JSSE 1.0.2 Problem
Hi,
I tried to install the JavaTM Secure Socket Extension 1.0.2 but when I issue the command:
java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol. Then, I got the below error. I added these two lines to java.security:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
Any idea about this?
Thanks!
Ben
C:\>java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
Usage: java [-options] class [args...]
(to execute a class)
or java -jar [-options] jarfile [args...]
(to execute a jar file)
where options include:
-hotspot to select the "hotspot" VM
-server to select the "server" VM
-classic to select the "classic" VM
If present, the option to select the VM must be first.
The default VM is -hotspot.
-cp -classpath <directories and zip/jar files separated by ;>
set search path for application classes and resources
-D<name>=<value>
set a system property
-verbose[:class|gc|jni]
enable verbose output
-version print product version and exit
-showversion print product version and continue
-? -help print this help message
-X print help on non-standard options
You did not specify any class or jar file to run only set a system property.
Similar Messages
-
Why does Firefox hang when accessing SSL content on Oracle 10.3.6 WebLogic with JSSE enabled?
For several weeks we have been working with Oracle support to find out why our Firefox browser hangs for 20-30 seconds when connecting to SSL content on 10.3.6 WebLogic only when JSSE is enabled. It occurs when first attempting to connect to an enterprise WebLogic deployment. When JSSE is disabled the problem does not occur but JSSE must be enabled on WebLogic for our configuration. The problem also does 'not' occur when JSSE is enabled when using IE (8). In 10.3.5 WebLogic, the issue does not occur with Firefox but 10.3.6 is our preferred version and this is a major issue for us.
For the Firefox version, we used version 18 and 17 with no difference. Thanks for your help.Hi,
I did remove the entry and restarted the managed server, but nodemanager added the option again.
Regarding startup.properties, it doesn't have any ssl configuration:
Server startup properties
#Fri Apr 24 11:54:54 CDT 2015
Arguments=-Xms1024m -Xmx1024m -XX\:UseConcMarkSweepGC -Djava.net.perferIPv4Stack\=false -Dweblogic.ssl.JSSEEnabled\=false
SSLArguments=-Dweblogic.security.SSL.ignoreHostnameVerification\=false -Dweblogic.ReverseDNSAllowed\=false
RestartMax=2
RestartDelaySeconds=0
RestartInterval=3600
AdminURL=http\://wlserver\:7001
AutoRestart=true
AutoKillIfFailed=false -
I write a NIO Server program with SSL(JSSE).I encount some problem in here.
SSLEngineResult res = sslEngine.wrap(////);
HandshakeStatus hs = res.getHandshakeStatus();
HandshakeStatus hs2 = engine.getHandshakeStatus();
in my program ,hs = FINISH but hs2=NOT_HANDSHAKE,why it isn't same value? and why my program get a NOT_HANDSHAKE status?
my program :
package cn.com.infosec.isfw2.sfw;
import java.io.EOFException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLEngineResult.Status;
import com.sun.corba.se.pept.transport.OutboundConnectionCache;
import cn.com.infosec.isfw2.impl.DefaultProtocolHandler;
public class SSLSession extends SocketSession {
private SocketChannel channel;
private IOFilterChain filters;
private ByteBuffer buffer = null;
private Selector selector;
// private HashMap<String, Object> attributes;
private SSLEngine sslEngine;
private ProtocolHandler protocolHandler = null;
private ByteBuffer inNetBuffer;
private ByteBuffer outNetBuffer;
// * Applicaton cleartext data to be read by application
// private IoBuffer appBuffer;
* Empty buffer used during initial handshake and close operations
private final ByteBuffer emptyBuffer = ByteBuffer.allocate(0);
private SSLEngineResult.HandshakeStatus handshakeStatus;
private boolean initialHandshakeComplete;
private boolean handshakeComplete;
public SSLSession(SocketChannel channel, Selector sel, IOFilterChain chain) {
super(channel, sel, chain);
this.channel = channel;
this.filters = chain;
this.selector = sel;
buffer = null;
// attributes = null;
filters.SessionCreate(this);
System.out.println("----create ssl session--------");
System.out.println("create session,channel=" + this.channel);
public void read() throws IOException {
if (buffer == null) {
buffer = ByteBuffer.allocate(8192);
if (buffer.position() == buffer.capacity()) {
adjustBuffer(2 * buffer.capacity());
int readbytes = 0;
int ret = 0;
while (true) {
ret = read0();
System.out.println("buffer=" + buffer);
if (ret > 0) {
readbytes += ret;
if (buffer.position() == buffer.capacity()) {
adjustBuffer(2 * buffer.capacity());
System.out.println(Thread.currentThread().getName()
+ " session " + this + " channel " + channel
+ " buffer=" + buffer + " buffer is full " + " "
+ System.nanoTime());
} else if (ret == 0) {
break;
} else {
throw new EOFException("peer connection close.");
if (protocolHandler == null) {
protocolHandler = new DefaultProtocolHandler();
if (protocolHandler.isAllDataRecved(buffer)) {
final SocketSession s = this;
try {
Runnable r = new Runnable() {
public void run() {
filters.DataReceived(s);
System.out.println(channel.socket().getInetAddress());
//if(channel.socket().getInetAddress().isAnyLocalAddress()){
Socket s1 = channel.socket();
if (s1.getInetAddress().isLoopbackAddress()) {
System.out.println("---is local----");
new Thread(r).start();
} else {
ExcuterManager.parserExe.execute(r);
} catch (Throwable e) {
this.close();
} else {
continueRead();
public SocketChannel getChannel() {
return channel;
public ByteBuffer getBuffer() {
return buffer;
public void continueRead() throws IOException {
channel.register(selector, SelectionKey.OP_READ, this);
public void adjustBuffer(int len) {
if (len > buffer.position()) {
ByteBuffer newBuffer = ByteBuffer.allocate(len);
buffer.flip();
newBuffer.put(buffer);
buffer = newBuffer;
// public void sendData(ByteBuffer buff) throws IOException{
// buffer.clear();
// continueRead();
// OutputWriter.flushChannel(channel, buff);
public ProtocolHandler getProtocolHandler() {
return protocolHandler;
public void setProtocolHandler(ProtocolHandler protocolHandler) {
this.protocolHandler = protocolHandler;
public void close() {
buffer = null;
filters = null;
try {
channel.close();
} catch (Throwable e) {
channel = null;
selector = null;
protocolHandler = null;
// attributes = null;
public void setSslc(SSLContext sslc) {
this.sslEngine = sslc.createSSLEngine();
System.out.println("setsslc,sslengine=" + sslEngine);
sslEngine.setUseClientMode(false);
sslEngine.setNeedClientAuth(false);
sslEngine.setWantClientAuth(false);
// SSLSession session1 = sslEngine.getSession();
//ByteBuffer myAppData = ByteBuffer.allocate(sslEngine.getSession().getApplicationBufferSize());
ByteBuffer myNetData = ByteBuffer.allocate(sslEngine.getSession().getPacketBufferSize());
ByteBuffer peerNetData = ByteBuffer.allocate(sslEngine.getSession().getPacketBufferSize());
try {
doHandshake(channel,sslEngine,myNetData,peerNetData);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
HandshakeStatus hs = sslEngine.getHandshakeStatus();
System.out.println("in setsslcontext,shakehand status=" + hs);
//writingEncryptedData = false;
public SSLEngine getSslEngine() {
return sslEngine;
public int read0() throws IOException {
int dd = channel.read(inNetBuffer);
SSLEngineResult res = sslEngine.unwrap(inNetBuffer, buffer);
System.out.println("in read0,status=" + res);
return dd;
public void sendData(ByteBuffer buff) throws IOException {
//sslEngine.wrap(buff, outNetBuffer);
OutputWriter.flushChannel(channel, outNetBuffer);
void doHandshake(SocketChannel socketChannel, SSLEngine engine,
ByteBuffer myNetData, ByteBuffer peerNetData) throws Exception {
int appBufferSize = engine.getSession().getApplicationBufferSize();
ByteBuffer myAppData = ByteBuffer.allocate(appBufferSize);
ByteBuffer peerAppData = ByteBuffer.allocate(appBufferSize);
// Begin handshake
engine.beginHandshake();
SSLEngineResult.HandshakeStatus hs = engine.getHandshakeStatus();
// Process handshaking message
while ((hs = engine.getHandshakeStatus()) != SSLEngineResult.HandshakeStatus.FINISHED &&
(hs = engine.getHandshakeStatus()) != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
switch (hs) {
case NEED_UNWRAP:
// Receive handshaking data from peer
if (socketChannel.read(peerNetData) < 0) {
// Handle closed channel
// Process incoming handshaking data
peerNetData.flip();
SSLEngineResult res = engine.unwrap(peerNetData, peerAppData);
peerNetData.compact();
hs = res.getHandshakeStatus();
// Check status
switch (res.getStatus()) {
case OK :
// if( hs == SSLEngineResult.HandshakeStatus.FINISHED ){
// break myio;
break;
case BUFFER_OVERFLOW:
System.out.println("---------overflow-------");
break;
case BUFFER_UNDERFLOW:
System.out.println("---------underflow-------");
break;
// Handle other status: BUFFER_UNDERFLOW, BUFFER_OVERFLOW, CLOSED
break;
case NEED_WRAP :
// Empty the local network packet buffer.
myNetData.clear();
// Generate handshaking data
res = engine.wrap(myAppData, myNetData);
hs = res.getHandshakeStatus();
//HandshakeStatus hs2 = engine.getHandshakeStatus();
// Check status
switch (res.getStatus()) {
case OK :
// if( hs == SSLEngineResult.HandshakeStatus.FINISHED ){
// break myio;
myNetData.flip();
// Send the handshaking data to peer
while (myNetData.hasRemaining()) {
if (socketChannel.write(myNetData) < 0) {
// Handle closed channel
break;
// Handle other status: BUFFER_OVERFLOW, BUFFER_UNDERFLOW, CLOSED
break;
case NEED_TASK :
new Thread( sslEngine.getDelegatedTask() ).start();
// Handle blocking tasks
break;
// Handle other status: // FINISHED or NOT_HANDSHAKING
// Processes after handshaking
}I write a NIO Server program with SSL(JSSE).You have tackled a seriously difficult problem.
in my program ,hs = FINISH but hs2=NOT_HANDSHAKEYou mean NOT_HANDSHAKING.
why it isn't same value?Because FINISHED is only delivered once. See the Javadoc. -
How to use Chained Certificates from CA (Thawte) ?
Hi,
I have an application which does the communication over secured channel to another site(Say www.XYZ.com) over internet, for this xyz.com has given a certificate which is used for secured communication. Till the time certificate was self signed certificate i did not have any problem. I use to import certificate in trusted store and use it with the help of JSSE.
Now the problem is xyz.com has given a new certificate, which is chained and issued by Thawte. Now as i understand JDK Does not come with thawte as trusted CA. so we need to add the same in the keystore. The problem i am facing is how do the chain certificates work under JAVA i.e. how the chain of certificates is created in keystore file. When i import CA's self signed certificate as documented in keytool tools documentation this completes without problem. In the documentation theres is a mention regarding importing "Certificate Reply from the CA" but there is no mention about how to import a certificate given by 3rd Party i.e. xyz.com in our case. Is "Certificate Reply from the CA" and certificate from 3rd party the same. or there is some specific way in which we have to do the import to keystore?
Thanks in advance
SachinThank you for taking time to reply, but this is solved now. You are right, need to import all the certificates. So what is did is exported all the certificates which were in chain from IE. Then starting from Root's self signed certificate imported all of them one by one into keystore and then provided this keystore while communication and it works
Thanks once again
Sachin -
Problem in SSL programation client in Weblogic 5.1 using JSSE
How to solve this Exception. When I sent more than 8000 bytes of data in the request weblogic 5.1 in solaris server gives me this error. But the same server and same configuration in Window NT with same SSLClient program does not give any expection even if i send 60000 bytes in the request.
SSLClient Program used given below. How to solve this problem. Any server setting is required.
Exception got in the weblogic server 5.1 in solaris server
weblogic.socket.MaxMessageSizeExceededException: [Incoming HTTP request headers of size 8320 bytes exceeds the configured maximum of 8192 bytes]
at weblogic.socket.MuxableSocketHTTP.incrementBufferOffset(MuxableSocketHTTP.java:111)
at weblogic.socket.SSLFilter.isMessageComplete(SSLFilter.java:195)
at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:361)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:23)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)
SSLClient Program used: JSSE 1.0.2 package is used for SSL
import java.io.*;
import javax.net.ssl.*;
import java.net.*;
import com.sun.net.ssl.*;
import java.security.KeyStore;
public class SSLClient {
public SSLClientCheck()
System.out.println(" SSLClient is instantiated ...");
public String getSSLConnection(String host,String port,String keystorepwd,String truststorepwd,
String keystorepath,String truststorepath,String filepath,String parName,String message)throws Exception
String output = "";
int iport = Integer.parseInt(port);
SSLSocketFactory factory = null;
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
KeyStore ks2;
TrustManagerFactory tmf;
char[] storepass = keystorepwd.toCharArray();
char[] truststorepass = truststorepwd.toCharArray();
ctx = SSLContext.getInstance("SSLv3");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystorepath), storepass);
kmf.init(ks, storepass);
tmf = TrustManagerFactory.getInstance("SunX509");
ks2 = KeyStore.getInstance("JKS");
ks2.load(new FileInputStream(truststorepath), truststorepass);
tmf.init(ks2);
ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket(host,iport);
socket.startHandshake();
PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
out.println("GET " + filepath+"?"+parName+"="+URLEncoder.encode(message) + " HTTP/1.0");
out.println();
out.flush();
if (out.checkError())
System.out.println("SSLSocketClient: java.io.PrintWriter error");
/* read response */
BufferedReader in = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));
String inputLine ;
while ((inputLine = in.readLine()) != null){
output = output+inputLine;
//System.out.println(inputLine);
in.close();
out.close();
socket.close();
return output;
public static void main(String args[])
String host = "host name";
String port="7001";
String keystorepwd="cqrcqr";
String keystorepwd="changeit";
String keystorepath ="d:/weblogic/myserver/certificate/cqrstore";
String truststorepath="d:/jdk1.3/jre/security/cacerts";
String filepath="/servlets/SSLDemo";
String parName="xml_message";
String message="xml message";// of size more than 9000 bytes
try{
SSLClient ssl = new SSLClient();
String output = ssl.getSSLConnection(host,port,keystorepwd,keystorepwd,keystorepath,truststorepath,filepath,parName,message);
System.out.println(output);
catch(Exception e)
e.printStackTrace();
}Maybe you should consider upgrading your Weblogic to a newer one. It might resolve the issue.
-
JSSE Client and server communication problem .err:untrusted server cert
Hai all,
I am trying to communicate JSSE client and server.
I have created root.cert(CA),root.key,server.cert,server.key , client.cert and client.key. All these certificates are created using openssl.
I have placed root.cert in default keystore cacerts.
I have created a keystores(server & client) name mykeystore.
I have placed root.cert and client.cert in the client keystore.
I have placed root.cert and server.cert in the server keystore.
But during the run time i am getting javax.net.ssl.SSLException: untrusted server cert chain.
please suggest the modifications needs to be done to fix the error.
please tell me In the client keystore and in the server keystore....what certificates we need to put?
whether my approach as said above is correct or not?
In java code how to specify this particular certificate we are referring?
I have coded in this way ....
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] prasad = "prasad".toCharArray();
ctx = SSLContext.getInstance("SSLv3");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("jks");
ks.load(new FileInputStream("mykeystore"), prasad);
kmf.init(ks, prasad);
ctx.init(kmf.getKeyManagers(), null, null);
factory = ctx.getSocketFactory();
But my doubt is we are specifying only keystore name with that how it will check root.cert(ca) and client.cert and server.cert?
Is there any modifications need in my code?
Please tell me some way ...
Thanks ,
Prasad.Hi prasad,
There will be a problem with the certificates being received from thr remote server or client. Check that your trust store contains the certificate of the remote machine or the CA that signed it and that the certificate has not expired.
Also be sure that both machines are using the latest version of the JSSE.
Hope this will help you.
Regards,
Anil.
Technical Support Engineer. -
Problem in Client authentication in JSSE on a web service
Hi,
I am having a Web service running on my Web server (Sunone 6.1). I need to implement Security on it using JSSE. It has to be a MUTUAL authentication.
I have installed all the certificates and CA certs on both Client and server. But when I try to call the web service from a standalone Java test client I am getting error on the third step of handshake process that is CLient authentication.
I am not able to understand whether it is authentication problem or some problem while encrypting and decrypting the data. I am sending and receiving data in xml format
I am pasting here the debug output from client side. ALthough it is long but please any one help me on this.
Or if any one can point out what are the various steps depicting the debug statement
Thanks
<spusinfradev1:hk186763> $ RUNDNSSEC_DEV
Note: TestDNSSec.java uses or overrides a deprecated API.
Note: Recompile with -deprecation for details.
submitRequest: BEGIN
submitRequest: calling HttpSubmitter.postTransaction()
postTransaction: Begin
postTransaction: XML Request
<?xml version="1.0" encoding="UTF-8"?>
<sunir.share.service.drpl.client.DNSReqXmlDocTag>
<sunir.share.service.drpl.client.DNSReq>
<CheckType>isEmbargo</CheckType>
<IPAddr>203.81.162.9</IPAddr>
<LookupType>always</LookupType>
<Strict>true</Strict>
</sunir.share.service.drpl.client.DNSReq>
</sunir.share.service.drpl.client.DNSReqXmlDocTag>
postTransaction: creating connection to target url
keyStore is : /home/users/hk186763/RDNS/DRPL/TestClient/serverkey
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: /home/users/hk186763/RDNS/DRPL/TestClient/serverkey
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V1
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d6c16c
Validity: [From: Sun May 17 17:00:00 PDT 1998,
To: Tue Aug 01 16:59:59 PDT 2028]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
Algorithm: [SHA1withRSA]
Signature:
0000: 51 4D CD BE 5C CB 98 19 9C 15 B2 01 39 78 2E 4D QM..\.......9x.M
0010: 0F 67 70 70 99 C6 10 5A 94 A4 53 4D 54 6D 2B AF .gpp...Z..SMTm+.
0020: 0D 5D 40 8B 64 D3 D7 EE DE 56 61 92 5F A6 C4 1D .]@.d....Va._...
0030: 10 61 36 D3 2C 27 3C E8 29 09 B9 11 64 74 CC B5 .a6.,'<.)...dt..
0040: 73 9F 1C 48 A9 BC 61 01 EE E2 17 A6 0C E3 40 08 s..H..a.......@.
0050: 3B 0E E7 EB 44 73 2A 9A F1 69 92 EF 71 14 C3 39 ;...Ds*..i..q..9
0060: AC 71 A7 91 09 6F E4 71 06 B3 BA 59 57 26 79 00 .q...o.q...YW&y.
0070: F6 F8 0D A2 33 30 28 D4 AA 58 A0 9D 9D 69 91 FD ....30(..X...i..
adding as trusted cert: [
Version: V3
Subject: CN=RDNS, OU=Class C, OU=Corporate SSL Client, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@99681b
Validity: [From: Tue Jan 03 16:00:00 PST 2006,
To: Thu Jan 04 15:59:59 PST 2007]
Issuer: CN=SSL Client CA, OU=Class 2 OnSite Subscriber CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
SerialNumber: [ 0e45c61f 24091c18 b354a76c 71ee15f2 ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 12 FB 4E 70 BA E0 53 E5 B2 C2 DC D2 74 BE 7F 17 ..Np..S.....t...
0010: 67 68 55 14 ghU.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C9 06 C7 9C F6 0E 1E 36 9E 49 8E 50 AC 06 46 DE .......6.I.P..F.
0010: A1 4D A6 4F .M.O
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 60 30 5E 30 5C A0 5A A0 58 86 56 68 74 74 70 .`0^0\.Z.X.Vhttp
0010: 3A 2F 2F 6F 6E 73 69 74 65 63 72 6C 2E 76 65 72 ://onsitecrl.ver
0020: 69 73 69 67 6E 2E 63 6F 6D 2F 53 75 6E 4D 69 63 isign.com/SunMic
0030: 72 6F 73 79 73 74 65 6D 73 49 6E 63 43 6F 72 70 rosystemsIncCorp
0040: 6F 72 61 74 65 53 53 4C 43 6C 69 65 6E 74 43 6C orateSSLClientCl
0050: 61 73 73 43 2F 4C 61 74 65 73 74 43 52 4C 2E 63 assC/LatestCRL.c
0060: 72 6C rl
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 2B 16 29 4E 6F 74 20 56 61 6C 69 64 61 74 65 0+.)Not Validate0010: 64 20 46 6F 72 20 53 75 6E 20 42 75 73 69 6E 65 d For Sun Busine
0020: 73 73 20 4F 70 65 72 61 74 69 6F 6E 73 ss Operations
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 72 C1 27 C2 5C 7E D2 8A 39 B8 14 D9 20 8D 6D C6 r.'.\...9... .m.
0010: 7E 34 FC 86 BD 16 30 2E B9 18 05 F9 83 BA FD 43 .4....0........C
0020: 65 E4 48 85 CC 00 C6 19 FC D4 DC E2 ED DC BE F8 e.H.............
0030: 33 65 36 AC AC 32 FD 1E 9C 93 E4 08 FF 1D DD D5 3e6..2..........
0040: AB 81 45 FE AE 5B 0D 90 1E CC 1D 33 CB 56 24 BB ..E..[.....3.V$.
0050: 4D 43 0E 7B B0 EE 04 6B 4F DB 04 3C FB 4E C0 29 MC.....kO..<.N.)
0060: 64 AF 1B E8 9D 22 F0 37 8E 4B A0 19 AC 58 8A A5 d....".7.K...X..
0070: F7 CA 58 B3 D8 7F 36 5C A9 1B A6 7D 13 C7 CF 2E ..X...6\........
0080: 83 4A E0 15 98 1C 0A AD 12 31 7E BC 7B 81 90 B0 .J.......1......
0090: 13 7D 49 D7 FD 17 B0 BE 56 F8 AB 98 33 D9 D3 3E ..I.....V...3..>
00A0: C2 E8 44 7B 29 6D 79 4F A4 88 22 7D 45 3F B4 D8 ..D.)myO..".E?..
00B0: 09 D3 6C 14 13 EC 36 57 FF CE 04 C4 9B 2C 2C CE ..l...6W.....,,.
00C0: 15 0C F3 1A 5E 21 86 A8 E4 BB CA 8B 9B 5E A1 EC ....^!.......^..
00D0: A3 30 2A 36 25 5A BA 91 DF 6E E3 4D 72 BC 41 F8 .0*6%Z...n.Mr.A.
00E0: 25 30 E2 CD 34 7A 08 19 59 19 61 BA 53 FD 1C 2C %0..4z..Y.a.S..,
00F0: 7F EA 38 BA C9 38 0B D3 8D 01 DF 1C 11 CB 3E BB ..8..8........>.
adding as trusted cert: [
Version: V3
Subject: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@551f60
Validity: [From: Wed Jun 01 17:00:00 PDT 2005,
To: Mon Jun 01 16:59:59 PDT 2015]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 4fa13003 7f5dfd64 3fb367fb af699e7c ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US]
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 30 29 A0 27 A0 25 86 23 68 74 74 70 .-0+0).'.%.#http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2D 67 32 2E 63 72 6C com/pca3-g2.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-2048-142]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
Algorithm: [SHA1withRSA]
Signature:
0000: B7 5A 35 83 75 74 8B E1 62 92 86 30 A2 4E 5B 21 .Z5.ut..b..0.N[!
0010: FD 3D 2B 91 A1 AC 98 5E 5F 6A D2 51 BE 27 68 67 .=+....^_j.Q.'hg
0020: 22 C3 FB 69 61 F2 53 00 45 0E 1E E4 A3 DC 27 82 "..ia.S.E.....'.
0030: 5F A8 ED 07 F7 06 73 A1 68 0F 0C E8 4A 66 F4 93 _.....s.h...Jf..
0040: E5 25 50 82 5B DD 2D 9A 2E 55 4E F5 74 3B 90 3B .%P.[.-..UN.t;.;
0050: 40 CA 56 80 87 41 77 17 A3 50 2F 0B 31 15 CC 22 @.V..Aw..P/.1.."
0060: A9 F8 13 DF 4B 77 DB 80 28 80 A9 E0 EF A0 40 0D ....Kw..(.....@.
0070: D7 CF 64 72 8B BC CF 19 9B D9 81 A1 D8 E3 7D 40 ..dr...........@
init context
trigger seeding of SecureRandom
done seeding SecureRandom
postTransaction: creating output stream on connection
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1121389894 bytes = { 177, 208, 214, 162, 50, 118, 129, 69, 14, 124, 134, 197, 180, 112, 220, 185, 218, 97, 213, 180, 222, 100, 98, 105, 221, 111, 135, 84 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 D7 0D 46 B1 D0 D6 A2 32 76 ...7..C..F....2v
0010: 81 45 0E 7C 86 C5 B4 70 DC B9 DA 61 D5 B4 DE 64 .E.....p...a...d
0020: 62 69 DD 6F 87 54 00 00 10 00 05 00 04 00 09 00 bi.o.T..........
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 D7 0D .............C..
0030: 46 B1 D0 D6 A2 32 76 81 45 0E 7C 86 C5 B4 70 DC F....2v.E.....p.
0040: B9 DA 61 D5 B4 DE 64 62 69 DD 6F 87 54 ..a...dbi.o.T
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 4439
*** ServerHello, v3.1
RandomCookie: GMT: 5338 bytes = { 145, 99, 82, 205, 255, 74, 235, 252, 50, 27, 190, 156, 21, 12, 30, 236, 206, 196, 74, 65, 93, 217, 213, 118, 179, 227, 8, 118 }
Session ID: {10, 116, 131, 159, 53, 168, 226, 227, 34, 25, 222, 197, 123, 128, 250, 118, 2, 72, 46, 147, 155, 118, 230, 164, 82, 24, 206, 76, 155, 96, 72, 120}
Cipher Suite: { 0, 5 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 00 00 15 DA 91 63 52 CD FF 4A ...F.......cR..J
0010: EB FC 32 1B BE 9C 15 0C 1E EC CE C4 4A 41 5D D9 ..2.........JA].
0020: D5 76 B3 E3 08 76 20 0A 74 83 9F 35 A8 E2 E3 22 .v...v .t..5..."
0030: 19 DE C5 7B 80 FA 76 02 48 2E 93 9B 76 E6 A4 52 ......v.H...v..R
0040: 18 CE 4C 9B 60 48 78 00 05 00 ..L.`Hx...
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=rdns-alpha.sun.com, OU=Class C, O=Sun Microsystems Inc, L=Broomfield, ST=Colorado, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a2d64
Validity: [From: Sun Nov 20 16:00:00 PST 2005,
To: Tue Nov 21 15:59:59 PST 2006]
Issuer: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
SerialNumber: [ 6702ab4c 00bfe850 3a0eb9a9 1ca380eb ]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 45 7D F2 17 01 02 2F 0D C6 89 E8 A7 63 A0 D6 B6 E...../.....c...
0010: 13 3F 8C A8 .?..
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 72 30 70 30 6E A0 6C A0 6A 86 68 68 74 74 70 .r0p0n.l.j.hhttp
0010: 3A 2F 2F 53 56 52 43 33 53 65 63 75 72 65 53 75 ://SVRC3SecureSu
0020: 6E 4D 69 63 72 6F 73 79 73 74 65 6D 73 2D 4D 50 nMicrosystems-MP
0030: 4B 49 2D 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E KI-crl.verisign.
0040: 63 6F 6D 2F 53 75 6E 4D 69 63 72 6F 73 79 73 74 com/SunMicrosyst
0050: 65 6D 73 49 6E 63 43 6C 61 73 73 43 55 6E 69 66 emsIncClassCUnif
0060: 69 65 64 2F 4C 61 74 65 73 74 43 52 4C 53 72 76 ied/LatestCRLSrv
0070: 2E 63 72 6C .crl
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 2B 1A 29 4E 6F 74 20 56 61 6C 69 64 61 74 65 0+.)Not Validate0010: 64 20 46 6F 72 20 53 75 6E 20 42 75 73 69 6E 65 d For Sun Busine
0020: 73 73 20 4F 70 65 72 61 74 69 6F 6E 73 ss Operations
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 08 EA E4 7E FB 1B A6 4D DC EA BE 44 44 0E 9E 97 .......M...DD...
0010: BC B3 4A 85 39 4A AF B0 7F AB CB C4 9F C4 11 90 ..J.9J..........
0020: C6 0F FC C5 D0 41 4E 87 C8 93 1A 27 8F F4 7A 26 .....AN....'..z&
0030: A8 26 DE 52 D9 0A CC 78 5E 55 21 04 D9 C6 B2 22 .&.R...x^U!...."
0040: C5 18 EA 19 EF C0 EA F3 C0 95 B0 6C DB 16 E7 B8 ...........l....
0050: 9D 22 06 50 E1 70 19 71 C0 8E 9D 0C AD 6E 11 AE .".P.p.q.....n..
0060: C6 DE 7E 54 9F 39 48 9C E8 3E F3 1B 1D 1B 00 5B ...T.9H..>.....[
0070: F5 DB 63 CE 16 07 3A 70 B0 FB AF 8D 82 9B DD 58 ..c...:p.......X
0080: 57 AC 33 9C 2D D4 CE 76 51 7E 4F 9E EA 59 90 B0 W.3.-..vQ.O..Y..
0090: 91 A7 A8 E0 F9 F6 E0 4B 1E 24 51 92 E0 31 43 E4 .......K.$Q..1C.
00A0: 70 6E 7D E9 13 93 84 E9 1C 88 CC 85 72 55 91 13 pn..........rU..
00B0: 33 4C 91 45 13 32 D0 F1 72 82 E1 A9 F3 6E 7F FD 3L.E.2..r....n..
00C0: 73 38 D8 8D 04 70 DB 28 E0 5D A1 17 20 06 B8 83 s8...p.(.].. ...
00D0: FE 80 37 55 32 77 12 BF DC FC 2D E5 6B EE C8 23 ..7U2w....-.k..#
00E0: 89 1F D4 53 51 EE 36 ED 68 26 0D B7 A3 3C E2 9C ...SQ.6.h&...<..
00F0: E5 B3 61 96 BD 6B 37 A0 7E 15 76 29 EB 97 5B E8 ..a..k7...v)..[.
chain [1] = [
Version: V3
Subject: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@89cf1e
Validity: [From: Wed Jun 01 17:00:00 PDT 2005,
To: Mon Jun 01 16:59:59 PDT 2015]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 4fa13003 7f5dfd64 3fb367fb af699e7c ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US]
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 30 29 A0 27 A0 25 86 23 68 74 74 70 .-0+0).'.%.#http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2D 67 32 2E 63 72 6C com/pca3-g2.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-2048-142]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
Algorithm: [SHA1withRSA]
Signature:
0000: B7 5A 35 83 75 74 8B E1 62 92 86 30 A2 4E 5B 21 .Z5.ut..b..0.N[!
0010: FD 3D 2B 91 A1 AC 98 5E 5F 6A D2 51 BE 27 68 67 .=+....^_j.Q.'hg
0020: 22 C3 FB 69 61 F2 53 00 45 0E 1E E4 A3 DC 27 82 "..ia.S.E.....'.
0030: 5F A8 ED 07 F7 06 73 A1 68 0F 0C E8 4A 66 F4 93 _.....s.h...Jf..
0040: E5 25 50 82 5B DD 2D 9A 2E 55 4E F5 74 3B 90 3B .%P.[.-..UN.t;.;
0050: 40 CA 56 80 87 41 77 17 A3 50 2F 0B 31 15 CC 22 @.V..Aw..P/.1.."
0060: A9 F8 13 DF 4B 77 DB 80 28 80 A9 E0 EF A0 40 0D ....Kw..(.....@.
0070: D7 CF 64 72 8B BC CF 19 9B D9 81 A1 D8 E3 7D 40 ..dr...........@
chain [2] = [
Version: V1
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@7ce4e7
Validity: [From: Sun May 17 17:00:00 PDT 1998,
To: Tue Aug 01 16:59:59 PDT 2028]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
Algorithm: [SHA1withRSA]
Signature:
0000: 51 4D CD BE 5C CB 98 19 9C 15 B2 01 39 78 2E 4D QM..\.......9x.M
0010: 0F 67 70 70 99 C6 10 5A 94 A4 53 4D 54 6D 2B AF .gpp...Z..SMTm+.
0020: 0D 5D 40 8B 64 D3 D7 EE DE 56 61 92 5F A6 C4 1D .]@.d....Va._...
0030: 10 61 36 D3 2C 27 3C E8 29 09 B9 11 64 74 CC B5 .a6.,'<.)...dt..
0040: 73 9F 1C 48 A9 BC 61 01 EE E2 17 A6 0C E3 40 08 s..H..a.......@.
0050: 3B 0E E7 EB 44 73 2A 9A F1 69 92 EF 71 14 C3 39 ;...Ds*..i..q..9
0060: AC 71 A7 91 09 6F E4 71 06 B3 BA 59 57 26 79 00 .q...o.q...YW&y.
0070: F6 F8 0D A2 33 30 28 D4 AA 58 A0 9D 9D 69 91 FD ....30(..X...i..
stop on trusted cert: [
Version: V3
Subject: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@89cf1e
Validity: [From: Wed Jun 01 17:00:00 PDT 2005,
To: Mon Jun 01 16:59:59 PDT 2015]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 4fa13003 7f5dfd64 3fb367fb af699e7c ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US]
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 30 29 A0 27 A0 25 86 23 68 74 74 70 .-0+0).'.%.#http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2D 67 32 2E 63 72 6C com/pca3-g2.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-2048-142]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
Algorithm: [SHA1withRSA]
Signature:
0000: B7 5A 35 83 75 74 8B E1 62 92 86 30 A2 4E 5B 21 .Z5.ut..b..0.N[!
0010: FD 3D 2B 91 A1 AC 98 5E 5F 6A D2 51 BE 27 68 67 .=+....^_j.Q.'hg
0020: 22 C3 FB 69 61 F2 53 00 45 0E 1E E4 A3 DC 27 82 "..ia.S.E.....'.
0030: 5F A8 ED 07 F7 06 73 A1 68 0F 0C E8 4A 66 F4 93 _.....s.h...Jf..
0040: E5 25 50 82 5B DD 2D 9A 2E 55 4E F5 74 3B 90 3B .%P.[.-..UN.t;.;
0050: 40 CA 56 80 87 41 77 17 A3 50 2F 0B 31 15 CC 22 @.V..Aw..P/.1.."
0060: A9 F8 13 DF 4B 77 DB 80 28 80 A9 E0 EF A0 40 0D ....Kw..(.....@.
0070: D7 CF 64 72 8B BC CF 19 9B D9 81 A1 D8 E3 7D 40 ..dr...........@
[read] MD5 and SHA1 hashes: len = 3479
0000: 0B 00 0D 93 00 0D 90 00 05 0A 30 82 05 06 30 82 ..........0...0.
0010: 03 EE A0 03 02 01 02 02 10 67 02 AB 4C 00 BF E8 .........g..L...
0020: 50 3A 0E B9 A9 1C A3 80 EB 30 0D 06 09 2A 86 48 P:.......0...*.H
0030: 86 F7 0D 01 01 05 05 00 30 81 8E 31 1D 30 1B 06 ........0..1.0..
0040: 03 55 04 0A 13 14 53 75 6E 20 4D 69 63 72 6F 73 .U....Sun Micros
0050: 79 73 74 65 6D 73 20 49 6E 63 31 1F 30 1D 06 03 ystems Inc1.0...
0060: 55 04 0B 13 16 56 65 72 69 53 69 67 6E 20 54 72 U....VeriSign Tr
0070: 75 73 74 20 4E 65 74 77 6F 72 6B 31 26 30 24 06 ust Network1&0$.
0080: 03 55 04 0B 13 1D 43 6C 61 73 73 20 33 20 4D 50 .U....Class 3 MP
0090: 4B 49 20 53 65 63 75 72 65 20 53 65 72 76 65 72 KI Secure Server
00A0: 20 43 41 31 24 30 22 06 03 55 04 03 13 1B 53 75 CA1$0"..U....Su
00B0: 6E 20 4D 69 63 72 6F 73 79 73 74 65 6D 73 20 49 n Microsystems I
00C0: 6E 63 20 53 53 4C 20 43 41 30 1E 17 0D 30 35 31 nc SSL CA0...051
00D0: 31 32 31 30 30 30 30 30 30 5A 17 0D 30 36 31 31 121000000Z..0611
00E0: 32 31 32 33 35 39 35 39 5A 30 81 83 31 0B 30 09 21235959Z0..1.0.
00F0: 06 03 55 04 06 13 02 55 53 31 11 30 0F 06 03 55 ..U....US1.0...U
0100: 04 08 13 08 43 6F 6C 6F 72 61 64 6F 31 13 30 11 ....Colorado1.0.
0110: 06 03 55 04 07 14 0A 42 72 6F 6F 6D 66 69 65 6C ..U....Broomfiel
0120: 64 31 1D 30 1B 06 03 55 04 0A 14 14 53 75 6E 20 d1.0...U....Sun
0130: 4D 69 63 72 6F 73 79 73 74 65 6D 73 20 49 6E 63 Microsystems Inc
0140: 31 10 30 0E 06 03 55 04 0B 14 07 43 6C 61 73 73 1.0...U....Class
0150: 20 43 31 1B 30 19 06 03 55 04 03 14 12 72 64 6E C1.0...U....rdn
0160: 73 2D 61 6C 70 68 61 2E 73 75 6E 2E 63 6F 6D 30 s-alpha.sun.com0
0170: 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 ..0...*.H.......
0180: 00 03 81 8D 00 30 81 89 02 81 81 00 E3 8A 2F 46 .....0......../F
0190: 49 FD 71 6B 5E F3 72 64 22 25 36 06 D0 B7 AC 28 I.qk^.rd"%6....(
01A0: 28 30 0D 34 66 56 22 63 40 F9 8C 1B 9A 54 1C 5B (0.4fV"[email protected].[
01B0: 76 FF 1A D7 18 D3 5A 39 A5 C6 67 8C B0 B0 99 C6 v.....Z9..g.....
01C0: 32 6C 18 FF E3 61 EF 31 DE D6 0C 76 BE 6D CA C4 2l...a.1...v.m..
01D0: 2B A7 84 A7 47 E3 E2 2F 5E 71 02 8E 03 89 B7 66 +...G../^q.....f
01E0: 9C 53 5B C5 81 81 41 E8 82 2F B4 DA 9E 4D 41 C7 .S[...A../...MA.
01F0: E8 05 43 EC BA F6 1C 26 F2 CF 07 9A 5C A2 D2 B9 ..C....&....\...
0200: AB 3C 91 6A 90 DE 0D 58 B8 0B 57 AB 02 03 01 00 .<.j...X..W.....
0210: 01 A3 82 01 EB 30 82 01 E7 30 09 06 03 55 1D 13 .....0...0...U..
0220: 04 02 30 00 30 1D 06 03 55 1D 0E 04 16 04 14 45 ..0.0...U......E
0230: 7D F2 17 01 02 2F 0D C6 89 E8 A7 63 A0 D6 B6 13 ...../.....c....
0240: 3F 8C A8 30 1F 06 03 55 1D 23 04 18 30 16 80 14 ?..0...U.#..0...
0250: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0260: 17 F9 01 FA 30 0E 06 03 55 1D 0F 01 01 FF 04 04 ....0...U.......
0270: 03 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 ....0...U.%..0..
0280: 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 .+.........+....
0290: 07 03 02 30 81 B9 06 03 55 1D 20 04 81 B1 30 81 ...0....U. ...0.
02A0: AE 30 39 06 0B 60 86 48 01 86 F8 45 01 07 17 03 .09..`.H...E....
02B0: 30 2A 30 28 06 08 2B 06 01 05 05 07 02 01 16 1C 0*0(..+.........
02C0: 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 72 69 https://www.veri
02D0: 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 30 71 06 0B sign.com/rpa0q..
02E0: 60 86 48 01 86 F7 00 83 7D 9C 3F 30 62 30 27 06 `.H.......?0b0'.
02F0: 08 2B 06 01 05 05 07 02 01 16 1B 68 74 74 70 73 .+.........https
0300: 3A 2F 2F 77 77 77 2E 73 75 6E 2E 63 6F 6D 2F 70 ://www.sun.com/p
0310: 6B 69 2F 63 70 73 30 37 06 08 2B 06 01 05 05 07 ki/cps07..+.....
0320: 02 02 30 2B 1A 29 4E 6F 74 20 56 61 6C 69 64 61 ..0+.)Not Valida
0330: 74 65 64 20 46 6F 72 20 53 75 6E 20 42 75 73 69 ted For Sun Busi
0340: 6E 65 73 73 20 4F 70 65 72 61 74 69 6F 6E 73 30 ness Operations0
0350: 79 06 03 55 1D 1F 04 72 30 70 30 6E A0 6C A0 6A y..U...r0p0n.l.j
0360: 86 68 68 74 74 70 3A 2F 2F 53 56 52 43 33 53 65 .hhttp://SVRC3Se
0370: 63 75 72 65 53 75 6E 4D 69 63 72 6F 73 79 73 74 cureSunMicrosyst
0380: 65 6D 73 2D 4D 50 4B 49 2D 63 72 6C 2E 76 65 72 ems-MPKI-crl.ver
0390: 69 73 69 67 6E 2E 63 6F 6D 2F 53 75 6E 4D 69 63 isign.com/SunMic
03A0: 72 6F 73 79 73 74 65 6D 73 49 6E 63 43 6C 61 73 rosystemsIncClas
03B0: 73 43 55 6E 69 66 69 65 64 2F 4C 61 74 65 73 74 sCUnified/Latest
03C0: 43 52 4C 53 72 76 2E 63 72 6C 30 34 06 08 2B 06 CRLSrv.crl04..+.
03D0: 01 05 05 07 01 01 04 28 30 26 30 24 06 08 2B 06 .......(0&0$..+.
03E0: 01 05 05 07 30 01 86 18 68 74 74 70 3A 2F 2F 6F ....0...http://o
03F0: 63 73 70 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D csp.verisign.com
0400: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0410: 82 01 01 00 08 EA E4 7E FB 1B A6 4D DC EA BE 44 ...........M...D
0420: 44 0E 9E 97 BC B3 4A 85 39 4A AF B0 7F AB CB C4 D.....J.9J......
0430: 9F C4 11 90 C6 0F FC C5 D0 41 4E 87 C8 93 1A 27 .........AN....'
0440: 8F F4 7A 26 A8 26 DE 52 D9 0A CC 78 5E 55 21 04 ..z&.&.R...x^U!.
0450: D9 C6 B2 22 C5 18 EA 19 EF C0 EA F3 C0 95 B0 6C ..."...........l
0460: DB 16 E7 B8 9D 22 06 50 E1 70 19 71 C0 8E 9D 0C .....".P.p.q....
0470: AD 6E 11 AE C6 DE 7E 54 9F 39 48 9C E8 3E F3 1B .n.....T.9H..>..
0480: 1D 1B 00 5B F5 DB 63 CE 16 07 3A 70 B0 FB AF 8D ...[..c...:p....
0490: 82 9B DD 58 57 AC 33 9C 2D D4 CE 76 51 7E 4F 9E ...XW.3.-..vQ.O.
04A0: EA 59 90 B0 91 A7 A8 E0 F9 F6 E0 4B 1E 24 51 92 .Y.........K.$Q.
04B0: E0 31 43 E4 70 6E 7D E9 13 93 84 E9 1C 88 CC 85 .1C.pn..........
04C0: 72 55 91 13 33 4C 91 45 13 32 D0 F1 72 82 E1 A9 rU..3L.E.2..r...
04D0: F3 6E 7F FD 73 38 D8 8D 04 70 DB 28 E0 5D A1 17 .n..s8...p.(.]..
04E0: 20 06 B8 83 FE 80 37 55 32 77 12 BF DC FC 2D E5 .....7U2w....-.
04F0: 6B EE C8 23 89 1F D4 53I am having the same problem , did you ever found the solution for this. I am getting an error " .... no IV for cipher". I am trying to do the Client Authentication to IIS from Java client.
Any help is greatly appreciated.
Thanks -
Problems with JSSE under Weblogic 5.1 sp9
I have a java application which uses JSSE to communicate with a WebMethods server
and it works great. However, when I take the same code block and run it under
Weblogic 5.1 sp11, I receive a bad certificate error. After spending a lot of
time reading through various postings, I fixed the problem where Weblogic was
intercepting HTTPsURLConnection, but still have the bad_certificate error.
My setup is as follows:
- Keys stored using keytool in keystores outside of Weblogic
- Service pack 9 is installed (also tested SP10)
- Code runs fine as an isolated java application, but will not run when called
from within weblogic.
- JDK1.3.1_02
- Modified the weblogic.policy file with the following line:"permission java.net.NetPermission
"specifyStreamHandler";"
Source Code:
System.getProperties().put("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.out.println("\n\nHandler = "+System.getProperty("java.protocol.handler.pkgs"));
URL server = new URL(null, "https://B2bserver.quadrem.com:4443/invoke/wm.tn/receive",
new com.sun.net.ssl.internal.www.protocol.https.Handler());
System.out.println("Connecting to : "+server.toExternalForm());
char[] password = "weblogic".toCharArray();
SSLContext context = SSLContext.getInstance("SSL");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("x:/jpkeystore"), password);
keyManagerFactory.init(keystore, password);
context.init(keyManagerFactory.getKeyManagers(), null, null);
HttpsURLConnection conn = (HttpsURLConnection)server.openConnection();
conn.setDoInput( true );
conn.setDoOutput( true );
conn.setAllowUserInteraction(false);
conn.setUseCaches( false );
conn.setDefaultUseCaches ( false );
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type","text/xml");
conn.setRequestProperty("Host", remoteHost);
conn.setRequestProperty("Content-Length", "" + (XML_HEADER.length()+doc.length()));
DataOutputStream out = new DataOutputStream (conn.getOutputStream());
out.writeBytes(XML_HEADER);
out.write(doc.getBytes());
out.flush();
out.close();
All help will be appreciated.
thanks
Mark Johnson
781-993-9212 x375
[email protected]Mark,
Can you post the complete exceptionand stack trace here ?
Mark Johnson wrote:
I have a java application which uses JSSE to communicate with a WebMethods server
and it works great. However, when I take the same code block and run it under
Weblogic 5.1 sp11, I receive a bad certificate error. After spending a lot of
time reading through various postings, I fixed the problem where Weblogic was
intercepting HTTPsURLConnection, but still have the bad_certificate error.
My setup is as follows:
- Keys stored using keytool in keystores outside of Weblogic
- Service pack 9 is installed (also tested SP10)
- Code runs fine as an isolated java application, but will not run when called
from within weblogic.
- JDK1.3.1_02
- Modified the weblogic.policy file with the following line:"permission java.net.NetPermission
"specifyStreamHandler";"
Source Code:
System.getProperties().put("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.out.println("\n\nHandler = "+System.getProperty("java.protocol.handler.pkgs"));
URL server = new URL(null, "https://B2bserver.quadrem.com:4443/invoke/wm.tn/receive",
new com.sun.net.ssl.internal.www.protocol.https.Handler());
System.out.println("Connecting to : "+server.toExternalForm());
char[] password = "weblogic".toCharArray();
SSLContext context = SSLContext.getInstance("SSL");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("x:/jpkeystore"), password);
keyManagerFactory.init(keystore, password);
context.init(keyManagerFactory.getKeyManagers(), null, null);
HttpsURLConnection conn = (HttpsURLConnection)server.openConnection();
conn.setDoInput( true );
conn.setDoOutput( true );
conn.setAllowUserInteraction(false);
conn.setUseCaches( false );
conn.setDefaultUseCaches ( false );
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type","text/xml");
conn.setRequestProperty("Host", remoteHost);
conn.setRequestProperty("Content-Length", "" + (XML_HEADER.length()+doc.length()));
DataOutputStream out = new DataOutputStream (conn.getOutputStream());
out.writeBytes(XML_HEADER);
out.write(doc.getBytes());
out.flush();
out.close();
All help will be appreciated.
thanks
Mark Johnson
781-993-9212 x375
[email protected] -
Hi there, i face a problem with JSSE when i try to implement it, My JSSE client program is work fine but when i try to change it into servlet, it doesn't work
So my few questions are
1. is JSSE implemetable in Servlet ?
2. is there problem with the servlet to read files ?
3. is there any problem with the following code ?
System.setProperty("javax.net.ssl.trustStore","c:/keystorefiles");
because if i disable this, my servlet will work fine, i need above code because i'm going to post some data to the https website.
i think it is funny thou to use https classs to post data to https website using servlet.
anyway, if u don't get what i mean. here is the illustration.
Customer enter information on Company A website(which will submit to the servlet). The servlet will process the information and generate the Signature of the Company A website then will forward the information to the Company B website (must be done using POST method rather than redirect or GET method)
That's why i need to read my keystore files which always give me problem.
so anyone can help me on this ?
waiting for help...
Thanks in advancemm it is ok.. i put the class files wrong...
-
Hi,
Anyone worked with JSSE package.
I want to Know how to proced
I am writing the client part.
It is secured web site
https://ww.naviatrades.com
First of all I want to get a secured connection
Then I am supposed to give login Id and password to access some information
https://www.naviatrades.com has frame and one of the frames has login page.
I give my userid and password.
I notice i get a gif file and once i am authenciated i can access other pages
How should i proced
/* Previously the site was using cookies and i could get the required info */
email [email protected]
ThanksHi,
I got this the other day!
I had a problem as both my client and server were trying to get and input stream at the same time. I changed this to one asking for an inputstream and the other asking for an outputstream, then vice versa, and it worked first time!
Also, you may have to force a handshake by doing s.startHandshake();
Hope this helps.
Adam.
Adam Fowler
Help Desk Live Project
Information Services
University of Wales, Aberystwyth
E-mail: [email protected]
---- -
Hi all,
I am using Redhat Linux 7.1 with Jdk1.3.1_02 & installed jsse1.0.2. I want to generate a temporary certificate using keytool. I am using the following command
keytool -genkey -keyalg RSA
I get the following error
keytool error: java.security.NoSuchAlgorithmException: RSA KeyPairGenerator not available
I have set the classpath also & I see the files in the classpath.
Any help would be highly appreciated.
Thanks & Regards,
..RajYou sure the JSSE is installed correctly? Like, the jar files placed in the jre/lib/ext dir and the proper provider update made to the security file?
-
Hi
I am trying to use SSL related code which tried to establish secure connection with HTTPS site and exchanges data with it. This code run fine on Oracle 10g R3 jvm on windows but on AIX the JVM throws Exception Export Restriction: JSSE implementation not pluggable. Currenly i have solve the issue by setting java.protocol.handler.pkgs=com.ibm.net.ssl.internal.www.protocol instead of com.sun.net.ssl.internal.www.protocol but need to know if this is Oracle 10g R3 issue on AIX.
Thank youTry using Socket.setEnabledProtocols() in
JDK 1.4. Doesn't exist in JSSE 1.0.2, you're
stuck with the default behaviour.
(TLS hello wrapped in a SSLv2 format hello) -
JSSE/KeyManager -- Problem forwarding received certificate chains
Hi there,
I'm in a situation in which we must do pass-through X.509 authentication, which means that the user signs onto our server using TLS, and when we connect to another server downstream instead of using a fixed keystore, we construct one in memory containing the certificates passed to us. I've written the code to do this, but when I try it out, I've been getting a null-cert-chain error because the key manager only seems to pick up certificates in the store that are PrivateKeyEntry, not TrustedCertificateEntry. (Ignoring the fact that TrustedCertificateEntry can only carry a single certificate for the moment....). I wrote my own KeyManager subclass to handle finding the alias corresponding the TrustedCertificateEntry, but the KeyManager is getting called for a private key which I obviously can't supply (I'm being forced to return null, and that results in the socket getting closed). Is there some switch or other mode that I can use to get the JSSE implementation to allow me to forward the client's cert without it being a PrivateKeyEntry, OR, is there a way to fake up a PrivateKeyEntry (with a null Key?) that will be seen as valid? How can I do this?
thanks in advance,
JamesI'm in a situation in which we must do pass-through X.509 authentication, which means that the user signs onto our server using TLS, and when we connect to another server downstream instead of using a fixed keystore, we construct one in memory containing the certificates passed to us.That will never work. If it could, it would constitute a man-in-the-middle attack on SSL, and there aren't any. Part of the protocol is a digital signature with the private key corresponding to the certificate sent, and the client verifies the signature to assert that the server is the owner of the certificate, i.e. establish identity.
So what you're doing is impossible, and is fully intended to be impossible. -
JSSE: Having trouble connecting to an https URL (certificate problems)
Hi folks,
I have a really, really simple Java app that just opens a URL using the java.net.URL class to open a URL ("https://....").
I can't get it to connect successfully. Here is a history of what I've done so far.
I was given a cert that's part of a two-cert chain, but not rooted in a recognized CA. I installed it in
./jre/lib/security/cacerts file using keytool.
It didn't work. I got this error:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested targetDoing some googling I found this article:
http://blogs.sun.com/andreas/entry/no_more_unable_to_findIf I'm paraphrasing it correctly, it says that the InstallCert app it mentions will hit the server, obtain its cert, and install it in my jssecacerts file as part of a chain so that JSSE won't throw an exception.
So, I think this means I don't need my original cert. I can run this guy's program and it will get the server's cert and install it in (or first create) my jssecacerts file as part of a cert chain.
I did this, and now get another error:
"no name matching disc.paramount-bluray.com found"
The URL I'm trying to hit is: https://disc.paramount-bluray.com The CN in the cert presented by the server is: disc.paramount-hddvd.comI believe the two names need to match, correct? OK, but if I'm using this guy's program, it's not even using my cert. It's getting the cert from the server and installing it as part of a chain in my jssecacerts file so the name matching in my cert shouldn't matter.
So, why did this program not properly install the cert chain? Am I missing a step? After running his program a second time, it behaves as he describes. But when I subsequently run my app, it fails.
Do I need to add all the certs in jssecacerts to the .keystore file in my home directory? Do I need to add the certs in the jssecacerts into my cacerts file?
Or, perhaps the simpler question is "how do I get my app to successfully connect" to the server?
Many thanks in advance.
VartanThanks for the warning, but I can "trust" the server cert because I know the server. It's a client who will not be acquiring a cert that's chained to a CA's root cert.Then get them to export it and import it into your own truststore. That's the correct solution. Accepting any certificate you receive over the connection that you're trying to make secure via the certificate you receive over the connection you're trying to secure ... doesn't make any sense. Get them to send it to you offline. And put a security design around that process too. If you don't do this step your solution is not secure, because you don't have any guarantee that the certificate came from who it said it came from. The HostnameVerifier doesn't help you with that part.
I think I want to get the common name (CN) out of the cert that the server presents and compare it to the URL to which I'm connecting. Is this correct?Yep.
I can't figure out how to get the CN out of the server's cert.X509Certificate.getSubjectX500Principal().getName(), then parse out the CN part.
How do I get the cert from the SSLSession object that's passed into the HostnameVerifier.verify() method? SSLSession.getPeerCertificateChain(). -
I am running SCO Openserver running Apache+mod_ssl, Java2 1.2.2. I downloaded and extracted jsse.jar, jnet.jar, jcert.jar to $javahome/jre/lib/ext. I tryed running the sample URLReader.java. The first thing it tells you to do is set the system with
java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
which just gives me a bunch of usage and options information.
then I tryed inserting:
import java.security.*;
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
URLReader.java compiled fine, however, when I ran it I got over a page full of exceptions. Some of which I have pasted below.
at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(Dasho
6275, Compiled Code)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect(Da
hoA6275, Compiled Code)
at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer
DashoA6275, Compiled Code)
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l(DashoA6275,
Compiled Code)
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>(DashoA
275, Compiled Code)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>(Dasho
6275, Compiled Code)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275
Compiled Code)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA6275
Compiled Code)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.conne
t(DashoA6275, Compiled Code)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getIn
utStream(DashoA6275, Compiled Code)
at java.net.URL.openStream(URL.java, Compiled Code)
Does anyone know what I am doing wrong?
thnx,
NathanCan you please look at my classpath settings to see if they are correct?
PATH=$PATH:$HOME/bin:/usr/local/bin:/usr/bemod/bin:/usr/mmdf/bin:/etc:/usr/dlc:/usr/dlc/bin:/opt/faximum/bin:/opt/faximum/lib:/usr/java2/bin #search path
export PATH
CLASSPATH=${CLASSPATH:-}:/usr/java2/bin:/verisign/payflowpro/java/Verisign.jar:.
;export CLASSPATH
CLASSPATH=${CLASSPATH:-}:/usr/java2/jre/lib/ext/jsse.jar:jcert.jar:jnet.jar;export CLASSPATH
thnx,
nathan
Maybe you are looking for
-
New to Pre. Some issues! (ringtone, transfers etc)
Greetings everyone, I had a Samsung D900 for 2 years and just upgraded to Pre (O2-UK). To my horror I realised I cannot transfer my contacts via bluetooth!! How crazy is that Palm??! so I copied my contact numbers to my sim card which only holds 250,
-
Hi Anyone else having an error with the DISCONTINUED iPad3 third gen Wi-Fi? Mine is only 16 months old, so nicely timed (just out of warranty) If I let the battery naturally run out, it goes into a 'shut-down' mode. It will not turn back on. I plug i
-
Page has a custom page size message
On the master pages, on a locked layer, we have a frame whose content is set to "Undefined" that is sized to exactly match the page size. This is so the page trim can easily be seen and measured in PDF and when printed and we've never had any trouble
-
Hi, my program needs to use an outside batch file command, for instance, its name is "generateXML", its syntax is [command prompt] : generateXML sourceFile.dtd XMLFile.xml I want to include this command into my code so that do that and other things a
-
Can't get my dropdown menu buttons to link to another scene.
I can't get my dropdown menu buttons to link to other scenes within the same Flash file. The buttons are unresponsive during playback – as if no code were attached to it. Here's what I have as my AS2 code on the dropped button that is supposed to l