JSSE Truststore
i follow the step that was given by this web page to set up an SSL:
"http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html"
and i m facing problem with the truststore.
i don't have the "lib/security/jssecacerts" and the only file was the cacerts in the "jdk1.2.1\jre\lib\security\cacerts" (which i think is there when i installed the jdk). when i test the "Listing 2" and the message said that the "javax.net.ssl.trustStore is not defined"
how can i configure the trust store?
and when i test the keytool command and i got this error:
KeyPairGenerator not available.
can someone pls help me? what is the problem?
Hi again!
Sorry...have to modify the reply I gave. It should be the system properties:
'javax.net.ssl.trustStore' and javax.net.ssl.trustStorePassowrd'.
-peson
Similar Messages
-
Hi,
I am developing a server prog and a corresponding client. The client communicate with the server using ordinary Sockets which
are converted to SSLSockets after an initial creartext handshake.
The following code works as expected(client side):
---<snip>---
System.setProperty("javax.net.ssl.trustStore", keystore_path );
SSLSocketFactory ssf = (SSLSocketFactory)SSLSocketFactory.getDefault();
sslsocket =
(SSLSocket)ssf.createSocket
socket,
socket.getInetAddress().getHostAddress(),
socket.getPort(),
true
---<snap>---
But when i try to load the truststore through an inputstream i
always get a unknown_certificate exception on the server side
(the code is from the client side):
---<snip>---
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(key_is, "storepass".toCharArray());
java.security.cert.Certificate cert = keystore.getCertificate("mykey");
System.out.println(cert);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, "storepass".toCharArray());
SSLContext sslc = SSLContext.getInstance("SSLv3");
sslc.init(kmf.getKeyManagers(), null, null);
SSLSocketFactory ssf = sslc.getSocketFactory();
SSLSocket sslsocket =
(SSLSocket)ssf.createSocket
socket,
socket.getInetAddress().getHostAddress(),
socket.getPort(),
true
---<snap>---Hi,
I found the answer by myself (once again:-):
I need to use a TrustManager rather than a key manager. -
Contradicting messages in PS7 Install logs
Hi - I'm trying to install PS7 on a sparc (v440) solaris 10 platform with plenty of disk space and fully patched. I'm getting strange contradictory errors.
The file /var/sadm/install/logs/Java_Enterprise_System_Summary_Report_install.<date> shows :
Installation Summary Report
Install Summary
Sun Java(TM) System Portal Server 7 2005Q4 : Installation Failed, Configuration Failed
Configuration Data
Sun Java(TM) System Portal Server 7 2005Q4 :
<config details not included but no errors flagged>
And the file /var/sadm/install/logs/Java_Enterprise_System_install.B<date> shows that EVERY package was successfully installed.
Where can I look to see WHY the install failed?
Thanks,
PhilPlease , can any body explore this , i also getting same error.
I went to /var/opt/SUNWportal/logs/config and I m gettin below error
[#|2006-09-24T13:11:58.820+0200|SEVERE|SJS Portal Server|debug.com.sun.portal.fabric.config|ThreadID=10; ClassName=com.sun.portal.fabric.
config.ValidatePortalInputData; MethodName=validateAMSDK; |PSFB_CSPFC0056:Error while validating the SSO Token.
com.iplanet.sso.SSOException: Error occurred while processing XML request.
Server returned HTTP response code: 500 for URL: http://d-sunsps.nl.dap.philips.com:82/amserver/authservice
at com.sun.portal.util.SSOUtil.createSSOToken(SSOUtil.java:206)
at com.sun.portal.fabric.config.ValidatePortalInputData.validateAMSDK(ValidatePortalInputData.java:261)
at com.sun.portal.fabric.config.ValidatePortalInputData.<init>(ValidatePortalInputData.java:186)
at com.sun.portal.fabric.config.ConfigurePortal.main(ConfigurePortal.java:106)
|#]
[#|2006-09-24T13:11:58.821+0200|SEVERE|SJS Portal Server|debug.com.sun.portal.fabric.config|ThreadID=10; ClassName=com.sun.portal.fabric.
config.ConfigurePortal; MethodName=main; |PSFB_CSPFC0014:Failed configuring Portal Server!!
com.sun.portal.fabric.tasks.ConfigurationException: please refer the log file /var/opt/SUNWportal/logs/config/portal.fabric.0.0.log for m
ore information
at com.sun.portal.fabric.config.ValidatePortalInputData.<init>(ValidatePortalInputData.java:188)
at com.sun.portal.fabric.config.ConfigurePortal.main(ConfigurePortal.java:106)
|#]
[#|2006-09-24T13:11:59.739+0200|SEVERE|SJS Portal Server|debug.com.sun.portal.fabric.config|ThreadID=10; ClassName=com.sun.portal.fabric.
config.PortalConfigurator; MethodName=getMbeanServerConnection; |PSFB_CSPFC0025:Security error getting MbeanServerConnection
java.lang.SecurityException: Unable to read truststore
at com.sun.cacao.agent.JmxClient.getUnknownJmxClientConnection(JmxClient.java:835)
at com.sun.portal.admin.common.util.AdminClientUtil.getJMXConnector(AdminClientUtil.java:114)
at com.sun.portal.fabric.config.PortalConfigurator.getMbeanServerConnection(PortalConfigurator.java:617)
at com.sun.portal.fabric.config.ConfigurePortal.resetLogLevel(ConfigurePortal.java:313)
at com.sun.portal.fabric.config.ConfigurePortal.main(ConfigurePortal.java:289)
Caused by: java.io.FileNotFoundException: /etc/opt/SUNWcacao/security/jsse/truststore (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:106)
at java.io.FileInputStream.<init>(FileInputStream.java:66)
at com.sun.cacao.agent.JmxClient.getUnknownJmxClientConnection(JmxClient.java:832)
... 4 more
Can any body help me on this.
Thanks for advance. -
Requirement of TRUSTSTORE and KEYSTORE for JSSE
Hi Java Experts,
I am very new to Java technology and currently got an assignment which requires me to write a client software which should be able to communicate one of our application servers over SSL protocol. I browsed through couple of pages and found JSSE is the way to go. Now my question is -
1. Do I really need to create a truststore to store my server certificate which would be used by my client program?
2. Can I just go ahead and put the server certificate in a directory and allow my client to read the certificate from there ?
3. From 1 and 2 above which approach is most suitable and why ?
I shall be highly thankful if you guys can share your expertise and experience on this.
Thanks in advance!
Sincerely,
Scott.> 1. Do I really need to create a truststore to store my server certificate which would be used by my client program?
Only if the server certificate isn't signed by a certificate authority that isn't already recognized by the default truststore distributed with Java.
2. Can I just go ahead and put the server certificate in a directory and allow my client to read the certificate from there ?No.
3. From 1 and 2 above which approach is most suitable and why ?Neither. The best approach is for the server certificate to be signed by a recognized CA. -
Https Connection from servlets using JSSE.
Hi all,
Although my question is the same as the QOW for this week, there is an error "unsupported keyword EMAIL" returned when i try to establish a https connection using servlet. The error log is as follow:
=====================================
java.io.IOException: unsupported keyword EMAIL
at com.sun.net.ssl.internal.ssl.AVA.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.RDN.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.X500Name.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.X500Name.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V1.2-120198])
at URLReader.doGet(URLReader.java:78)
===================================
Does anyone know the meaning of this error?
I try to write a java application using the similar code and it totally works fine(i can connect to the server and obtain the page). Does JSSE support Java Servlet? Or this is the problem of tomcat server? FYI, I'm using
Tomcat 3.2.2
Java SDK 1.3
Many thanks!
Ethan
p.s. Here is the source for my program
import java.io.*;
import java.net.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.net.*;
import javax.net.ssl.*;
import com.sun.net.ssl.*;
public class URLReader extends HttpServlet{
private PrintWriter out = null;
public void doGet(HttpServletRequest req, HttpServletResponse res){
res.setContentType("text/html");
res.setHeader("Cache-Control", "no-cache");
res.setHeader("Progma", "no-cache");
out = res.getWriter();
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.ssl.trustStore", "File_for_keyStore");
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
try {
URL url = new URL("https://server_name:port/index.htm");
HttpsURLConnection urlconnection = (HttpsURLConnection)url.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(urlconnection.getInputStream()));
String outputLine ;
while ( (outputLine = in.readLine()) != null){
out.println("There is the result: "+outputLine);
in.close();
catch(Exception e){
public void doPost(HttpServletRequest req, HttpServletResponse res){
}I was just having this issue, after months of error-free ssl behavior, on a new machine i was installing (Note: that I was running the IBM jdk1.3) It turns out that when I was editing the java.security file to know about JCE/JSSE providers i had the providers in the wrong order. The Error causing sequence was:
security.provider.1=com.sun.net.ssl.internal.ssl.Provider
security.provider.2=com.ibm.crypto.provider.IBMJCA
# Extra provider added ibm@33894
security.provider.3=com.ibm.crypto.provider.IBMJCE
# extra provider i added
security.provider.4=sun.security.provider.Sun
The issue disappeared when i changed the order to:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.ibm.crypto.provider.IBMJCA
# Extra provider added ibm@33894
security.provider.4=com.ibm.crypto.provider.IBMJCE
hope that helps!
--john molnar
Trellis Network Security -
Using JSSE : "Invalid Netscape CertType extension for SSL client" Error
Hi all,
Im using the sample code given sun site for JSSE with Client Authentication. The sample as such it worked with the testkeys provided in that. But it didn't workout when I tried using other certificates.
Both client and server certificates I generated from our internal Netscape Certificate Manager.
Function of the server :
The server will read a private key from the given keystore and starts listening on a port. This server will server only GET request.
Function of the client :
The Client sends a GET request to the server and gets the response back.
I simply changed the key store name alone in the working sample code.
It is not working.
The Exception thrown on client side :
D:\users\Jp\java\jssesamples\sockets\client\class>java SSLSocketClientWithClientAuth1 localhost 1089 /urls
localhost
1089
/urls
java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at com.sun.net.ssl.internal.ssl.OutputRecord.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at SSLSocketClientWithClientAuth1.main(SSLSocketClientWithClientAuth1.java:119)
Exception thrown on server side :
D:\users\Jp\java\jssesamples\sockets\server\class>java ClassFileServer 1089 . TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
at java.lang.Thread.run(Thread.java:536)
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
error writing response: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExce
ption: Invalid Netscape CertType extension for SSL client
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.Certificate
Exception: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.e(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.DataOutputStream.writeBytes(DataOutputStream.java:256)
at ClassServer.run(ClassServer.java:128)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension
for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
... 1 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
The Client code :
* @(#)SSLSocketClientWithClientAuth.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
import java.security.KeyStore;
* This example shows how to set up a key manager to do client
* authentication if required by server.
* This program assumes that the client is not inside a firewall.
* The application can be modified to connect to a server outside
* the firewall by following SSLSocketClientWithTunneling.java.
public class SSLSocketClientWithClientAuth1 {
public static void main(String[] args) throws Exception {
String host = null;
int port = -1;
String path = null;
for (int i = 0; i < args.length; i++)
System.out.println(args);
if (args.length < 3) {
System.out.println(
"USAGE: java SSLSocketClientWithClientAuth " +
"host port requestedfilepath");
System.exit(-1);
try {
host = args[0];
port = Integer.parseInt(args[1]);
path = args[2];
} catch (IllegalArgumentException e) {
System.out.println("USAGE: java SSLSocketClientWithClientAuth " +
"host port requestedfilepath");
System.exit(-1);
try {
* Set up a key manager for client authentication
* if asked by the server. Use the implementation's
* default TrustStore and secureRandom routines.
SSLSocketFactory factory = null;
try {
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] passphrase = "passphrase".toCharArray();
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
ks.load(new FileInputStream("clientkey"), passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
factory = ctx.getSocketFactory();
} catch (Exception e) {
throw new IOException(e.getMessage());
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
* send http request
* See SSLSocketClient.java for more information about why
* there is a forced handshake here when using PrintWriters.
socket.startHandshake();
PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
out.println("GET " + path + " HTTP/1.1");
/* Some internet sites throw bad request error for HTTP/1.1 req if hostname is not specified so the foll line */
out.println("Host: " + host);
out.println();
out.flush();
* Make sure there were no surprises
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");
/* read response */
BufferedReader in = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
out.close();
socket.close();
} catch (Exception e) {
e.printStackTrace();
The Server code :
* @(#)ClassFileServer.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.io.*;
import java.net.*;
import java.security.KeyStore;
import javax.net.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
/* ClassFileServer.java -- a simple file server that can server
* Http get request in both clear and secure channel
* The ClassFileServer implements a ClassServer that
* reads files from the file system. See the
* doc for the "Main" method for how to run this
* server.
public class ClassFileServer extends ClassServer {
private String docroot;
private static int DefaultServerPort = 2001;
* Constructs a ClassFileServer.
* @param path the path where the server locates files
public ClassFileServer(ServerSocket ss, String docroot) throws IOException
super(ss);
this.docroot = docroot;
* Returns an array of bytes containing the bytes for
* the file represented by the argument <b>path</b>.
* @return the bytes for the file
* @exception FileNotFoundException if the file corresponding
* to <b>path</b> could not be loaded.
public byte[] getBytes(String path)
throws IOException
System.out.println("reading: " + path);
File f = new File(docroot + File.separator + path);
int length = (int)(f.length());
if (length == 0) {
throw new IOException("File length is zero: " + path);
} else {
FileInputStream fin = new FileInputStream(f);
DataInputStream in = new DataInputStream(fin);
byte[] bytecodes = new byte[length];
in.readFully(bytecodes);
return bytecodes;
* Main method to create the class server that reads
* files. This takes two command line arguments, the
* port on which the server accepts requests and the
* root of the path. To start up the server: <br><br>
* <code> java ClassFileServer <port> <path>
* </code><br><br>
* <code> new ClassFileServer(port, docroot);
* </code>
public static void main(String args[])
System.out.println(
"USAGE: java ClassFileServer port docroot [TLS [true]]");
System.out.println("");
System.out.println(
"If the third argument is TLS, it will start as\n" +
"a TLS/SSL file server, otherwise, it will be\n" +
"an ordinary file server. \n" +
"If the fourth argument is true,it will require\n" +
"client authentication as well.");
int port = DefaultServerPort;
String docroot = "";
if (args.length >= 1) {
port = Integer.parseInt(args[0]);
if (args.length >= 2) {
docroot = args[1];
String type = "PlainSocket";
if (args.length >= 3) {
type = args[2];
try {
ServerSocketFactory ssf =
ClassFileServer.getServerSocketFactory(type);
ServerSocket ss = ssf.createServerSocket(port);
if (args.length >= 4 && args[3].equals("true")) {
((SSLServerSocket)ss).setNeedClientAuth(true);
new ClassFileServer(ss, docroot);
} catch (IOException e) {
System.out.println("Unable to start ClassServer: " +
e.getMessage());
e.printStackTrace();
private static ServerSocketFactory getServerSocketFactory(String type) {
if (type.equals("TLS")) {
SSLServerSocketFactory ssf = null;
try {
// set up key manager to do server authentication
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] passphrase = "passphrase".toCharArray();
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
ks.load(new FileInputStream("serverkey"), passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
ssf = ctx.getServerSocketFactory();
return ssf;
} catch (Exception e) {
e.printStackTrace();
} else {
return ServerSocketFactory.getDefault();
return null;
Could anyone help ?
thanks in advance
JayaprakashThe same thing.
I have found the place where the exception throws.
It is com.sun.net.ssl.internal.ssl.AVA class.
It has a constructor AVA(StringReader)
There is a check in this constructor of different certificate extensions
(if-else). If it sees no familiar extension it throws exception and handshake fails.
It is not difficult to fix this problem: just ignore unknown extension.
Everything works fine with this "improved" class (under VA 3.5).
But the problem is - the using of this class in applets.
How can I say the browser to use my "improved" class and not the one it downloaded with java plug-in? -
Working code snippet for JSSE 1.0.2
This code works only with JSSE 1.0.2. JSSE 1.0.1 has a bug I believe which give null cert chain
error when using client authorization.
Below is a java code snippet to create a SSL server and client sockets.
SocketsFactory.java
This class is an utility class which gets you the Secure Socket for server and the client.
It reads from the properties file.
public class SocketsFactory{
/** Creates a SSL client socket. It uses the properties obtained from the
* sslPropsFile to create the client socket.
* @param sslPropsFile The ssl properties file that contains information about the provider etc.
* @param host The host to connect to.
* @param port The port on which this socket should attempt to connect
* @throws IOException if there was any exceptions in creating the sockets or if the properties file
* was not found or corrupted.
* @return returns the socket that was created.
public static Socket createSecureSocket(final String sslPropsFile, String host,int port)throws IOException{
Properties props = readPropertiesFile(sslPropsFile);
SSLSocketFactory factory = null;
System.setProperty("javax.net.ssl.trustStore",(String)props.get("com.ibm.idmg.ssl.keyStore"));
//Getting a secure client socket using sun..
try {
addProvider(props);
// Set up a key manager for client authentication
// if asked by the server. Use the implementation's
// default TrustStore and secureRandom routines.
SSLContext ctx = getSSLContext(props);
factory = ctx.getSocketFactory();
catch (Exception e) {
e.printStackTrace();
throw new IOException(e.getMessage());
SSLSocket client =(SSLSocket)factory.createSocket(host, port);
client.startHandshake();
return client;
/** Creates a SSL server socket based on sun's implementation using JSSE. Uses the
* sslPropsFile to get the keystore used for validating certificates and their
* passwords.
* @param sslPropsFile The properties file containing SSL provider, key passwords etc.,
* @param port The port to which this socket should listen at.
* @throws IOException If the properties file was not found or it was corrupted or if there was any
* other errors while socket creation.
* @return the serversocket object.
public static ServerSocket createSecureServerSocket(final String sslPropsFile,int port) throws IOException{
Properties props = readPropertiesFile(sslPropsFile);
String trustStore = (String)props.get("com.ibm.idmg.ssl.keyStore");
System.setProperty("javax.net.ssl.trustStore",trustStore);
// Getting a sun secure server socket
SSLServerSocketFactory ssf = null;
try {
addProvider(props);
// set up key manager to do server authentication
SSLContext ctx = getSSLContext(props);
ssf = ctx.getServerSocketFactory();
} catch (Exception e) {
e.printStackTrace();
throw new IOException(e.getMessage());
SSLServerSocket socket = (SSLServerSocket)ssf.createServerSocket(port);
socket.setNeedClientAuth(true);
return socket;
* Internally used function to read a provider from the properties and
* add it as the current ssl provider. The properties should have the
* property <i>com.ibm.idmg.ssl.sslProvider</i> defined. Otherwise
* throws NullPointerException.
private static void addProvider(Properties props) throws Exception{
String provider = (String)props.get("com.ibm.idmg.ssl.sslProvider");
if (provider == null)
throw new NullPointerException("com.ibm.idmg.ssl.sslProvider is not specified!");
java.security.Security.addProvider((java.security.Provider)Class.forName(provider).newInstance());
* Internally used function to read a file and return it as java properties.
* It uses java.util.Properties. Throws FileNotFoundException if the file
* was not found. Otherwise returns the properties.
private static Properties readPropertiesFile(final String file) throws IOException{
if (file == null)
throw new IOException("SSL Context File name not specified!");
FileInputStream in = new FileInputStream(file);
Properties properties = new Properties();
properties.load(in);
in.close();
in = null;
return properties;
* Internal function used to retrieve a SSLContext object. It is used primarily
* for creating SSL sockets that can authenticate each other based on the
* keystores specified using the properties.
private static SSLContext getSSLContext(Properties props) throws Exception{
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
String password = (String)props.get("com.ibm.idmg.ssl.keyStorePassword");
if (password == null)
password = System.getProperty("javax.net.ssl.keyStorePassword");
char[] passphrase = password.toCharArray();
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
String keyStoreFile = (String)props.get("com.ibm.idmg.ssl.keyStore");
if (keyStoreFile == null)
keyStoreFile = System.getProperty("javax.net.ssl.keyStore");
FileInputStream in = new FileInputStream(keyStoreFile);
ks.load(in, passphrase);
in.close();
in = null;
// All keys in the KeyStore must be protected by the same password.
String keyPassword = (String)props.get("com.ibm.idmg.ssl.keyPassword");
if (keyPassword != null)
passphrase = keyPassword.toCharArray();
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
return ctx;
The Server properties file looks like this.
# Specify the SSL provider here.
# Using sun's reference implementation for testing..
com.ibm.idmg.ssl.sslProvider=com.sun.net.ssl.internal.ssl.Provider
# Specify the keystore file that this ssl socket should use
com.ibm.idmg.ssl.keyStore=server.ks
# Specify the password for this keystore file
com.ibm.idmg.ssl.keyStorePassword=servercanpass
# Specify the password used to protect the keys in the keystore
# Note: all the keys should have the same password
com.ibm.idmg.ssl.keyPassword=icanpass
The client properties file
# Specify the SSL provider here.
# Using sun's reference implementation for testing..
com.ibm.idmg.ssl.sslProvider=com.sun.net.ssl.internal.ssl.Provider
# Specify the keystore file that this ssl socket should use
com.ibm.idmg.ssl.keyStore=client.ks
# Specify the password for this keystore file
com.ibm.idmg.ssl.keyStorePassword=clientshouldpass
# Specify the password used to protect the keys in the keystore
# Note: all the keys should have the same password
com.ibm.idmg.ssl.keyPassword=canipass
Now to create the certificates..
Its a 5 step process
1) Create the keystore file.
keytool -genkey -alias mohan -dname "CN=Mohan Tera OU=IS O=IM L=sanjose S=NY C=US" -keystore server.ks -storepass servercanpass -validity 180 -keypass icanpass
2) Create a self signed certificate. If you need to get it signed from
verisign then you have to create a certificate request. For testing purposes,
you can create a self signed certificate.
keytool -selfcert -alias mohan -dname "CN=Mohan Tera OU=IS O=IM L=sanjose S=NY C=US" -keystore server.ks -storepass servercanpass -validity 180 -keypass icanpass
3) Export the public key from the keystore to a certificate file that is to be imported to the client keystore.
keytool -export -alias mohan -file fromserver.cer -keystore server.ks -storepass servercanpass
4) Repeat the above steps for the client also..
a)
keytool -genkey -alias moks -dname "CN=Jennifer Poda OU=Javasoft O=Sun L=Edison S=NJ C=US" -keystore client.ks -storepass clientshouldpass -validity 180 -keypass canipass
b)
keytool -selfcert -alias moks -dname "CN=Jennifer Poda OU=Javasoft O=Sun L=Edison S=NJ C=US" -keystore client.ks -storepass clientshouldpass -validity 180 -keypass canipass
c)
keytool -export -alias moks -file fromclient.cer -keystore client.ks -storepass clientshouldpass
5) Import the certificates that were exported in steps 3 and 4c in client and server keystore respectively.
keytool -import -trustcacerts -alias new -file fromserver.cer -keypass keypass -storepass clientshouldpass -keystore client.ks
keytool -import -trustcacerts -alias new -file fromclient.cer -keypass keypass -storepass servercanpass -keystore server.ks
And voila you are all set to go..
Hope this explains to all the people who are struggling with JSSE..
Regards,
Mokswhen i using your method in my code i get the following exception
pl. help me.
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:301)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:103
at java.security.KeyStore.getKey(KeyStore.java:289)
at com.sun.net.ssl.internal.ssl.X509KeyManagerImpl.<init>(DashoA6275)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl.engineInit(DashoA6
275)
at javax.net.ssl.KeyManagerFactory.init(DashoA6275)
at ClassFileServer.getServerSocketFactory(ClassFileServer.java:145)
at ClassFileServer.main(ClassFileServer.java:115)
Exception in thread "main" java.lang.NullPointerException
at ClassFileServer.main(ClassFileServer.java:117) -
Untrusted server cert --- JSSE usage with applets
Hi all,
I am using JSSE client ( uses applets) connects to JSSE server.
I am getting error: untrusted server cert
I am able to connect JSSE server with the JSSE client with out applets with same self signed certificate.
I have read some where that applets by default refer cacerts instead of jssecacerts. Thats why i have added certificate to cacerts also.
I am sending errors (both at client and server side) and html file used for applets at client side.
machName portno port:127.0.0.1 2002 2002
found key for : alias
SunX509: skip default keystore: java.security.AccessControlException: access den
ied (java.util.PropertyPermission javax.net.ssl.trustStore read)
trigger seeding of SecureRandom
done seeding SecureRandom
Machine Name is 127.0.0.1
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1009970996 bytes = { 101, 168, 120, 86, 239, 175, 47, 195, 7
4, 19, 250, 73, 236, 219, 251, 102, 102, 151, 188, 95, 121, 105, 96, 173, 182, 3
3, 212, 30 }
Session ID: {}
Cipher Suites: { 0, 9 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 45
0000: 01 00 00 29 03 01 3C 33 EF 34 65 A8 78 56 EF AF ...)..<3.4e.xV..
0010: 2F C3 4A 13 FA 49 EC DB FB 66 66 97 BC 5F 79 69 /.J..I...ff.._yi
0020: 60 AD B6 21 D4 1E 00 00 02 00 09 01 00 `..!.........
AWT-EventQueue-1, WRITE: SSL v3.1 Handshake, length = 45
[write] MD5 and SHA1 hashes: len = 47
0000: 01 03 01 00 06 00 00 00 20 00 00 09 06 00 40 3C ........ .....@<
0010: 33 EF 34 65 A8 78 56 EF AF 2F C3 4A 13 FA 49 EC 3.4e.xV../.J..I.
0020: DB FB 66 66 97 BC 5F 79 69 60 AD B6 21 D4 1E ..ff.._yi`..!..
AWT-EventQueue-1, WRITE: SSL v2, contentType = 22, translated length = 16340
AWT-EventQueue-1, READ: SSL v3.1 Handshake, length = 670
*** ServerHello, v3.1
RandomCookie: GMT: 1009970996 bytes = { 225, 193, 138, 42, 75, 55, 82, 98, 128,
65, 108, 86, 20, 94, 198, 33, 33, 115, 40, 27, 29, 0, 117, 169, 21, 60, 48, 113
Session ID: {60, 51, 239, 52, 239, 124, 121, 133, 111, 116, 246, 8, 10, 20, 99,
150, 141, 208, 153, 124, 223, 176, 115, 34, 158, 29, 153, 32, 194, 198, 217, 12
6}
Cipher Suite: { 0, 9 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_DES_CBC_SHA]
** SSL_RSA_WITH_DES_CBC_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 3C 33 EF 34 E1 C1 8A 2A 4B 37 ...F..<3.4...*K7
0010: 52 62 80 41 6C 56 14 5E C6 21 21 73 28 1B 1D 00 Rb.AlV.^.!!s(...
0020: 75 A9 15 3C 30 71 20 3C 33 EF 34 EF 7C 79 85 6F u..<0q <3.4..y.o
0030: 74 F6 08 0A 14 63 96 8D D0 99 7C DF B0 73 22 9E t....c.......s".
0040: 1D 99 20 C2 C6 D9 7E 00 09 00 .. .......
*** Certificate chain
chain [0] = [
Version: V1
Subject: CN=prasadv, OU=nms, O=mindtree, L=bangalore, ST=karnataka, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@479809
Validity: [From: Wed Jan 02 14:46:52 GMT+05:30 2002,
To: Thu Jan 02 14:46:52 GMT+05:30 2003]
Issuer: CN=prasadv, OU=nms, O=mindtree, L=bangalore, ST=karnataka, C=IN
SerialNumber: [ 3c32d004 ]
Algorithm: [MD5withRSA]
Signature:
0000: 71 00 A6 5A 95 8D 02 1F FD DF 51 55 73 14 59 C2 q..Z......QUs.Y.
0010: 51 40 D5 38 BE 0C 52 17 44 01 CC 6B 72 05 69 94 [email protected].
0020: 9E 01 2D C5 E4 FF D9 B6 73 8F 0C 84 6F 2A 4B A4 ..-.....s...o*K.
0030: 42 B7 EE E2 B2 32 A6 64 28 6B A2 F1 91 A8 D2 36 B....2.d(k.....6
0040: 09 E8 50 72 1F 25 77 B5 0D 92 48 96 87 EE 76 AF ..Pr.%w...H...v.
0050: 67 FD BF 7F 77 35 36 2F F2 2F 2D 9E 1F 2C F2 8C g...w56/./-..,..
0060: BF B6 44 9F 49 EE E8 E3 13 ED EC 3D 17 1B EC 28 ..D.I......=...(
0070: 6A 37 36 37 BC C3 36 3F 76 22 FF 1C 02 AB 90 0A j767..6?v"......
AWT-EventQueue-1, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown
AWT-EventQueue-1, WRITE: SSL v3.1 Alert, length = 2
IO exceptionuntrusted server cert chain
Exception occurred during event dispatching:
java.security.AccessControlException: access denied (java.lang.RuntimePermission
exitVM)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:272)
at java.security.AccessController.checkPermission(AccessController.java:
399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkExit(SecurityManager.java:765)
at java.lang.Runtime.exit(Runtime.java:91)
at java.lang.System.exit(System.java:701)
at Connection.<init>(Connection.java:94)
at Main$2.actionPerformed(Main.java:373)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:14
50)
at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(Abstra
ctButton.java:1504)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel
.java:378)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:250
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonL
istener.java:216)
at java.awt.Component.processMouseEvent(Component.java:3717)
at java.awt.Component.processEvent(Component.java:3546)
at java.awt.Container.processEvent(Container.java:1164)
at java.awt.Component.dispatchEventImpl(Component.java:2595)
at java.awt.Container.dispatchEventImpl(Container.java:1213)
at java.awt.Component.dispatchEvent(Component.java:2499)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:2451
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:2216)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:2125)
at java.awt.Container.dispatchEventImpl(Container.java:1200)
at java.awt.Window.dispatchEventImpl(Window.java:912)
at java.awt.Component.dispatchEvent(Component.java:2499)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:319)
at java.awt.EventDispatchThread.pumpOneEvent(EventDispatchThread.java:10
3)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.Dialog.show(Dialog.java:370)
at Main.validate(Main.java:434)
at Main$MenuItemListener.actionPerformed(Main.java:729)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:14
50)
at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(Abstra
ctButton.java:1504)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel
.java:378)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:250
at javax.swing.AbstractButton.doClick(AbstractButton.java:279)
at javax.swing.plaf.basic.BasicMenuItemUI$MouseInputHandler.mouseRelease
d(BasicMenuItemUI.java:886)
at java.awt.Component.processMouseEvent(Component.java:3717)
at java.awt.Component.processEvent(Component.java:3546)
at java.awt.Container.processEvent(Container.java:1164)
at java.awt.Component.dispatchEventImpl(Component.java:2595)
at java.awt.Container.dispatchEventImpl(Container.java:1213)
at java.awt.Component.dispatchEvent(Component.java:2499)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:2451
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:2216)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:2125)
at java.awt.Container.dispatchEventImpl(Container.java:1200)
at java.awt.Component.dispatchEvent(Component.java:2499)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:319)
at java.awt.EventDispatchThread.pumpOneEvent(EventDispatchThread.java:10
3)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:84)
errors at server side :
trustStore type is : jks
init truststore
adding private entry as trusted cert: [
Version: V1
Subject: CN=prasadv, OU=nms, O=mindtree, L=bangalore, ST=karnataka, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@291aff
Validity: [From: Wed Jan 02 14:46:52 GMT+05:30 2002,
To: Thu Jan 02 14:46:52 GMT+05:30 2003]
Issuer: CN=prasadv, OU=nms, O=mindtree, L=bangalore, ST=karnataka, C=IN
SerialNumber: [ 3c32d004 ]
Algorithm: [MD5withRSA]
Signature:
0000: 71 00 A6 5A 95 8D 02 1F FD DF 51 55 73 14 59 C2 q..Z......QUs.Y.
0010: 51 40 D5 38 BE 0C 52 17 44 01 CC 6B 72 05 69 94 [email protected].
0020: 9E 01 2D C5 E4 FF D9 B6 73 8F 0C 84 6F 2A 4B A4 ..-.....s...o*K.
0030: 42 B7 EE E2 B2 32 A6 64 28 6B A2 F1 91 A8 D2 36 B....2.d(k.....6
0040: 09 E8 50 72 1F 25 77 B5 0D 92 48 96 87 EE 76 AF ..Pr.%w...H...v.
0050: 67 FD BF 7F 77 35 36 2F F2 2F 2D 9E 1F 2C F2 8C g...w56/./-..,..
0060: BF B6 44 9F 49 EE E8 E3 13 ED EC 3D 17 1B EC 28 ..D.I......=...(
0070: 6A 37 36 37 BC C3 36 3F 76 22 FF 1C 02 AB 90 0A j767..6?v"......
trigger seeding of SecureRandom
done seeding SecureRandom
Befotre main step
Waiting for request under port
matching server alias : alias
Finalizer, SEND SSL v3.1 ALERT: warning, description = close_notify
Finalizer, WRITE: SSL v3.1 Alert, length = 2
Waiting for request under port
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 44
0000: 00 06 00 00 00 20 00 00 09 06 00 40 3C 33 EF 34 ..... .....@<3.4
0010: 65 A8 78 56 EF AF 2F C3 4A 13 FA 49 EC DB FB 66 e.xV../.J..I...f
0020: 66 97 BC 5F 79 69 60 AD B6 21 D4 1E f.._yi`..!..
Thread-0, READ: SSL v2, contentType = 22, translated length = 45
*** ClientHello, v3.1
RandomCookie: GMT: 1009970996 bytes = { 101, 168, 120, 86, 239, 175, 47, 195, 7
4, 19, 250, 73, 236, 219, 251, 102, 102, 151, 188, 95, 121, 105, 96, 173, 182, 3
3, 212, 30 }
Session ID: {}
Cipher Suites: { 0, 9 }
Compression Methods: { 0 }
%% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
*** ServerHello, v3.1
RandomCookie: GMT: 1009970996 bytes = { 225, 193, 138, 42, 75, 55, 82, 98, 128,
65, 108, 86, 20, 94, 198, 33, 33, 115, 40, 27, 29, 0, 117, 169, 21, 60, 48, 113
Session ID: {60, 51, 239, 52, 239, 124, 121, 133, 111, 116, 246, 8, 10, 20, 99,
150, 141, 208, 153, 124, 223, 176, 115, 34, 158, 29, 153, 32, 194, 198, 217, 12
6}
Cipher Suite: { 0, 9 }
Compression Method: 0
Cipher suite: SSL_RSA_WITH_DES_CBC_SHA
*** Certificate chain
chain [0] = [
Version: V1
Subject: CN=prasadv, OU=nms, O=mindtree, L=bangalore, ST=karnataka, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@47c5fc
Validity: [From: Wed Jan 02 14:46:52 GMT+05:30 2002,
To: Thu Jan 02 14:46:52 GMT+05:30 2003]
Issuer: CN=prasadv, OU=nms, O=mindtree, L=bangalore, ST=karnataka, C=IN
SerialNumber: [ 3c32d004 ]
Algorithm: [MD5withRSA]
Signature:
0000: 71 00 A6 5A 95 8D 02 1F FD DF 51 55 73 14 59 C2 q..Z......QUs.Y.
0010: 51 40 D5 38 BE 0C 52 17 44 01 CC 6B 72 05 69 94 [email protected].
0020: 9E 01 2D C5 E4 FF D9 B6 73 8F 0C 84 6F 2A 4B A4 ..-.....s...o*K.
0030: 42 B7 EE E2 B2 32 A6 64 28 6B A2 F1 91 A8 D2 36 B....2.d(k.....6
0040: 09 E8 50 72 1F 25 77 B5 0D 92 48 96 87 EE 76 AF ..Pr.%w...H...v.
0050: 67 FD BF 7F 77 35 36 2F F2 2F 2D 9E 1F 2C F2 8C g...w56/./-..,..
0060: BF B6 44 9F 49 EE E8 E3 13 ED EC 3D 17 1B EC 28 ..D.I......=...(
0070: 6A 37 36 37 BC C3 36 3F 76 22 FF 1C 02 AB 90 0A j767..6?v"......
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 670
0000: 02 00 00 46 03 01 3C 33 EF 34 E1 C1 8A 2A 4B 37 ...F..<3.4...*K7
0010: 52 62 80 41 6C 56 14 5E C6 21 21 73 28 1B 1D 00 Rb.AlV.^.!!s(...
0020: 75 A9 15 3C 30 71 20 3C 33 EF 34 EF 7C 79 85 6F u..<0q <3.4..y.o
0030: 74 F6 08 0A 14 63 96 8D D0 99 7C DF B0 73 22 9E t....c.......s".
0040: 1D 99 20 C2 C6 D9 7E 00 09 00 0B 00 02 4C 00 02 .. ..........L..
0050: 49 00 02 46 30 82 02 42 30 82 01 AB 02 04 3C 32 I..F0..B0.....<2
0060: D0 04 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
0070: 00 30 68 31 0B 30 09 06 03 55 04 06 13 02 49 4E .0h1.0...U....IN
0080: 31 12 30 10 06 03 55 04 08 13 09 6B 61 72 6E 61 1.0...U....karna
0090: 74 61 6B 61 31 12 30 10 06 03 55 04 07 13 09 62 taka1.0...U....b
00A0: 61 6E 67 61 6C 6F 72 65 31 11 30 0F 06 03 55 04 angalore1.0...U.
00B0: 0A 13 08 6D 69 6E 64 74 72 65 65 31 0C 30 0A 06 ...mindtree1.0..
00C0: 03 55 04 0B 13 03 6E 6D 73 31 10 30 0E 06 03 55 .U....nms1.0...U
00D0: 04 03 13 07 70 72 61 73 61 64 76 30 1E 17 0D 30 ....prasadv0...0
00E0: 32 30 31 30 32 30 39 31 36 35 32 5A 17 0D 30 33 20102091652Z..03
00F0: 30 31 30 32 30 39 31 36 35 32 5A 30 68 31 0B 30 0102091652Z0h1.0
0100: 09 06 03 55 04 06 13 02 49 4E 31 12 30 10 06 03 ...U....IN1.0...
0110: 55 04 08 13 09 6B 61 72 6E 61 74 61 6B 61 31 12 U....karnataka1.
0120: 30 10 06 03 55 04 07 13 09 62 61 6E 67 61 6C 6F 0...U....bangalo
0130: 72 65 31 11 30 0F 06 03 55 04 0A 13 08 6D 69 6E re1.0...U....min
0140: 64 74 72 65 65 31 0C 30 0A 06 03 55 04 0B 13 03 dtree1.0...U....
0150: 6E 6D 73 31 10 30 0E 06 03 55 04 03 13 07 70 72 nms1.0...U....pr
0160: 61 73 61 64 76 30 81 9F 30 0D 06 09 2A 86 48 86 asadv0..0...*.H.
0170: F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 ...........0....
0180: 81 00 D2 18 99 9D 29 35 BC 5F AB 80 0C 14 F2 19 ......)5._......
0190: 13 B4 27 28 B1 37 AC 8F 33 CE 2F 08 BF F0 8E 88 ..'(.7..3./.....
01A0: DA BA 40 4B 94 F6 CE CB F3 C9 79 1F 80 CD BA D9 [email protected].....
01B0: 3B 19 8C 70 37 CE E4 DD 49 C7 EF AA FC 30 87 78 ;..p7...I....0.x
01C0: BF D7 8A 68 CE 13 F2 56 8C 08 51 CB AE 17 B1 DC ...h...V..Q.....
01D0: 0B 40 E7 35 AC F6 57 16 A5 B1 AA DB 88 26 2E 6A [email protected]......&.j
01E0: 4A C7 83 45 7F 79 D2 9F 28 ED 54 28 B8 56 48 A1 J..E.y..(.T(.VH.
01F0: 0D 95 47 E0 1F DB 70 0B 38 CA E5 B7 A0 DC 3C 87 ..G...p.8.....<.
0200: BC 07 02 03 01 00 01 30 0D 06 09 2A 86 48 86 F7 .......0...*.H..
0210: 0D 01 01 04 05 00 03 81 81 00 71 00 A6 5A 95 8D ..........q..Z..
0220: 02 1F FD DF 51 55 73 14 59 C2 51 40 D5 38 BE 0C [email protected]..
0230: 52 17 44 01 CC 6B 72 05 69 94 9E 01 2D C5 E4 FF R.D..kr.i...-...
0240: D9 B6 73 8F 0C 84 6F 2A 4B A4 42 B7 EE E2 B2 32 ..s...o*K.B....2
0250: A6 64 28 6B A2 F1 91 A8 D2 36 09 E8 50 72 1F 25 .d(k.....6..Pr.%
0260: 77 B5 0D 92 48 96 87 EE 76 AF 67 FD BF 7F 77 35 w...H...v.g...w5
0270: 36 2F F2 2F 2D 9E 1F 2C F2 8C BF B6 44 9F 49 EE 6/./-..,....D.I.
0280: E8 E3 13 ED EC 3D 17 1B EC 28 6A 37 36 37 BC C3 .....=...(j767..
0290: 36 3F 76 22 FF 1C 02 AB 90 0A 0E 00 00 00 6?v"..........
Thread-0, WRITE: SSL v3.1 Handshake, length = 670
Thread-0, READ: SSL v3.1 Alert, length = 2
Thread-0, RECV SSLv3 ALERT: fatal, certificate_unknown
html file used at client side
<HTML>
<!--"CONVERTED_APPLET"-->
<!-- CONVERTER VERSION 1.3 -->
<OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
WIDTH = 600 HEIGHT = 200 codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,0,0">
<PARAM NAME = CODE VALUE = Main>
<PARAM NAME = CODEBASE VALUE = . >
<PARAM NAME = machinename VALUE = "127.0.0.1" >
<PARAM NAME = port VALUE = "2002" >
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.3">
<PARAM NAME="scriptable" VALUE="false">
</OBJECT>
</HTML>
Please help me to solve out this problem.
Thanks,
prasad.Are u using MS JVM i.e default IE browser or you have installed the plug in?
-
Problem in Client authentication in JSSE on a web service
Hi,
I am having a Web service running on my Web server (Sunone 6.1). I need to implement Security on it using JSSE. It has to be a MUTUAL authentication.
I have installed all the certificates and CA certs on both Client and server. But when I try to call the web service from a standalone Java test client I am getting error on the third step of handshake process that is CLient authentication.
I am not able to understand whether it is authentication problem or some problem while encrypting and decrypting the data. I am sending and receiving data in xml format
I am pasting here the debug output from client side. ALthough it is long but please any one help me on this.
Or if any one can point out what are the various steps depicting the debug statement
Thanks
<spusinfradev1:hk186763> $ RUNDNSSEC_DEV
Note: TestDNSSec.java uses or overrides a deprecated API.
Note: Recompile with -deprecation for details.
submitRequest: BEGIN
submitRequest: calling HttpSubmitter.postTransaction()
postTransaction: Begin
postTransaction: XML Request
<?xml version="1.0" encoding="UTF-8"?>
<sunir.share.service.drpl.client.DNSReqXmlDocTag>
<sunir.share.service.drpl.client.DNSReq>
<CheckType>isEmbargo</CheckType>
<IPAddr>203.81.162.9</IPAddr>
<LookupType>always</LookupType>
<Strict>true</Strict>
</sunir.share.service.drpl.client.DNSReq>
</sunir.share.service.drpl.client.DNSReqXmlDocTag>
postTransaction: creating connection to target url
keyStore is : /home/users/hk186763/RDNS/DRPL/TestClient/serverkey
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: /home/users/hk186763/RDNS/DRPL/TestClient/serverkey
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V1
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d6c16c
Validity: [From: Sun May 17 17:00:00 PDT 1998,
To: Tue Aug 01 16:59:59 PDT 2028]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
Algorithm: [SHA1withRSA]
Signature:
0000: 51 4D CD BE 5C CB 98 19 9C 15 B2 01 39 78 2E 4D QM..\.......9x.M
0010: 0F 67 70 70 99 C6 10 5A 94 A4 53 4D 54 6D 2B AF .gpp...Z..SMTm+.
0020: 0D 5D 40 8B 64 D3 D7 EE DE 56 61 92 5F A6 C4 1D .]@.d....Va._...
0030: 10 61 36 D3 2C 27 3C E8 29 09 B9 11 64 74 CC B5 .a6.,'<.)...dt..
0040: 73 9F 1C 48 A9 BC 61 01 EE E2 17 A6 0C E3 40 08 s..H..a.......@.
0050: 3B 0E E7 EB 44 73 2A 9A F1 69 92 EF 71 14 C3 39 ;...Ds*..i..q..9
0060: AC 71 A7 91 09 6F E4 71 06 B3 BA 59 57 26 79 00 .q...o.q...YW&y.
0070: F6 F8 0D A2 33 30 28 D4 AA 58 A0 9D 9D 69 91 FD ....30(..X...i..
adding as trusted cert: [
Version: V3
Subject: CN=RDNS, OU=Class C, OU=Corporate SSL Client, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@99681b
Validity: [From: Tue Jan 03 16:00:00 PST 2006,
To: Thu Jan 04 15:59:59 PST 2007]
Issuer: CN=SSL Client CA, OU=Class 2 OnSite Subscriber CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
SerialNumber: [ 0e45c61f 24091c18 b354a76c 71ee15f2 ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 12 FB 4E 70 BA E0 53 E5 B2 C2 DC D2 74 BE 7F 17 ..Np..S.....t...
0010: 67 68 55 14 ghU.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C9 06 C7 9C F6 0E 1E 36 9E 49 8E 50 AC 06 46 DE .......6.I.P..F.
0010: A1 4D A6 4F .M.O
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 60 30 5E 30 5C A0 5A A0 58 86 56 68 74 74 70 .`0^0\.Z.X.Vhttp
0010: 3A 2F 2F 6F 6E 73 69 74 65 63 72 6C 2E 76 65 72 ://onsitecrl.ver
0020: 69 73 69 67 6E 2E 63 6F 6D 2F 53 75 6E 4D 69 63 isign.com/SunMic
0030: 72 6F 73 79 73 74 65 6D 73 49 6E 63 43 6F 72 70 rosystemsIncCorp
0040: 6F 72 61 74 65 53 53 4C 43 6C 69 65 6E 74 43 6C orateSSLClientCl
0050: 61 73 73 43 2F 4C 61 74 65 73 74 43 52 4C 2E 63 assC/LatestCRL.c
0060: 72 6C rl
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 2B 16 29 4E 6F 74 20 56 61 6C 69 64 61 74 65 0+.)Not Validate0010: 64 20 46 6F 72 20 53 75 6E 20 42 75 73 69 6E 65 d For Sun Busine
0020: 73 73 20 4F 70 65 72 61 74 69 6F 6E 73 ss Operations
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 72 C1 27 C2 5C 7E D2 8A 39 B8 14 D9 20 8D 6D C6 r.'.\...9... .m.
0010: 7E 34 FC 86 BD 16 30 2E B9 18 05 F9 83 BA FD 43 .4....0........C
0020: 65 E4 48 85 CC 00 C6 19 FC D4 DC E2 ED DC BE F8 e.H.............
0030: 33 65 36 AC AC 32 FD 1E 9C 93 E4 08 FF 1D DD D5 3e6..2..........
0040: AB 81 45 FE AE 5B 0D 90 1E CC 1D 33 CB 56 24 BB ..E..[.....3.V$.
0050: 4D 43 0E 7B B0 EE 04 6B 4F DB 04 3C FB 4E C0 29 MC.....kO..<.N.)
0060: 64 AF 1B E8 9D 22 F0 37 8E 4B A0 19 AC 58 8A A5 d....".7.K...X..
0070: F7 CA 58 B3 D8 7F 36 5C A9 1B A6 7D 13 C7 CF 2E ..X...6\........
0080: 83 4A E0 15 98 1C 0A AD 12 31 7E BC 7B 81 90 B0 .J.......1......
0090: 13 7D 49 D7 FD 17 B0 BE 56 F8 AB 98 33 D9 D3 3E ..I.....V...3..>
00A0: C2 E8 44 7B 29 6D 79 4F A4 88 22 7D 45 3F B4 D8 ..D.)myO..".E?..
00B0: 09 D3 6C 14 13 EC 36 57 FF CE 04 C4 9B 2C 2C CE ..l...6W.....,,.
00C0: 15 0C F3 1A 5E 21 86 A8 E4 BB CA 8B 9B 5E A1 EC ....^!.......^..
00D0: A3 30 2A 36 25 5A BA 91 DF 6E E3 4D 72 BC 41 F8 .0*6%Z...n.Mr.A.
00E0: 25 30 E2 CD 34 7A 08 19 59 19 61 BA 53 FD 1C 2C %0..4z..Y.a.S..,
00F0: 7F EA 38 BA C9 38 0B D3 8D 01 DF 1C 11 CB 3E BB ..8..8........>.
adding as trusted cert: [
Version: V3
Subject: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@551f60
Validity: [From: Wed Jun 01 17:00:00 PDT 2005,
To: Mon Jun 01 16:59:59 PDT 2015]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 4fa13003 7f5dfd64 3fb367fb af699e7c ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US]
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 30 29 A0 27 A0 25 86 23 68 74 74 70 .-0+0).'.%.#http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2D 67 32 2E 63 72 6C com/pca3-g2.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-2048-142]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
Algorithm: [SHA1withRSA]
Signature:
0000: B7 5A 35 83 75 74 8B E1 62 92 86 30 A2 4E 5B 21 .Z5.ut..b..0.N[!
0010: FD 3D 2B 91 A1 AC 98 5E 5F 6A D2 51 BE 27 68 67 .=+....^_j.Q.'hg
0020: 22 C3 FB 69 61 F2 53 00 45 0E 1E E4 A3 DC 27 82 "..ia.S.E.....'.
0030: 5F A8 ED 07 F7 06 73 A1 68 0F 0C E8 4A 66 F4 93 _.....s.h...Jf..
0040: E5 25 50 82 5B DD 2D 9A 2E 55 4E F5 74 3B 90 3B .%P.[.-..UN.t;.;
0050: 40 CA 56 80 87 41 77 17 A3 50 2F 0B 31 15 CC 22 @.V..Aw..P/.1.."
0060: A9 F8 13 DF 4B 77 DB 80 28 80 A9 E0 EF A0 40 0D ....Kw..(.....@.
0070: D7 CF 64 72 8B BC CF 19 9B D9 81 A1 D8 E3 7D 40 ..dr...........@
init context
trigger seeding of SecureRandom
done seeding SecureRandom
postTransaction: creating output stream on connection
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1121389894 bytes = { 177, 208, 214, 162, 50, 118, 129, 69, 14, 124, 134, 197, 180, 112, 220, 185, 218, 97, 213, 180, 222, 100, 98, 105, 221, 111, 135, 84 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 D7 0D 46 B1 D0 D6 A2 32 76 ...7..C..F....2v
0010: 81 45 0E 7C 86 C5 B4 70 DC B9 DA 61 D5 B4 DE 64 .E.....p...a...d
0020: 62 69 DD 6F 87 54 00 00 10 00 05 00 04 00 09 00 bi.o.T..........
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 D7 0D .............C..
0030: 46 B1 D0 D6 A2 32 76 81 45 0E 7C 86 C5 B4 70 DC F....2v.E.....p.
0040: B9 DA 61 D5 B4 DE 64 62 69 DD 6F 87 54 ..a...dbi.o.T
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 4439
*** ServerHello, v3.1
RandomCookie: GMT: 5338 bytes = { 145, 99, 82, 205, 255, 74, 235, 252, 50, 27, 190, 156, 21, 12, 30, 236, 206, 196, 74, 65, 93, 217, 213, 118, 179, 227, 8, 118 }
Session ID: {10, 116, 131, 159, 53, 168, 226, 227, 34, 25, 222, 197, 123, 128, 250, 118, 2, 72, 46, 147, 155, 118, 230, 164, 82, 24, 206, 76, 155, 96, 72, 120}
Cipher Suite: { 0, 5 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 00 00 15 DA 91 63 52 CD FF 4A ...F.......cR..J
0010: EB FC 32 1B BE 9C 15 0C 1E EC CE C4 4A 41 5D D9 ..2.........JA].
0020: D5 76 B3 E3 08 76 20 0A 74 83 9F 35 A8 E2 E3 22 .v...v .t..5..."
0030: 19 DE C5 7B 80 FA 76 02 48 2E 93 9B 76 E6 A4 52 ......v.H...v..R
0040: 18 CE 4C 9B 60 48 78 00 05 00 ..L.`Hx...
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=rdns-alpha.sun.com, OU=Class C, O=Sun Microsystems Inc, L=Broomfield, ST=Colorado, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a2d64
Validity: [From: Sun Nov 20 16:00:00 PST 2005,
To: Tue Nov 21 15:59:59 PST 2006]
Issuer: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
SerialNumber: [ 6702ab4c 00bfe850 3a0eb9a9 1ca380eb ]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 45 7D F2 17 01 02 2F 0D C6 89 E8 A7 63 A0 D6 B6 E...../.....c...
0010: 13 3F 8C A8 .?..
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 72 30 70 30 6E A0 6C A0 6A 86 68 68 74 74 70 .r0p0n.l.j.hhttp
0010: 3A 2F 2F 53 56 52 43 33 53 65 63 75 72 65 53 75 ://SVRC3SecureSu
0020: 6E 4D 69 63 72 6F 73 79 73 74 65 6D 73 2D 4D 50 nMicrosystems-MP
0030: 4B 49 2D 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E KI-crl.verisign.
0040: 63 6F 6D 2F 53 75 6E 4D 69 63 72 6F 73 79 73 74 com/SunMicrosyst
0050: 65 6D 73 49 6E 63 43 6C 61 73 73 43 55 6E 69 66 emsIncClassCUnif
0060: 69 65 64 2F 4C 61 74 65 73 74 43 52 4C 53 72 76 ied/LatestCRLSrv
0070: 2E 63 72 6C .crl
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 2B 1A 29 4E 6F 74 20 56 61 6C 69 64 61 74 65 0+.)Not Validate0010: 64 20 46 6F 72 20 53 75 6E 20 42 75 73 69 6E 65 d For Sun Busine
0020: 73 73 20 4F 70 65 72 61 74 69 6F 6E 73 ss Operations
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 08 EA E4 7E FB 1B A6 4D DC EA BE 44 44 0E 9E 97 .......M...DD...
0010: BC B3 4A 85 39 4A AF B0 7F AB CB C4 9F C4 11 90 ..J.9J..........
0020: C6 0F FC C5 D0 41 4E 87 C8 93 1A 27 8F F4 7A 26 .....AN....'..z&
0030: A8 26 DE 52 D9 0A CC 78 5E 55 21 04 D9 C6 B2 22 .&.R...x^U!...."
0040: C5 18 EA 19 EF C0 EA F3 C0 95 B0 6C DB 16 E7 B8 ...........l....
0050: 9D 22 06 50 E1 70 19 71 C0 8E 9D 0C AD 6E 11 AE .".P.p.q.....n..
0060: C6 DE 7E 54 9F 39 48 9C E8 3E F3 1B 1D 1B 00 5B ...T.9H..>.....[
0070: F5 DB 63 CE 16 07 3A 70 B0 FB AF 8D 82 9B DD 58 ..c...:p.......X
0080: 57 AC 33 9C 2D D4 CE 76 51 7E 4F 9E EA 59 90 B0 W.3.-..vQ.O..Y..
0090: 91 A7 A8 E0 F9 F6 E0 4B 1E 24 51 92 E0 31 43 E4 .......K.$Q..1C.
00A0: 70 6E 7D E9 13 93 84 E9 1C 88 CC 85 72 55 91 13 pn..........rU..
00B0: 33 4C 91 45 13 32 D0 F1 72 82 E1 A9 F3 6E 7F FD 3L.E.2..r....n..
00C0: 73 38 D8 8D 04 70 DB 28 E0 5D A1 17 20 06 B8 83 s8...p.(.].. ...
00D0: FE 80 37 55 32 77 12 BF DC FC 2D E5 6B EE C8 23 ..7U2w....-.k..#
00E0: 89 1F D4 53 51 EE 36 ED 68 26 0D B7 A3 3C E2 9C ...SQ.6.h&...<..
00F0: E5 B3 61 96 BD 6B 37 A0 7E 15 76 29 EB 97 5B E8 ..a..k7...v)..[.
chain [1] = [
Version: V3
Subject: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@89cf1e
Validity: [From: Wed Jun 01 17:00:00 PDT 2005,
To: Mon Jun 01 16:59:59 PDT 2015]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 4fa13003 7f5dfd64 3fb367fb af699e7c ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US]
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 30 29 A0 27 A0 25 86 23 68 74 74 70 .-0+0).'.%.#http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2D 67 32 2E 63 72 6C com/pca3-g2.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-2048-142]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
Algorithm: [SHA1withRSA]
Signature:
0000: B7 5A 35 83 75 74 8B E1 62 92 86 30 A2 4E 5B 21 .Z5.ut..b..0.N[!
0010: FD 3D 2B 91 A1 AC 98 5E 5F 6A D2 51 BE 27 68 67 .=+....^_j.Q.'hg
0020: 22 C3 FB 69 61 F2 53 00 45 0E 1E E4 A3 DC 27 82 "..ia.S.E.....'.
0030: 5F A8 ED 07 F7 06 73 A1 68 0F 0C E8 4A 66 F4 93 _.....s.h...Jf..
0040: E5 25 50 82 5B DD 2D 9A 2E 55 4E F5 74 3B 90 3B .%P.[.-..UN.t;.;
0050: 40 CA 56 80 87 41 77 17 A3 50 2F 0B 31 15 CC 22 @.V..Aw..P/.1.."
0060: A9 F8 13 DF 4B 77 DB 80 28 80 A9 E0 EF A0 40 0D ....Kw..(.....@.
0070: D7 CF 64 72 8B BC CF 19 9B D9 81 A1 D8 E3 7D 40 ..dr...........@
chain [2] = [
Version: V1
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@7ce4e7
Validity: [From: Sun May 17 17:00:00 PDT 1998,
To: Tue Aug 01 16:59:59 PDT 2028]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
Algorithm: [SHA1withRSA]
Signature:
0000: 51 4D CD BE 5C CB 98 19 9C 15 B2 01 39 78 2E 4D QM..\.......9x.M
0010: 0F 67 70 70 99 C6 10 5A 94 A4 53 4D 54 6D 2B AF .gpp...Z..SMTm+.
0020: 0D 5D 40 8B 64 D3 D7 EE DE 56 61 92 5F A6 C4 1D .]@.d....Va._...
0030: 10 61 36 D3 2C 27 3C E8 29 09 B9 11 64 74 CC B5 .a6.,'<.)...dt..
0040: 73 9F 1C 48 A9 BC 61 01 EE E2 17 A6 0C E3 40 08 s..H..a.......@.
0050: 3B 0E E7 EB 44 73 2A 9A F1 69 92 EF 71 14 C3 39 ;...Ds*..i..q..9
0060: AC 71 A7 91 09 6F E4 71 06 B3 BA 59 57 26 79 00 .q...o.q...YW&y.
0070: F6 F8 0D A2 33 30 28 D4 AA 58 A0 9D 9D 69 91 FD ....30(..X...i..
stop on trusted cert: [
Version: V3
Subject: CN=Sun Microsystems Inc SSL CA, OU=Class 3 MPKI Secure Server CA, OU=VeriSign Trust Network, O=Sun Microsystems Inc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@89cf1e
Validity: [From: Wed Jun 01 17:00:00 PDT 2005,
To: Mon Jun 01 16:59:59 PDT 2015]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ 4fa13003 7f5dfd64 3fb367fb af699e7c ]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0010: 17 F9 01 FA ....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US]
SerialNumber: [ 7dd9fe07 cfa81eb7 107967fb a78934c6 ]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 30 29 A0 27 A0 25 86 23 68 74 74 70 .-0+0).'.%.#http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2D 67 32 2E 63 72 6C com/pca3-g2.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-2048-142]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[CertificatePolicyId: [2.16.840.1.113536.509.3647]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 73 3A 2F 2F 77 77 77 2E 73 75 ..https://www.su0010: 6E 2E 63 6F 6D 2F 70 6B 69 2F 63 70 73 n.com/pki/cps
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
Algorithm: [SHA1withRSA]
Signature:
0000: B7 5A 35 83 75 74 8B E1 62 92 86 30 A2 4E 5B 21 .Z5.ut..b..0.N[!
0010: FD 3D 2B 91 A1 AC 98 5E 5F 6A D2 51 BE 27 68 67 .=+....^_j.Q.'hg
0020: 22 C3 FB 69 61 F2 53 00 45 0E 1E E4 A3 DC 27 82 "..ia.S.E.....'.
0030: 5F A8 ED 07 F7 06 73 A1 68 0F 0C E8 4A 66 F4 93 _.....s.h...Jf..
0040: E5 25 50 82 5B DD 2D 9A 2E 55 4E F5 74 3B 90 3B .%P.[.-..UN.t;.;
0050: 40 CA 56 80 87 41 77 17 A3 50 2F 0B 31 15 CC 22 @.V..Aw..P/.1.."
0060: A9 F8 13 DF 4B 77 DB 80 28 80 A9 E0 EF A0 40 0D ....Kw..(.....@.
0070: D7 CF 64 72 8B BC CF 19 9B D9 81 A1 D8 E3 7D 40 ..dr...........@
[read] MD5 and SHA1 hashes: len = 3479
0000: 0B 00 0D 93 00 0D 90 00 05 0A 30 82 05 06 30 82 ..........0...0.
0010: 03 EE A0 03 02 01 02 02 10 67 02 AB 4C 00 BF E8 .........g..L...
0020: 50 3A 0E B9 A9 1C A3 80 EB 30 0D 06 09 2A 86 48 P:.......0...*.H
0030: 86 F7 0D 01 01 05 05 00 30 81 8E 31 1D 30 1B 06 ........0..1.0..
0040: 03 55 04 0A 13 14 53 75 6E 20 4D 69 63 72 6F 73 .U....Sun Micros
0050: 79 73 74 65 6D 73 20 49 6E 63 31 1F 30 1D 06 03 ystems Inc1.0...
0060: 55 04 0B 13 16 56 65 72 69 53 69 67 6E 20 54 72 U....VeriSign Tr
0070: 75 73 74 20 4E 65 74 77 6F 72 6B 31 26 30 24 06 ust Network1&0$.
0080: 03 55 04 0B 13 1D 43 6C 61 73 73 20 33 20 4D 50 .U....Class 3 MP
0090: 4B 49 20 53 65 63 75 72 65 20 53 65 72 76 65 72 KI Secure Server
00A0: 20 43 41 31 24 30 22 06 03 55 04 03 13 1B 53 75 CA1$0"..U....Su
00B0: 6E 20 4D 69 63 72 6F 73 79 73 74 65 6D 73 20 49 n Microsystems I
00C0: 6E 63 20 53 53 4C 20 43 41 30 1E 17 0D 30 35 31 nc SSL CA0...051
00D0: 31 32 31 30 30 30 30 30 30 5A 17 0D 30 36 31 31 121000000Z..0611
00E0: 32 31 32 33 35 39 35 39 5A 30 81 83 31 0B 30 09 21235959Z0..1.0.
00F0: 06 03 55 04 06 13 02 55 53 31 11 30 0F 06 03 55 ..U....US1.0...U
0100: 04 08 13 08 43 6F 6C 6F 72 61 64 6F 31 13 30 11 ....Colorado1.0.
0110: 06 03 55 04 07 14 0A 42 72 6F 6F 6D 66 69 65 6C ..U....Broomfiel
0120: 64 31 1D 30 1B 06 03 55 04 0A 14 14 53 75 6E 20 d1.0...U....Sun
0130: 4D 69 63 72 6F 73 79 73 74 65 6D 73 20 49 6E 63 Microsystems Inc
0140: 31 10 30 0E 06 03 55 04 0B 14 07 43 6C 61 73 73 1.0...U....Class
0150: 20 43 31 1B 30 19 06 03 55 04 03 14 12 72 64 6E C1.0...U....rdn
0160: 73 2D 61 6C 70 68 61 2E 73 75 6E 2E 63 6F 6D 30 s-alpha.sun.com0
0170: 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 ..0...*.H.......
0180: 00 03 81 8D 00 30 81 89 02 81 81 00 E3 8A 2F 46 .....0......../F
0190: 49 FD 71 6B 5E F3 72 64 22 25 36 06 D0 B7 AC 28 I.qk^.rd"%6....(
01A0: 28 30 0D 34 66 56 22 63 40 F9 8C 1B 9A 54 1C 5B (0.4fV"[email protected].[
01B0: 76 FF 1A D7 18 D3 5A 39 A5 C6 67 8C B0 B0 99 C6 v.....Z9..g.....
01C0: 32 6C 18 FF E3 61 EF 31 DE D6 0C 76 BE 6D CA C4 2l...a.1...v.m..
01D0: 2B A7 84 A7 47 E3 E2 2F 5E 71 02 8E 03 89 B7 66 +...G../^q.....f
01E0: 9C 53 5B C5 81 81 41 E8 82 2F B4 DA 9E 4D 41 C7 .S[...A../...MA.
01F0: E8 05 43 EC BA F6 1C 26 F2 CF 07 9A 5C A2 D2 B9 ..C....&....\...
0200: AB 3C 91 6A 90 DE 0D 58 B8 0B 57 AB 02 03 01 00 .<.j...X..W.....
0210: 01 A3 82 01 EB 30 82 01 E7 30 09 06 03 55 1D 13 .....0...0...U..
0220: 04 02 30 00 30 1D 06 03 55 1D 0E 04 16 04 14 45 ..0.0...U......E
0230: 7D F2 17 01 02 2F 0D C6 89 E8 A7 63 A0 D6 B6 13 ...../.....c....
0240: 3F 8C A8 30 1F 06 03 55 1D 23 04 18 30 16 80 14 ?..0...U.#..0...
0250: D7 DD 5E 81 BE CF 5C E3 DC D2 F2 8D ED 04 B8 AC ..^...\.........
0260: 17 F9 01 FA 30 0E 06 03 55 1D 0F 01 01 FF 04 04 ....0...U.......
0270: 03 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 ....0...U.%..0..
0280: 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 .+.........+....
0290: 07 03 02 30 81 B9 06 03 55 1D 20 04 81 B1 30 81 ...0....U. ...0.
02A0: AE 30 39 06 0B 60 86 48 01 86 F8 45 01 07 17 03 .09..`.H...E....
02B0: 30 2A 30 28 06 08 2B 06 01 05 05 07 02 01 16 1C 0*0(..+.........
02C0: 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 72 69 https://www.veri
02D0: 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 30 71 06 0B sign.com/rpa0q..
02E0: 60 86 48 01 86 F7 00 83 7D 9C 3F 30 62 30 27 06 `.H.......?0b0'.
02F0: 08 2B 06 01 05 05 07 02 01 16 1B 68 74 74 70 73 .+.........https
0300: 3A 2F 2F 77 77 77 2E 73 75 6E 2E 63 6F 6D 2F 70 ://www.sun.com/p
0310: 6B 69 2F 63 70 73 30 37 06 08 2B 06 01 05 05 07 ki/cps07..+.....
0320: 02 02 30 2B 1A 29 4E 6F 74 20 56 61 6C 69 64 61 ..0+.)Not Valida
0330: 74 65 64 20 46 6F 72 20 53 75 6E 20 42 75 73 69 ted For Sun Busi
0340: 6E 65 73 73 20 4F 70 65 72 61 74 69 6F 6E 73 30 ness Operations0
0350: 79 06 03 55 1D 1F 04 72 30 70 30 6E A0 6C A0 6A y..U...r0p0n.l.j
0360: 86 68 68 74 74 70 3A 2F 2F 53 56 52 43 33 53 65 .hhttp://SVRC3Se
0370: 63 75 72 65 53 75 6E 4D 69 63 72 6F 73 79 73 74 cureSunMicrosyst
0380: 65 6D 73 2D 4D 50 4B 49 2D 63 72 6C 2E 76 65 72 ems-MPKI-crl.ver
0390: 69 73 69 67 6E 2E 63 6F 6D 2F 53 75 6E 4D 69 63 isign.com/SunMic
03A0: 72 6F 73 79 73 74 65 6D 73 49 6E 63 43 6C 61 73 rosystemsIncClas
03B0: 73 43 55 6E 69 66 69 65 64 2F 4C 61 74 65 73 74 sCUnified/Latest
03C0: 43 52 4C 53 72 76 2E 63 72 6C 30 34 06 08 2B 06 CRLSrv.crl04..+.
03D0: 01 05 05 07 01 01 04 28 30 26 30 24 06 08 2B 06 .......(0&0$..+.
03E0: 01 05 05 07 30 01 86 18 68 74 74 70 3A 2F 2F 6F ....0...http://o
03F0: 63 73 70 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D csp.verisign.com
0400: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0410: 82 01 01 00 08 EA E4 7E FB 1B A6 4D DC EA BE 44 ...........M...D
0420: 44 0E 9E 97 BC B3 4A 85 39 4A AF B0 7F AB CB C4 D.....J.9J......
0430: 9F C4 11 90 C6 0F FC C5 D0 41 4E 87 C8 93 1A 27 .........AN....'
0440: 8F F4 7A 26 A8 26 DE 52 D9 0A CC 78 5E 55 21 04 ..z&.&.R...x^U!.
0450: D9 C6 B2 22 C5 18 EA 19 EF C0 EA F3 C0 95 B0 6C ..."...........l
0460: DB 16 E7 B8 9D 22 06 50 E1 70 19 71 C0 8E 9D 0C .....".P.p.q....
0470: AD 6E 11 AE C6 DE 7E 54 9F 39 48 9C E8 3E F3 1B .n.....T.9H..>..
0480: 1D 1B 00 5B F5 DB 63 CE 16 07 3A 70 B0 FB AF 8D ...[..c...:p....
0490: 82 9B DD 58 57 AC 33 9C 2D D4 CE 76 51 7E 4F 9E ...XW.3.-..vQ.O.
04A0: EA 59 90 B0 91 A7 A8 E0 F9 F6 E0 4B 1E 24 51 92 .Y.........K.$Q.
04B0: E0 31 43 E4 70 6E 7D E9 13 93 84 E9 1C 88 CC 85 .1C.pn..........
04C0: 72 55 91 13 33 4C 91 45 13 32 D0 F1 72 82 E1 A9 rU..3L.E.2..r...
04D0: F3 6E 7F FD 73 38 D8 8D 04 70 DB 28 E0 5D A1 17 .n..s8...p.(.]..
04E0: 20 06 B8 83 FE 80 37 55 32 77 12 BF DC FC 2D E5 .....7U2w....-.
04F0: 6B EE C8 23 89 1F D4 53I am having the same problem , did you ever found the solution for this. I am getting an error " .... no IV for cipher". I am trying to do the Client Authentication to IIS from Java client.
Any help is greatly appreciated.
Thanks -
Hi,
I am encountering the following exception when opening an SSL connection to an
HTTPS web server (running apache + mod_ssl ) :
java.io.IOException: unsupported keyword OID.2.5.4.5
at com.sun.net.ssl.internal.ssl.AVA.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.RDN.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.X500Name.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.X500Name.<init>([DashoPro-V1.2-120198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V
1.2-120198])
at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([Das
hoPro-V1.2-120198])
at [...]The web server's X.509 V3 certificate was acquired from Certinomis (a
french company - www.certinomis.com), and I have imported its root CA and
intermediate CA into my client JVM's keystore using keytool.
After a short investigation, it looks like it is a bug of JSSE 1.0.2
implementation which doesn't recognize the Object Id 2.5.4.5 which
according to the following page, is a standard X.500 attribute :
http://www.alvestrand.no/objectid/2.5.4.5.html
Here is an excerpt of this page :
2.5.4.5 - id-at-serialNumber
OID value: 2.5.4.5
OID description: The Serial Number attribute type specifies an identifier, the
serial number of a device.
An attribute value for Serial Number is a printable string.
serialNumber ATTRIBUTE ::= {
WITH SYNTAX PrintableString (SIZE (1..ub-serialNumber))
EQUALITY MATCHING RULE caseIgnoreMatch
SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
ID id-at-serialNumber
}The very same code works when accessing web sites using Verisign certificates
which do not contain such a 2.5.4.5 OID in the certificate subject, so it may
well be dued to a malformation of the Certinomis certificate.
Any help appreciated,
Patrick DECAT.
Following is the trace printed out when running the JVM with
-Djavax.net.debug=all (binary blocks replaced by [...]) :
C:\java\jdk1.3.1\bin\javaw -classpath
C:\Development\HttpsReader\classes;
C:\java\jsse1.0.2\lib\jsse.jar;C:\java\jsse1.0.2\lib\jnet.jar;
C:\java\jsse1.0.2\lib\jcert.jar;C:\java\jdk1.3.1\jre\lib\i18n.jar;
C:\java\jdk1.3.1\jre\lib\jaws.jar;C:\java\jdk1.3.1\jre\lib\rt.jar;
C:\java\jdk1.3.1\jre\lib\sunrsasign.jar;C:\java\jdk1.3.1\lib\dt.jar;
C:\java\jdk1.3.1\lib\tools.jar
-Djavax.net.debug=all HttpsReader
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: C:\java\jdk1.3.1\jre\lib\security\jssecacerts
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V3
Subject: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@19681b
Validity: [From: Thu Nov 09 01:00:00 CET 2000,
To: Fri Nov 09 01:00:00 CET 2012]
Issuer: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
SerialNumber: [ 30303030 39373337 35373338 36303030 ]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: [...]
[2]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: [...]
adding as trusted cert: [
Version: V3
Subject: CN=CertiNomis Classe 2, O=CertiNomis, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@bc49d
Validity: [From: Wed Nov 29 01:00:00 CET 2000,
To: Mon Nov 29 01:00:00 CET 2004]
Issuer: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
SerialNumber: [ 30303030 39373534 38383434 39303030 ]
Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: [...]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: [...]
[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: [...]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: [...]
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 993394508 bytes = { 24, 22, 81, 16, 235, 187, 118, 86, 45,
138, 98, 195,
155, 110, 203, 166, 77, 227, 57, 128, 191, 247, 109, 154, 243, 212, 78, 25 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: [...]
AWT-EventQueue-0, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: [...]
AWT-EventQueue-0, WRITE: SSL v2, contentType = 22, translated length = 16310
AWT-EventQueue-0, READ: SSL v3.1 Handshake, length = 74
*** ServerHello, v3.1
RandomCookie: GMT: 993394166 bytes = { 7, 124, 93, 170, 159, 46, 253, 150, 76,
123, 239,
155, 27, 14, 132, 20, 203, 83, 219, 221, 217, 201, 21, 212, 79, 18, 122, 73 }
Session ID: {179, 250, 40, 17, 25, 73, 235, 228, 229, 141, 93, 207, 137, 204, 71,
144, 235,
210, 99, 135, 15, 169, 170, 141, 156, 3, 58, 135, 178, 196, 112, 222}
Cipher Suite: { 0, 5 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: [...]
AWT-EventQueue-0, READ: SSL v3.1 Handshake, length = 1088
*** Certificate chain
chain [0] = [
Version: V3
Subject: OID.2.5.4.5=10052821, OU=Certificat Mercatis,
[email protected], CN=xxxxxx.xxxxxxxx.com, OU=FC,
O=XXXXXXXXX-XXXXXXXXX, L=Paris, ST=Paris, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@4a0115
Validity: [From: Fri Mar 23 11:54:32 CET 2001,
To: Sun Mar 24 11:54:32 CET 2002]
Issuer: CN=CertiNomis Classe 2, O=CertiNomis, C=FR
SerialNumber: [ 39383533 34313237 32353633 ]
Certificate Extensions: 8
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
S/MIME
Object Signing
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: [...]
[3]: ObjectId: 2.5.29.32 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: [...]
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: [...]
[5]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: [...]
[6]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
[8]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: [...]
add missing root cert: [
Version: V3
Subject: CN=CertiNomis Classe 2, O=CertiNomis, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@bc49d
Validity: [From: Wed Nov 29 01:00:00 CET 2000,
To: Mon Nov 29 01:00:00 CET 2004]
Issuer: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
SerialNumber: [ 30303030 39373534 38383434 39303030 ]
Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: [...]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: [...]
[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: [...]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: [...]
stop on trusted cert: [
Version: V3
Subject: CN=CertiNomis Classe 2, O=CertiNomis, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@bc49d
Validity: [From: Wed Nov 29 01:00:00 CET 2000,
To: Mon Nov 29 01:00:00 CET 2004]
Issuer: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
SerialNumber: [ 30303030 39373534 38383434 39303030 ]
Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: [...]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: [...]
[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: [...]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: [...]
[read] MD5 and SHA1 hashes: len = 1088
0000: [...]
AWT-EventQueue-0, READ: SSL v3.1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: [...]
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 94, 206, 199, 220, 80, 40, 86, 42, 59, 54, 23, 92, 139,
128, 16, 86, 141, 241, 78, 190, 245, 233, 179, 240, 248, 239, 144, 179, 120,
41, 52, 117, 74, 230, 249, 185, 175, 141, 182, 0, 207, 81, 217, 66, 216, 69 }
[write] MD5 and SHA1 hashes: len = 134
0000: [...]
AWT-EventQueue-0, WRITE: SSL v3.1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: [...]
CONNECTION KEYGEN:
Client Nonce:
0000: [...]
Server Nonce:
0000: [...]
Master Secret:
0000: [...]
Client MAC write Secret:
0000: [...]
Server MAC write Secret:
0000: [...]
Client write key:
0000: [...]
Server write key:
0000: [...]
... no IV for cipher
AWT-EventQueue-0, WRITE: SSL v3.1 Change Cipher Spec, length = 1
*** Finished, v3.1
verify_data: { 48, 119, 230, 86, 67, 207, 57, 59, 18, 222, 4, 107 }
[write] MD5 and SHA1 hashes: len = 16
0000: [...]
Plaintext before ENCRYPTION: len = 36
0000: [...]
AWT-EventQueue-0, WRITE: SSL v3.1 Handshake, length = 36
AWT-EventQueue-0, READ: SSL v3.1 Change Cipher Spec, length = 1
AWT-EventQueue-0, READ: SSL v3.1 Handshake, length = 36
Plaintext after DECRYPTION: len = 36
0000: [...]
*** Finished, v3.1
verify_data: { 238, 82, 186, 214, 115, 130, 241, 249, 113, 52, 93, 58 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
[read] MD5 and SHA1 hashes: len = 16
0000: [...]
Finalizer, SEND SSL v3.1 ALERT: warning, description = close_notify
Plaintext before ENCRYPTION: len = 22
0000: [...]
Finalizer, WRITE: SSL v3.1 Alert, length = 22Just to keep this thread updated, here is some information I got from Sun's support :
"They have closed this as a duplicate of the other bug[The bug was already identified internally].
The fix for it has been put into build # 71 of merlin (1.4).
I don't yet know whether that build is (or will be) early enough to be part of merlin-beta2 (second public beta).
In any case, the problem has been fixed. It's just a matter of when it will
appear in a publicly-available form." -
Hi,
I am able to run that piece of code inside my IDE, it is an https request that requires client certificate, i have followed the JSSE instructions on using SSLSocket . i created a keystore which contains the self signed server certificate and refers to it by setting
System.setProperty("javax.net.ssl.keyStore", "C:/projects/software/ssl/se_server_keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "mypassword");
System.setProperty("javax.net.ssl.trustStore", "C:/projects/software/ssl/se_truststore");
System.setProperty("javax.net.ssl.trustStorePassword", "trustword");
now this code works fine in my IDE
SSLContext ctx = SSLContext.getInstance("TLS");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
KeyStore ks2 = KeyStore.getInstance("PKCS12", "SunJSSE");
FileInputStream fin = new FileInputStream(m_sClientCertPath);
ks2.load(fin, m_sPassword.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
kmf.init(ks2, m_sPassword.toCharArray());
fin.close();
ctx.init(kmf.getKeyManagers(), null, null);
factory = ctx.getSocketFactory();
SSLSocket s = (SSLSocket)factory.createSocket(m_sHost, 1129);
s.startHandshake();
out = new PrintWriter(new BufferedWriter(new OutputStreamWriter(s.getOutputStream())));
out.println(sXml);
out.println();
out.flush();
in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
String sResp = "";
String s;
while((s = in.readLine()) != null)
if(s != null)
sResp = sResp + s;
in.close();
out.close();
socket.close();The anser is a string containing the vaules expected. Now when i run it inside tomcat, i get the following response
1333004[SSL_RSA_WITH_RC4_128_MD5: Socket[addr=staging.linkpt.net/216.66.211.215,port=1129,localport=1499]]1333004[SSL_RSA_WITH_RC4_128_MD5: Socket[addr=staging.linkpt.net/216.66.211.215,port=1129,localport=1499]]1333004[SSL_RSA_WITH_RC4_128_MD5: Socket[addr=staging.linkpt.net/216.66.211.215,port=1129,localport=1499]]
does that mean somthing to someone ?
Edited by: senior-carlos on Apr 25, 2008 9:43 PMthose properties are specifying my custom keystore where the self sign server certificate is. Now i wonder why this is working inside my IDE and i have that behavior on tomcat, may i try to change tomcat jsse jar file ?
-
Probelm client auth from jsse client with open ssl server
I tried to connect jsse client with a openssl server.. with clientAuth
This is what i did ..
Using openssl req comand i created a X509 certificate for server and imported the same to java keystore..
The communication works fine without client authentication.
To enable client auth i create client private/public key pair using keytool and exported the public key to a file client.public. and used it in open ssl server .
This is how i invoke the client ..
java
-Djavax.net.debug=all
-Djavax.net.ssl.trustStore=cacerts
-Djavax.net.ssl.trustStorePassword=changeit
-Djavax.net.private -Djavax.net.ssl.keyStorePassword=password EchoClient
After which i get following error in server
SSL3 alert write:fatal:handshake failure
SSL_accept:error in SSLv3 read client certificate B
SSL_accept:error in SSLv3 read client certificate B
ERROR
17246:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate:s3_srvr.c:1666:
shutting down SSL
CONNECTION CLOSED
The client debug says it is recieving a certificate request.. what could be the problem.. can anybody help...i also have that problem. I was trying to configure SSL in apache in Win XP machine, but this error occurs. Is there anyone, who can help on it?
-
Help with java.lang.ClassCastException in JSSE
I need an urgent help.
i am writing code in JSSE for getting Server certificater(through SSL)
i wrote
public class url
public static void main(String[] args)
try
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new Provider());
URL url=new URL("https://localhost:8443");
HttpsURLConenction urlc=(HttpsURLConnection) url.openConnection();
catch(Exception e)
System.out.println(e);
when i am executing this programing, i am getting the following run time error
java.lang.ClassCastException
I think i am getting error for the following line of code
" HttpsURLConenction urlc=(HttpsURLConnection)url.openConnection(); "
Please help me out to overcome this run time error.
I would be grateful to you if you can solve my errorHi all
I have the same error:
java.lang.ClassCastException: com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
MY CODE IS:
// Set the system and security properties
System.setProperty("javax.net.ssl.trustStore",
"C:\\certificados\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
// Keystore location and password
System.setProperty("javax.net.ssl.keyStore",
"C:\\certificados\\keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
//Set the request
String url_ = "https://195.235.160.165";
//Creamos la petici�n html
StringBuffer buffer = new StringBuffer();
buffer.append(url_);
buffer.append("/GPP/WLServer?Method=M_FINDIT&CLIENT=");
buffer.append(client);
buffer.append("&CLI_PASSWD=");
buffer.append(cli_passwd);
buffer.append("&USER=");
buffer.append(user_login);
buffer.append("&USER_PASSWD=");
buffer.append(user_passwd);
buffer.append("&TUSERID=");
buffer.append(MSISDN);
buffer.append("&TUSERID_TYPE=MSISDN");
buffer.append("&GROUP=");
buffer.append(group_id);
buffer.append("&SRS=GPP:UTM28");
url_ = buffer.toString();
URL url = new URL(url_);
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session)
// I don't care if the certificate doesn't match host name
return true;
BufferedReader in = new BufferedReader(
new InputStreamReader(
conn.getInputStream()));
//Creates a writer with the encoding parameter as "UTF-8"
Writer out_ = new OutputStreamWriter(response.getOutputStream(), "UTF-8" );
String inputLine;
String fichero_in = "";
while ((inputLine = in.readLine()) != null){
if(inputLine.length()!=0){
System.out.println(inputLine);
fichero_in = inputLine;
out_.write(inputLine);
in.close();
//Sets the Content-Type header
response.setContentType("application/xml; charset=utf-8");
//response.setContentType("text/html; charset=UTF-8");
//Sends the response XML to the client
out_.write(url_);
//out_.write(fichero_in);
out_.flush();
response.sendRedirect(response.encodeRedirectURL("out_"));
Anyone can hel me??
Thanks in advance -
Jsse error -- java.security.NoSuchAlgorithmException:Algorithm TLS
I tried using the sample codes given at the JSSE1.0.2 web site, but I am encountering the folowing problem:
java.security.NoSuchAlgorithmException: Algorithm TLS not available
PLEASE ADVICE ME.
Thanks,
Shafique Razzaque,
SCPJ2,
Singapore.My email : [email protected]
Hi
I�m a student working on a Sun JSSE Samples for many weeks and I couldn�t run anyone ..!
I am using the last JSSE 1.02 , the jdk 1.31, working on Jbuilder4
I am working on both RMI and sockets samples.
On the RMI sample I got this Exception : no such algorithm �TSL�
�TSL� not supported
I searched in the posted messages in the forum and I found someone had the same problem
I followed all what he did but no way �!
I don�t know what I forget to do, see what I did and tell me please what is wrong.
I installed the JSSE as followed in the install file. I am sure that it is well installed
How to compile???!!!
1.I configured the rmic parameters to generate only the stub compatible only with java 2
2.I compiled the project I got the stub
3.I put theses parameters in
Project Properties /Run/ field : VM parameters
-Djava.rmi.server.codebase=file:/c:/windows/jbproject/Sunrmissl/classes/ -Djava.security.policy=file:/c:/windows/jbproject/Sunrmissl/policy.policy -Djavax.net.ssl.trustStore=file:/c:/windows/jbproject/Sunrmissl/testkeys.key
4.I run the rmiregistry
5.i run the HelloImp but every time exceptions :
C:\JBUILDER4\JDK1.3\bin\javaw -classpath "C:\WINDOWS\jbproject\Sunrmissl\classes;C:\jsse-1_0_2-gl\jsse1.0.2\lib\jcert.jar;C:\jsse-1_0_2-gl\jsse1.0.2\lib\jnet.jar;C:\jsse-1_0_2-gl\jsse1.0.2\lib\jsse.jar;C:\JBUILDER4\JDK1.3\demo\jfc\Java2D\Java2Demo.jar;C:\JBUILDER4\JDK1.3\jre\lib\i18n.jar;C:\JBUILDER4\JDK1.3\jre\lib\jaws.jar;C:\JBUILDER4\JDK1.3\jre\lib\rt.jar;C:\JBUILDER4\JDK1.3\jre\lib\sunrsasign.jar;C:\JBUILDER4\JDK1.3\lib\dt.jar;C:\JBUILDER4\JDK1.3\lib\tools.jar" -Djava.rmi.server.codebase=file:/c:/windows/jbproject/Sunrmissl/classes/ -Djava.security.policy=file:/c:/windows/jbproject/Sunrmissl/policy.policy -Djavax.net.ssl.trustStore=file:/c:/windows/jbproject/Sunrmissl/testkeys.key sunrmissl.HelloImpl
java.security.NoSuchAlgorithmException: Algorithm TLS not available
at com.sun.net.ssl.b.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.SSLContext.getInstance([DashoPro-V1.2-120198])
at sunrmissl.RMISSLServerSocketFactory.createServerSocket(RMISSLServerSocketFactory.java:39)
at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:559)
at sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:200)
at sun.rmi.transport.tcp.TCPTransport.exportObject(TCPTransport.java:172)
at sun.rmi.transport.tcp.TCPEndpoint.exportObject(TCPEndpoint.java:319)
at sun.rmi.transport.LiveRef.exportObject(LiveRef.java:119)
at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:125)
at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:109)
at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:278)
at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:209)
at java.rmi.server.UnicastRemoteObject.<init>(UnicastRemoteObHelloImpl err: null
ject.java:100)
at sunrmissl.HelloImpl.<init>(HelloImpl.java:27)
at sunrmissl.HelloImpl.main(HelloImpl.java:41)
java.lang.NullPointerException
at sunrmissl.RMISSLServerSocketFactory.createServerSocket(RMISSLServerSocketFactory.java:51)
at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:559)
at sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:200)
at sun.rmi.transport.tcp.TCPTransport.exportObject(TCPTransport.java:172)
at sun.rmi.transport.tcp.TCPEndpoint.exportObject(TCPEndpoint.java:319)
at sun.rmi.transport.LiveRef.exportObject(LiveRef.java:119)
at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:125)
at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:109)
at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:278)
at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:209)
at java.rmi.server.UnicastRemoteObject.<init>(UnicastRemoteObject.java:100)
at sunrmissl.HelloImpl.<init>(HelloImpl.java:27)
at sunrmissl.HelloImpl.main(HelloImpl.java:41) -
Need help with JSSE settings for Axis2 auto-generated client.
Hi all.
I have several working clients generated for me in Axis2 from WSDL's using wsdl2java utility. The clients use HTTP transport but I need to use HTTPS now. I assume JSSE is used for SSL communication in Axis2.
I have created the keystore and set these parameters in code.
System.setProperty("javax.net.ssl.trustStore", "/path/to/.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
The lower level mechanics such as socket creation and utilization are hidden from me in Axis2.
What other ssl parameters can be set similar to these? I particularly care about protocol, cipher, keep-alive? I couldn''t find the whole list with possible values. Or may be I should use some different method to set them?Hi,
While creating the stub use https as end point instead of http.
example: https://java.bytesforall.org/webservices
Configure the properties for the SSL and so that jsse be have accordingly
https.cipherSuites,javax.net.ssl.trustStore ...etc.
If you are planning to make your webservice client FIPS complaint. Currently there is a problem with Axis1.4 it is not honoring the property "https.cipherSuites" to use the cipher suites.
Let me know, if you need any further help
~Balaji
Maybe you are looking for
-
Tttracemon appears to be omitting some information
Hi all, When having tttracemon running in LEVEL 5 the output do not show any values in update statements. The application in uses JDBC and JDO interfaces to access the database. Example: 09:41:22.990 69509 SQL 3L 5C 2404P Executing: update ttrep.repp
-
Read from server and display in external frame
Hello everyone, I am using Eclipse, My project consist of server and client connected through a socket. When I connect to the server, i am getting lots of data from the server and it takes a bit of time, so I was thinking while the user wait for the
-
Cfmail w/attachments issues
Hi there, I have a basic html form where the user can add attachments. The action form uses cfmail to send an email to an address with the form contents as well as the attachment. However, I am having issues with this part and am at a loss. Do i need
-
Hello i just update my Audigy 2 drivers to 6.0..36 dated on 2008.06.27. i using autoupdate software - and now i can`t use microphone :-( I can`t select and i don`t know why :-( Can anyone help me? This is a screenshot from my Windows <img alt="Can`t
-
Applet. Is it new while browser opens html file?
I want to know if applet is new every time. I have an applet in html. it works to write some strings so I use param to transfer new string content. do it takes time to download applet everytime while the new string transfer to html file? in fact, bro