Toronto, O=Givex Corp., CN=*.givex.com
Not Valid Before:Wed Nov 21 09:56:03 EST 2007
Not Valid After:Sat Nov 20 09:56:03 EST 2010
Signature Algorithm:SHA1withRSA
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: Validating certificate 1 in the chain: Serial number: 1116160170
Issuer:C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
Subject:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
Not Valid Before:Sun Oct 01 01:00:00 EDT 2006
Not Valid After:Tue Nov 26 13:25:48 EST 2013
Signature Algorithm:SHA1withRSA
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: write ALERT, offset = 0, length = 2
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: close(): 16720915
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: close(): 16720915
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSLIOContextTable.removeContext(ctx): 29310343
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: close(): 16720915
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: close(): 16720915
Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
FINE: SSLIOContextTable.removeContext(ctx): 29310343
<Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220048> <A exception was thrown from the client handler sending a JAXM message.>
<Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220034> <A stack trace associated with message 220048 follows:
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
>I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net<You can list the contents of your cacerts file to see if exact matching version of the SecureTrust signer cert is present.
You can also use a simple java program to test whether you can connect to the 2 servers that your're having issues with:
import java.net.*;
import java.io.*;
public class SSL_Test {
public static void main(String[] args) throws Exception {
URL sslURL = new URL("https://someserver.com/someservice.wsdl");
BufferedReader in = new BufferedReader( new InputStreamReader( sslURL.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
compile and run with something like:
javac SSL_Test.java
# all on one line
java -D -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=***** -Djavax.net.debug=ssl,handshake SSL_Test
This just tests whether your truststore can trust the server cert. -
Logout from an "https client authentication (public key certificate)"
Hi ,
I am using an https client authentication (public key certificate) to login to my ADF faces website
How can I logout form the application? It seems the session.invalidate() is not working because my login information is still displayed after running the logout method (below)
Note that this logout method was working well with the Form-Based Authentication.
Thank you
Jamil
public String logout() {
ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpSession session = (HttpSession)ectx.getSession(false);
session.invalidate();
String temp = request.getContextPath() + "/adfAuthentication?logout=true&end_url=/faces/logout";
try {
ectx.redirect(temp);
FacesContext.getCurrentInstance().responseComplete();
} catch (Exception ex) {
System.out.println("Exception in logout()");
return null;
}Can you try with the null chk.. as this piece of code is working fine for us
public void logout(ActionEvent evt) {> FacesContext fc = FacesContext.getCurrentInstance();
> HttpSession session =
> (HttpSession)fc.getExternalContext().getSession(false);
> HttpServletRequest request =
> (HttpServletRequest)fc.getExternalContext().getRequest();
> HttpServletResponse response =
> (HttpServletResponse)fc.getExternalContext().getResponse();
> try {
> if (session != null) {
> session.invalidate();
> }
> fc.getExternalContext().redirect(request.getContextPath() +
> "/faces/index");
> } catch (Exception exp) {
> try {
> fc.getExternalContext().redirect("/faces/Error");
> } catch (Exception ex) {
}> }
> } -
AuthSSLProtocolSocketFactor could not load the certificate from key store
Hello,
I am trying to use this to the mutual authentication.
I create a self signed cert and and imported to a key store. I tried a couple ways to create the cert, but all of them failed when creating AuthSSLProtocolSocketFactory
new AuthSSLProtocolSocketFactory( new URL("file:my.keystore"), "mypassword", new URL("file:my.truststore"), "mypassword")
One of the store which is used for ssl by the Jetty server which is approved works.
The exception is like this:
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:519)
at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:365)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:240)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:232)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:220)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:214)
at org.apache.commons.ssl.SSL.<init>(SSL.java:170)
at org.apache.commons.ssl.SSLClient.<init>(SSLClient.java:62)
at org.apache.commons.ssl.HttpSecureProtocol.<init>(HttpSecureProtocol.java:57)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.<init>(AuthSSLProtocolSocketFactory.java:175)
Any help will be greatly appreciated!Hello,
I am using the same way as that in this post:
Re: apache commons httpclient - keystore problem
However, it seems the client did not send the cert to sever. BTW, the server is Jetty.
Here is the way how to generate the client cert:
keytool -genkey -alias client-alias -keyalg RSA -keypass password -storepass password -keystore clientStore.jks
keytool -export -alias client-alias -keypass password -storepass password -file client.cer -keystore clientStore.jks
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keypass password -storepass password -keystore cacerts.jks
Here is the exception:
WARNING: EXCEPTION
javax.net.ssl.SSLHandshakeException: null cert chain
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:177)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:148)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:630)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
2011-02-03 11:05:31,914 [main] granteeId=2 ERROR sms.SendSmsTextsProcess$2 - A unexpected exception occurred processig sms AlertMessage 2
java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:101)
at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:72) -
Hello,
I have this issue regarding certificate chains while performing Outlook Anywhere connectivity test
by Microsoft Remote Connectivity Analyzer:
"ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled."
Note: even if I got the error, Outlook Anywhere and
ActiveSync services work fine.
Environment:
- Exchange 2007 with SP3
- Go Daddy Multiple Domains UCC certificate (up to 5 Subject Alternative Names)
I already read and followed instructions on this TechNet post
Can I safely ignore this warning about the SSL cert? Using GoDaddy UCC cert but it is a little bit different by this case.
So after an investigation I understand the issue above is related to SSL certificate
Certification Path (see screenshots below).
NO ERRORS on ExRCA checking
Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
repository
Go Daddy Class 2 Certification Authority is under Intermediate Certification Authorities
repository
Starfield Technologies (http://www.valicert.com)
is under Trusted Root Certification Authorities repository
ERROR on ExRCA checking
Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
repository
Go Daddy Class 2 Certification Authority is under Trusted Root Certification Authorities
repository
Can you add some useful information ?
I'm opening a support ticket at Go Daddy; I hope they could me some positive feedbacks.
Regards,
Luca Fabbri
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.Strange I have a feeling the exrca tool can't validate the godaddy class2 root authority due some older compability and wants to use the older original root authority valicert owned godaddy. Or when the exrca tool is validating the root CA it only has the
goaddy class2 root ca that was issued by valicert and not the standalone cert when doing the comparision. I sent the question to MS and will let you know when I hear back.
You can get rid of it
https://certs.godaddy.com/anonymous/repository.seam
Download the cert
◦gd_cross_intermediate.crt
Then import it into the trusted root cert authority on your CAS boxes. Then you need to delete the other godaddy class2 root authority. Make sure you see the one you imported both will be named goaddy class2 root authority but one will be issued by valicert.
Re-run the test and it will go away, I also saw the error with my domain as well using godaddy and got rid of it by using the new cert authority.
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com -
I have another apple ID but I forgot the password and apple does not send the link to reset it to my email. What do I do to have it back? It is really important.
If you know the answers to your security question for the ID you can use that method to reset the password rather than email (by going to https://iforgot.apple.com/password/verify/appleid).
If you don't, you'll have to contact iTunes Store support for assistance: http://www.apple.com/emea/support/itunes/contact.html. They frequently deal with Apple ID issues. -
The Manifest Designer could not import the certificate
What I'm trying to accomplish here is to have the .appx file signed during build time so that the following command would work or even better I should not need it anymore
set path=%path%;"C:\Program Files (x86)\Windows Kits\8.1\bin\x64"
SignTool.exe sign /a /f certificate.pfx /fd SHA256 /v /p MySecretPassword TestApp.appx
I opened package.windows.appmanifest file (located in TestApp_root\TestApp\bld\Release\platforms\windows directory) in the editor view, chose Packaging tab and clicked Choose certificate... From there I chose Select from File... from the Configure Certificate
drop down menu and selected the .pfx we purchased from Symantec few weeks ago. After that I typed in password and password confirmation as requested.
I ended up getting an error message "The Manifest Designer could not import the certificate", The certificate you selected is not valid for signing because it's either expired or has another issue.
I checked that the certificate is listed in certmgr.msc Trusted Root Certificate Authorities > Certificates view and it's issued to our Company name.
In the Manifest Designer Publisher display name matches our Company name, but Publisher is set to CN=$username$
I tried to change that to CN=Company Name, OU=Company Name that was mentioned in the certificate, but still no luck.
Certificate also matches the listed requirements: http://stackoverflow.com/questions/22288410/choosing-a-certificate-for-a-windows-store-application-via-the-package-appxmanif
How to proceed from here?Hi terodev,
I found a similar discussion on the forum:
https://social.msdn.microsoft.com/forums/windowsapps/en-us/d858d189-6d14-4c8d-809d-d6c841dd8866/using-domain-certificate-for-app-signing
Could you take a look and give a try to see if it helps?
--James
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
ve had viber on my iphone and uninstalled it. now I want to install again and it does not send the message code and start again whenever I try. help me
Hi,
For possible solutions to your access code issue, please read here: http://bit.ly/Nd34Xl -
Something happened to my laptop. I try to resend e-mails with files and just sends the email with the file name, does not send the file. what can I do to fix this??? thanks
In Mail, go to:
Edit > Attachments
and check "Include original attachments in reply" in Mail's menu. -
ICloud IMAP server does not send the CAPABILITY with CRLF
IMAP iCloud server does not send the CAPABILITY response with CRLF appended as per RFC 3501. Please find the log snippet
11-05 10:50:52.462 29603 29988 D Email : open :: socket openjava.io.BufferedInputStream@43a726a8 | java.io.BufferedOutputStream@43a72b68
11-05 10:50:52.502 29603 29988 D Email : <<< #null# ["OK", ["CAPABILITY", "st11p00mm-iscream023", "1S", "XAPPLEPUSHSERVICE", "IMAP4", "IMAP4rev1", "SASL-IR", "AUTH=ATOKEN", "AUTH=PLAIN"], "iSCREAM ready to rumble (1S:1092) st11p00mm-iscream023 [42:4469:15:50:53:39]"]
11-05 10:50:52.502 29603 29988 D Email : >>> 1 CAPABILITY
11-05 10:50:52.552 29603 29988 D Email : <<< #null# ["CAPABILITY", "st11p00mm-iscream023", "1S", "XAPPLEPUSHSERVICE", "IMAP4", "IMAP4rev1", "SASL-IR", "AUTH=ATOKEN", "AUTH=PLAIN"]
11-05 10:50:52.562 29603 29988 D Email : <<< #1# ["OK", "!!"]
11-05 10:50:52.582 29603 29988 D Email : >>> [IMAP command redacted]
11-05 10:50:52.682 29603 29988 D Email : <<< #2# ["OK", ["CAPABILITY", "XAPPLEPUSHSERVICE", "IMAP4", "IMAP4rev1", "ACL", "QUOTA", "LITERAL+", "NAMESPACE", "UIDPLUS", "CHILDREN", "BINARY", "UNSELECT", "SORT", "CATENATE", "URLAUTH", "LANGUAGE", "ESEARCH", "ESORT", "THREAD=ORDEREDSUBJECT", "THREAD=REFERENCES", "CONDSTORE", "ENABLE", "CONTEXT=SEARCH", "CONTEXT=SORT", "WITHIN", "SASL-IR", "SEARCHRES", "XSENDER", "X-NETSCAPE", "XSERVERINFO", "X-SUN-SORT", "ANNOTATE-EXPERIMENT-1", "X-UNAUTHENTICATE", "X-SUN-IMAP", "X-ANNOTATEMORE", "XUM1", "ID", "IDLE"], "User test logged in"]
11-05 10:50:52.682 29603 29988 D Email : >>> 3 CAPABILITY
11-05 10:50:52.742 29603 29988 W Email : Exception detected: Expected 000a (
)1-05 10:50:52.742 29603 29988 W Email : ) but got 000d (
This is happening only when CAPABILITY command is sent follwed by LOGIN command. Please check this issue.If you want your mail delivered properly the Official Host Name of the sending server should match the PTR (reverse DNS) of the sending IP Address, and there should be an "A" record that matches the OHN as well.
Example:
mail.yourdomain.com (Official Host Name) on 123.123.123.123
PTR for 123.123.123.123 should match mail.yourdomain.com
There should be an A record in yourdomain.com pointing to 123.123.123.123
Kostas
Maybe you are looking for
-
FTDI VCP driver NI-DAQmx driver problem...
Hi, I am making use of FTDI VCP driver on Windows XP to talk to a FT245R device (through USB interface). I also make use of NI USB-6251card to capture signal data [pulse wave form] and make use of NI-DAQmx driver S/W to talk to the device connected t
-
I can´t log in Adobe Creative Cloud
I opened Adobe Creative Cloud and wrote my user name and password immediatly appears in the screen that I closed the session . I tried to log in again getting the same thing.
-
How to call class os functions defined in share/vm/runtime/os.hpp?
HI. I haven't coded in C for some time, and no experience with JNI I dabbled a bit in JNI and creating native functions. I would like to know, how can I call Java VM os functions from my own libraries without much hassle? e.g. os::javaTimeMillis(), o
-
Can I rewrite the following query without using Row_number() function ??!!
Hello every one, can I rewrite the following query without using the 'ROW_NUMBER() OVER ' part. The query is supposed to pull out the records whose CODE is not NULL and has most recent date for UPDATE_DATE . The reason I wanted to do this is, When I
-
Can airPlay be used to play all sounds from iphone?
Basically I am looking for a wireless line out for the phone