KeyStore / trustStore

Can anybody explain to me the difference between setting the javax.net.ssl.keyStore JVM argument and setting javax.net.ssl.trustStore?
The JSSE documentation isn't very helpful on this.

"keyStore" is where you store information that identifies who you ARE. "trustStore" is where you store the public keys of entities that you are willing to TRUST.
I store my application's public/private keypair in keyStore. I store the certificates of sites I'm willing to believe in, in the trustStore.
Does that help?
Grant

Similar Messages

  • SSL-Config: Oc4J does not reload keystore/truststore at runTime

    Hi all, i have a little question about the SSL-Config into OC4J.
    I have a webApp bound to a secure web site that requires mutual-authentication. If I add at run-time (without stopping OC4J) a trusted entry (a CA) to the keystore the secure-web-site is related to, OC4J does not "reload" the keystore with the new entry. Thus, i have to restart the OC4J to be able to accept SSLconnection that are authenticated by means of that new CA. The qeustion is: Does it exist a conifguration that has to be performed to reload at run-time a keystore in OC4J or it's necessary to restart OC4J each time a new entry to a keystore mapped for a given secure-web-site is added?
    I hope someone can give me a tip,
    Best Regards

    Hi I tried this with latest 10.1.3 Developer Preview 4 and it worked great and I could start OC4J standalone in https mode. Can you please download the latest version of OC4J 10.1.3 DP4 stand-alone and try in there ? The OC4J version embedded with JDev 10.1.3 Preview is pretty old and there have been many bugs fixed since then
    http://www.oracle.com/technology/tech/java/oc4j/index.html
    -Debu

  • Moving keystore/truststore

    Hello,
    I am moving my code from one server to another. Instead of exporting public and private keys, can I just move my keystore/trustore to the different server and start using it?
    Your help will be greatly appreciated
    Thanks,

    If it is a Sun keystore, then yes.

  • Keystore and truststore

    Hello
    Is there anyone how knows if it is possible to use certificate file with extention
    .keystore .truststore instead of .pem files?
    Anna

    I moved this thread to the JSSE forums. I think it "belongs" there.
    Sorry for posting in the wrong place.

  • How to use custom truststore?

    Hi, I've written a simple ssl client (basing on jakarta commons httpclient project) that connects to IIS with SSL and it works only i f I add ssl certificate from IIS to the jre cacerts (using keytool import). The cacerts are automatically readed somehow (don't know how)
    I want to make the whole thing more elastic and be able to provide my client with a path to cacerts / truststore / keystore. Am I doing it OK? I Currently it works...
    BUT the loops that print certificates and trustores to screen are empty - for example keystore               .getCertificateChain(alias); always returns null....
    But IIS cert is inside
    C:\\Program Files\\Java\\jre1.5.0_09\\lib\\security\\cacertsbbb
    PS. I would like to avoid setting System properties in my code like System.setTruststore etc.
    PS. Should be without sockets. Just extension of what i got.
    import java.io.FileInputStream;
    import java.io.IOException;
    import java.io.InputStream;
    import java.io.OutputStream;
    import java.net.InetAddress;
    import java.net.InetSocketAddress;
    import java.net.MalformedURLException;
    import java.net.Socket;
    import java.net.SocketAddress;
    import java.net.URL;
    import java.net.UnknownHostException;
    import java.security.GeneralSecurityException;
    import java.security.KeyStore;
    import java.security.KeyStoreException;
    import java.security.NoSuchAlgorithmException;
    import java.security.UnrecoverableKeyException;
    import java.security.cert.Certificate;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;
    import java.util.Enumeration;
    import javax.net.SocketFactory;
    import javax.net.ssl.HostnameVerifier;
    import javax.net.ssl.HttpsURLConnection;
    import javax.net.ssl.KeyManager;
    import javax.net.ssl.KeyManagerFactory;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.SSLSession;
    import javax.net.ssl.SSLSocketFactory;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.TrustManagerFactory;
    import javax.net.ssl.X509TrustManager;
    import org.apache.commons.httpclient.ConnectTimeoutException;
    import org.apache.commons.httpclient.params.HttpConnectionParams;
    import org.apache.log4j.Logger;
    import junit.framework.TestCase;
    public class SSLSocketClient extends TestCase {
         private URL keystoreUrl = null;
         private String mockKeystoreUrl = "C:\\Program Files\\Java\\jre1.5.0_09\\lib\\security\\cacertsbbb";
         private String keystorePassword = "changeit";
         private URL truststoreUrl = null;
         private String mockTruststoreUrl = "C:\\Program Files\\Java\\jre1.5.0_09\\lib\\security\\cacertsbbb";
         private String truststorePassword = null;
         private SSLContext sslcontext = null;
         public void testSSLSocket() {
              try {
                   SSLSocketClient client = new SSLSocketClient();
                   // client.createSocket("10.63.29.50", 443);
                   HttpConnectionParams params = new HttpConnectionParams();
                   InetAddress ia = InetAddress.getLocalHost();
                   // params.setParameter(arg0, arg1)
                   //client.createSocket("10.63.29.50", 443, ia, 444, params);
                   client.connect("10.63.29.50", 443, "/ssl2/index.html", params);
              } catch (ConnectTimeoutException e) {
                   // TODO Auto-generated catch block
                   e.printStackTrace();
              } catch (UnknownHostException e) {
                   // TODO Auto-generated catch block
                   e.printStackTrace();
              } catch (IOException e) {
                   // TODO Auto-generated catch block
                   e.printStackTrace();
         private static Logger log = Logger.getLogger(SSLSocketClient.class);
          * private static KeyStore createKeyStore(final URL url, final String
          * password) throws KeyStoreException, NoSuchAlgorithmException,
          * CertificateException, IOException { if (url == null) { throw new
          * IllegalArgumentException("Keystore url may not be null"); }
          * KeyStore keystore = KeyStore.getInstance("jks");
          * keystore.load(url.openStream(), password != null ? password
          * .toCharArray() : null); return keystore; }
         private KeyStore mockCreateKeyStore(final String url, final String password)
                   throws KeyStoreException, NoSuchAlgorithmException,
                   CertificateException, IOException {
              if (url == null) {
                   throw new IllegalArgumentException("Keystore url may not be null");
              InputStream keystoreStream = new FileInputStream(url);
              KeyStore keystore = KeyStore.getInstance("jks");
              keystore.load(keystoreStream, password != null ? password.toCharArray()
                        : null);
              return keystore;
         private KeyManager[] createKeyManagers(final KeyStore keystore,
                   final String password) throws KeyStoreException,
                   NoSuchAlgorithmException, UnrecoverableKeyException {
              if (keystore == null) {
                   throw new IllegalArgumentException("Keystore may not be null");
              KeyManagerFactory kmfactory = KeyManagerFactory
                        .getInstance(KeyManagerFactory.getDefaultAlgorithm());
              kmfactory.init(keystore, password != null ? password.toCharArray()
                        : null);
              return kmfactory.getKeyManagers();
         private TrustManager[] createTrustManagers(final KeyStore keystore)
                   throws KeyStoreException, NoSuchAlgorithmException {
              if (keystore == null) {
                   throw new IllegalArgumentException("Keystore may not be null");
              TrustManagerFactory tmfactory = TrustManagerFactory
                        .getInstance(TrustManagerFactory.getDefaultAlgorithm());
              tmfactory.init(keystore);
              TrustManager[] trustmanagers = tmfactory.getTrustManagers();
              for (int i = 0; i < trustmanagers.length; i++) {
                   if (trustmanagers[i] instanceof X509TrustManager) {
                        trustmanagers[i] = new AuthSSLX509TrustManager(
                                  (X509TrustManager) trustmanagers);
              return trustmanagers;
         private SSLContext createSSLContext() {
              try {
                   KeyManager[] keymanagers = null;
                   TrustManager[] trustmanagers = null;
                   if (this.mockKeystoreUrl != null) {
                        KeyStore keystore = mockCreateKeyStore(this.mockKeystoreUrl,
                                  this.keystorePassword);
                        //if (log.isDebugEnabled()) {
                             Enumeration aliases = keystore.aliases();
                             while (aliases.hasMoreElements()) {
                                  String alias = (String) aliases.nextElement();
                                  Certificate[] certs = keystore
                                            .getCertificateChain(alias);
                                  if (certs != null) {
                                       log.info("Certificate chain '" + alias + "':");
                                       for (int c = 0; c < certs.length; c++) {
                                            if (certs[c] instanceof X509Certificate) {
                                                 X509Certificate cert = (X509Certificate) certs[c];
                                                 log.info(" Certificate " + (c + 1) + ":");
                                                 log.info(" Subject DN: "
                                                           + cert.getSubjectDN());
                                                 log.info(" Signature Algorithm: "
                                                           + cert.getSigAlgName());
                                                 log.info(" Valid from: "
                                                           + cert.getNotBefore());
                                                 log.info(" Valid until: "
                                                           + cert.getNotAfter());
                                                 log
                                                           .info(" Issuer: "
                                                                     + cert.getIssuerDN());
                        keymanagers = createKeyManagers(keystore, this.keystorePassword);
                   if (this.mockTruststoreUrl != null) {
                        KeyStore keystore = mockCreateKeyStore(this.mockKeystoreUrl,
                                  this.truststorePassword);
                        //if (log.isDebugEnabled()) {
                             Enumeration aliases = keystore.aliases();
                             while (aliases.hasMoreElements()) {
                                  String alias = (String) aliases.nextElement();
                                  log.debug("Trusted certificate '" + alias + "':");
                                  Certificate trustedcert = keystore
                                            .getCertificate(alias);
                                  if (trustedcert != null
                                            && trustedcert instanceof X509Certificate) {
                                       X509Certificate cert = (X509Certificate) trustedcert;
                                       log.info(" Subject DN: " + cert.getSubjectDN());
                                       log.info(" Signature Algorithm: "
                                                 + cert.getSigAlgName());
                                       log.info(" Valid from: " + cert.getNotBefore());
                                       log.info(" Valid until: " + cert.getNotAfter());
                                       log.info(" Issuer: " + cert.getIssuerDN());
                        trustmanagers = createTrustManagers(keystore);
                   SSLContext sslcontext = SSLContext.getInstance("SSL");
    //               /sslcontext.
                   sslcontext.init(keymanagers, trustmanagers, null);
                   return sslcontext;
              } catch (NoSuchAlgorithmException e) {
                   log.error(e.getMessage(), e);
                   throw new RuntimeException("Unsupported algorithm exception: "
                             + e.getMessage());
                   // throw new AuthSSLInitializationError("Unsupported algorithm
                   // exception: " + e.getMessage());
              } catch (KeyStoreException e) {
                   log.error(e.getMessage(), e);
                   throw new RuntimeException("Keystore exception: " + e.getMessage());
                   // throw new AuthSSLInitializationError("Keystore exception: " +
                   // e.getMessage());
              } catch (GeneralSecurityException e) {
                   log.error(e.getMessage(), e);
                   throw new RuntimeException("Key management exception: "
                             + e.getMessage());
                   // throw new AuthSSLInitializationError("Key management exception: "
                   // + e.getMessage());
              } catch (IOException e) {
                   log.error(e.getMessage(), e);
                   throw new RuntimeException(
                             "I/O error reading keystore/truststore file: "
                                       + e.getMessage());
                   // throw new AuthSSLInitializationError("I/O error reading
                   // keystore/truststore file: " + e.getMessage());
         private SSLContext getSSLContext() {
              if (this.sslcontext == null) {
                   this.sslcontext = createSSLContext();
              return this.sslcontext;
         * Attempts to get a new socket connection to the given host within the
         * given time limit.
         * <p>
         * To circumvent the limitations of older JREs that do not support connect
         * timeout a controller thread is executed. The controller thread attempts
         * to create a new socket within the given limit of time. If socket
         * constructor does not return until the timeout expires, the controller
         * terminates and throws an {@link ConnectTimeoutException}
         * </p>
         * @param host
         * the host name/IP
         * @param port
         * the port on the host
         * @param clientHost
         * the local host name/IP to bind the socket to
         * @param clientPort
         * the port on the local machine
         * @param params
         * {@link HttpConnectionParams Http connection parameters}
         * @return Socket a new socket
         * @throws IOException
         * @throws IOException
         * if an I/O error occurs while creating the socket
         * @throws UnknownHostException
         * if the IP address of the host cannot be determined
         public void connect(final String host, final int sport, final String query,
                   final HttpConnectionParams params) throws IOException {
              HostnameVerifier hv = new HostnameVerifier() {
                   public boolean verify(String arg0, SSLSession arg1) {
                        System.out.println("Bartek: Hostname is not matched for cert.");
                        return true;
              URL wlsUrl = null;
              wlsUrl = new URL("https", host, Integer.valueOf(sport).intValue(),
                        query);
              System.out
                        .println(" Trying a new HTTPS connection using WLS client classes - "
                                  + wlsUrl.toString());
              HttpsURLConnection sconnection = (HttpsURLConnection) wlsUrl
                        .openConnection();
              SocketFactory socketfactory = getSSLContext().getSocketFactory();
              * HttpsURLConnection sconnection = new HttpsURLConnection( wlsUrl);
              sconnection.setHostnameVerifier(hv);
              //sconnection.setSSLSocketFactory((SSLSocketFactory) socketfactory);
              sconnection.setSSLSocketFactory((SSLSocketFactory) socketfactory);
              //sconnection.setHostnameVerifier(hv);
              tryConnection(sconnection, System.out);
         public static void tryConnection(HttpsURLConnection connection,
                   OutputStream stream) throws IOException {
              connection.connect();
              String responseStr = "\t\t" + connection.getResponseCode() + " -- "
                        + connection.getResponseMessage() + "\n\t\t"
                        + connection.getContent().getClass().getName() + "\n";
              connection.disconnect();
              System.out.print(responseStr);
    Message was edited by:
    herbatniczek

    1- By default, the jre will read the user's cacerts which runs the program.
    2- You can specify another cacerts this way :
    System.setProperty("javax.net.ssl.trustStore", my_trust);
    For the case 1 and 2, you need to put the certificate in the cacerts.. Or,
    3- You implement a custom TrustManager which, for example, accepts all certificates :
    class X509TrustManagerTrustAll implements X509TrustManager {
    public boolean checkClientTrusted(java.security.cert.X509Certificate[] chain){
    return true;
    public boolean isServerTrusted(java.security.cert.X509Certificate[] chain){
    return true;
    public boolean isClientTrusted(java.security.cert.X509Certificate[] chain){
    return true;
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    return null;
    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
    and you call it in the right place in the code you wrote (SSLContext,..)
    Hope it helps and deserves a duke star ;)

  • Default SSL context init failed: Invalid keystore format

    Hi, I can't connect to my ldap server. The problem is ssl. I'm trying to do this:
    import java.io.IOException;
    import java.util.Hashtable;
    import javax.naming.Context;
    import javax.naming.NamingException;
    import javax.naming.directory.DirContext;
    import javax.naming.directory.InitialDirContext;
    import javax.naming.ldap.LdapContext;
    public class TestAuthentifikation {
        public static void main (String [] args) throws IOException  {
               try {
                    Hashtable env = new Hashtable();
                    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                    env.put(Context.PROVIDER_URL, "ldaps://subdomain.dyndns.org:636/"); 
                    env.put(Context.SECURITY_PRINCIPAL, "uid=user,ou=users,dc=subdomain,dc=dyndns,dc=org");
                    env.put(Context.SECURITY_CREDENTIALS, "passwd");
                    env.put(Context.SECURITY_AUTHENTICATION, "simple");
                    env.put(Context.SECURITY_PROTOCOL, "ssl");
                    java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
                    System.setProperty("javax.net.ssl.keyStore",  "/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                    System.setProperty("javax.net.ssl.trustStore","/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                    env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
                    DirContext ctx = new InitialDirContext(env);
                    //use ctx....
                    // Close the context when we're done
                    ctx.close();
                  catch(NamingException ne) {
                    System.err.println(ne);
                    ne.printStackTrace();
    }The exception is this:
    javax.naming.CommunicationException: subdomain.dyndns.org:636 [Root exception is java.net.SocketException: Default SSL context init failed: Invalid keystore format]
            at com.sun.jndi.ldap.Connection.<init>(Connection.java:194)
            at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
            at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
            at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
            at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)On the server I have created this ldap_crt.pem file:
    openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout ldap_key.pem -keyform PEM -out ldap_crt.pem -outform PEMwhich sits on the clients /etc/ssl/certs directory. Like this I can connect with a ldap browser to the server.
    I should do something like this:
    keytool -import -alias AUTH_CA -file rootcert.crt -keystore /usr/lib/j2se/1.4/jre/lib/security/cacertsHow do I get this rootcert.crt file?
    I did this and changed the keystore from cacerts to mycacerts in the java class file:
    sudo keytool -import -alias AUTH_CA -file /etc/ssl/certs/ldap_crt.pem -keystore /usr/lib/j2se/1.4/jre/lib/security/mycacertsThen I get this:
    javax.naming.CommunicationException: simple bind failed: subdomain.dyndns.org:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: *No trusted certificate found*]
            at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
            at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
            at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
            at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    Edited by: borobudur on May 18, 2008 7:09 AM

    Just a permission problem! Take care that your process can write on the keystore/truststore.

  • POP3Store and custom truststore

    Hi,
    I'm connecting to a pop3 server via SSL and the server does not necessarily have a trusted certificate. I want to give the user the possibility to supply a custom trustore to my app that contains the certificates to trust. How can I make the POP3Store to use this truststore ?
    I do not want to affect other processes running the in the JVM so only this one connection should use the truststore.
    cheers,
    Tex

    Hi,
    so I'm now providing a SSLSocketFactory to the connection but it still doesn't work:
    private SSLSocketFactory createSSLTestConfig()  {
            SSLSocketFactory sf = null;
            try {
                KeyStore trustStore = KeyStore.getInstance("JKS");
                trustStore.load(new FileInputStream("truststore.jks"), "password".toCharArray());
                // Set up key manager factory to use our key store
                KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
                kmf.init(trustStore, "password".toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                trustManagerFactory.init(trustStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                SSLContext sslContext = SSLContext.getInstance("TLS");
                sslContext.init(null, trustManagers, null);
                sf = sslContext.getSocketFactory();
            } catch (Exception e) {
                POP3Client.log.error("Could not initial SSL:" + e.getMessage());
            return sf;
        }Then I set the SSLSocketFactory as explained here: http://javamail.kenai.com/nonav/javadocs/com/sun/mail/pop3/package-summary.html
    Properties properties = new Properties();
    properties.put("mail.pop3s.host", host);
    properties.put("mail.pop3s.port", port);
    properties.put("mail.pop3.ssl.socketFactory", createSSLTestConfig());
    Session    emailSession = Session.getDefaultInstance(properties);
    pop3Store = (POP3Store) emailSession.getStore("pop3s");
    pop3Store.connect(...);but I get the ssl exception
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:My truststore.jks contains the self signed certificate of the server.
    what am I doing wrong?

  • How do I change the default certificate in Java Web Console?

    I have a 3rd party issued server keystore & truststore ready to go in both jks and p12 file formats. I wish to use this in the Sun Java Web Console instead of the self signed certificate. I cannot find any documentation as to changing the certificate. I did find commands to change the keystore and truststore passwords, but I want to change the entire certificate.
    I tried manually messing with the /var/webconsole/domains/console/conf/server.xml configuration file but realized it was more complex than that. Is there a documented procedure for changing the default certifcate?
    Thanks

    Siri will use the default calendar specified in the Mail, Contacts, Calendars setting.
    Go to Settings/Mail,Contacts,Calendars, then scroll down, and change the default in the Calendars section to your the one you prefer.
    hope this helps.

  • Client authentication not working

    Hi all,
    I am using Apache's HTTPClient to connect with a server running https. The server is the latest stable Tomcat (version 4.1.27). If I set clientAuth="false" in the Tomcat configuration, everything is working fine. I am able to comunicate with the server, since the server's certificate is in the trusted store. If I want to authenticate myself (by setting clientAuth="true") it doesn't work. It seems that the application I have written doesn't send the client's certificate.
    Here's the code:
    HttpClient httpclient = new HttpClient();
    Protocol myhttps =
         new Protocol(
              "https",
              new StrictSSLProtocolSocketFactory(false),
              8443);
    httpclient.getHostConfiguration().setHost("rigel", 8443, myhttps);
    GetMethod httpget = new GetMethod("/");
    httpclient.executeMethod(httpget);
    If I turn on all sorts of debugging this is what I get:
    2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Java version: 1.4.0_02
    2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Java vendor: Sun Microsystems Inc.
    2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Java class path: f:\myhome\projects\NextiraOne\class;f:\myhome\projects\NextiraOne\lib\commons-httpclient-2.0-rc1.jar;f:\myhome\projects\NextiraOne\lib\log4j-1.2.6.jar;f:\myhome\projects\NextiraOne\lib\commons-logging.jar;f:\myhome\projects\NextiraOne\lib\commons-logging-api.jar;f:\myhome\projects\NextiraOne\lib\com.ibm.mq.jar;f:\myhome\projects\NextiraOne\lib\xmlparserv2new.jar;f:\myhome\projects\NextiraOne\lib\connector.jar
    2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Operating system name: Windows 2000
    2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Operating system architecture: x86
    2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Operating system version: 5.0
    2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SUN 1.2: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
    2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SunJSSE 1.4002: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
    2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SunRsaSign 1.0: SUN's provider for RSA signatures
    2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SunJCE 1.4: SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    2003/10/08 14:54:27:088 CEST [DEBUG] HttpClient - -SunJGSS 1.0: Sun (Kerberos v5)
    2003/10/08 14:54:27:188 CEST [DEBUG] HttpConnection - -HttpConnection.setSoTimeout(0)
    keyStore is :
    keyStore type is : jks
    init keystore
    init keymanager of type SunX509
    trustStore is: f:\client.keystore
    trustStore type is : jks
    init truststore
    adding private entry as trusted cert: [
    Version: V1
    Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@8fd984
    Validity: [From: Wed Oct 08 13:48:24 CEST 2003,
                   To: Tue Jan 06 12:48:24 CET 2004]
    Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
    SerialNumber: [    3f83f988 ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 04 24 63 44 43 26 CA 79 BC 0B 96 2D 27 1A 40 DA .$cDC&.y...-'.@.
    0010: E0 92 FE D6 57 F8 4C C4 C6 97 F7 13 24 4B 30 F9 ....W.L.....$K0.
    0020: E7 C3 06 2B A3 67 FD 70 E1 A5 8E E7 16 3D 59 16 ...+.g.p.....=Y.
    0030: DB 7B 73 AC 30 B1 43 C1 F2 96 DD 8F 52 0E 61 1F ..s.0.C.....R.a.
    0040: 0E 23 0F 88 8E 1A 6F 24 54 B9 87 4C 2C A1 97 78 .#....o$T..L,..x
    0050: FD 80 6A A1 F8 65 C3 CE 39 F4 AA A6 6C 3C 7A 98 ..j..e..9...l<z.
    0060: 86 4E 5B 6A 2D 7F BC 89 E8 36 29 54 22 0A 3F C7 .N[j-....6)T".?.
    0070: B3 83 4E 47 36 F1 C9 09 25 E7 9C D6 11 10 3B 3C ..NG6...%.....;<
    adding as trusted cert: [
    Version: V1
    Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@f99ff5
    Validity: [From: Wed Oct 08 11:56:42 CEST 2003,
                   To: Tue Jan 06 10:56:42 CET 2004]
    Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
    SerialNumber: [    3f83df5a ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: E0 21 80 C9 4C 8C BC FC 48 B3 36 6A 0B E1 C1 94 .!..L...H.6j....
    0010: 79 E1 E7 6B 27 B0 71 7D CF 17 A6 B9 E6 71 D6 85 y..k'.q......q..
    0020: 6F 9F EB 66 73 4B CB A2 C1 A2 7F F3 38 A1 A7 8B o..fsK......8...
    0030: 92 F0 82 1F 4A A4 E9 F5 8C 64 0B 7E 86 61 C0 D5 ....J....d...a..
    0040: 74 60 7D D3 B0 11 3F 77 B9 D8 EC 7D 17 22 D8 7C t`....?w....."..
    0050: 77 42 CB C1 24 CC 26 5E CF 8A 20 7D 77 44 D4 29 wB..$.&^.. .wD.)
    0060: DF 59 D1 17 CE D2 51 59 BC 53 35 B0 EB CE 51 CE .Y....QY.S5...Q.
    0070: 79 F7 D2 53 CE FD 2F 9A FD 1A A8 E3 3C 58 AF EB y..S../.....<X..
    init context
    trigger seeding of SecureRandom
    done seeding SecureRandom
    2003/10/08 14:54:32:456 CEST [DEBUG] HttpMethodBase - -Execute loop try 1
    2003/10/08 14:54:32:466 CEST [DEBUG] wire - ->> "GET / HTTP/1.1[\r][\n]"
    2003/10/08 14:54:32:466 CEST [DEBUG] HttpMethodBase - -Adding Host request header
    2003/10/08 14:54:32:476 CEST [DEBUG] wire - ->> "User-Agent: Jakarta Commons-HttpClient/2.0rc1[\r][\n]"
    2003/10/08 14:54:32:476 CEST [DEBUG] wire - ->> "Host: rigel[\r][\n]"
    %% No cached client session
    *** ClientHello, v3.1
    RandomCookie: GMT: 1048840456 bytes = { 43, 4, 244, 103, 54, 110, 99, 128, 162, 132, 22, 2, 197, 112, 91, 105, 4, 133, 249, 114, 142, 122, 44, 203, 156, 188, 132, 100 }
    Session ID: {}
    Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
    Compression Methods: { 0 }
    [write] MD5 and SHA1 hashes: len = 59
    0000: 01 00 00 37 03 01 3F 84 09 08 2B 04 F4 67 36 6E ...7..?...+..g6n
    0010: 63 80 A2 84 16 02 C5 70 5B 69 04 85 F9 72 8E 7A c......p[i...r.z
    0020: 2C CB 9C BC 84 64 00 00 10 00 05 00 04 00 09 00 ,....d..........
    0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
    main, WRITE: SSL v3.1 Handshake, length = 59
    [write] MD5 and SHA1 hashes: len = 77
    0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
    0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
    0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 3F 84 09 .............?..
    0030: 08 2B 04 F4 67 36 6E 63 80 A2 84 16 02 C5 70 5B .+..g6nc......p[
    0040: 69 04 85 F9 72 8E 7A 2C CB 9C BC 84 64 i...r.z,....d
    main, WRITE: SSL v2, contentType = 22, translated length = 16310
    main, READ: SSL v3.1 Handshake, length = 2275
    *** ServerHello, v3.1
    RandomCookie: GMT: 1048840456 bytes = { 2, 207, 237, 54, 101, 119, 116, 33, 59, 54, 56, 111, 170, 110, 92, 129, 178, 67, 124, 46, 187, 153, 247, 27, 216, 197, 21, 232 }
    Session ID: {63, 132, 9, 8, 85, 66, 130, 20, 34, 100, 122, 131, 137, 133, 143, 214, 43, 232, 151, 61, 12, 216, 23, 84, 58, 241, 194, 116, 67, 44, 43, 44}
    Cipher Suite: { 0, 5 }
    Compression Method: 0
    %% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
    ** SSL_RSA_WITH_RC4_128_SHA
    [read] MD5 and SHA1 hashes: len = 74
    0000: 02 00 00 46 03 01 3F 84 09 08 02 CF ED 36 65 77 ...F..?......6ew
    0010: 74 21 3B 36 38 6F AA 6E 5C 81 B2 43 7C 2E BB 99 t!;68o.n\..C....
    0020: F7 1B D8 C5 15 E8 20 3F 84 09 08 55 42 82 14 22 ...... ?...UB.."
    0030: 64 7A 83 89 85 8F D6 2B E8 97 3D 0C D8 17 54 3A dz.....+..=...T:
    0040: F1 C2 74 43 2C 2B 2C 00 05 00 ..tC,+,...
    *** Certificate chain
    chain [0] = [
    Version: V1
    Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@b2a2d8
    Validity: [From: Wed Oct 08 11:56:42 CEST 2003,
                   To: Tue Jan 06 10:56:42 CET 2004]
    Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
    SerialNumber: [    3f83df5a ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: E0 21 80 C9 4C 8C BC FC 48 B3 36 6A 0B E1 C1 94 .!..L...H.6j....
    0010: 79 E1 E7 6B 27 B0 71 7D CF 17 A6 B9 E6 71 D6 85 y..k'.q......q..
    0020: 6F 9F EB 66 73 4B CB A2 C1 A2 7F F3 38 A1 A7 8B o..fsK......8...
    0030: 92 F0 82 1F 4A A4 E9 F5 8C 64 0B 7E 86 61 C0 D5 ....J....d...a..
    0040: 74 60 7D D3 B0 11 3F 77 B9 D8 EC 7D 17 22 D8 7C t`....?w....."..
    0050: 77 42 CB C1 24 CC 26 5E CF 8A 20 7D 77 44 D4 29 wB..$.&^.. .wD.)
    0060: DF 59 D1 17 CE D2 51 59 BC 53 35 B0 EB CE 51 CE .Y....QY.S5...Q.
    0070: 79 F7 D2 53 CE FD 2F 9A FD 1A A8 E3 3C 58 AF EB y..S../.....<X..
    stop on trusted cert: [
    Version: V1
    Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@b2a2d8
    Validity: [From: Wed Oct 08 11:56:42 CEST 2003,
                   To: Tue Jan 06 10:56:42 CET 2004]
    Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
    SerialNumber: [    3f83df5a ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: E0 21 80 C9 4C 8C BC FC 48 B3 36 6A 0B E1 C1 94 .!..L...H.6j....
    0010: 79 E1 E7 6B 27 B0 71 7D CF 17 A6 B9 E6 71 D6 85 y..k'.q......q..
    0020: 6F 9F EB 66 73 4B CB A2 C1 A2 7F F3 38 A1 A7 8B o..fsK......8...
    0030: 92 F0 82 1F 4A A4 E9 F5 8C 64 0B 7E 86 61 C0 D5 ....J....d...a..
    0040: 74 60 7D D3 B0 11 3F 77 B9 D8 EC 7D 17 22 D8 7C t`....?w....."..
    0050: 77 42 CB C1 24 CC 26 5E CF 8A 20 7D 77 44 D4 29 wB..$.&^.. .wD.)
    0060: DF 59 D1 17 CE D2 51 59 BC 53 35 B0 EB CE 51 CE .Y....QY.S5...Q.
    0070: 79 F7 D2 53 CE FD 2F 9A FD 1A A8 E3 3C 58 AF EB y..S../.....<X..
    [read] MD5 and SHA1 hashes: len = 552
    0000: 0B 00 02 24 00 02 21 00 02 1E 30 82 02 1A 30 82 ...$..!...0...0.
    0010: 01 83 02 04 3F 83 DF 5A 30 0D 06 09 2A 86 48 86 ....?..Z0...*.H.
    0020: F7 0D 01 01 04 05 00 30 54 31 0B 30 09 06 03 55 .......0T1.0...U
    0030: 04 06 13 02 42 45 31 0C 30 0A 06 03 55 04 08 13 ....BE1.0...U...
    0040: 03 4F 56 4C 31 0C 30 0A 06 03 55 04 07 13 03 4D .OVL1.0...U....M
    0050: 45 52 31 0B 30 09 06 03 55 04 0A 13 02 44 43 31 ER1.0...U....DC1
    0060: 0C 30 0A 06 03 55 04 0B 13 03 45 43 53 31 0E 30 .0...U....ECS1.0
    0070: 0C 06 03 55 04 03 13 05 72 69 67 65 6C 30 1E 17 ...U....rigel0..
    0080: 0D 30 33 31 30 30 38 30 39 35 36 34 32 5A 17 0D .031008095642Z..
    0090: 30 34 30 31 30 36 30 39 35 36 34 32 5A 30 54 31 040106095642Z0T1
    00A0: 0B 30 09 06 03 55 04 06 13 02 42 45 31 0C 30 0A .0...U....BE1.0.
    00B0: 06 03 55 04 08 13 03 4F 56 4C 31 0C 30 0A 06 03 ..U....OVL1.0...
    00C0: 55 04 07 13 03 4D 45 52 31 0B 30 09 06 03 55 04 U....MER1.0...U.
    00D0: 0A 13 02 44 43 31 0C 30 0A 06 03 55 04 0B 13 03 ...DC1.0...U....
    00E0: 45 43 53 31 0E 30 0C 06 03 55 04 03 13 05 72 69 ECS1.0...U....ri
    00F0: 67 65 6C 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D gel0..0...*.H...
    0100: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
    0110: F0 8B 5A 91 87 97 AB 55 2A 6A AA 96 1F CF 77 D7 ..Z....U*j....w.
    0120: 73 C2 23 4D 78 51 CF 6E 3F 10 46 C5 DA D7 9D 75 s.#MxQ.n?.F....u
    0130: 77 3A 94 4A 07 5B D6 38 82 18 AE 71 6A 76 F9 6F w:.J.[.8...qjv.o
    0140: 58 19 9D 2F 97 EE 4E 38 0E 3F E1 B2 5D 2D C1 1A X../..N8.?..]-..
    0150: 0E F2 08 B2 D6 FF 0A 5E FC BD 57 73 C1 F0 09 C3 .......^..Ws....
    0160: 8E E4 20 C2 CC 96 E3 DE 24 2C 76 DD 9C BA F3 D2 .. .....$,v.....
    0170: 14 FC 94 86 C6 A3 6D 90 02 6B 5C 6E C7 94 0A 44 ......m..k\n...D
    0180: A2 64 F6 A2 31 16 1E AC 97 36 17 84 7E 60 EC 2B .d..1....6...`.+
    0190: 02 03 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 .....0...*.H....
    01A0: 01 04 05 00 03 81 81 00 E0 21 80 C9 4C 8C BC FC .........!..L...
    01B0: 48 B3 36 6A 0B E1 C1 94 79 E1 E7 6B 27 B0 71 7D H.6j....y..k'.q.
    01C0: CF 17 A6 B9 E6 71 D6 85 6F 9F EB 66 73 4B CB A2 .....q..o..fsK..
    01D0: C1 A2 7F F3 38 A1 A7 8B 92 F0 82 1F 4A A4 E9 F5 ....8.......J...
    01E0: 8C 64 0B 7E 86 61 C0 D5 74 60 7D D3 B0 11 3F 77 .d...a..t`....?w
    01F0: B9 D8 EC 7D 17 22 D8 7C 77 42 CB C1 24 CC 26 5E ....."..wB..$.&^
    0200: CF 8A 20 7D 77 44 D4 29 DF 59 D1 17 CE D2 51 59 .. .wD.).Y....QY
    0210: BC 53 35 B0 EB CE 51 CE 79 F7 D2 53 CE FD 2F 9A .S5...Q.y..S../.
    0220: FD 1A A8 E3 3C 58 AF EB ....<X..
    *** CertificateRequest
    Cert Types: DSS, RSA,
    Cert Authorities:
    <OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
    <[email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
    <[email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
    <OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
    <OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
    <OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
    <[email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
    <[email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
    <CN=kws, OU=Delaware, O=Delaware, L=BE, ST=BE, C=BE>
    <OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
    <[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
    [read] MD5 and SHA1 hashes: len = 1645
    0000: 0D 00 06 69 02 02 01 06 64 00 61 30 5F 31 0B 30 ...i....d.a0_1.0
    0010: 09 06 03 55 04 06 13 02 55 53 31 17 30 15 06 03 ...U....US1.0...
    0020: 55 04 0A 13 0E 56 65 72 69 53 69 67 6E 2C 20 49 U....VeriSign, I
    0030: 6E 63 2E 31 37 30 35 06 03 55 04 0B 13 2E 43 6C nc.1705..U....Cl
    0040: 61 73 73 20 33 20 50 75 62 6C 69 63 20 50 72 69 ass 3 Public Pri
    0050: 6D 61 72 79 20 43 65 72 74 69 66 69 63 61 74 69 mary Certificati
    0060: 6F 6E 20 41 75 74 68 6F 72 69 74 79 00 D1 30 81 on Authority..0.
    0070: CE 31 0B 30 09 06 03 55 04 06 13 02 5A 41 31 15 .1.0...U....ZA1.
    0080: 30 13 06 03 55 04 08 13 0C 57 65 73 74 65 72 6E 0...U....Western
    0090: 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13 09 Cape1.0...U....
    00A0: 43 61 70 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 Cape Town1.0...U
    00B0: 04 0A 13 14 54 68 61 77 74 65 20 43 6F 6E 73 75 ....Thawte Consu
    00C0: 6C 74 69 6E 67 20 63 63 31 28 30 26 06 03 55 04 lting cc1(0&..U.
    00D0: 0B 13 1F 43 65 72 74 69 66 69 63 61 74 69 6F 6E ...Certification
    00E0: 20 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 Services Divisi
    00F0: 6F 6E 31 21 30 1F 06 03 55 04 03 13 18 54 68 61 on1!0...U....Tha
    0100: 77 74 65 20 50 72 65 6D 69 75 6D 20 53 65 72 76 wte Premium Serv
    0110: 65 72 20 43 41 31 28 30 26 06 09 2A 86 48 86 F7 er CA1(0&..*.H..
    0120: 0D 01 09 01 16 19 70 72 65 6D 69 75 6D 2D 73 65 ......premium-se
    0130: 72 76 65 72 40 74 68 61 77 74 65 2E 63 6F 6D 00 [email protected].
    0140: CE 30 81 CB 31 0B 30 09 06 03 55 04 06 13 02 5A .0..1.0...U....Z
    0150: 41 31 15 30 13 06 03 55 04 08 13 0C 57 65 73 74 A1.0...U....West
    0160: 65 72 6E 20 43 61 70 65 31 12 30 10 06 03 55 04 ern Cape1.0...U.
    0170: 07 13 09 43 61 70 65 20 54 6F 77 6E 31 1A 30 18 ...Cape Town1.0.
    0180: 06 03 55 04 0A 13 11 54 68 61 77 74 65 20 43 6F ..U....Thawte Co
    0190: 6E 73 75 6C 74 69 6E 67 31 28 30 26 06 03 55 04 nsulting1(0&..U.
    01A0: 0B 13 1F 43 65 72 74 69 66 69 63 61 74 69 6F 6E ...Certification
    01B0: 20 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 Services Divisi
    01C0: 6F 6E 31 21 30 1F 06 03 55 04 03 13 18 54 68 61 on1!0...U....Tha
    01D0: 77 74 65 20 50 65 72 73 6F 6E 61 6C 20 42 61 73 wte Personal Bas
    01E0: 69 63 20 43 41 31 28 30 26 06 09 2A 86 48 86 F7 ic CA1(0&..*.H..
    01F0: 0D 01 09 01 16 19 70 65 72 73 6F 6E 61 6C 2D 62 ......personal-b
    0200: 61 73 69 63 40 74 68 61 77 74 65 2E 63 6F 6D 00 [email protected].
    0210: 61 30 5F 31 0B 30 09 06 03 55 04 06 13 02 55 53 a0_1.0...U....US
    0220: 31 20 30 1E 06 03 55 04 0A 13 17 52 53 41 20 44 1 0...U....RSA D
    0230: 61 74 61 20 53 65 63 75 72 69 74 79 2C 20 49 6E ata Security, In
    0240: 63 2E 31 2E 30 2C 06 03 55 04 0B 13 25 53 65 63 c.1.0,..U...%Sec
    0250: 75 72 65 20 53 65 72 76 65 72 20 43 65 72 74 69 ure Server Certi
    0260: 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 fication Authori
    0270: 74 79 00 61 30 5F 31 0B 30 09 06 03 55 04 06 13 ty.a0_1.0...U...
    0280: 02 55 53 31 17 30 15 06 03 55 04 0A 13 0E 56 65 .US1.0...U....Ve
    0290: 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 37 30 35 riSign, Inc.1705
    02A0: 06 03 55 04 0B 13 2E 43 6C 61 73 73 20 34 20 50 ..U....Class 4 P
    02B0: 75 62 6C 69 63 20 50 72 69 6D 61 72 79 20 43 65 ublic Primary Ce
    02C0: 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 rtification Auth
    02D0: 6F 72 69 74 79 00 61 30 5F 31 0B 30 09 06 03 55 ority.a0_1.0...U
    02E0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
    02F0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
    0300: 37 30 35 06 03 55 04 0B 13 2E 43 6C 61 73 73 20 705..U....Class
    0310: 31 20 50 75 62 6C 69 63 20 50 72 69 6D 61 72 79 1 Public Primary
    0320: 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 Certification A
    0330: 75 74 68 6F 72 69 74 79 00 D2 30 81 CF 31 0B 30 uthority..0..1.0
    0340: 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 03 ...U....ZA1.0...
    0350: 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 70 U....Western Cap
    0360: 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 65 e1.0...U....Cape
    0370: 20 54 6F 77 6E 31 1A 30 18 06 03 55 04 0A 13 11 Town1.0...U....
    0380: 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 6E Thawte Consultin
    0390: 67 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 74 g1(0&..U....Cert
    03A0: 69 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 63 ification Servic
    03B0: 65 73 20 44 69 76 69 73 69 6F 6E 31 23 30 21 06 es Division1#0!.
    03C0: 03 55 04 03 13 1A 54 68 61 77 74 65 20 50 65 72 .U....Thawte Per
    03D0: 73 6F 6E 61 6C 20 50 72 65 6D 69 75 6D 20 43 41 sonal Premium CA
    03E0: 31 2A 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1*0(..*.H.......
    03F0: 1B 70 65 72 73 6F 6E 61 6C 2D 70 72 65 6D 69 75 .personal-premiu
    0400: 6D 40 74 68 61 77 74 65 2E 63 6F 6D 00 D4 30 81 [email protected].
    0410: D1 31 0B 30 09 06 03 55 04 06 13 02 5A 41 31 15 .1.0...U....ZA1.
    0420: 30 13 06 03 55 04 08 13 0C 57 65 73 74 65 72 6E 0...U....Western
    0430: 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13 09 Cape1.0...U....
    0440: 43 61 70 65 20 54 6F 77 6E 31 1A 30 18 06 03 55 Cape Town1.0...U
    0450: 04 0A 13 11 54 68 61 77 74 65 20 43 6F 6E 73 75 ....Thawte Consu
    0460: 6C 74 69 6E 67 31 28 30 26 06 03 55 04 0B 13 1F lting1(0&..U....
    0470: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
    0480: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
    0490: 24 30 22 06 03 55 04 03 13 1B 54 68 61 77 74 65 $0"..U....Thawte
    04A0: 20 50 65 72 73 6F 6E 61 6C 20 46 72 65 65 6D 61 Personal Freema
    04B0: 69 6C 20 43 41 31 2B 30 29 06 09 2A 86 48 86 F7 il CA1+0)..*.H..
    04C0: 0D 01 09 01 16 1C 70 65 72 73 6F 6E 61 6C 2D 66 ......personal-f
    04D0: 72 65 65 6D 61 69 6C 40 74 68 61 77 74 65 2E 63 [email protected]
    04E0: 6F 6D 00 5D 30 5B 31 0B 30 09 06 03 55 04 06 13 om.]0[1.0...U...
    04F0: 02 42 45 31 0B 30 09 06 03 55 04 08 13 02 42 45 .BE1.0...U....BE
    0500: 31 0B 30 09 06 03 55 04 07 13 02 42 45 31 11 30 1.0...U....BE1.0
    0510: 0F 06 03 55 04 0A 13 08 44 65 6C 61 77 61 72 65 ...U....Delaware
    0520: 31 11 30 0F 06 03 55 04 0B 13 08 44 65 6C 61 77 1.0...U....Delaw
    0530: 61 72 65 31 0C 30 0A 06 03 55 04 03 13 03 6B 77 are1.0...U....kw
    0540: 73 00 61 30 5F 31 0B 30 09 06 03 55 04 06 13 02 s.a0_1.0...U....
    0550: 55 53 31 17 30 15 06 03 55 04 0A 13 0E 56 65 72 US1.0...U....Ver
    0560: 69 53 69 67 6E 2C 20 49 6E 63 2E 31 37 30 35 06 iSign, Inc.1705.
    0570: 03 55 04 0B 13 2E 43 6C 61 73 73 20 32 20 50 75 .U....Class 2 Pu
    0580: 62 6C 69 63 20 50 72 69 6D 61 72 79 20 43 65 72 blic Primary Cer
    0590: 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F tification Autho
    05A0: 72 69 74 79 00 C7 30 81 C4 31 0B 30 09 06 03 55 rity..0..1.0...U
    05B0: 04 06 13 02 5A 41 31 15 30 13 06 03 55 04 08 13 ....ZA1.0...U...
    05C0: 0C 57 65 73 74 65 72 6E 20 43 61 70 65 31 12 30 .Western Cape1.0
    05D0: 10 06 03 55 04 07 13 09 43 61 70 65 20 54 6F 77 ...U....Cape Tow
    05E0: 6E 31 1D 30 1B 06 03 55 04 0A 13 14 54 68 61 77 n1.0...U....Thaw
    05F0: 74 65 20 43 6F 6E 73 75 6C 74 69 6E 67 20 63 63 te Consulting cc
    0600: 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 74 69 1(0&..U....Certi
    0610: 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 63 65 fication Service
    0620: 73 20 44 69 76 69 73 69 6F 6E 31 19 30 17 06 03 s Division1.0...
    0630: 55 04 03 13 10 54 68 61 77 74 65 20 53 65 72 76 U....Thawte Serv
    0640: 65 72 20 43 41 31 26 30 24 06 09 2A 86 48 86 F7 er CA1&0$..*.H..
    0650: 0D 01 09 01 16 17 73 65 72 76 65 72 2D 63 65 72 ......server-cer
    0660: 74 73 40 74 68 61 77 74 65 2E 63 6F 6D [email protected]
    *** ServerHelloDone
    [read] MD5 and SHA1 hashes: len = 4
    0000: 0E 00 00 00 ....
    *** Certificate chain
    JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
    *** ClientKeyExchange, RSA PreMasterSecret, v3.1
    Random Secret: { 3, 1, 183, 52, 32, 171, 15, 252, 104, 26, 122, 4, 33, 152, 207, 169, 53, 3, 54, 92, 207, 235, 108, 124, 43, 137, 189, 40, 155, 244, 16, 195, 171, 111, 45, 24, 118, 251, 161, 5, 255, 221, 102, 77, 136, 92, 253, 146 }
    [write] MD5 and SHA1 hashes: len = 141
    0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 E7 73 AF ..............s.
    0010: 77 3C B9 37 C3 23 58 BB 44 7E B0 E1 EE D1 6F 37 w<.7.#X.D.....o7
    0020: E9 C2 CB CD 5B 36 80 61 76 69 28 FA 66 E5 19 31 ....[6.avi(.f..1
    0030: AF C5 CE 1D D0 B1 C0 A3 31 D4 2E 1A DB 1E CC 21 ........1......!
    0040: 7F B9 9F 8C 6A B8 4C 43 50 78 95 CF 51 E3 9E 97 ....j.LCPx..Q...
    0050: BF 07 DC 25 DE 56 D7 A5 7C D7 7D 5C D4 47 16 5D ...%.V.....\.G.]
    0060: 54 FC FE 6C D8 C7 17 AB 18 A0 EE 31 B6 38 10 29 T..l.......1.8.)
    0070: C4 D6 75 5B DB 1F B2 2B 20 28 40 C5 96 E4 E3 7A ..u[...+ (@....z
    0080: 5C D6 85 C3 03 05 F5 38 FE 34 72 EF 3F \......8.4r.?
    main, WRITE: SSL v3.1 Handshake, length = 141
    SESSION KEYGEN:
    PreMaster Secret:
    0000: 03 01 B7 34 20 AB 0F FC 68 1A 7A 04 21 98 CF A9 ...4 ...h.z.!...
    0010: 35 03 36 5C CF EB 6C 7C 2B 89 BD 28 9B F4 10 C3 5.6\..l.+..(....
    0020: AB 6F 2D 18 76 FB A1 05 FF DD 66 4D 88 5C FD 92 .o-.v.....fM.\..
    CONNECTION KEYGEN:
    Client Nonce:
    0000: 3F 84 09 08 2B 04 F4 67 36 6E 63 80 A2 84 16 02 ?...+..g6nc.....
    0010: C5 70 5B 69 04 85 F9 72 8E 7A 2C CB 9C BC 84 64 .p[i...r.z,....d
    Server Nonce:
    0000: 3F 84 09 08 02 CF ED 36 65 77 74 21 3B 36 38 6F ?......6ewt!;68o
    0010: AA 6E 5C 81 B2 43 7C 2E BB 99 F7 1B D8 C5 15 E8 .n\..C..........
    Master Secret:
    0000: 92 AB 4A D6 D4 F1 35 46 3D F8 20 64 7D 0D 1D 3C ..J...5F=. d...<
    0010: 6D 12 61 D7 B6 21 1D F9 9E F2 A3 1E C8 72 16 48 m.a..!.......r.H
    0020: 7E EB ED BD 71 66 89 36 8D A4 AA 30 A7 B6 F9 E3 ....qf.6...0....
    Client MAC write Secret:
    0000: FB B5 C5 28 A0 EF A9 2C 6F 6E 9A 8E 46 21 F8 5D ...(...,on..F!.]
    0010: 21 3A F3 5A !:.Z
    Server MAC write Secret:
    0000: AC B4 8C 0C 19 E9 70 87 86 2C 88 19 74 96 CB 86 ......p..,..t...
    0010: E1 57 28 D0 .W(.
    Client write key:
    0000: 67 8C 40 8A 0E F6 66 02 AA 57 A9 46 3E 4C 2B 0B [email protected]>L+.
    Server write key:
    0000: 39 79 50 0C 26 2A 0C 06 34 57 9F D0 ED 9E 76 1A 9yP.&*..4W....v.
    ... no IV for cipher
    main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
    JsseJCE: Using JSSE internal implementation for cipher RC4
    *** Finished, v3.1
    verify_data: { 2, 131, 239, 184, 3, 52, 180, 31, 246, 47, 142, 241 }
    [write] MD5 and SHA1 hashes: len = 16
    0000: 14 00 00 0C 02 83 EF B8 03 34 B4 1F F6 2F 8E F1 .........4.../..
    Plaintext before ENCRYPTION: len = 36
    0000: 14 00 00 0C 02 83 EF B8 03 34 B4 1F F6 2F 8E F1 .........4.../..
    0010: E8 92 3D 1E 0C A5 0A B2 E3 71 7A E9 02 41 91 20 ..=......qz..A.
    0020: 30 86 A2 47 0..G
    main, WRITE: SSL v3.1 Handshake, length = 36
    waiting for close_notify or alert: state 1
    Exception while waiting for close java.net.SocketException: Software caused connection abort: JVM_recv in socket input stream read
    main, SEND SSL v3.1 ALERT: warning, description = close_notify
    Plaintext before ENCRYPTION: len = 22
    0000: 01 00 BD 94 A3 63 BB DA 73 4F 7A 85 4B 79 25 76 .....c..sOz.Ky%v
    0010: 8B 08 0F FF CE FC ......
    main, WRITE: SSL v3.1 Alert, length = 22
    java.net.SocketException: Software caused connection abort: JVM_recv in socket input stream read
         at java.net.SocketInputStream.socketRead0(Native Method)
         at java.net.SocketInputStream.read(SocketInputStream.java:116)
         at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275)
         at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
         at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(DashoA6275)
         at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(DashoA6275)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.g(DashoA6275)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
         at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1344)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
         at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:779)
         at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2179)
         at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2534)
         at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1047)
         at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:638)
         at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:500)
         at kws.testing.out.HTTPClient.main(HTTPClient.java:60)
    Exception in thread "main"
    Does someone have an idea on how to get client authentication (without password) work?
    regards,
    Kenneth

    ... no IV for cipher
    This line is in my debug and the debug posted in the original message.
    Am having the same problem of accessing a page with a Client Side Cert that uses a password. I get debug that has the "no IV for cipher" message. It does not throw
    an exception, but gets a 403 from server.
    Does anyone know? Will a Client Side Cert with a Symmetric Key work in Java APIs?
    I load the .pfx cert into a Java KeyStore and send this to Apache HTTPClient.

  • Invoking Web Service with PKI Authentication from BPEL process

    Hello --
    I am trying to test calling a Web service utilizing PKI-based authentication from BPEL running under the 10.1.2.0.2 Process Manager. When I access the service from a browser I am prompted for Username and Password the first time. When I attempt to access it from BPEL I receive this error:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
    Is it possible to access this service from BPEL in 10.1.2.0.2? How can I pass the service the required credentials?
    Thank you for your time,
    Paul Camann

    I've gotten past the original error by importing the security certificate of the Web service into my keystore/truststore. I'm also running the process on SOA 10.1.3.1.0. Now when I invoke the Web service from the BPEL process I get this error:
    exception on JaxRpc invoke: HTTP transport error:
    javax.xml.soap.SOAPException: java.security.PrivilegedActionException:
    javax.xml.soap.SOAPException: Bad response: 403 Forbidden
    I've tried passing the credentials every way I can -- partner link properties, Oracle Web Services Manager, whatever -- and still get the same error. I would expect to see a 401 error for problems with credentials, not a 403.
    Any suggestions?
    Thanks for your time.
    Paul Camann

  • Web Service over SSL failing in BEA Workshop

    I have deployed a web service on weblogic 9.2
    I have enabled one-way ssl on it. got a trial ssl certificate from verisign. installed them on the keystore/truststore on the server as well as the jre (cacerts and jssecacerts truststores) being used by the client. the client is on different machine than the server.
    i have developed the service through 'bea weblogic workshop 9.2' now when i try to test the service through the 'web services explorer' within bea weblogic workshop i receive the following error:
    IWAB0135E An unexpected error has occurred.
    IOException
    sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    on server:
    <Jul 13, 2009 6:45:44 PM EDT> <Warning> <Security> <BEA-090485> <CERTIFICATE_UNKNOWN alert was received from yunus.l1id.local - 10.10.2.72. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.>
    if i try to access the web service (over ssl) through the browser (ie/firefox), it works fine. i have generated a proxy class to access this web service through the same bea workshop and that works fine too. certificates are identified and all. i also created a small .net (c#) application that calls this secure web service over ssl from another machine and it works fine too!
    of course non-secure url for the web service is working fine in every case.
    what can be the reason for this failing only in 'web services explorer' in bea workshop?
    cross posted at: http://www.coderanch.com/t/453879/Web-Services/java/Web-Service-over-SSL-failing
    thanks.

    Hello,
    I used this example, when I made my experiments with SSL and Glassfish (GF):
    http://java.sun.com/developer/EJTechTips/2006/tt0527.html#1
    If you have problems with GF I suggest to post a message here:
    http://forums.java.net/jive/forum.jspa?forumID=56
    e.g. here is one thread:
    http://forums.java.net/jive/thread.jspa?threadID=59993&tstart=0
    Miro.

  • Untrusted server cert chain - MI 7.1 Client PDA

    Dear Expert,
    I am implementing SSL security in SAP MI 7.1.
    The HTTPS service is already enabled (port 443) and I can enter on via browser.
    Generate a certificate and signed by the SAP test certificate for 8 weeks.
    Export the certificate to the truststore file, using the command:
    keytool -import -file MID.cer  -keystore truststore -alias MID -storepass access
    Copy the truststore file (whit certificate MID) in PDA: \MI\settings.
    And also enable the parameters (in configuration.properties ):
    com.sap.tc.mobile.sync.http.port=443
    com.sap.tc.mobile.sync.protocol=https
    com.sap.tc.mobile.sync.http.sslenabled=true
    com.sap.tc.mobile.sync.https.hostnameverifying=false
    com.sap.tc.mobile.sync.https.truststore=/MI/settings/truststore
    But in trying to synchronize the PDA with the DOE get an error: "untrusted server cert chain"
    I am using: Client MI 7.1 for PDA SP9
    I have reviewed the documents: "How To Configure SSL for SAP NetWeaver Mobile 7.1 Applicable"
    Check various forms, without finding a solution ...
    some idea of the problem?
    Thanks!!

    Hi,
    Follow the below given links to configure SSL
    --> Making External Server Certificates Trusted
    http://help.sap.com/saphelp_dm40/helpdata/en/0f/8d80f68eace441b3d1ebdc4b
    2f2c81/content.htm (The link applies for PDA also)
    --> Configure the below given parameters in the default.properties
    com.sap.tc.mobile.sync.http.sslenabled
      > Default value: True
    com.sap.tc.mobile.sync.https.hostnameverifying
       > Default value: True
    com.sap.tc.mobile.sync.https.truststore
      > Location of truststore file containing SSL certificates. If the
    given location is not absolute, the system searches for the file in a
    path that is relative to the installation directory.
    For more details refer Note : 1312866
    And follow the below given link :
    http://help.sap.com/saphelp_nwmobile71/helpdata/en/06/a7d001e17b421db7e2
    dd8279853971/frameset.htm
    --> Even after following the above mentioned steps,Do the following :
    Create the Trustsore on a PC and then use a Addon to
    deploy these files to the PDA along with the SSL Libraries.
    Regards,
    Suma

  • Urgent : Problem with Client when OC4J has been setup in 2 way SSL mode

    This is the output that is generated in the JDeveloper console on running the example from b14429.pdf. Examle :
    ====================================================
    import HTTPClient.HTTPConnection;
    import HTTPClient.HTTPResponse;
    import javax.security.cert.X509Certificate;
    import oracle.security.ssl.OracleSSLCredential;
    import java.io.IOException;
    import javax.net.ssl.SSLPeerUnverifiedException;
    public class SSLSocketClientWithClientAuth {
    public static void main(String[] args) {
    if (args.length < 4) {
    System.out.println("Usage: java HTTPSConnectionTest [host] [port] " +
    "[wallet] [password]");
    System.exit(-1);
    String hostname = args[0].toLowerCase();
    int port = Integer.decode(args[1]).intValue();
    String walletPath = args[2];
    String password = args[3];
    HTTPConnection httpsConnection = null;
    OracleSSLCredential credential = null;
    try {
    httpsConnection = new HTTPConnection("https", hostname, port);
    } catch (IOException e) {
    System.out.println("HTTPS Protocol not supported");
    System.exit(-1);
    try {
    credential = new OracleSSLCredential();
    credential.setWallet(walletPath, password);
    } catch (IOException e) {
    System.out.println("Could not open wallet");
    System.exit(-1);
    httpsConnection.setSSLEnabledCipherSuites(new String[]{"SSL_RSA_WITH_3DES_EDE_CBC_SHA"});
    httpsConnection.setSSLCredential(credential);
    try {
    httpsConnection.connect();
    } catch (IOException e) {
    System.out.println("Could not establish connection");
    e.printStackTrace();
    System.exit(-1);
    // X509Certificate x509 = new X509Certificate();
    //javax.servlet.request.
    X509Certificate[] peerCerts = null;
    try {
    peerCerts =
    (httpsConnection.getSSLSession()).getPeerCertificateChain();
    } catch (javax.net.ssl.SSLPeerUnverifiedException e) {
    System.err.println("Unable to obtain peer credentials");
    e.printStackTrace();
    System.exit(-1);
    String peerCertDN =
    peerCerts[peerCerts.length - 1].getSubjectDN().getName();
    peerCertDN = peerCertDN.toLowerCase();
    if (peerCertDN.lastIndexOf("cn=" + hostname) == -1) {
    System.out.println("Certificate for " + hostname +
    " is issued to " + peerCertDN);
    System.out.println("Aborting connection");
    System.exit(-1);
    try {
    HTTPResponse rsp = httpsConnection.Get("/");
    System.out.println("Server Response: ");
    System.out.println(rsp);
    } catch (Exception e) {
    System.out.println("Exception occured during Get");
    e.printStackTrace();
    System.exit(-1);
    ================================================================
    C:\j2sdk1.4.2_09\bin\javaw.exe -client -classpath "D:\eclipse\workspace\OC4JClient\OC4JClient\classes;D:\eclipse\workspace\jdev\extensions\.jar;C:\Documents and Settings\nilesh_bafna\Desktop\Nitin\lib\jssl-1_1.jar;E:\product\10.1.3.1\OracleAS_1\j2ee\home\lib\http_client.jar;E:\product\10.1.3.1\OracleAS_1\jlib\javax-ssl-1_1.jar" -Djava.protocol.handler.pkgs=HTTPClient -Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.keyStorePassword=welcome1 -Djavax.net.ssl.trustStore=F:/oc4jcert/client.keystore -Djavax.net.ssl.trustStorePassword=welcome1 -DOracle.ssl.defaultCipherSuites=SSL_RSA_WITH_RC4_128_MD5 SSLSocketClientWithClientAuth ps4372.persistent.co.in 443 F:/oc4jcert/client.keystore welcome1
    keyStore is : F:/oc4jcert/client.keystore
    keyStore type is : jks
    init keystore
    init keymanager of type SunX509
    found key for : oracle-client
    chain [0] = [
    Version: V3
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
    86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
    a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
    bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
    Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
                   To: Wed Apr 18 21:18:14 GMT+05:30 2007]
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    SerialNumber: [    45af96be]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
    0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
    0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
    0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
    0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
    0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
    0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
    0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
    trustStore is: F:\oc4jcert\client.keystore
    trustStore type is : jks
    init truststore
    adding as trusted cert:
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Algorithm: RSA; Serial number: 0x45af96be
    Valid from Thu Jan 18 21:18:14 GMT+05:30 2007 until Wed Apr 18 21:18:14 GMT+05:30 2007
    adding as trusted cert:
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Algorithm: RSA; Serial number: 0x45af95dc
    Valid from Thu Jan 18 21:14:28 GMT+05:30 2007 until Wed Apr 18 21:14:28 GMT+05:30 2007
    init context
    trigger seeding of SecureRandom
    done seeding SecureRandom
    %% No cached client session
    *** ClientHello, TLSv1
    RandomCookie: GMT: 1152299454 bytes = { 41, 212, 166, 48, 109, 77, 185, 232, 204, 95, 158, 141, 60, 96, 196, 172, 49, 19, 49, 22, 222, 234, 47, 76, 27, 130, 5, 176 }
    Session ID: {}
    Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
    Compression Methods: { 0 }
    main, WRITE: TLSv1 Handshake, length = 73
    main, WRITE: SSLv2 client hello message, length = 98
    main, READ: TLSv1 Handshake, length = 839
    *** ServerHello, TLSv1
    RandomCookie: GMT: 1152299454 bytes = { 206, 186, 162, 116, 179, 72, 44, 198, 189, 25, 70, 227, 170, 235, 83, 186, 152, 49, 194, 222, 248, 3, 191, 170, 248, 95, 134, 35 }
    Session ID: {69, 175, 178, 190, 47, 141, 131, 115, 241, 226, 39, 29, 241, 65, 235, 165, 57, 40, 52, 85, 68, 85, 68, 84, 108, 141, 1, 125, 193, 191, 158, 208}
    Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
    Compression Method: 0
    %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
    ** SSL_RSA_WITH_RC4_128_MD5
    *** Certificate chain
    chain [0] = [
    Version: V3
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
    f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
    380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
    cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
    Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
                   To: Wed Apr 18 21:14:28 GMT+05:30 2007]
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    SerialNumber: [    45af95dc]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
    0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
    0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
    0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
    0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
    0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
    0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
    0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
    Found trusted certificate:
    Version: V3
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    6f24d75b 96919725 ad6ea93a cab0bd96 a49d2f3c e14f5c09 0e228e36 de64e0f2
    f2b82740 1653bdb4 5024d281 21ed8c4c 89bc322b 4dc9ffb2 0e97cd95 16e6fe1e
    380340c9 f3c67e2c 18d06461 f4f30eaf 4394716e 7bc66d80 810a9cb5 9c168b36
    cdd99919 67074ebc edebf02e ebf0accb 2193bc38 7ae1cdda af5ff300 ed0e7763
    Validity: [From: Thu Jan 18 21:14:28 GMT+05:30 2007,
                   To: Wed Apr 18 21:14:28 GMT+05:30 2007]
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    SerialNumber: [    45af95dc]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 05 4E EE 12 5B DD 7F 26 92 37 67 C9 D0 73 46 4D .N..[..&.7g..sFM
    0010: 7E A5 1E 67 38 06 D9 5F 9F B7 2F E8 F6 9E BF 88 ...g8.._../.....
    0020: 01 31 7D EA 42 5E 4F 9E D7 8F DA 9F 94 A5 EF 47 .1..B^O........G
    0030: E3 E9 BA DE 94 15 C6 03 DE C9 C0 7D CE 58 C0 27 .............X.'
    0040: 0F 1A 66 EC 73 53 5D 1D DE 7E FA 35 15 E0 2A CC ..f.sS]....5..*.
    0050: C9 74 CC 58 E9 B6 2F 68 A0 89 2B F3 E6 61 7D E1 .t.X../h..+..a..
    0060: 21 AF BE E8 83 49 B1 BD 36 C5 2D 1B 0D A1 0E 63 !....I..6.-....c
    0070: 02 4A 82 71 B0 E1 9C AD 55 67 F9 17 A5 96 18 EB .J.q....Ug......
    *** CertificateRequest
    Cert Types: RSA, DSS,
    Cert Authorities:
    <CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US>
    *** ServerHelloDone
    matching alias: oracle-client
    *** Certificate chain
    chain [0] = [
    Version: V3
    Subject: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: SunJSSE RSA public key:
    public exponent:
    010001
    modulus:
    87fcc8e9 0ffcef8e 61f3be10 be7c9715 2792849b 3bbdeb1c cc76b337 4b82bbab
    86972c63 9af3adfd 35b5df99 9078a0d1 6dc760d8 0549a95a bfa7648a 9eadd326
    a6bc4b61 d8f8b42f 44e0b178 ff1dee20 db8406cd d800c26a 9c5a6ed9 4d6f2aef
    bc919814 3b46be39 e129280c e83afe12 c9d4e3d7 fb5787b1 d98bed4a 4f0833d5
    Validity: [From: Thu Jan 18 21:18:14 GMT+05:30 2007,
                   To: Wed Apr 18 21:18:14 GMT+05:30 2007]
    Issuer: CN=ps4372.persistent.co.in, OU=Marketing, O=Oracle, L=Atlanta, ST=Georgia, C=US
    SerialNumber: [    45af96be]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 41 47 35 41 90 10 E3 77 A7 F3 F5 81 37 49 4F 57 AG5A...w....7IOW
    0010: 01 11 82 A2 FB 69 46 E8 18 6C EE 11 23 A6 67 2E .....iF..l..#.g.
    0020: 68 4D D6 A6 E7 09 45 24 58 18 9A E5 44 49 10 9B hM....E$X...DI..
    0030: F1 EC 99 4A 45 5F A4 4F 71 3F 05 3D 45 29 42 CD ...JE_.Oq?.=E)B.
    0040: 11 87 DA 0C AA DC 55 4E CF 22 4A 94 85 CB E5 EB ......UN."J.....
    0050: BA E1 10 D2 C8 80 2C 6B 65 94 13 01 1F 6E 18 C3 ......,ke....n..
    0060: 87 33 8C 65 C7 03 16 03 24 FB 0D B0 6D D8 E7 AA .3.e....$...m...
    0070: A1 A5 48 90 0D D6 8C 47 50 2A AA 7C 7B 14 E5 B7 ..H....GP*......
    JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
    *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
    Random Secret: { 3, 1, 236, 206, 185, 158, 75, 201, 230, 16, 170, 40, 193, 70, 188, 134, 36, 134, 14, 20, 191, 121, 246, 8, 7, 2, 137, 66, 166, 10, 185, 246, 104, 154, 27, 82, 161, 133, 11, 130, 11, 130, 71, 84, 155, 165, 239, 227 }
    main, WRITE: TLSv1 Handshake, length = 763
    SESSION KEYGEN:
    PreMaster Secret:
    0000: 03 01 EC CE B9 9E 4B C9 E6 10 AA 28 C1 46 BC 86 ......K....(.F..
    0010: 24 86 0E 14 BF 79 F6 08 07 02 89 42 A6 0A B9 F6 $....y.....B....
    0020: 68 9A 1B 52 A1 85 0B 82 0B 82 47 54 9B A5 EF E3 h..R......GT....
    CONNECTION KEYGEN:
    Client Nonce:
    0000: 45 AF B2 BE 29 D4 A6 30 6D 4D B9 E8 CC 5F 9E 8D E...)..0mM..._..
    0010: 3C 60 C4 AC 31 13 31 16 DE EA 2F 4C 1B 82 05 B0 <`..1.1.../L....
    Server Nonce:
    0000: 45 AF B2 BE CE BA A2 74 B3 48 2C C6 BD 19 46 E3 E......t.H,...F.
    0010: AA EB 53 BA 98 31 C2 DE F8 03 BF AA F8 5F 86 23 ..S..1......._.#
    Master Secret:
    0000: CA 5C BA B3 D0 C9 26 A9 3A 06 08 8F 27 2E CE 17 .\....&.:...'...
    0010: 93 98 BC DF EF 78 2A 99 DB 3E 50 3B 01 D1 84 5F .....x*..>P;..._
    0020: 28 80 CE 7C 7C C1 12 A4 11 F6 33 9B 2E D9 6F BE (.........3...o.
    Client MAC write Secret:
    0000: 80 FF CE 99 7C 45 4C D8 60 FA 40 79 A2 A4 36 7C .....EL.`[email protected].
    Server MAC write Secret:
    0000: 2D F1 A0 A8 ED A1 7B DD 89 A5 01 90 43 BF F1 19 -...........C...
    Client write key:
    0000: E1 3F 33 54 D3 C5 3A 26 4A 41 65 DA AC 44 3B 28 .?3T..:&JAe..D;(
    Server write key:
    0000: C5 08 52 AE A9 0A 4F D0 AD 54 49 C6 4E 2F 9C 4E ..R...O..TI.N/.N
    ... no IV for cipher
    JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
    *** CertificateVerify
    main, WRITE: TLSv1 Handshake, length = 134
    main, WRITE: TLSv1 Change Cipher Spec, length = 1
    main, handling exception: java.net.SocketException: Software caused connection abort: socket write error
    main, SEND TLSv1 ALERT: fatal, description = unexpected_message
    main, WRITE: TLSv1 Alert, length = 2
    Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
    main, called closeSocket()
    IOException in getSession(): java.net.SocketException: Software caused connection abort: socket write error
    Unable to obtain peer credentials
    javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
         at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA12275)
         at SSLSocketClientWithClientAuth.main(SSLSocketClientWithClientAuth.java:56)
    Process exited with exit code -1.
    =====================================================
    I think this is the problem with ciphers. So can anybody please help me with this!!!. This is very urgent!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    Thanks in advance
    Nilesh

    Thanks for your prompt reply I was able to make it run. Actually I am using the same keystore and truststore at both the client and the server end. I added those properties in opmn.xml as startup parameters.
    I have another query I am using JDev to create a client proxy for my webservice that is deployed in OC4J. I have setup OC4J in 2 way SSL (mutual authentication)
    When I invoke my client proxy with these system properties set
    System.setProperty("javax.net.ssl.keyStore",keyStore);
    System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
    System.setProperty("javax.net.ssl.trustStore", trustStore);
    System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
    System.setProperty("javax.net.ssl.keyStoreType","JKS");
    System.setProperty("javax.net.ssl.trustStoreType","JKS");
    I get an exception in the log.xml which is
    <MSG_TEXT>IOException in ServerSocketAcceptHandler$AcceptHandlerHorse:run</MSG_TEXT>
    <SUPPL_DETAIL><![CDATA[javax.net.ssl.SSLProtocolException: handshake alert: no_certificate
                at com.sun.net.ssl.internal.ssl.ServerHandshaker.handshakeAlert(ServerHandshaker.java:1031)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1535)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
                at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1038)
                at oracle.oc4j.network.ServerSocketAcceptHandler.doSSLHandShaking(ServerSocketAcceptHandler.java:250)
                at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:868)
                at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
                at java.lang.Thread.run(Thread.java:595)
    ]]></SUPPL_DETAIL>
    Isn't setting these properties enough for sending a client certificate. Please help!!!!
    Thanks,
    Nilesh.

  • I am getting the ssl error when trying to use launchpad on ssl, i can access adminui through ssl with no errors but launchpad says "unable to find valid certification path to requested target"

    Hi I desperately need help  to fix this error. I installed Adobe LCES4 with ssl enabled and i can access the adminui and workspace on the browser but he problem is when i try connecting to launchpad using https on the server even doing the simple thing like converting document to pdf throws the following error.
    any help will be appreciated
    DSC Invocation Resulted in Error: class com.adobe.idp.DocumentError : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    thanks

    We tried adding certificate in trustore.jks file, but it was not successful.
    What error you are getting while importing the certificate?
    Just perform below steps once:
    Download required certificate first
    Run CMD as administrator> move to SUP_HOME\Servers\UnwiredServer\Repository\Security
    Paste this syntex.
    keytool -importcert -alias customerCA -file <certificatefilename>.crt -storepass changeit -keystore truststore.jks -trustcacerts

  • Invoking web service with HTTP authentication using OdiInvokeWebService

    I did all configurations in OdiInvokeWebService Advanced Editor. When I press "Invoke web service" there are no errors. But when I try to execute this step there is an error:
    java.lang.IllegalArgumentException: Bad password format. Make sure that it's an encrypted password.
    Text of the command:
    OdiInvokeWebService "-URL=http://sapk02:8080/sap/bc/srt/rfc/sap/ZODI_FILE_SER?sap-client=800&wsdl=1.1" "-PORT_TYPE=ZODI_FILE_SER" "-OPERATION=ZODI_FILE" "-HTTP_USER=user" "-HTTP_PASS=_321321_"
    *<?xml version = '1.0' encoding = 'UTF8'?>*
    *<ZODI_FILERequest>*
    *<ZODI_FILE>*
    *<FILE>/tmp/temp1.txt</FILE>*
    *</ZODI_FILE>*
    *</ZODI_FILERequest>*
    When I fill HTTP password edit manually and try to execute there is another error:
    *com.sunopsis.wsinvocation.SnpsWSInvocationException: AxisFault*
    *faultCode: {http://xml.apache.org/axis/}HTTP*
    *faultSubcode:*
    *faultString: (401)Unauthorized*
    Text of the command:
    *OdiInvokeWebService "-URL=http://sapk02:8080/sap/bc/srt/rfc/sap/ZODI_FILE_SER?sap-client=800&wsdl=1.1" "-PORT_TYPE=ZODI_FILE_SER" "-OPERATION=ZODI_FILE" "-HTTP_USER=user" "-HTTP_PASS=*aIyHMmFSmTzVm1V08nTf"
    *<?xml version = '1.0' encoding = 'UTF8'?>*
    *<ZODI_FILERequest>*
    *<ZODI_FILE>*
    *<FILE>/tmp/temp1.txt</FILE>*
    *</ZODI_FILE>*
    *</ZODI_FILERequest>*
    ODI Version 11.1.1.3.0

    I've gotten past the original error by importing the security certificate of the Web service into my keystore/truststore. I'm also running the process on SOA 10.1.3.1.0. Now when I invoke the Web service from the BPEL process I get this error:
    exception on JaxRpc invoke: HTTP transport error:
    javax.xml.soap.SOAPException: java.security.PrivilegedActionException:
    javax.xml.soap.SOAPException: Bad response: 403 Forbidden
    I've tried passing the credentials every way I can -- partner link properties, Oracle Web Services Manager, whatever -- and still get the same error. I would expect to see a 401 error for problems with credentials, not a 403.
    Any suggestions?
    Thanks for your time.
    Paul Camann

Maybe you are looking for

  • Looking for a theme of openbox in kde4

    sorry for my poor english,i didn't often post a thread in english some days ago i installed kde4 on my laptop and turn from openbox to kde4 after try kwin for some days,i replace the kwin window manager with openbox,because  i've got used to openbox

  • Hotspot on rollover image

    Hi there, I have an image rollover and I'd like to put a couple of hotspots linking to other pages on the rollover image. e.g. on this page http://pixeld.99k.org/comics.htm, I'd like to have hotspots over 'part 1' and 'part 2' on the rollover image f

  • How to restrict database user.

    I need to create a database user who have only read only access to the 10g database. Is there any note which will help on this. Thanks in advance. regards, manish

  • 2 x 1TB hard disk in mac mini server, possible?

    Hi to all of you, I see the Mac Mini comes with 2x 500GB hard disk. Since you can now find 1TB hard disk on the Internet I was wondering if the mac mini server would support replacing the 2x500GB HDD by 2 x 1TB HDD? Anyone has tried it? Would it supp

  • I can't install the desktop application

    Last week I bought a new computer (iMac) and since I installed my files (with migration assistant) my Creative Cloud Desktop application is blank. I de- and re-installed the application several times but it still doesn't work. I have had the help of