Java Client AUthentication to IIS 5 server throwing no IV for Cipher error
I have trying to do Java client authentication. Got the Certificate from CA and loaded it in server. When I run the JavaClient program I get the
error no IV for Cipher.
I am using JDK 1.5.0_06 and JSSE 1.0.3_03.
Any help is greatly appreciated.
Thanks
Here is the debug report
trustStore is: C:\JTEST\cacerts
trustStore type is : JKS
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=devclient.test.com, OU=Mycompany, O=Second Data Corporation., L=San Francisco, ST=California, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x5b0bf
Valid from Thu Feb 16 06:23:37 PST 2006 until Sat Feb 17 06:23:37 PST 2007
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 17:19:54 PDT 1999 until Tue Jun 25 17:19:54 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 07:01:00 PDT 2000 until Sat May 17 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 09:09:40 PDT 1999 until Sat May 25 09:39:40 PDT 2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 11:46:00 PDT 2000 until Mon May 12 16:59:00 PDT 2025
adding as trusted cert:
Subject: CN=devclient.paymap.com, OU=First Data Corp, O=Paymap Inc, L=San Francisco, ST=California, C=USA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Algorithm: RSA; Serial number: 0xe2501de73ac37428
Valid from Mon Feb 20 15:51:25 PST 2006 until Mon Mar 13 15:51:25 PST 2006
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:39:16 PDT 2004 until Thu Jun 29 10:39:16 PDT 2034
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 05:14:45 PDT 1999 until Sun Jun 23 05:14:45 PDT 2019
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 09:41:51 PDT 1998 until Wed Aug 22 09:41:51 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 07:50:00 PDT 1998 until Wed Aug 14 16:59:00 PDT 2013
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a3
Valid from Fri Feb 23 15:01:00 PST 1996 until Thu Feb 23 15:59:00 PST 2006
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 09:20:00 PST 2000 until Tue Feb 04 09:50:00 PST 2020
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Tue Nov 08 16:00:00 PST 1994 until Thu Jan 07 15:59:59 PST 2010
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Tue Oct 12 12:24:30 PDT 1999 until Sat Oct 12 12:54:30 PDT 2019
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 08:16:40 PST 2000 until Fri Feb 07 08:46:40 PST 2020
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 17:29:00 PDT 1998 until Mon Aug 13 16:59:00 PDT 2018
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Mon May 20 21:00:00 PDT 2002 until Fri May 20 21:00:00 PDT 2022
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 09:50:51 PST 1999 until Tue Dec 24 10:20:51 PST 2019
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 10:06:20 PDT 2004 until Thu Jun 29 10:06:20 PDT 2034
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(50000) called
TIMEOUT=50000
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 11, 7, 242, 147, 134, 10, 57, 192, 137, 131, 191, 249, 253, 146, 232, 223, 146, 195, 53, 255, 121, 236, 182, 158, 191, 94, 156, 190 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 873
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 123, 165, 102, 102, 169, 196, 229, 241, 3, 49, 81, 239, 83, 155, 209, 243, 236, 229, 18, 193, 228, 104, 27, 152, 232, 193, 173, 11 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 82, 2, 69, 241, 210, 36, 175, 168, 76, 86, 170, 3, 158, 52, 89, 146, 84, 210, 223, 113, 212, 231, 129, 100, 177, 125, 116, 31, 97, 233, 150, 162, 161, 51, 168, 189, 14, 47, 83, 27, 67, 252, 172, 191, 102, 39 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 52 02 45 F1 D2 24 AF A8 4C 56 AA 03 9E 34 ..R.E..$..LV...4
0010: 59 92 54 D2 DF 71 D4 E7 81 64 B1 7D 74 1F 61 E9 Y.T..q...d..t.a.
0020: 96 A2 A1 33 A8 BD 0E 2F 53 1B 43 FC AC BF 66 27 ...3.../S.C...f'
CONNECTION KEYGEN:
Client Nonce:
0000: 43 FA 5A 48 0B 07 F2 93 86 0A 39 C0 89 83 BF F9 C.ZH......9.....
0010: FD 92 E8 DF 92 C3 35 FF 79 EC B6 9E BF 5E 9C BE ......5.y....^..
Server Nonce:
0000: 43 FA 5A 00 7B A5 66 66 A9 C4 E5 F1 03 31 51 EF C.Z...ff.....1Q.
0010: 53 9B D1 F3 EC E5 12 C1 E4 68 1B 98 E8 C1 AD 0B S........h......
Master Secret:
0000: 10 47 C2 16 13 58 4B 50 D3 D6 34 05 C8 C9 11 29 .G...XKP..4....)
0010: AD 90 0D 8F 9B BD C8 C1 FC CD BC 26 ED FB 26 84 ...........&..&.
0020: 04 0B 94 BC D2 4D 7D 71 E0 1E 08 10 59 38 B5 4E .....M.q....Y8.N
Client MAC write Secret:
0000: A5 66 C1 48 0E F1 18 2B 2B 7A F7 9B A4 6C D7 FA .f.H...++z...l..
Server MAC write Secret:
0000: 3B F5 04 FA AC 9C D7 ED 2E E7 36 44 80 FF 11 E2 ;.........6D....
Client write key:
0000: 7B 9F 56 A1 FC 3D BD 31 25 27 91 BB D0 66 66 0B ..V..=.1%'...ff.
Server write key:
0000: 2B 45 E2 19 E8 C8 61 5B 84 B8 94 76 A1 B4 9C 6E +E....a[...v...n
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 110, 253, 95, 109, 150, 89, 93, 140, 108, 186, 172, 188 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 70, 219, 18, 202, 105, 203, 83, 220, 151, 174, 102, 125 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(50000) called
main, WRITE: TLSv1 Application Data, length = 96
main, setSoTimeout(50000) called
main, READ: TLSv1 Handshake, length = 20
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 1130
*** ClientHello, TLSv1
RandomCookie: GMT: 1123703368 bytes = { 242, 6, 117, 127, 243, 197, 134, 82, 139, 54, 241, 243, 132, 22, 63, 136, 4, 180, 225, 8, 159, 55, 182, 105, 133, 226, 213, 167 }
Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 121
main, READ: TLSv1 Handshake, length = 11432
*** ServerHello, TLSv1
RandomCookie: GMT: 1123703296 bytes = { 168, 158, 224, 186, 230, 77, 9, 24, 237, 106, 203, 158, 176, 252, 249, 167, 73, 173, 69, 178, 115, 34, 96, 179, 191, 230, 178, 160 }
Session ID: {3, 27, 0, 0, 51, 252, 181, 131, 214, 28, 220, 247, 154, 175, 51, 237, 76, 111, 88, 78, 28, 105, 106, 114, 42, 51, 53, 144, 178, 93, 245, 127}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
public exponent: 65537
Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
To: Sun Nov 12 11:37:51 PST 2006]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 057aa7]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
0010: C6 E6 BB 57 ...W
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/secureca.crl]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
Found trusted certificate:
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
To: Wed Aug 22 09:41:51 PDT 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 09:41:51 PDT 2018]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
*** CertificateRequest
Cert Types: RSA,
Cert Authorities:
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Sonera Class1 CA, O=Sonera, C=FI>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL>
<CN=VeriSign Class 3
I have the same problem. I�m turning crazy working with certificates in mutual athetication!!!
If someone has the solution to this problem, send a repy or at [email protected]
Thanks in advance
Similar Messages
-
Tomcat repeatedly prompts for client authentication w/ IIS as web server
Team,
We have an IIS 6 / Tomcat configuration using the Apache supplied ISAPI redirector. The client application is an Applet that is using signed Jars.
The environment has been configured and communication is happening correctly between IIS and Tomcat, and the client applet is functioning properly.
Client Authentication (using Active Directory) is turned on in IIS and is authenticating Users correctly.
The only issue is that the Users are being prompted multiple times (throughout the same session) for their client authentication. The Applet communicates to the server through a single servlet.
This multiple prompting is unacceptable, because if a User does not notice that they have had their cert requested again (sometimes it pops - up minimized, or they are working to fast so it ends up behind the applet), the communication to the servlet is severed and the User ends up with some very bad results.
My question is: How can I make Tomcat stop authenticating clients? We have ONLY allowed the AJP connector to be open, and have set "tomcatAuthenticate" to false so that the RemoteUser and Principle are passed correctly from IIS.
I have attempted "socket_keepalive" in the workers.properties file and even clientAuth=false on the AJP connector (which I believe is not a valid parameter).
Does anyone have an idea of what I should do next? I have not attempted to import my client certificate into Tomcat's keystore yet, and am hoping that that is not the solution.From the info above I see you are trying to publish over HTTPS?
BUT the request doesn't seem to be for HTTPS.
Request: GET http://test.mm.com/
Filter information: Req ID: 11cb9306; Compression: client=Yes, server=No, compress rate=0% decompress
rate=0%
Protocol: http
Please try to access as https://yourdomainserver.com
let me know, how it goes, will be happy to help! -
Interoperability: WSDL-based Java client with MS SOAP server
Does anybody have the experience with a Java client communicating with Microsoft
SOAP server based on the WSDL protocol? My initial experiece shows a lot of problems.
Any information in this regard is appreciated.
ThanksI'm experiencing the same sort of problem too.
I downloaded Bea Web Service Broker in order to test some MS Soap-based web services
before developing some Weblogic EJBs which are to use them, since both of them
(WS Broker and Weblogic EJBs) are said to use the same underlying package of Java
classes to access any web service.
Most of the MS web services won't work with this tool. I have problems with remote
methods that have one or more parameters (the remote methods seem not to get them)
and also with some web services that raise FileNotFoundExceptions from URLs (rather
odd to me) on the Broker, despite the fact those URLs are valid.
Any hint or suggestion will be very appreciated. -
JAAS and Java client authentication
I'm trying to use JAAS authentication from a Java Swing client against a
WLS 6.1 SP1 server. Using the samples I've successfully managed to
authenticate a client, however a couple of issues have arisen:
- How can I remove the principal association with the current thread when
the user wishes to log out ? The LoginContext.logout implementation in
the samples doesn't appear to be sufficient.
- I'm assuming that the current server authentication called via
weblogic.security.auth.Authenticate.authenticate does not store roles and
group information as Principals within the returned Subject ? Is there
anyway I can access this information so I can modify the UI for the
current user ?
- Should I be able to establish a secure connection by using
t3s://host:secure_port when authenticating through JAAS ? When I tried
this I received, 'java.rmi.ConnectException - unable to get direct or
routed connection to '904601561764...:<ip address>'
Thanks
DarrenYes Sun provides a Windows LoginModule implementation called com.sun.security.auth.module.NTLoginModulewhich should do Windows logins (I have not tried it on XP)
However, in order to understand how this all works you have to read the JAAS reference guide and tutorial.
http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/tutorials/index.html -
Assign Static IP to VPN clients authenticated on AAA server
Hi NetPros
My objective is to assign static IP address for VPN clients.
The tunnel group authentication is on a AAA LDAP server.
AAA LDAP queries has been configured and tested to work.
I followed the guide below, but could not get static IP assignment to work.
http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/selected_topics/enforce_AD.html#wp41996
The tunnel group is configured to use the DHCP pool and the Group policy on ASA.
- If i do not specify dhcp pool, the error message is: "no assigned address"
- If i configure dhcp pool, the assigned address will be from the pool
Here are my queries on assigning a static IP for aaa-users:
1. Do you need to configure a external policy server for static IP assignment to work?
-I prefer to use the group policy on ASA
2. Under the tunnel profile, do you need to specify what DHCP pool to use? If yes, what do i specify?
3. Does DHCP service needs to be running on ldap server?
4. As per printscreen below, is Remote Access Policy required?
5. What am I missing out to make static IP assignment work?
Big thanksHi all
Thanks to friends working in Cisco, they have helped to identify the root cause.
The root cause was due to a misprint on the Cisco document.
The correct LDAP attribute is: msRASSavedFramedIPAddress. Note on the additional 'd' after the word, 'Frame'
In fact this LDAP attribute was also lacking of a 'd' on the ASDM scroll down selection. Would appreciate if someone relay the mistake to cisco personnel. Thanks all. -
Connecting a Java Client with a VB Server (problem in recieving messages)
Hi all, i have a VB based Server through which i am trying to connect a VB Server through Sockets
The Connection is Successfull but the problem i am unable to recieve all the messages from VB Server,
but all the messages on the Server Side is coming properly, i want to know do we have a secure connection between Vb and JavaYour answer is here.
-
Enroll OS X client to OS X Server 3.0.2 fails with error -67693
Hi,
trying to enroll my OS X client system (10.9.1) to my OS X Server system (10.9.1/3.0.2) fails with error -67693. This happens both when trying to enroll via "server/mydevices" and via an enrollment profile created with profile manager.
Console displays the message "Cert signature reques failed with -67693":
19.01.14 20:50:31,179 mdmclient[2972]: ProcessRequestCertSignatureResponse: Cert signature request failed with -67693
19.01.14 20:50:33,695 com.apple.preferences.configurationprofiles.remoteservice[2925]: *** ERROR *** [CPInstallerUI:501] Profile installation (Entfernte Verwaltung (com.apple.config.chester.local.mdm)) (<NSOSStatusErrorDomain:-67693> Der Vorgang konnte nicht abgeschlossen werden. (OSStatus-Fehler -67693.)
UserInfo: {
CallStackSymbols = (
"0 SCEP 0x0000000102bcf40a SCEP + 9226",
"1 SCEP 0x0000000102bdc1ac SCEP + 61868",
"2 SCEP 0x0000000102bd2e97 SCEP + 24215",
"3 ConfigurationProfiles 0x00000001007f222c -[ProfileDomainPluginController installProfileWithPlugin:replacingProfile:outActions:] + 1279",
"4 ConfigurationProfiles 0x00000001007ea585 -[CPProfileManager installProfile:forUser:] + 4056",
"5 mdmclient 0x0000000100784677 mdmclient + 99959",
"6 libdispatch.dylib 0x00007fff91ea02ad _dispatch_client_callout + 8",
"7 libdispatch.dylib 0x00007fff91ea1166 _dispatch_barrier_sync_f_invoke + 39",
"8 mdmclient 0x0000000100783600 mdmclient + 95744",
"9 mdmclient 0x000000010078c914 mdmclient + 133396",
"10 mdmclient 0x0000000100787ce3 mdmclient + 113891",
"11 mdmclient 0x000000010078c54d mdmclient + 132429",
"12 mdmclient 0x0000000100788e55 mdmclient + 118357",
"13 libdispatch.dylib 0x00007fff91ea02ad _dispatch_client_callout + 8",
"14 libdispatch.dylib 0x00007fff91ea73cf _dispatch_sync_f_invoke + 39",
"15 mdmclient 0x0000000100788d85 mdmclient + 118149",
"16 mdmclient 0x00000001007891cd mdmclient + 119245",
"17 libxpc.dylib 0x00007fff95557510 _xpc_connection_call_event_handler + 58",
"18 libxpc.dylib 0x00007fff95556123 _xpc_connection_mach_event + 2124",
"19 libdispatch.dylib 0x00007fff91ea3afe _dispatch_client_callout4 + 9",
"20 libdispatch.dylib 0x00007fff91ea43b8 _dispatch_mach_msg_invoke + 143",
"21 libdispatch.dylib 0x00007fff91ea2633 _dispatch_queue_drain + 359",
"22 libdispatch.dylib 0x00007fff91ea369e _dispatch_mach_invoke + 154",
"23 libdispatch.dylib 0x00007fff91ea1fa3 _dispatch_root_queue_drain + 75",
"24 libdispatch.dylib 0x00007fff91ea3193 _dispatch_worker_thread2 + 40",
"25 libsystem_pthread.dylib 0x00007fff9287fef8 _pthread_wqthread + 314",
"26 libsystem_pthread.dylib 0x00007fff92882fb9 start_wqthread + 13"
IsInternalError = 1;
Enrolling iOS devices seems to work fine…
Any help would be appreciated!Sven luekemeier
Take a look at https://discussions.apple.com/thread/5762561?tstart=0 i hope it fixes your issue. -
Connecting Java client to SSL server with existing certificates
I am currently trying to connect my Java client to an existing server application
written in C++. I have been provided the needed certificates (root.pem, server.pem,
and client.pem). My code simply creates a SSLSocket and then attempts to read
from it. Something goes wrong during the handshake process and I get a SSLHandshakeException. The certificates have been added to the keystore
I am using, and I do not know any other action to take.
Here is the debug output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: keystore.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O=company-USA, L=City, ST=AL, C=US
Issuer: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167aa
Valid from Tue Sep 12 09:42:01 CDT 2006 until Thu Oct 12 09:42:01 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=ISAC Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=company, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
SSL socket created
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158089181 bytes = { 138, 112, 170, 91, 246, 86, 216, 146, 160, 188, 243, 154, 238, 132, 33, 219, 251, 3, 93, 25, 191, 247, 41, 14, 99, 135, 130, 23 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 79
0000: 01 00 00 4B 03 01 45 07 0A DD 8A 70 AA 5B F6 56 ...K..E....p.[.V
0010: D8 92 A0 BC F3 9A EE 84 21 DB FB 03 5D 19 BF F7 ........!...]...
0020: 29 0E 63 87 82 17 00 00 24 00 04 00 05 00 2F 00 ).c.....$...../.
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00 5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00 ...............
Client Thread, WRITE: TLSv1 Handshake, length = 79
[write] MD5 and SHA1 hashes: len = 107
0000: 01 03 01 00 42 00 00 00 20 00 00 04 01 00 80 00 ....B... .......
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00 ..../..5..3..9..
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13 2..8............
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 .....@..........
0040: 00 80 00 00 08 00 00 14 00 00 11 45 07 0A DD 8A ...........E....
0050: 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 DB FB p.[.V........!..
0060: 03 5D 19 BF F7 29 0E 63 87 82 17 .]...).c...
Client Thread, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
0000: 80 6B 01 03 01 00 42 00 00 00 20 00 00 04 01 00 .k....B... .....
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 ....../..5..3..9
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 ..2..8..........
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 .......@........
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 45 07 0A .............E..
0050: DD 8A 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 ..p.[.V........!
0060: DB FB 03 5D 19 BF F7 29 0E 63 87 82 17 ...]...).c...
Client Thread, received EOFException: error
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Client Thread, SEND TLSv1 ALERT: fatal, description = handshake_failure
Client Thread, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
Client Thread, called closeSocket()
Error: Remote host closed connection during handshake
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake(I am the original poster of this message, I had to create a new username though).
The original problem had to do with incompatibilities with the protocol and/or cipher suites
used. Now, the client and server perform most of the handshake process, but something
goes wrong as the server requests the client certificate. In other words, the server requires
mutual authentication, but for some reason it seems like my JSSE client won't send over
it's client certificate. I don't get any type of bad certificate exceptions, so I'm not sure
where the source of the error lies.
Updated output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : keystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: truststore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=default, O="default Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default-Server, OU=HawkEye, O=default, L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ac
Valid from Tue Sep 12 14:42:28 CDT 2006 until Thu Oct 12 14:42:28 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158242806 bytes = { 71, 195, 185, 44, 86, 96, 14, 11, 171, 76, 105, 135, 136, 114, 53, 54, 137, 75, 202, 254, 112, 208, 240, 91, 199, 246, 175, 207 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
Client Thread, WRITE: TLSv1 Handshake, length = 79
Client Thread, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1158242807 bytes = { 63, 93, 48, 73, 98, 251, 160, 215, 61, 110, 246, 12, 5, 209, 95, 194, 152, 193, 0, 181, 135, 26, 150, 174, 52, 92, 56, 250 }
Session ID: {83, 31, 134, 30, 76, 200, 183, 120, 7, 94, 26, 65, 186, 91, 197, 25, 10, 193, 94, 220, 198, 250, 162, 153, 6, 89, 12, 250, 66, 105, 249, 211}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
Client Thread, READ: TLSv1 Handshake, length = 1903
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
chain [1] = [
Version: V3
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 140862286957037297158683104484469503810921697537964422595574798580128510755934413463045842414762254029728885690233847950678735782281077619629628663140568366247472189890316085560712610474766899389736269383565795688749374256479726939861138704211990111677657317335172626254520371267441364353295155431963634875809
public exponent: 65537
Validity: [From: Tue Sep 12 09:40:32 CDT 2006,
To: Thu Oct 12 09:40:32 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ f6e3ada8 7dc4004f]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: AB 84 38 1F 7B 71 D8 87 FF 24 DB C2 7E DC D0 0B ..8..q...$......
0010: 60 60 14 A8 F8 D5 46 AD 6B FC 33 90 6F 43 08 17 ``....F.k.3.oC..
0020: AE 2B EE 6C 2B 29 85 E2 A6 67 EE 5D A4 61 F3 9E .+.l+)...g.].a..
0030: E7 CA B1 27 F9 11 36 ED 93 05 7B E1 20 90 57 B5 ...'..6..... .W.
0040: C6 F9 8A 9D 50 CD B3 4A 54 DC 1B 52 EC EA 7A 0B ....P..JT..R..z.
0050: B6 E6 95 FD DD 80 BE 66 F0 77 F4 E7 9A 8A A3 EF .......f.w......
0060: 9B 68 57 0C 9C 4B 4C C0 24 C5 34 16 D3 8E 45 27 .hW..KL.$.4...E'
0070: CA 23 F1 E0 C5 5E FB FB AA 1C 21 6E CB 5B 57 D9 .#...^....!n.[W.
Found trusted certificate:
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
Client Thread, READ: TLSv1 Handshake, length = 13
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
*** ServerHelloDone
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 27, 159, 38, 131, 132, 24, 47, 148, 161, 90, 7, 39, 189, 28, 178, 156, 20, 151, 220, 192, 239, 182, 115, 234, 99, 225, 68, 250, 199, 173, 96, 181, 78, 180, 238, 37, 243, 72, 19, 91, 249, 11, 49, 83, 1, 150 }
Client Thread, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 1B 9F 26 83 84 18 2F 94 A1 5A 07 27 BD 1C ....&.../..Z.'..
0010: B2 9C 14 97 DC C0 EF B6 73 EA 63 E1 44 FA C7 AD ........s.c.D...
0020: 60 B5 4E B4 EE 25 F3 48 13 5B F9 0B 31 53 01 96 `.N..%.H.[..1S..
CONNECTION KEYGEN:
Client Nonce:
0000: 45 09 62 F6 47 C3 B9 2C 56 60 0E 0B AB 4C 69 87 E.b.G..,V`...Li.
0010: 88 72 35 36 89 4B CA FE 70 D0 F0 5B C7 F6 AF CF .r56.K..p..[....
Server Nonce:
0000: 45 09 62 F7 3F 5D 30 49 62 FB A0 D7 3D 6E F6 0C E.b.?]0Ib...=n..
0010: 05 D1 5F C2 98 C1 00 B5 87 1A 96 AE 34 5C 38 FA .._.........4\8.
Master Secret:
0000: 0E 63 38 16 86 A1 84 72 33 2C D7 07 D7 C3 AC E0 .c8....r3,......
0010: AD 5B CD 3B 2E 2A 02 91 1E FE 17 97 4E 3B 56 C3 .[.;.*......N;V.
0020: 5D 0F 7A 99 90 0D 3D 4E 5F 39 C5 EB 6E AD DA 71 ].z...=N_9..n..q
Client MAC write Secret:
0000: 99 32 FA 60 0B 88 36 CD 88 02 D5 4A CA D2 A6 49 .2.`..6....J...I
0010: 69 60 42 B6 i`B.
Server MAC write Secret:
0000: 43 3F 85 72 FB 6D 28 1C BA 1E 8A 26 56 DE 18 FB C?.r.m(....&V...
0010: 01 83 20 7F .. .
Client write key:
0000: 6F 58 29 AB B3 8C F5 75 3C 70 04 DF 9D 01 43 F5 oX)....u<p....C.
Server write key:
0000: 4A D7 E9 63 53 32 78 DF E0 99 89 60 A4 1A 3C E7 J..cS2x....`..<.
Client write IV:
0000: 24 FB 0E 12 AB D2 70 6D 80 B1 B2 BC 78 1A 55 88 $.....pm....x.U.
Server write IV:
0000: E4 75 62 25 46 95 0F 7A 44 16 E2 39 38 AD 29 CD .ub%F..zD..98.).
HawkEye Client Thread, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 98, 254, 245, 75, 252, 23, 91, 164, 67, 197, 69, 44 }
Client Thread, WRITE: TLSv1 Handshake, length = 48
Client Thread, READ: TLSv1 Alert, length = 2
Client Thread, RECV TLSv1 ALERT: fatal, handshake_failure
Client Thread, called closeSocket()
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Error: Received fatal alert: handshake_failure
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure -
Trouble with vb server understanding a Java client
Hey
I'm creating coding a Java client for a game. We already have the game running with a vb server and client.
But we are going to convert over to Java.
Now the problem is that the vb server is unable to understand the Java client.
The vb server uses Asc (to convert characters to numbers) in the encoding/decoding which I'm unable to figure a Java version of this...
Currently using (int) to convert the characters in Java for its encoding/decoding but its not the same above numbers of 128.
This is the message using vb:
���������������������������������������
This is the same message using Java:
���?�?�????????????�????????�?����?���
So how would I have the same characters in Java?
Edited by: zammbi on Feb 29, 2008 9:18 PMSo I was just wondering if there is anyway to for the client to understand the vb server.Undoubtably. The question is " _What_ is/are the way(s) to for the client to understand the vb server."
Permit be to extrapolate some software design requirements from the stated business requirements.
1. The new java client must speak VB'eese to the existing VB server, because there are lots of VB clients in the wild, and we're (too lazy / not smart enough) to rewrite the whole shebang using a sane architecture, and what da 'ell, it's only some poxy game anyways.
2. You're unable to talk sense to the management, and if you did they'd just fire you and hire someone who makes the right noises at the appropiate times, and probably has a bra size to boot.
So the pragmatic question is: WTF is "VB'eese"?
A question one might reasonably ask MSDN or associate forums, as apposed to a java forum.
Dude, this ain't really a java question, though you might fluke and find a java programmer who can tell you exactly where to go.
</what-bluddy-bitterness>
Cheers. Keith. -
Problem sending data with HTTPS using client authentication.
Hi,
I�m tryingto send a message to a secure server using for this client certificate, apparently if I make a GET of "/" (server root) , everything works fine (authentication, and data received), from the moment that I try to ways send data to the "/pvtn " directory i obtain the following error.
This is a sample of the code i�m using:
import com.sun.net.ssl.KeyManagerFactory;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.Socket;
import java.security.*;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PublicKey;
import java.util.Collection;
import java.util.Date;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.*;
import javax.security.cert.X509Certificate;
public class Test
public static final String TARGET_HTTPS_SERVER = "mymachine.mydomain.pt";
public static final int TARGET_HTTPS_PORT = 443;
public static void main(String[] args) throws Exception
System.setProperty("javax.net.ssl.trustStore","/certificados/truststore.txt");
System.setProperty("javax.net.ssl.trustStorePassword","trustpwd");
System.setProperty("javax.net.ssl.keyStore","/certificados/truststore.txt");
System.setProperty("javax.net.ssl.keyStorePassword","trustpwd");
java.security.Security.removeProvider("SunJSSE");
java.security.Security.insertProviderAt(new com.sun.net.ssl.internal.ssl.Provider(),2);
KeyManagerFactory kmf= KeyManagerFactory.getInstance("SunX509", "SunJSSE") ;
//Socket
SSLSocket jsslSoc = (SSLSocket) SSLSocketFactory.getDefault().createSocket(TARGET_HTTPS_SERVER, TARGET_HTTPS_PORT);
String [] ciphers = jsslSoc.getSupportedCipherSuites() ;
//// Select the ciphers you want and put them.
//// Here we will put all availabel ciphers
jsslSoc.setEnabledCipherSuites(ciphers);
//// We are creating socket in client mode
jsslSoc.setUseClientMode(true);
//// Do SSL handshake
jsslSoc.startHandshake();
// Print negotiated cipher
System.out.println("Negotiated Cipher Suite: " + jsslSoc.getSession().getCipherSuite());
System.out.println("");
X509Certificate[] peerCerts = ((javax.net.ssl.SSLSocket)jsslSoc).getSession().getPeerCertificateChain();
if (peerCerts != null)
System.out.println("Printing server information:");
for(int i =0; i < peerCerts.length; i++)
System.out.println("Peer Certificate ["+i+"] Information:");
System.out.println("- Subject: " + peerCerts.getSubjectDN().getName());
System.out.println("- Issuer: " + peerCerts[i].getIssuerDN().getName());
System.out.println("- Version: " + peerCerts[i].getVersion());
System.out.println("- Start Time: " + peerCerts[i].getNotBefore().toString());
System.out.println("- End Time: " + peerCerts[i].getNotAfter().toString());
System.out.println("- Signature Algorithm: " + peerCerts[i].getSigAlgName());
System.out.println("- Serial Number: " + peerCerts[i].getSerialNumber());
else
System.out.println("Failed to get peer certificates");
try
Writer out = new OutputStreamWriter(jsslSoc.getOutputStream(), "ISO-8859-1");
//THIS WAY WORKS FINE
out.write("GET / HTTP/1.1\r\n");
// HERE COMES THE TROUBLES
//out.write("GET /pvtn?someparameter=paramvalue HTTP/1.1\r\n");
out.write("Host: " + TARGET_HTTPS_SERVER + ":" + TARGET_HTTPS_PORT + "\r\n");
out.write("Proxy-Connection: Keep-Alive\r\n");
out.write("User-Agent: SSL-TEST \r\n");
out.write("\r\n");
out.flush();
BufferedReader in = new BufferedReader(new InputStreamReader(jsslSoc.getInputStream(), "ISO-8859-1"));
String line = null;
while ((line = in.readLine()) != null)
System.out.println(line);
finally
jsslSoc.close();
the ssl log until sending the GET is
main, WRITE: SSL v3.1 Handshake, length = 36
main, READ: SSL v3.1 Change Cipher Spec, length = 1
main, READ: SSL v3.1 Handshake, length = 36
Plaintext after DECRYPTION: len = 36
0000: 14 00 00 0C 71 AB 40 CC 6C 33 92 05 E9 69 4B 8F [email protected].
0010: D1 77 3F 6E 3C DB F0 A0 B7 9C CF 49 B6 6D C8 17 .w?n<......I.m..
0020: 7E 03 52 14 ..R.
*** Finished, v3.1
verify_data: { 113, 171, 64, 204, 108, 51, 146, 5, 233, 105, 75, 143 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 71 AB 40 CC 6C 33 92 05 E9 69 4B 8F [email protected].
Negotiated Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
When i send the GET
Plaintext before ENCRYPTION: len = 247
0000: 47 45 54 20 2F 70 76 74 6E 3F 41 30 33 30 3D 4D GET /pvtn?A030=M
main, WRITE: SSL v3.1 Application Data, length = 247
main, READ: SSL v3.1 Handshake, length = 24
Plaintext after DECRYPTION: len = 24
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_SHA]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_SHA] from port 3535
*** ClientHello, v3.1
RandomCookie: GMT: 1131988975 bytes = { 45, 113, 241, 212, 81, 255, 244, 169, 74, 41, 160, 227, 197, 210, 155, 211, 47, 237, 18, 179, 238, 47, 28, 86, 30, 253, 157, 253 }
Session ID: {208, 18, 243, 174, 216, 156, 80, 201, 121, 136, 63, 162, 31, 196, 186, 95, 193, 143, 238, 172, 173, 79, 64, 219, 17, 149, 14, 138, 53, 95, 18, 96}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17, 0, 2, 0, 1, 0, 24, 0, 26, 0, 27, 0, 23, 0, 25 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 105
Plaintext before ENCRYPTION: len = 125
main, WRITE: SSL v3.1 Handshake, length = 125
main, READ: SSL v3.1 Handshake, length = 94
Plaintext after DECRYPTION: len = 94
*** ServerHello, v3.1
RandomCookie: GMT: 1131991620 bytes = { 205, 194, 212, 113, 37, 213, 41, 13, 60, 142, 135, 68, 17, 78, 227, 251, 176, 211, 133, 203, 153, 173, 153, 195, 93, 7, 87, 123 }
Session ID: {108, 85, 45, 208, 104, 124, 209, 24, 247, 113, 156, 134, 28, 154, 75, 198, 64, 181, 167, 9, 149, 223, 162, 21, 225, 32, 168, 31, 190, 48, 241, 195}
Cipher Suite: { 0, 5 }
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
main, READ: SSL v3.1 Handshake, length = 3154
Plaintext after DECRYPTION: len = 3154
*** Certificate chain
stop on trusted cert: [
Version: V1
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: [MD5withRSA]
Signature:
[read] MD5 and SHA1 hashes: len = 3134
main, READ: SSL v3.1 Handshake, length = 479
Plaintext after DECRYPTION: len = 479
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
[read] MD5 and SHA1 hashes: len = 455
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 19, 223, 230, 65, 59, 210, 10, 69, 239, 178, 185, 5, 52, 57, 44, 160, 163, 239, 85, 64, 173, 16, 132, 234, 33, 228, 0, 8, 134, 52, 20, 190, 196, 15, 205, 35, 169, 39, 14, 160, 143, 74, 210, 74, 43, 181 }
[write] MD5 and SHA1 hashes: len = 141
Plaintext before ENCRYPTION: len = 161
main, WRITE: SSL v3.1 Handshake, length = 161
SESSION KEYGEN:
PreMaster Secret:
.CONNECTION KEYGEN:
Client Nonce:
Server Nonce:
Master Secret:
Client MAC write Secret:
Server MAC write Secret:
Client write key:
Server write key:
0000: FE 94 DF 4C 1A 9F FA CE 0C E9 A6 DB 31 53 E5 FD ...L........1S..
... no IV for cipher
Plaintext before ENCRYPTION: len = 21
0000: 01 0D 16 E6 49 18 36 AF E1 52 9C 2F 72 EE CA DF ....I.6..R./r...
0010: 41 71 68 30 06 Aqh0.
main, WRITE: SSL v3.1 Change Cipher Spec, length = 21
*** Finished, v3.1
verify_data: { 243, 49, 247, 150, 113, 86, 182, 125, 244, 163, 245, 243 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C F3 31 F7 96 71 56 B6 7D F4 A3 F5 F3 .....1..qV......
Plaintext before ENCRYPTION: len = 36
0000: 14 00 00 0C F3 31 F7 96 71 56 B6 7D F4 A3 F5 F3 .....1..qV......
0010: 1A 7C 8F D9 51 CB 6F 47 2A 7C 90 81 20 EE 97 64 ....Q.oG*... ..d
0020: FF 47 35 CA .G5.
main, WRITE: SSL v3.1 Handshake, length = 36
main, SEND SSL v3.1 ALERT: warning, description = close_notify
Plaintext before ENCRYPTION: len = 22
0000: 01 00 F0 F4 AC 3C B2 DE 95 98 0E B4 ED B1 24 3B .....<........$;
0010: 54 6C 8B DC F3 1F Tl....
main, WRITE: SSL v3.1 Alert, length = 22
java.net.SocketException: Connection aborted by peer: socket write error
void java.net.SocketOutputStream.socketWrite(java.io.FileDescriptor, byte[], int, int)
native code
void java.net.SocketOutputStream.write(byte[], int, int)
SocketOutputStream.java:96
void com.sun.net.ssl.internal.ssl.OutputRecord.a(java.io.OutputStream)
void com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(com.sun.net.ssl.internal.ssl.OutputRecord)
void com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush()
void com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(com.sun.net.ssl.internal.ssl.HandshakeMessage$Finished)
void com.sun.net.ssl.internal.ssl.ClientHandshaker.c()
void com.sun.net.ssl.internal.ssl.ClientHandshaker.a(com.sun.net.ssl.internal.ssl.SunJSSE_o)
void com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(byte, int)
void com.sun.net.ssl.internal.ssl.Handshaker.process_record(com.sun.net.ssl.internal.ssl.InputRecord)
void com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(com.sun.net.ssl.internal.ssl.InputRecord, boolean)
void com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(com.sun.net.ssl.internal.ssl.InputRecord)
int com.sun.net.ssl.internal.ssl.AppInputStream.read(byte[], int, int)
int java.io.InputStream.read(byte[])
InputStream.java:91
int java.io.InputStreamReader.fill(char[], int, int)
InputStreamReader.java:173
int java.io.InputStreamReader.read(char[], int, int)
InputStreamReader.java:249
void java.io.BufferedReader.fill()
BufferedReader.java:139
java.lang.String java.io.BufferedReader.readLine(boolean)
BufferedReader.java:299
java.lang.String java.io.BufferedReader.readLine()
BufferedReader.java:362
void Teste3.main(java.lang.String[])
Teste3.java:109
Exception in thread main
Debugger disconnected from local process.
Process exited with exit code 1.
One more thing if if make the same thing via browser (https://mymachine.mydomain.pt/pvtn?someparameter=somevalue) and works fine too (obviously i pre installed the client certificate in the browser and choose the certificate when the pop up show up)
It seems like the handshaking fails when i send data to /pvtn...
Regards,
Paulo.I amhaving the another problem very similar, I am struggling with client authentication with IIS 5.0, and receiving the 'Remote Host closed the connection' error.
Is there any help me in this. I truly apprecaite it
Thanks -
Problem in Client authentication in JSSE on a web service
Hi,
I am having a Web service running on my Web server (Sunone 6.1). I need to implement Security on it using JSSE. It has to be a MUTUAL authentication.
I have installed all the certificates and CA certs on both Client and server. But when I try to call the web service from a standalone Java test client I am getting error on the third step of handshake process that is CLient authentication.
I am not able to understand whether it is authentication problem or some problem while encrypting and decrypting the data. I am sending and receiving data in xml format
I am pasting here the debug output from client side. ALthough it is long but please any one help me on this.
Or if any one can point out what are the various steps depicting the debug statement
Thanks
<spusinfradev1:hk186763> $ RUNDNSSEC_DEV
Note: TestDNSSec.java uses or overrides a deprecated API.
Note: Recompile with -deprecation for details.
submitRequest: BEGIN
submitRequest: calling HttpSubmitter.postTransaction()
postTransaction: Begin
postTransaction: XML Request
<?xml version="1.0" encoding="UTF-8"?>
<sunir.share.service.drpl.client.DNSReqXmlDocTag>
<sunir.share.service.drpl.client.DNSReq>
<CheckType>isEmbargo</CheckType>
<IPAddr>203.81.162.9</IPAddr>
<LookupType>always</LookupType>
<Strict>true</Strict>
</sunir.share.service.drpl.client.DNSReq>
</sunir.share.service.drpl.client.DNSReqXmlDocTag>
postTransaction: creating connection to target url
keyStore is : /home/users/hk186763/RDNS/DRPL/TestClient/serverkey
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: /home/users/hk186763/RDNS/DRPL/TestClient/serverkey
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V1
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d6c16c
Validity: [From: Sun May 17 17:00:00 PDT 1998,
To: Tue Aug 01 16:59:59 PDT 2028]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
Algorithm: [SHA1withRSA]
Signature:
0000: 51 4D CD BE 5C CB 98 19 9C 15 B2 01 39 78 2E 4D QM..\.......9x.M
0010: 0F 67 70 70 99 C6 10 5A 94 A4 53 4D 54 6D 2B AF .gpp...Z..SMTm+.
0020: 0D 5D 40 8B 64 D3 D7 EE DE 56 61 92 5F A6 C4 1D .]@.d....Va._...
0030: 10 61 36 D3 2C 27 3C E8 29 09 B9 11 64 74 CC B5 .a6.,'<.)...dt..
0040: 73 9F 1C 48 A9 BC 61 01 EE E2 17 A6 0C E3 40 08 s..H..a.......@.
0050: 3B 0E E7 EB 44 73 2A 9A F1 69 92 EF 71 14 C3 39 ;...Ds*..i..q..9
0060: AC 71 A7 91 09 6F E4 71 06 B3 BA 59 57 26 79 00 .q...o.q...YW&y.
0070: F6 F8 0D A2 33 30 28 D4 AA 58 A0 9D 9D 69 91 FD ....30(..X...i..
adding as trusted cert: [
Version: V3
Subject: CN=RDNS, OU=Class C, OU=Corporate SSL Client, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@99681b
Validity: [From: Tue Jan 03 16:00:00 PST 2006,
To: Thu Jan 04 15:59:59 PST 2007]
Issuer: CN=SSL Client CA, OU=Class 2 OnSite Subscriber CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
SerialNumber: [ 0e45c61f 24091c18 b354a76c 71ee15f2 ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 12 FB 4E 70 BA E0 53 E5 B2 C2 DC D2 74 BE 7F 17 ..Np..S.....t...
0010: 67 68 55 14 ghU.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C9 06 C7 9C F6 0E 1E 36 9E 49 8E 50 AC 06 46 DE .......6.I.P..F.
0010: A1 4D A6 4F .M.O
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 60 30 5E 30 5C A0 5A A0 58 86 56 68 74 74 70 .`0^0\.Z.X.Vhttp
0010: 3A 2F 2F 6F 6E 73 69 74 65 63 72 6C 2E 76 65 72 ://onsitecrl.ver
0020: 69 73 69 67 6E 2E 63 6F 6D 2F 53 75 6E 4D 69 63 isign.com/SunMic
0030: 72 6F 73 79 73 74 65 6D 73 49 6E 63 43 6F 72 70 rosystemsIncCorp
0040: 6F 72 61 74 65 53 53 4C 43 6C 69 65 6E 74 43 6C orateSSLClientCl
0050: 61 73 73 43 2F 4C 61 74 65 73 74 43 52 4C 2E 63 assC/LatestCRL.c
0060: 72 6C rl
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 2B 16 29 4E 6F 74 20 56 61 6C 69 64 61 74 65 0+.)Not Validate0010: 64 20 46 6F 72 20 53 75 6E 20 42 75 73 69 6E 65 d For Sun Busine
0020: 73 73 20 4F 70 65 72 61 74 69 6F 6E 73 ss Operations
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 72 C1 27 C2 5C 7E D2 8A 39 B8 14 D9 20 8D 6D C6 r.'.\...9... .m.
0010: 7E 34 FC 86 BD 16 30 2E B9 18 05 F9 83 BA FD 43 .4....0........C
0020: 65 E4 48 85 CC 00 C6 19 FC D4 DC E2 ED DC BE F8 e.H.............
0030: 33 65 36 AC AC 32 FD 1E 9C 93 E4 08 FF 1D DD D5 3e6..2..........
0040: AB 81 45 FE AE 5B 0D 90 1E CC 1D 33 CB 56 24 BB ..E..[.....3.V$.
0050: 4D 43 0E 7B B0 EE 04 6B 4F DB 04 3C FB 4E C0 29 MC.....kO..<.N.)
0060: 64 AF 1B E8 9D 22 F0 37 8E 4B A0 19 AC 58 8A A5 d....".7.K...X..
0070: F7 CA 58 B3 D8 7F 36 5C A9 1B A6 7D 13 C7 CF 2E ..X...6\........
0080: 83 4A E0 15 98 1C 0A AD 12 31 7E BC 7B 81 90 B0 .J.......1......
0090: 13 7D 49 D7 FD 17 B0 BE 56 F8 AB 98 33 D9 D3 3E ..I.....V...3..>
00A0: C2 E8 44 7B 29 6D 79 4F A4 88 22 7D 45 3F B4 D8 ..D.)myO..".E?..
00B0: 09 D3 6C 14 13 EC 36 57 FF CE 04 C4 9B 2C 2C CE ..l...6W.....,,.
00C0: 15 0C F3 1A 5E 21 86 A8 E4 BB CA 8B 9B 5E A1 EC ....^!.......^..
00D0: A3 30 2A 36 25 5A BA 91 DF 6E E3 4D 72 BC 41 F8 .0*6%Z...n.Mr.A.
00E0: 25 30 E2 CD 34 7A 08 19 59 19 61 BA 53 FD 1C 2C %0..4z..Y.a.S..,
00F0: 7F EA 38 BA C9 38 0B D3 8D 01 DF 1C 11 CB 3E BB ..8..8........>.
adding as trusted cert: [
Version: V3
Subject: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@551f60
Validity: [From: Wed Jun 01 17:00:00 PDT 2005,
To: Mon Jun 01 16:59:59 PDT 2015]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 4fa13003 7f5dfd64 3fb367fb af699e7c ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US]
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 30 29 A0 27 A0 25 86 23 68 74 74 70 .-0+0).'.%.#http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2D 67 32 2E 63 72 6C com/pca3-g2.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-2048-142]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
Algorithm: [SHA1withRSA]
Signature:
0000: B7 5A 35 83 75 74 8B E1 62 92 86 30 A2 4E 5B 21 .Z5.ut..b..0.N[!
0010: FD 3D 2B 91 A1 AC 98 5E 5F 6A D2 51 BE 27 68 67 .=+....^_j.Q.'hg
0020: 22 C3 FB 69 61 F2 53 00 45 0E 1E E4 A3 DC 27 82 "..ia.S.E.....'.
0030: 5F A8 ED 07 F7 06 73 A1 68 0F 0C E8 4A 66 F4 93 _.....s.h...Jf..
0040: E5 25 50 82 5B DD 2D 9A 2E 55 4E F5 74 3B 90 3B .%P.[.-..UN.t;.;
0050: 40 CA 56 80 87 41 77 17 A3 50 2F 0B 31 15 CC 22 @.V..Aw..P/.1.."
0060: A9 F8 13 DF 4B 77 DB 80 28 80 A9 E0 EF A0 40 0D ....Kw..(.....@.
0070: D7 CF 64 72 8B BC CF 19 9B D9 81 A1 D8 E3 7D 40 ..dr...........@
init context
trigger seeding of SecureRandom
done seeding SecureRandom
postTransaction: creating output stream on connection
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1121389894 bytes = { 177, 208, 214, 162, 50, 118, 129, 69, 14, 124, 134, 197, 180, 112, 220, 185, 218, 97, 213, 180, 222, 100, 98, 105, 221, 111, 135, 84 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 D7 0D 46 B1 D0 D6 A2 32 76 ...7..C..F....2v
0010: 81 45 0E 7C 86 C5 B4 70 DC B9 DA 61 D5 B4 DE 64 .E.....p...a...d
0020: 62 69 DD 6F 87 54 00 00 10 00 05 00 04 00 09 00 bi.o.T..........
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 D7 0D .............C..
0030: 46 B1 D0 D6 A2 32 76 81 45 0E 7C 86 C5 B4 70 DC F....2v.E.....p.
0040: B9 DA 61 D5 B4 DE 64 62 69 DD 6F 87 54 ..a...dbi.o.T
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 4439
*** ServerHello, v3.1
RandomCookie: GMT: 5338 bytes = { 145, 99, 82, 205, 255, 74, 235, 252, 50, 27, 190, 156, 21, 12, 30, 236, 206, 196, 74, 65, 93, 217, 213, 118, 179, 227, 8, 118 }
Session ID: {10, 116, 131, 159, 53, 168, 226, 227, 34, 25, 222, 197, 123, 128, 250, 118, 2, 72, 46, 147, 155, 118, 230, 164, 82, 24, 206, 76, 155, 96, 72, 120}
Cipher Suite: { 0, 5 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 00 00 15 DA 91 63 52 CD FF 4A ...F.......cR..J
0010: EB FC 32 1B BE 9C 15 0C 1E EC CE C4 4A 41 5D D9 ..2.........JA].
0020: D5 76 B3 E3 08 76 20 0A 74 83 9F 35 A8 E2 E3 22 .v...v .t..5..."
0030: 19 DE C5 7B 80 FA 76 02 48 2E 93 9B 76 E6 A4 52 ......v.H...v..R
0040: 18 CE 4C 9B 60 48 78 00 05 00 ..L.`Hx...
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=rdns-alpha.sun.com, OU=Class C, O=Sun Microsystems Inc, L=Broomfield, ST=Colorado, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a2d64
Validity: [From: Sun Nov 20 16:00:00 PST 2005,
To: Tue Nov 21 15:59:59 PST 2006]
Issuer: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
SerialNumber: [ 6702ab4c 00bfe850 3a0eb9a9 1ca380eb ]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 45 7D F2 17 01 02 2F 0D C6 89 E8 A7 63 A0 D6 B6 E...../.....c...
0010: 13 3F 8C A8 .?..
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 72 30 70 30 6E A0 6C A0 6A 86 68 68 74 74 70 .r0p0n.l.j.hhttp
0010: 3A 2F 2F 53 56 52 43 33 53 65 63 75 72 65 53 75 ://SVRC3SecureSu
0020: 6E 4D 69 63 72 6F 73 79 73 74 65 6D 73 2D 4D 50 nMicrosystems-MP
0030: 4B 49 2D 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E KI-crl.verisign.
0040: 63 6F 6D 2F 53 75 6E 4D 69 63 72 6F 73 79 73 74 com/SunMicrosyst
0050: 65 6D 73 49 6E 63 43 6C 61 73 73 43 55 6E 69 66 emsIncClassCUnif
0060: 69 65 64 2F 4C 61 74 65 73 74 43 52 4C 53 72 76 ied/LatestCRLSrv
0070: 2E 63 72 6C .crl
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 2B 1A 29 4E 6F 74 20 56 61 6C 69 64 61 74 65 0+.)Not Validate0010: 64 20 46 6F 72 20 53 75 6E 20 42 75 73 69 6E 65 d For Sun Busine
0020: 73 73 20 4F 70 65 72 61 74 69 6F 6E 73 ss Operations
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 08 EA E4 7E FB 1B A6 4D DC EA BE 44 44 0E 9E 97 .......M...DD...
0010: BC B3 4A 85 39 4A AF B0 7F AB CB C4 9F C4 11 90 ..J.9J..........
0020: C6 0F FC C5 D0 41 4E 87 C8 93 1A 27 8F F4 7A 26 .....AN....'..z&
0030: A8 26 DE 52 D9 0A CC 78 5E 55 21 04 D9 C6 B2 22 .&.R...x^U!...."
0040: C5 18 EA 19 EF C0 EA F3 C0 95 B0 6C DB 16 E7 B8 ...........l....
0050: 9D 22 06 50 E1 70 19 71 C0 8E 9D 0C AD 6E 11 AE .".P.p.q.....n..
0060: C6 DE 7E 54 9F 39 48 9C E8 3E F3 1B 1D 1B 00 5B ...T.9H..>.....[
0070: F5 DB 63 CE 16 07 3A 70 B0 FB AF 8D 82 9B DD 58 ..c...:p.......X
0080: 57 AC 33 9C 2D D4 CE 76 51 7E 4F 9E EA 59 90 B0 W.3.-..vQ.O..Y..
0090: 91 A7 A8 E0 F9 F6 E0 4B 1E 24 51 92 E0 31 43 E4 .......K.$Q..1C.
00A0: 70 6E 7D E9 13 93 84 E9 1C 88 CC 85 72 55 91 13 pn..........rU..
00B0: 33 4C 91 45 13 32 D0 F1 72 82 E1 A9 F3 6E 7F FD 3L.E.2..r....n..
00C0: 73 38 D8 8D 04 70 DB 28 E0 5D A1 17 20 06 B8 83 s8...p.(.].. ...
00D0: FE 80 37 55 32 77 12 BF DC FC 2D E5 6B EE C8 23 ..7U2w....-.k..#
00E0: 89 1F D4 53 51 EE 36 ED 68 26 0D B7 A3 3C E2 9C ...SQ.6.h&...<..
00F0: E5 B3 61 96 BD 6B 37 A0 7E 15 76 29 EB 97 5B E8 ..a..k7...v)..[.
chain [1] = [
Version: V3
Subject: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@89cf1e
Validity: [From: Wed Jun 01 17:00:00 PDT 2005,
To: Mon Jun 01 16:59:59 PDT 2015]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 4fa13003 7f5dfd64 3fb367fb af699e7c ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US]
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 30 29 A0 27 A0 25 86 23 68 74 74 70 .-0+0).'.%.#http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2D 67 32 2E 63 72 6C com/pca3-g2.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-2048-142]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
Algorithm: [SHA1withRSA]
Signature:
0000: B7 5A 35 83 75 74 8B E1 62 92 86 30 A2 4E 5B 21 .Z5.ut..b..0.N[!
0010: FD 3D 2B 91 A1 AC 98 5E 5F 6A D2 51 BE 27 68 67 .=+....^_j.Q.'hg
0020: 22 C3 FB 69 61 F2 53 00 45 0E 1E E4 A3 DC 27 82 "..ia.S.E.....'.
0030: 5F A8 ED 07 F7 06 73 A1 68 0F 0C E8 4A 66 F4 93 _.....s.h...Jf..
0040: E5 25 50 82 5B DD 2D 9A 2E 55 4E F5 74 3B 90 3B .%P.[.-..UN.t;.;
0050: 40 CA 56 80 87 41 77 17 A3 50 2F 0B 31 15 CC 22 @.V..Aw..P/.1.."
0060: A9 F8 13 DF 4B 77 DB 80 28 80 A9 E0 EF A0 40 0D ....Kw..(.....@.
0070: D7 CF 64 72 8B BC CF 19 9B D9 81 A1 D8 E3 7D 40 ..dr...........@
chain [2] = [
Version: V1
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@7ce4e7
Validity: [From: Sun May 17 17:00:00 PDT 1998,
To: Tue Aug 01 16:59:59 PDT 2028]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
Algorithm: [SHA1withRSA]
Signature:
0000: 51 4D CD BE 5C CB 98 19 9C 15 B2 01 39 78 2E 4D QM..\.......9x.M
0010: 0F 67 70 70 99 C6 10 5A 94 A4 53 4D 54 6D 2B AF .gpp...Z..SMTm+.
0020: 0D 5D 40 8B 64 D3 D7 EE DE 56 61 92 5F A6 C4 1D .]@.d....Va._...
0030: 10 61 36 D3 2C 27 3C E8 29 09 B9 11 64 74 CC B5 .a6.,'<.)...dt..
0040: 73 9F 1C 48 A9 BC 61 01 EE E2 17 A6 0C E3 40 08 s..H..a.......@.
0050: 3B 0E E7 EB 44 73 2A 9A F1 69 92 EF 71 14 C3 39 ;...Ds*..i..q..9
0060: AC 71 A7 91 09 6F E4 71 06 B3 BA 59 57 26 79 00 .q...o.q...YW&y.
0070: F6 F8 0D A2 33 30 28 D4 AA 58 A0 9D 9D 69 91 FD ....30(..X...i..
stop on trusted cert: [
Version: V3
Subject: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@89cf1e
Validity: [From: Wed Jun 01 17:00:00 PDT 2005,
To: Mon Jun 01 16:59:59 PDT 2015]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 4fa13003 7f5dfd64 3fb367fb af699e7c ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US]
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 30 29 A0 27 A0 25 86 23 68 74 74 70 .-0+0).'.%.#http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2D 67 32 2E 63 72 6C com/pca3-g2.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-2048-142]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
Algorithm: [SHA1withRSA]
Signature:
0000: B7 5A 35 83 75 74 8B E1 62 92 86 30 A2 4E 5B 21 .Z5.ut..b..0.N[!
0010: FD 3D 2B 91 A1 AC 98 5E 5F 6A D2 51 BE 27 68 67 .=+....^_j.Q.'hg
0020: 22 C3 FB 69 61 F2 53 00 45 0E 1E E4 A3 DC 27 82 "..ia.S.E.....'.
0030: 5F A8 ED 07 F7 06 73 A1 68 0F 0C E8 4A 66 F4 93 _.....s.h...Jf..
0040: E5 25 50 82 5B DD 2D 9A 2E 55 4E F5 74 3B 90 3B .%P.[.-..UN.t;.;
0050: 40 CA 56 80 87 41 77 17 A3 50 2F 0B 31 15 CC 22 @.V..Aw..P/.1.."
0060: A9 F8 13 DF 4B 77 DB 80 28 80 A9 E0 EF A0 40 0D ....Kw..(.....@.
0070: D7 CF 64 72 8B BC CF 19 9B D9 81 A1 D8 E3 7D 40 ..dr...........@
[read] MD5 and SHA1 hashes: len = 3479
0000: 0B 00 0D 93 00 0D 90 00 05 0A 30 82 05 06 30 82 ..........0...0.
0010: 03 EE A0 03 02 01 02 02 10 67 02 AB 4C 00 BF E8 .........g..L...
0020: 50 3A 0E B9 A9 1C A3 80 EB 30 0D 06 09 2A 86 48 P:.......0...*.H
0030: 86 F7 0D 01 01 05 05 00 30 81 8E 31 1D 30 1B 06 ........0..1.0..
0040: 03 55 04 0A 13 14 53 75 6E 20 4D 69 63 72 6F 73 .U....Sun Micros
0050: 79 73 74 65 6D 73 20 49 6E 63 31 1F 30 1D 06 03 ystems Inc1.0...
0060: 55 04 0B 13 16 56 65 72 69 53 69 67 6E 20 54 72 U....VeriSign Tr
0070: 75 73 74 20 4E 65 74 77 6F 72 6B 31 26 30 24 06 ust Network1&0$.
0080: 03 55 04 0B 13 1D 43 6C 61 73 73 20 33 20 4D 50 .U....Class 3 MP
0090: 4B 49 20 53 65 63 75 72 65 20 53 65 72 76 65 72 KI Secure Server
00A0: 20 43 41 31 24 30 22 06 03 55 04 03 13 1B 53 75 CA1$0"..U....Su
00B0: 6E 20 4D 69 63 72 6F 73 79 73 74 65 6D 73 20 49 n Microsystems I
00C0: 6E 63 20 53 53 4C 20 43 41 30 1E 17 0D 30 35 31 nc SSL CA0...051
00D0: 31 32 31 30 30 30 30 30 30 5A 17 0D 30 36 31 31 121000000Z..0611
00E0: 32 31 32 33 35 39 35 39 5A 30 81 83 31 0B 30 09 21235959Z0..1.0.
00F0: 06 03 55 04 06 13 02 55 53 31 11 30 0F 06 03 55 ..U....US1.0...U
0100: 04 08 13 08 43 6F 6C 6F 72 61 64 6F 31 13 30 11 ....Colorado1.0.
0110: 06 03 55 04 07 14 0A 42 72 6F 6F 6D 66 69 65 6C ..U....Broomfiel
0120: 64 31 1D 30 1B 06 03 55 04 0A 14 14 53 75 6E 20 d1.0...U....Sun
0130: 4D 69 63 72 6F 73 79 73 74 65 6D 73 20 49 6E 63 Microsystems Inc
0140: 31 10 30 0E 06 03 55 04 0B 14 07 43 6C 61 73 73 1.0...U....Class
0150: 20 43 31 1B 30 19 06 03 55 04 03 14 12 72 64 6E C1.0...U....rdn
0160: 73 2D 61 6C 70 68 61 2E 73 75 6E 2E 63 6F 6D 30 s-alpha.sun.com0
0170: 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 ..0...*.H.......
0180: 00 03 81 8D 00 30 81 89 02 81 81 00 E3 8A 2F 46 .....0......../F
0190: 49 FD 71 6B 5E F3 72 64 22 25 36 06 D0 B7 AC 28 I.qk^.rd"%6....(
01A0: 28 30 0D 34 66 56 22 63 40 F9 8C 1B 9A 54 1C 5B (0.4fV"[email protected].[
01B0: 76 FF 1A D7 18 D3 5A 39 A5 C6 67 8C B0 B0 99 C6 v.....Z9..g.....
01C0: 32 6C 18 FF E3 61 EF 31 DE D6 0C 76 BE 6D CA C4 2l...a.1...v.m..
01D0: 2B A7 84 A7 47 E3 E2 2F 5E 71 02 8E 03 89 B7 66 +...G../^q.....f
01E0: 9C 53 5B C5 81 81 41 E8 82 2F B4 DA 9E 4D 41 C7 .S[...A../...MA.
01F0: E8 05 43 EC BA F6 1C 26 F2 CF 07 9A 5C A2 D2 B9 ..C....&....\...
0200: AB 3C 91 6A 90 DE 0D 58 B8 0B 57 AB 02 03 01 00 .<.j...X..W.....
0210: 01 A3 82 01 EB 30 82 01 E7 30 09 06 03 55 1D 13 .....0...0...U..
0220: 04 02 30 00 30 1D 06 03 55 1D 0E 04 16 04 14 45 ..0.0...U......E
0230: 7D F2 17 01 02 2F 0D C6 89 E8 A7 63 A0 D6 B6 13 ...../.....c....
0240: 3F 8C A8 30 1F 06 03 55 1D 23 04 18 30 16 80 14 ?..0...U.#..0...
0250: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0260: 17 F9 01 FA 30 0E 06 03 55 1D 0F 01 01 FF 04 04 ....0...U.......
0270: 03 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 ....0...U.%..0..
0280: 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 .+.........+....
0290: 07 03 02 30 81 B9 06 03 55 1D 20 04 81 B1 30 81 ...0....U. ...0.
02A0: AE 30 39 06 0B 60 86 48 01 86 F8 45 01 07 17 03 .09..`.H...E....
02B0: 30 2A 30 28 06 08 2B 06 01 05 05 07 02 01 16 1C 0*0(..+.........
02C0: 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 72 69 https://www.veri
02D0: 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 30 71 06 0B sign.com/rpa0q..
02E0: 60 86 48 01 86 F7 00 83 7D 9C 3F 30 62 30 27 06 `.H.......?0b0'.
02F0: 08 2B 06 01 05 05 07 02 01 16 1B 68 74 74 70 73 .+.........https
0300: 3A 2F 2F 77 77 77 2E 73 75 6E 2E 63 6F 6D 2F 70 ://www.sun.com/p
0310: 6B 69 2F 63 70 73 30 37 06 08 2B 06 01 05 05 07 ki/cps07..+.....
0320: 02 02 30 2B 1A 29 4E 6F 74 20 56 61 6C 69 64 61 ..0+.)Not Valida
0330: 74 65 64 20 46 6F 72 20 53 75 6E 20 42 75 73 69 ted For Sun Busi
0340: 6E 65 73 73 20 4F 70 65 72 61 74 69 6F 6E 73 30 ness Operations0
0350: 79 06 03 55 1D 1F 04 72 30 70 30 6E A0 6C A0 6A y..U...r0p0n.l.j
0360: 86 68 68 74 74 70 3A 2F 2F 53 56 52 43 33 53 65 .hhttp://SVRC3Se
0370: 63 75 72 65 53 75 6E 4D 69 63 72 6F 73 79 73 74 cureSunMicrosyst
0380: 65 6D 73 2D 4D 50 4B 49 2D 63 72 6C 2E 76 65 72 ems-MPKI-crl.ver
0390: 69 73 69 67 6E 2E 63 6F 6D 2F 53 75 6E 4D 69 63 isign.com/SunMic
03A0: 72 6F 73 79 73 74 65 6D 73 49 6E 63 43 6C 61 73 rosystemsIncClas
03B0: 73 43 55 6E 69 66 69 65 64 2F 4C 61 74 65 73 74 sCUnified/Latest
03C0: 43 52 4C 53 72 76 2E 63 72 6C 30 34 06 08 2B 06 CRLSrv.crl04..+.
03D0: 01 05 05 07 01 01 04 28 30 26 30 24 06 08 2B 06 .......(0&0$..+.
03E0: 01 05 05 07 30 01 86 18 68 74 74 70 3A 2F 2F 6F ....0...http://o
03F0: 63 73 70 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D csp.verisign.com
0400: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0410: 82 01 01 00 08 EA E4 7E FB 1B A6 4D DC EA BE 44 ...........M...D
0420: 44 0E 9E 97 BC B3 4A 85 39 4A AF B0 7F AB CB C4 D.....J.9J......
0430: 9F C4 11 90 C6 0F FC C5 D0 41 4E 87 C8 93 1A 27 .........AN....'
0440: 8F F4 7A 26 A8 26 DE 52 D9 0A CC 78 5E 55 21 04 ..z&.&.R...x^U!.
0450: D9 C6 B2 22 C5 18 EA 19 EF C0 EA F3 C0 95 B0 6C ..."...........l
0460: DB 16 E7 B8 9D 22 06 50 E1 70 19 71 C0 8E 9D 0C .....".P.p.q....
0470: AD 6E 11 AE C6 DE 7E 54 9F 39 48 9C E8 3E F3 1B .n.....T.9H..>..
0480: 1D 1B 00 5B F5 DB 63 CE 16 07 3A 70 B0 FB AF 8D ...[..c...:p....
0490: 82 9B DD 58 57 AC 33 9C 2D D4 CE 76 51 7E 4F 9E ...XW.3.-..vQ.O.
04A0: EA 59 90 B0 91 A7 A8 E0 F9 F6 E0 4B 1E 24 51 92 .Y.........K.$Q.
04B0: E0 31 43 E4 70 6E 7D E9 13 93 84 E9 1C 88 CC 85 .1C.pn..........
04C0: 72 55 91 13 33 4C 91 45 13 32 D0 F1 72 82 E1 A9 rU..3L.E.2..r...
04D0: F3 6E 7F FD 73 38 D8 8D 04 70 DB 28 E0 5D A1 17 .n..s8...p.(.]..
04E0: 20 06 B8 83 FE 80 37 55 32 77 12 BF DC FC 2D E5 .....7U2w....-.
04F0: 6B EE C8 23 89 1F D4 53I am having the same problem , did you ever found the solution for this. I am getting an error " .... no IV for cipher". I am trying to do the Client Authentication to IIS from Java client.
Any help is greatly appreciated.
Thanks -
Unable to get 'InitialContext' using Java Client in Oracle App 10.0.2.0
Scenario & Problem Description: Unable to get 'Initial Context' using Simple Java Client in Oracle Application Server 10.0.2.0
I'm having an issue while I try to initialize the Initial Context for an EJB lookup from a simple Java Client [local lookup], but the same code snippet works fine when I try from Servlet. I have enclosed the Exception Stack Trace and the Code Snippet for your reference.
1. .NET Client ---> Servlet --> LookupUtility --> EJB --> DB - Issue
2. .NET Client ---> Servlet --> EJB --> DB - Works
Exception: java.lang.InstantiationException: Error communicating with server: Lookup error: javax.naming.AuthenticationException: Invalid username/password for Config (guest); nested exception is: nested exception is: Exception in InitialContext: javax.naming.NamingException: Lookup error: javax.naming.AuthenticationException: Invalid username/password for Config (guest) at com.evermind.server.ApplicationClientInitialContextFactory.getInitialContext(ApplicationClientInitialContextFactory.java:149)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at com.seagate.edcs.config.util.LookupUtility.getInitialContext(LookupUtility.java:123)
at com.seagate.edcs.config.util.LookupUtility.getConfiguration (LookupUtility.java:69)
at com.seagate.edcs.config.util.LookupUtility.main(LookupUtility.java:135)
Code Snippet:
* This method returns the Configuration for the properties set.
public ArrayList getConfiguration ( ) throws Exception {
ArrayList arrayList = null;
try {
Context context = getInitialContext();
System.out.println("Context : " + context);
Object home = context.lookup("java:comp/env/ejb/com.seagate.edcs.config.ejb.ConfigSessionEJBHome");
System.out.println("Object home : " + home);
ConfigSessionEJBHome configSessionEJBHome = (ConfigSessionEJBHome)PortableRemoteObject.narrow(home, ConfigSessionEJBHome.class);
System.out.println("ConfigSessionEJBHome configSessionEJBHome : " + configSessionEJBHome);
ConfigSessionEJB configSessionEJB =(ConfigSessionEJB)PortableRemoteObject.narrow(configSessionEJBHome.create(), ConfigSessionEJB.class);
System.out.println("ConfigSessionEJB configSessionEJB : " + configSessionEJB);
arrayList = configSessionEJB.getAllConfig();
System.out.println("Context : " + context);
} catch (Exception ex) {
System.out.println("Exception Occured");
throw ex;
return arrayList;
* Get an initial context from the JNDI tree.
private Context getInitialContext() throws NamingException {
try {
Hashtable hashtable = new Hashtable();
hashtable.put("java.naming.factory.initial", "com.evermind.server.ApplicationClientInitialContextFactory");
hashtable.put("java.naming.provider.url", "ormi://seagate.mil-shivas-270.am.ad.seagate.com/home"); // if we won't specify the port, it considers the default port
hashtable.put("java.naming.security.principal","ias_admin");
hashtable.put("java.naming.security.credentials","ias123");
return new InitialContext(hashtable);
} catch (NamingException ne) {
System.out.println("Exception in InitialContext.");
throw ne;
Note:
1. The user "ias_admin" & password "ias123" are the credential provided for the 'Admin' while installing the Oracle App Server and using these credentials I'm able to bring the Admin Console. Also, added new user 'guest/guest' - assigned this user to the 'admin' group ...
2. Since its a local lookup, there is no need to specify the credentials, but at runtime a dialog box pops up prompting to enter the 'userid/password' and when I enter the crendtials, I get the exception as stated. [In case of Servlet - EJB lookup, I'm not specifying any credentials]
Are there are any configuration parameters which I need to provide in any of the .xml? Could you please let me know the fix for the same.
Regards,
Kafeel/-Please use the OS {forum:id=210}
-
401 Error on Consuming SharePoint Versions Web Service by java client running on Unix Machine
In my organiszation I have sharepoint site of our project. I have a java client to consume Versions Web Service offered by SharePoint. The response received from web service without any issue when triggered from a client running on windows machine on
intranet.
When same java client ran from UNIX server on same intranet, it gives 401 error. Is there some different approach required for authentication while connecting from unix machine?
Thanks in advance.Hello,
Are you passing credential in code? If not then try to add using networkcredential.
If you are passing then make sure that current user is having access on SP site and your javaserver is setup for NTLM security. Here is few links for same issue which could help you troubleshoot the issue
http://stackoverflow.com/questions/8884152/ntlm-fails-when-consuming-sharepoint-web-service-from-java
http://www.pentalogic.net/sharepoint-products/reminder/reminder-manual?p=troubleshooting%2F401errors%2F401errors.htm
Hope it could help
Hemendra:Yesterday is just a memory,Tomorrow we may never see<br/> Please remember to mark the replies as answers if they help and unmark them if they provide no help -
Help required for ---- Java Client -- XI -- R/3
Hello,
*My Java Client is on Server A. My XI is on server B. I had wsdl (webservice) with me .*
How to call wsdl (webservice) from Java Client that is on Server A to XI that is on server B.
Pls help
RegardsGood Morning Prateek,
I have tested with Altoval XML spy . It is working fine.
Altoval XML spy (on my local machine) -- XI -- R/3.
Now instead of xml spy I want java client -- XI -- R/3 with scanerio that javal client is on server A and XI on server B.
2. For that request parameter (O/B Interface) I have made wsdl (webservice) through XI .
After making wsdl it ask to save that wsdl.I have saved that wsdl currently
in my local machine.
3.How to call this wsdl (webservice) from Java Client that is on Server A to XI that is on server B.
Pls explain me the all the steps in detail and also send me links/docs for it.
Regards -
Java client failing to connect to web service - help!!
Hi
I have created a Web service using ASP Web Matrix, which currently resides on my C drive in c:\Service6\HelloWorld.asmx.
The service can be tested from a browser on my local machine by calling: http://localhost/Service6/HelloWorld.asmx. This works fine, i.e. it takes a string as a parameter and returns an amended string.
When I try to access this from a Java client I created in Netbeans, however, I get the following error message:
Server did not recognize the value of HTTP Header SOAPAction: sayHiya.
at System.Web.Services.Protocols.Soap11ServerProtocolHelper.RouteRequest()
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)
Can anyone advise what I am doing wrong?
[nb. I have spent over a week trying to sort this, so I have tried!!)
The code for the client follows:-
// The Axis package is used to generate and handle the SOAP call
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import org.apache.axis.encoding.XMLType;
// The rpc package is used to create the RPC call
import javax.xml.namespace.QName;
import javax.xml.rpc.NamespaceConstants;
// The java.net package gives a URL class
import java.net.URL;
public class HelloWorldClient {
/** Creates a new instance of HiyaClient */
public static void main(String[] args)
try
String endpoint = "http://localhost/Service6/HelloWorld.asmx";
Service service = new Service();
Call call = (Call) service.createCall();
// Configure the call
call.setTargetEndpointAddress(new URL(endpoint));
call.setSOAPActionURI("sayHello");
call.setEncodingStyle(NamespaceConstants.NSURI_SOAP_ENCODING);
call.setOperationName(new QName("urn:HelloWorld", "sayHello"));
//call.setReturnType(XMLType.XSD_STRING);
System.out.println("**Works to here**");
//Invoke the call
String result = (String) call.invoke(new Object[] { "Diane" });
System.out.println("Sent 'Diane', got '" + result + "'");
catch(Exception e)
System.err.println(e.toString());Hiya, did try that - tried
"http://localhost:8080/HelloWorld.asmx" and
"http://localhost:8080/Service6/HelloWorld.asmx" and it still didn't work.
Thanks anyway.
Anyone else got any bright ideas?
Maybe you are looking for
-
I recently changed my email address for the Apple Id and it was accepted but now when the App store comes up it still shows my old email address and no password will work. iCloud and Facetime are fine. Don't know why it stays there or how to alter
-
IPhone activation lock problem please help
My friend has bougth an iPhone 5 with iOS 7 through OLX . OLX is a website like craiglist where people buy there products directly to sellers. iPhone 5 when he bougth was good and was in working condition. He bougth it yesterday.But suddenly in the n
-
Can Someone explain warranty options
I'm not sure if this is specific to the Canadian site or not, but the Thinkpad waranty options are very confusing. For instance: ThinkPlus 2 Year EasyServ Total for 1 Year EasyServ ThinkPad ThinkPlus 3 Year EasyServ Total for 1 Year EasyServ ThinkPa
-
Print out a traingle of asterisks in GUI
Was wondering if anyone knew how I can get the code below coverted to a GUI, or JOption MEssageDialog, to print a trangle of stars in the GUI wondow? This code here needs to be converted: for (count = 1; count <= blanks; count++) System.out.prinln("
-
Hi Experts, I want to write a Java application, which would acess the SAP Knowledge Managemnet i want to build the functionality like Uploading/Downloading a documet into KM Creating a Folder in KM Does the KMApi will be useful in this application Pl