Mutual authentication & null cert chain exception

Hi,
I am conteniously recieving "null cert chain" error. When my ssl enabled client mutually authenticate with ssl enabled server. The server refuse to accept client whose certificate is saved as a 'trustedCertEntry' in server's key store. The server throws "null cert chain" exception.
When I run the same client/server by setting setClientAuthentication(false) then both works very well.
The process I had followed is as follows:
- Create a key store for client
- Create a key store for server
- Create a key for client
- Create a key for server
- Export client key
- Export server key
- Import key of server as 'trustedcacert' in client
- Import key of client as 'trustedcacert' in server
- Run Client & Server
Any ideas whats wrong in it ???
Thanx in advance,
Humayun.

Hi,
I am conteniously recieving "null cert chain" error. When my ssl enabled client mutually authenticate with ssl enabled server. The server refuse to accept client whose certificate is saved as a 'trustedCertEntry' in server's key store. The server throws "null cert chain" exception.
When I run the same client/server by setting setClientAuthentication(false) then both works very well.
The process I had followed is as follows:
- Create a key store for client
- Create a key store for server
- Create a key for client
- Create a key for server
- Export client key
- Export server key
- Import key of server as 'trustedcacert' in client
- Import key of client as 'trustedcacert' in server
- Run Client & Server
Any ideas whats wrong in it ???
Thanx in advance,
Humayun.

Similar Messages

  • "untrusted server cert chain" exception while connecting LDAP server

    While connecting to LDAP server using JNDI over JSSE ..This is happening when trying to get the initial context
    using
    InitialDirContext initContext = new InitialDirContext(env);
    where env is a hash table set with the default parametes.The certificate used for is a Novell CA certificate converted to X509 format and the key store is initialized with this

    This got resolved when in the code the following
    System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
    where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
    in X509 format

  • Java.security.cert.CertificateException: Untrusted Cert Chain

    Hi all,
    While sending transaction to our supplier I am facing below error, Actually Our trading partner has given .p7b cert, I converted it into base 64 and i m using in b2b server. I am doing the same with all the suppliers but I am facing issue with only this trading partner. I asked him to send a new trusted certificate but he said that he is having 100's of customers, all are using the same certficate.
    Error
    http.sender.timeout=0
    2010.05.20 at 10:52:20:711: Thread-19: B2B - (DEBUG) scheme null userName null realm null
    2010.05.20 at 10:52:22:159: Thread-19: B2B - (WARNING)
    Message Transmission Transport Exception
    Transport Error Code is OTA-HTTP-SEND-1006
    StackTrace oracle.tip.transport.TransportException: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
         at oracle.tip.transport.TransportException.create(TransportException.java:91)
         at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:627)
         at oracle.tip.transport.b2b.B2BTransport.send(B2BTransport.java:311)
         at oracle.tip.adapter.b2b.transport.TransportInterface.send(TransportInterface.java:1034)
         at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1758)
         at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:976)
         at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:1167)
         at oracle.tip.adapter.b2b.transport.AppInterfaceListener.onMessage(AppInterfaceListener.java:141)
         at oracle.tip.transport.basic.FileSourceMonitor.processMessages(FileSourceMonitor.java:903)
         at oracle.tip.transport.basic.FileSourceMonitor.run(FileSourceMonitor.java:317)
    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Cert Chain
         at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
         at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:112)
         at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3018)
         at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2843)
         at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2635)
         at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1107)
         at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:590)
         ... 8 more
    Caused by: java.security.cert.CertificateException: Untrusted Cert Chain
         at oracle.security.pki.ssl.C21.checkClientTrusted(C21)
         at oracle.security.pki.ssl.C21.checkServerTrusted(C21)
         at oracle.security.pki.ssl.C08.checkServerTrusted(C08)
         at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
         ... 21 more
    2010.05.20 at 10:52:22:164: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.transport.TransportInterface:send Error in sending message
    2010.05.20 at 10:52:22:168: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab Request Message Transmission failed
    2010.05.20 at 10:52:22:170: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Enter
    2010.05.20 at 10:52:22:173: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Transaction.begin()
    2010.05.20 at 10:52:22:176: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Leave
    2010.05.20 at 10:52:22:179: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
    Untrusted Cert Chain
    2010.05.20 at 10:52:22:226: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.engine.Engine:notifyApp retry value <= 0, so sending exception to IP_IN_QUEUE
    2010.05.20 at 10:52:22:232: Thread-19: B2B - (DEBUG) Engine:notifyApp Enter
    2010.05.20 at 10:52:22:248: Thread-19: B2B - (DEBUG) notifyApp:notifyApp Enqueue the ip exception message:
    <Exception xmlns="http://integration.oracle.com/B2B/Exception" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <correlationId>543222</correlationId>
    <b2bMessageId>543222</b2bMessageId>
    <errorCode>AIP-50079</errorCode>
    <errorText>Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
    Untrusted Cert Chain</errorText>
    <errorDescription>
    <![CDATA[Machine Info: (usmtnz-sinfwi02)Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
    Untrusted Cert Chain ]]>
    </errorDescription>
    <errorSeverity>2</errorSeverity>
    </Exception>
    2010.05.20 at 10:52:22:298: Thread-19: B2B - (DEBUG) Engine:notifyApp Exit
    2010.05.20 at 10:52:22:301: Thread-19: B2B - (DEBUG) DBContext commit: Enter
    2010.05.20 at 10:52:22:307: Thread-19: B2B - (DEBUG) DBContext commit: Transaction.commit()
    2010.05.20 at 10:52:22:310: Thread-19: B2B - (DEBUG) DBContext commit: Leave
    2010.05.20 at 10:52:22:313: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequest Exit
    2010.05.20 at 10:52:22:317: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.engine.Engine:processOutgoingMessage:
    ***** REQUEST MESSAGE *****
    Exchange Protocol: AS2 Version 1.1
    Transport Protocol: HTTPS
    Unique Message ID: <543222@EMRSNS>
    Trading Partner: ZZEASY_PROD
    Message Signed: RSA
    Payload encrypted: 3DES
    Attachment: None

    Hi CNU,
    1st they has given me in .p7b certificateIs it a self-signed certificate? If no then do you have the CA certs as well?
    Open the certificate by double clicking on it. If "Issued To" and "Issued By" fields are same then it is a self signed cert and you need to import only this cert (in base64 format) into wallet.
    If it is not a self-signed cert then open the certificate and click on "Certification Path" tab. You should be able to see the issue's certificate here. Make sure that you have imported all issuers certificate along with your TP's cert in the wallet. Moreover, check that all the certs (TP cert and it's issuer cert's) are valid in terms of dates. You can see the "Certificate status" in "Certification Path" tab of certificate.
    Please provide the certificate chain details here along with list of certs in wallet (you may mail it to my id as well - [email protected])
    Regards,
    Anuj

  • Client Code not connecting to WebLogic 8.1 with Mutual Authentication

    I am trying to connect to a WebLogic 8.1 web services application. The weblogic instance has mutual authentication enabled, so the client needs to send a certificate when it does an SSL handshake with the server. I am trying to connect with standalone Java JUnit tests. Both the web services and the JUnit tests are using Apache Axis 1.4.0. I've obtained what I believe to be the appropriate certificates from the weblogic administrator that configured the mutual authentication. There is a certificate for the machine I'm trying to connect to, and two other certificates in the chain (three certificates all together, including the root). I've tried several different methods of putting those three certificates in keystores and trust keystores, reading in those keystores in my java code, and connecting to the web services, and I always end up with the same error in the WebLogic server logs. "Certificate chain receved from <ip address> was incomplete."
    Here is an example of my code:
    I initialize like so:
         Properties tempProperties = // (here is where I obtain my properties from a properties file... code removed for security reasons)
         System.setProperty("javax.net.ssl.trustStore", tempProperties.getProperty("trust.keystore.file"));
         System.setProperty("javax.net.ssl.trustStorePassword", tempProperties.getProperty("trust.keystore.password"));
         System.setProperty("javax.net.ssl.trustStoreType", "jks");
         System.setProperty("javax.net.ssl.keyStore", tempProperties.getProperty("keystore.file"));
         System.setProperty("javax.net.ssl.keyStorePassword", tempProperties.getProperty("keystore.password"));                         System.setProperty("javax.net.ssl.keyStoreType", "jks");
         System.setProperty ( "java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol" );
         Security.addProvider ( new com.sun.net.ssl.internal.ssl.Provider ( ) );
    I bind to the appropriate port and locate the service, etc. using auto-generated methods descendant from Apache Axis. No matter what I try, I get the same results. The client says: main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    The server log says: Certificate chain received from <ip address> was incomplete.
    I've even tried implementing a custom SSL handler as described here http://alweb.homeip.net/dw0rm/dblog/?p=38, and I can verify by stepping into my code that everything gets initialized and set up correctly, and that all three certificates in the chain that I need are obtained from my keystore, but I still get the same error on the client and the server. I've enabled ssl handshake debugging on my client and I can see the whole certificate chain being output to the debug console.
    Any idea what I might be doing wrong?

    My guess would be that the server is not able to validate your certificate. Make sure that the CA for your certificate is trusted by WLS.
    I always like to debug something like this by add -Djavax.net.debug=ssl to both the client and server. It should give you a complete picture of what is going on.
    Edited by: joshbregmanoracle on May 20, 2009 8:49 PM

  • Ignoring untrusted server cert chain SSLException

    Does anyone know how to get hold of the input stream of an https url that has an untrusted server cert chain?
    I'm trying to read the contents of a page hosted on a machine with a self signed or expired certificate but HttpsURLConnection.getInputStream() will just throw an SSLException saying "untrusted server cert chain" rather than returning an input stream. Do you know how I might avoid the exception and get the stream?

    Hi MPistoia
    u have to import server cert inside a keystore and use it in your code.
    I suggest you to download keyman tool from ibm (http://www.alphaworks.ibm.com/tech/keyman)..it's very simple and
    it works great.
    This are the steps
    1. Navigate with netscape to that url
    2. accept certificate
    3. Launch keyman tool and import server certificate from netscape
    4. save a file client.keystore and obviously remember your keystore password
    5. use this code to connect
    SSLSocketFactory ssf;
    TrustManagerFactory tmf;
    KeyStore ks;
    FileInputStream fis;
    String pathKeyStore="C:\\client.keystore";
    char[] passphrase = "keystorePassword".toCharArray();
    fis=new FileInputStream(pathKeyStore);
    ks = KeyStore.getInstance("JKS");
    ks.load(fis, passphrase);
    tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(ks);
    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(null, tmf.getTrustManagers(), null);
    fis.close();
    try {
    URL url = new URL("https://yourpage");
    com.sun.net.ssl.HttpsURLConnection connection = (com.sun.net.ssl.HttpsURLConnection) url.openConnection();
    ssf = ctx.getSocketFactory();
    connection.setSSLSocketFactory(ssf);
    connection.connect();
    System.out.println("Ok :" + connection.getURL());
    this code should work..
    good luck
    Michele

  • Untrusted server cert chain for HTTPS on tomcat

    I have written 2 servlets
    1)One for sending username and password over HTTPS
    2)One for receiving the username and password and decrypting this
    When I am executing the 1st servlet,i get the exception :
    Error is client : javax.net.ssl.exception.:untrusted server cert chain
    I hv already created a server certificate with the 'keytool' command so why am i getting this
    error
    Please can any body help me on
    I am using TOMCAT as an HTTPS server!!!
    What shud I do to get rid of the 'untrusted server set chain' exception?
    Please help as I need to deploy this on my production server
    ajay
    [email protected]

    You get this error because your self-signed certificate is not trusted by the default installation of JDK/Tomcat. The simple way is probably to import the certificate you made with keytool into your store of trusted certificates. I don't exactly know how to do this.
    The other way is to override how certificates are handled. This is done by implementing your own X509TrustManager like this:
        SSLSocketFactory sslSF = null;
        KeyManager[] km = null;
        TrustManager[] tm = {new RelaxedX509TrustManager()};
        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, tm, new java.security.SecureRandom());
        sslSF = sslContext.getSocketFactory();
        URL url = new URL("https://myServer");
        URLConnection uCon = url.openConnection();
        ( (javax.net.ssl.HttpsURLConnection) uCon).setSSLSocketFactory(sslSF);
    And here is RelaxedX509TrustManager:
        class RelaxedX509TrustManager implements X509TrustManager {
            public boolean checkClientTrusted(java.security.cert.X509Certificate[] chain){
                return true;
            public boolean isServerTrusted(java.security.cert.X509Certificate[] chain){
                return true;
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
            public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
    There might be some compilation errors...

  • Has anyone got Client (Mutual) Authentication to work with 6.0 SP2?

    I 've been unsuccessful and was just wondering if anyone has done it...
    Kirk

    The questions is "Where do you get a root ca file for a verisign trial client cert?" I've looked everywere on verisign's site without luck. BEA support emailed me one but can't remember where/how they
    got it....
    Kirk
    Paul Ferwerda wrote:
    I think that the Server Certificate Chain File Name contains a sequential list of certificates, the first of which was used to sign the cert in the "Server Certificate File Name" and the last is self-
    signed (ie a root ca). There is a minimum of 1 cert required in the Server Certificate Chain File Name (which would be the self-signed cert that signed the cert in the Server Certificate File
    Name file. As you walk through the certs in the Server Certificate Chain File Name each cert is expected to be signed by the following cert (if there is one) and the last one must be self-
    signed.
    The Trusted CA file on the other hand is a collection of self-signed CAs on which no validation is performed and no relationship is assumed between the certs in that file. My guess is that
    the code expects that each cert in the Trusted CA list is self-signed.
    So the Server Certificate Chain File Name contains a chain and the Trusted CA File Name contains unordered self-signed certs.
    Paul F.
    On Thu, 2 Aug 2001 18:52:38 +0200, "Bart Jenkins" <[email protected]> wrote:
    Kirk,
    The PEM file we grabbed from the Verisign site worked in the "Server
    Certificate Chain file name" entry but NOT in the "Trusted CA File Name"
    entry. The guy at support in BEA thought it should have worked for both.
    I'm sure I could append the "Trusted CA chain" to the PEM file that I'm
    using for "Server Certificate Chain File name" and then I could use one file
    for both...
    Could you post yours or send it me via Email so I can have a backup? I'd be
    curious to compare your rootCA list with mine. I'll use whichever has the
    most entries. If my list has more rootCA certs in it I'll pass it along.
    ok?
    'preciate it.
    Bart Jenkins
    [email protected]
    "Kirk Everett" <[email protected]> wrote in message
    news:[email protected]...
    So if the one you got off verisign didn't work, where did you get the onethat
    worked? The one BEA sent me works for mutual auth.
    Kirk
    Bart Jenkins wrote:
    Kirk,
    My security expert found it buried deep in the Verisign site. Have
    you
    successfully tested the Mutual Authentication? The root CA we found onthe
    Verisign Site allowed us to connect via HTTPS but failed on the 2-way
    authentication.....test it...
    I actually mailed the .PEM file we found from Verisign to BEA support
    because I also had an issue open on this with them...it would be funnyif
    they then turned around and mailed it to you...
    If you get stopped...give me a shout...
    good luck
    Bart Jenkins
    Globeflow SA
    [email protected]
    "Kirk Everett" <[email protected]> wrote in message
    news:[email protected]...
    Thanks. I finally got it working yesterday. Apparently, I was not
    using
    the
    correct root ca. Support
    mailed me the root ca they were using and everything works fine now.The
    problem is that I still
    don't know where on Verisign's site to go to get the root ca. Where
    did
    you
    get yours from?
    Kirk
    Bart Jenkins wrote:
    Kirk,
    I've finally got it working today. I've got a Class 3 Verisign
    certificate on the WLS 6 server and a personal Verisign Class 1 cert
    on
    the
    client browser (IE 5.5) and am able to connect via HTTPS in 2-way,mutual
    authentication. Tell me where you are blocked and I'll try to help.
    Bart Jenkins, CTO
    Globeflow SA
    [email protected]
    "Kirk Everett" <[email protected]> wrote in message
    news:[email protected]...
    I 've been unsuccessful and was just wondering if anyone has done
    it...
    Kirk

  • Untrusted server cert chain - while connecting with ldap

    Hi All,
    I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
    javax.naming.CommunicationException: hostname:636 [Root exception is ja
    vax.net.ssl.SSLException: untrusted server cert chain]
    javax.naming.CommunicationException: hostname:636. Root exception is j
    avax.net.ssl.SSLException: untrusted server cert chain
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
    275)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
    at java.io.OutputStream.write(Unknown Source)
    at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.<init>(Unknown Source)
    at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
    at Test2.getProxyDirContext(Test2.java:66)
    at Test2.main(Test2.java:40)
    Any help would be appreciated
    Thanks in Advance
    Somu

    This got resolved when in the code the following
    System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
    where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
    in X509 format

  • Help - untrusted server cert chain again !!!

    Hi,
    I dont understand what's wrong, I have a cert file(pnew.p12) which can be used talking to secure server via browser with no problem(do it means it been signed by my CA already?).
    then I try to do it in JSSE.
    First, I export to Base64 cer format file called mycert.cer.
    then, I create truststore use:
    keytool -import -alias mycert -keystore mytrust -storepass 111111 -trustcacerts
    Then, In my code, I read this truststore and key file from original cer file(pnew.p12)
    -------- my test.java code ----------
    KeyManagerFactory kmf;
    TrustManagerFactory tmf;
    KeyStore ts;
    char[] passphrase = "111111".toCharArray();
    char[] passphrase1 = "222222".toCharArray();
    ctx = SSLContext.getInstance("TLS");
    kmf = KeyManagerFactory.getInstance("SunX509");
    tmf = TrustManagerFactory.getInstance("SunX509");          
    ts = KeyStore.getInstance("JKS");
    KeyStore ks=KeyStore.getInstance("PKCS12");
    ts.load(new FileInputStream("mytrust"), passphrase);
    ks.load(new FileInputStream("pnew.p12"), passphrase1);
    tmf.init(ts);
    kmf.init(ks, passphrase1);     
    ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    factory = ctx.getSocketFactory();
    I know steps which be used to talk to server as follow:
    1. Client hello
    2. Server hello
    3. Certificate (Optional)
    4. Certificate request (Optional)
    5. Server key exchange (Optional)
    6. Server hello done
    7. Certificate (Optional)
    8. Client key exchange
    9. Certificate verify (Optional)
    10. Change cipher spec
    11. Finished
    12. Change cipher spec
    13. Finished
    14. Encrypted data
    I also know what's this error means, but I still cant figure out how to fix it(it is no system clock problem). can someone give me some ideas? or do I need to require any cert from guy who hosting secure server?
    C:\jdk1.4\demo\jsse\sockets\client>java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Djavax.net.debug=ssl test adding as trusted cert: [
    Version: V1
    Subject: OID.2.5.4.5=14 + CN=EIS secure-Test2 + [email protected], DNQ=TRL Demo Customer, C=AU
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@31c260
    Validity: [From: Mon Jan 01 11:00:00 EST 2001,
                   To: Thu Jan 01 10:59:59 EST 2004]
    Issuer: OU=Prototype Research CA, O=secure Research Laboratories, C=AU
    SerialNumber: [    260e]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 24 3F 01 69 AB 6B 9A B8 CD 92 AA 8A FF 11 7F 9D $?.i.k..........
    0010: 0F 5E 20 3A 43 8C 58 F9 8C 14 28 00 FE 2A 52 95 .^ :C.X...(..*R.
    0020: 86 62 3A 5D 6D 17 60 DF 67 4A 6D 83 8C EF 8E 12 .b:]m.`.gJm.....
    0030: D0 84 68 03 AC C1 41 28 4F 0A E6 CA 02 38 DF E1 ..h...A(O....8..
    0040: 6C 96 8E C0 74 65 F7 07 DA 57 5C 79 53 FF 23 AA l...te...W\yS.#.
    0050: D3 E3 1F E7 D8 C8 92 5D B2 3B FC 30 EE 26 6A B8 .......].;.0.&j.
    found key for : eis secure-test2's secure research laboratories id
    trigger seeding of SecureRandom
    done seeding SecureRandom
    %% No cached client session
    *** ClientHello, v3.1
    RandomCookie: GMT: 993449488 bytes = { 225, 246, 212, 140, 222, 64, 204, 172, 19, 68, 80, 74, 158, 218, 215, 169, 231, 97, 88, 0, 198, 89, 193, 202, 247, 137, 137, 130 }
    Session ID: {}
    Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
    Compression Methods: { 0 }
    [write] MD5 and SHA1 hashes: len = 59
    0000: 01 00 00 37 03 01 3B 37 D6 10 E1 F6 D4 8C DE 40 ...7..;7.......@
    0010: CC AC 13 44 50 4A 9E DA D7 A9 E7 61 58 00 C6 59 ...DPJ.....aX..Y
    0020: C1 CA F7 89 89 82 00 00 10 00 05 00 04 00 09 00 ................
    0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
    main, WRITE: SSL v3.1 Handshake, length = 59
    [write] MD5 and SHA1 hashes: len = 77
    0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
    0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
    0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 3B 37 D6 .............;7.
    0030: 10 E1 F6 D4 8C DE 40 CC AC 13 44 50 4A 9E DA D7 [email protected]...
    0040: A9 E7 61 58 00 C6 59 C1 CA F7 89 89 82 ..aX..Y......
    main, WRITE: SSL v2, contentType = 22, translated length = 16310
    main, READ: SSL v3.0 Handshake, length = 3032
    *** ServerHello, v3.0
    RandomCookie: GMT: -1000857547 bytes = { 206, 49, 99, 167, 24, 34, 141, 105, 218, 92, 156, 73, 140, 60, 97, 32, 107, 172, 35, 105, 10, 147, 126, 37, 232, 221, 67, 208 }
    Session ID: {1, 79, 211, 81, 55, 204, 160, 210, 64, 200, 49, 173, 91, 16, 107, 40, 145, 101, 201, 32, 79, 56, 236, 96, 11, 122, 223, 205, 2, 137, 193, 165}
    Cipher Suite: { 0, 4 }
    Compression Method: 0
    %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
    ** SSL_RSA_WITH_RC4_128_MD5
    [read] MD5 and SHA1 hashes: len = 74
    0000: 02 00 00 46 03 00 C4 58 20 35 CE 31 63 A7 18 22 ...F...X 5.1c.."
    0010: 8D 69 DA 5C 9C 49 8C 3C 61 20 6B AC 23 69 0A 93 .i.\.I.<a k.#i..
    0020: 7E 25 E8 DD 43 D0 20 01 4F D3 51 37 CC A0 D2 40 .%..C. .O.Q7...@
    0030: C8 31 AD 5B 10 6B 28 91 65 C9 20 4F 38 EC 60 0B .1.[.k(.e. O8.`.
    0040: 7A DF CD 02 89 C1 A5 00 04 00 z.........
    *** Certificate chain
    chain [0] = [
    Version: V3
    Subject: CN=pocketnews.secure.com, OU=OnAir, O=secure, L=Sydney, ST=NSW, C=AU
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@38e059
    Validity: [From: Fri Aug 18 10:00:00 EST 2000,
                   To: Sun Aug 19 09:59:59 EST 2001]
    Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network
    SerialNumber: [    6a2bcc17 0d6f8a04 1c49aa2d 84464c3e ]
    Certificate Extensions: 4
    [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
    NetscapeCertType [
    SSL server
    [2]: ObjectId: 2.5.29.3 Criticality=false
    Extension unknown: DER encoded OCTET string =
    0000: 04 82 02 16 30 82 02 12 30 82 02 0E 30 82 02 0A ....0...0...0...
    0010: 06 0B 60 86 48 01 86 F8 45 01 07 01 01 30 82 01 ..`.H...E....0..
    0020: F9 16 82 01 A7 54 68 69 73 20 63 65 72 74 69 66 .....This certif
    0030: 69 63 61 74 65 20 69 6E 63 6F 72 70 6F 72 61 74 icate incorporat
    0040: 65 73 20 62 79 20 72 65 66 65 72 65 6E 63 65 2C es by reference,
    0050: 20 61 6E 64 20 69 74 73 20 75 73 65 20 69 73 20 and its use is
    0060: 73 74 72 69 63 74 6C 79 20 73 75 62 6A 65 63 74 strictly subject
    0070: 20 74 6F 2C 20 74 68 65 20 56 65 72 69 53 69 67 to, the VeriSig
    0080: 6E 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 n Certification
    0090: 50 72 61 63 74 69 63 65 20 53 74 61 74 65 6D 65 Practice Stateme
    00A0: 6E 74 20 28 43 50 53 29 2C 20 61 76 61 69 6C 61 nt (CPS), availa
    00B0: 62 6C 65 20 61 74 3A 20 68 74 74 70 73 3A 2F 2F ble at: https://
    00C0: 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D www.verisign.com
    00D0: 2F 43 50 53 3B 20 62 79 20 45 2D 6D 61 69 6C 20 /CPS; by E-mail
    00E0: 61 74 20 43 50 53 2D 72 65 71 75 65 73 74 73 40 at CPS-requests@
    00F0: 76 65 72 69 73 69 67 6E 2E 63 6F 6D 3B 20 6F 72 verisign.com; or
    0100: 20 62 79 20 6D 61 69 6C 20 61 74 20 56 65 72 69 by mail at Veri
    0110: 53 69 67 6E 2C 20 49 6E 63 2E 2C 20 32 35 39 33 Sign, Inc., 2593
    0120: 20 43 6F 61 73 74 20 41 76 65 2E 2C 20 4D 6F 75 Coast Ave., Mou
    0130: 6E 74 61 69 6E 20 56 69 65 77 2C 20 43 41 20 39 ntain View, CA 9
    0140: 34 30 34 33 20 55 53 41 20 54 65 6C 2E 20 2B 31 4043 USA Tel. +1
    0150: 20 28 34 31 35 29 20 39 36 31 2D 38 38 33 30 20 (415) 961-8830
    0160: 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 Copyright (c) 19
    0170: 39 36 20 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 96 VeriSign, Inc
    0180: 2E 20 20 41 6C 6C 20 52 69 67 68 74 73 20 52 65 . All Rights Re
    0190: 73 65 72 76 65 64 2E 20 43 45 52 54 41 49 4E 20 served. CERTAIN
    01A0: 57 41 52 52 41 4E 54 49 45 53 20 44 49 53 43 4C WARRANTIES DISCL
    01B0: 41 49 4D 45 44 20 61 6E 64 20 4C 49 41 42 49 4C AIMED and LIABIL
    01C0: 49 54 59 20 4C 49 4D 49 54 45 44 2E A0 0E 06 0C ITY LIMITED.....
    01D0: 60 86 48 01 86 F8 45 01 07 01 01 01 A1 0E 06 0C `.H...E.........
    01E0: 60 86 48 01 86 F8 45 01 07 01 01 02 30 2C 30 2A `.H...E.....0,0*
    01F0: 16 28 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 .(https://www.ve
    0200: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 risign.com/repos
    0210: 69 74 6F 72 79 2F 43 50 53 20 itory/CPS
    [3]: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
    [2.16.840.1.113730.4.1]]
    [4]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:false
    PathLen: undefined
    Algorithm: [MD5withRSA]
    Signature:
    0000: CF EE E8 78 F8 75 6A 6F F9 B0 7C B9 33 F2 D0 8C ...x.ujo....3...
    0010: 5D 88 B7 A8 42 89 87 D9 76 50 9B 0C E3 9C 05 2A ]...B...vP.....*
    0020: 6D 0E 25 7A 5F 2D 07 EE AF 1F 73 05 93 BF EE 65 m.%z_-....s....e
    0030: D7 E7 97 CD EA EE 6D 11 EF 0C 48 67 18 A4 B0 03 ......m...Hg....
    0040: F4 A3 1B 2E EA 14 9C 56 5A 98 BF 2F AD 4B 50 4A .......VZ../.KPJ
    0050: 21 8E 0F DA 4A DE 4E 82 53 FB BF F2 B8 D4 AD 2A !...J.N.S......*
    0060: B8 DC C1 9B 2C A9 96 66 12 D9 5A 97 AB 3D 1C 5C ....,..f..Z..=.\
    0070: 24 25 1C 0A 2E 08 F6 0A 26 E0 7E D5 36 76 00 90 $%......&...6v..
    chain [1] = [
    Version: V3
    Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network
    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@15c083
    Validity: [From: Thu Apr 17 10:00:00 EST 1997,
                   To: Thu Jan 08 10:59:59 EST 2004]
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    SerialNumber: [    236c971e 2bc60d0b f97460de f108c3c3 ]
    Certificate Extensions: 5
    [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
    NetscapeCertType [
    SSL CA
    S/MIME CA
    [2]: ObjectId: 2.5.29.32 Criticality=false
    CertificatePolicies [
    [CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
    [PolicyQualifierInfo: [
      qualifierID: 1.3.6.1.5.5.7.2.1
      qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65  ..https://www.ve
    0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 43 50 53        risign.com/CPS
    ], PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.2
    qualifier: 0000: 30 81 D9 30 15 16 0E 56 65 72 69 53 69 67 6E 2C 0..0...VeriSign,
    0010: 20 49 6E 63 2E 30 03 02 01 01 1A 81 BF 56 65 72 Inc.0.......Ver
    0020: 69 53 69 67 6E 27 73 20 43 65 72 74 69 66 69 63 iSign's Certific
    0030: 61 74 69 6F 6E 20 50 72 61 63 74 69 63 65 20 53 ation Practice S
    0040: 74 61 74 65 6D 65 6E 74 2C 20 77 77 77 2E 76 65 tatement, www.ve
    0050: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 2C 20 risign.com/CPS,
    0060: 67 6F 76 65 72 6E 73 20 74 68 69 73 20 63 65 72 governs this cer
    0070: 74 69 66 69 63 61 74 65 20 26 20 69 73 20 69 6E tificate & is in
    0080: 63 6F 72 70 6F 72 61 74 65 64 20 62 79 20 72 65 corporated by re
    0090: 66 65 72 65 6E 63 65 20 68 65 72 65 69 6E 2E 20 ference herein.
    00A0: 53 4F 4D 45 20 57 41 52 52 41 4E 54 49 45 53 20 SOME WARRANTIES
    00B0: 44 49 53 43 4C 41 49 4D 45 44 20 26 20 4C 49 41 DISCLAIMED & LIA
    00C0: 42 49 4C 49 54 59 20 4C 54 44 2E 20 28 63 29 31 BILITY LTD. (c)1
    00D0: 39 39 37 20 56 65 72 69 53 69 67 6E 997 VeriSign
    [3]: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
    [2.16.840.1.113733.1.8.1, 2.16.840.1.113730.4.1]]
    [4]: ObjectId: 2.5.29.15 Criticality=false
    KeyUsage [
    Key_CertSign
    Crl_Sign
    [5]: ObjectId: 2.5.29.19 Criticality=false
    BasicConstraints:[
    CA:true
    PathLen:0
    Algorithm: [MD2withRSA]
    Signature:
    0000: B8 8C 98 C3 2B 48 F5 72 CD 68 0D 1A B3 74 63 BB ....+H.r.h...tc.
    0010: B1 58 B6 98 45 22 EC 11 8D C7 4E 33 8B 62 5A 21 .X..E"....N3.bZ!
    0020: 24 6C 9A C0 42 B4 45 A9 3A FB 67 F0 91 BE 18 1F $l..B.E.:.g.....
    0030: D5 48 19 93 6B 8D CB 37 4B 86 E6 7D 9B FD 8C 78 .H..k..7K......x
    0040: 99 FF 83 C2 FC D9 55 06 9E 31 66 46 7D 1B 78 60 ......U..1fF..x`
    0050: F4 55 D4 6C 55 C8 69 62 70 7C 4D B6 89 06 05 9B .U.lU.ibp.M.....
    0060: C8 43 8E CC 0C 28 D5 D1 8C CD 46 50 E3 31 96 66 .C...(....FP.1.f
    0070: 92 11 24 1E 4A 5B 4B 66 5E 65 55 1E 5F 37 9A AE ..$.J[Kf^eU._7..
    chain [2] = [
    Version: V1
    Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d9c06
    Validity: [From: Mon Jan 29 11:00:00 EST 1996,
                   To: Sat Jan 01 10:59:59 EST 2000]
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    SerialNumber: [    02a10000 01]
    Algorithm: [MD2withRSA]
    Signature:
    0000: 75 66 6C 3E D1 CD 81 DB B5 F8 2F 36 51 B6 F7 42 ufl>....../6Q..B
    0010: BC CD 42 AF DC 0E FA 15 6C F8 67 93 57 3A EB B6 ..B.....l.g.W:..
    0020: 92 E8 B6 01 CA 8C B7 8E 43 B4 49 65 F9 3E EE BD ........C.Ie.>..
    0030: 75 46 2E C9 FC 25 5D A8 C7 2F 8B 9B 8F 68 CF B4 uF...%]../...h..
    0040: 9C 97 18 C0 4D EF 1F D9 AF 82 B3 E6 64 B8 84 5C ....M.......d..\
    0050: 8A 9A 07 52 43 61 FB 74 9E 5B 3A 36 FC 4C B2 FC ...RCa.t.[:6.L..
    0060: 1A 3F 15 2E A5 5B 3C 1B 90 EC 88 29 E4 59 16 F9 .?...[<....).Y..
    0070: CE 07 AD EC E9 DD DA D2 31 8A 4F D6 D8 EF 17 8D ........1.O.....
    out of date cert: [
    Version: V1
    Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d9c06
    Validity: [From: Mon Jan 29 11:00:00 EST 1996,
                   To: Sat Jan 01 10:59:59 EST 2000]
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
    SerialNumber: [    02a10000 01]
    Algorithm: [MD2withRSA]
    Signature:
    0000: 75 66 6C 3E D1 CD 81 DB B5 F8 2F 36 51 B6 F7 42 ufl>....../6Q..B
    0010: BC CD 42 AF DC 0E FA 15 6C F8 67 93 57 3A EB B6 ..B.....l.g.W:..
    0020: 92 E8 B6 01 CA 8C B7 8E 43 B4 49 65 F9 3E EE BD ........C.Ie.>..
    0030: 75 46 2E C9 FC 25 5D A8 C7 2F 8B 9B 8F 68 CF B4 uF...%]../...h..
    0040: 9C 97 18 C0 4D EF 1F D9 AF 82 B3 E6 64 B8 84 5C ....M.......d..\
    0050: 8A 9A 07 52 43 61 FB 74 9E 5B 3A 36 FC 4C B2 FC ...RCa.t.[:6.L..
    0060: 1A 3F 15 2E A5 5B 3C 1B 90 EC 88 29 E4 59 16 F9 .?...[<....).Y..
    0070: CE 07 AD EC E9 DD DA D2 31 8A 4F D6 D8 EF 17 8D ........1.O.....
    main, SEND SSL v3.0 ALERT: fatal, description = certificate_unknown
    main, WRITE: SSL v3.0 Alert, length = 2
    javax.net.ssl.SSLHandshakeException: untrusted server cert chain
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
    at java.io.OutputStream.write(OutputStream.java:61)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
    at test.main(test.java:82)

    Hi david,
    I am also having the same problem. Below is my debug message. If possible pl. tell me what you did to fix the problem.
    Debug.
    *** ClientHello, v3.1
    [write] MD5 and SHA1 hashes: len = 47
    0000: 01 00 00 2B 03 01 3B 6F 8A 74 C3 88 A3 70 1F F6 ...+..;o.t...p..
    0010: 86 9F F7 50 66 12 1C BF 9A 0D 5F ED 20 F4 07 52 ...Pf....._. ..R
    0020: 17 A7 6A 1B 10 8C 00 00 04 00 03 00 11 01 00 ..j............
    [write] MD5 and SHA1 hashes: len = 50
    0000: 01 03 01 00 09 00 00 00 20 00 00 03 02 00 80 00 ........ .......
    0010: 00 11 3B 6F 8A 74 C3 88 A3 70 1F F6 86 9F F7 50 ..;o.t...p.....P
    0020: 66 12 1C BF 9A 0D 5F ED 20 F4 07 52 17 A7 6A 1B f....._. ..R..j.
    0030: 10 8C ..
    *** ServerHello, v3.0
    ** SSL_RSA_EXPORT_WITH_RC4_40_MD5
    [read] MD5 and SHA1 hashes: len = 74
    0000: 02 00 00 46 03 00 3B 70 1F 94 E6 2C 62 7F 14 9E ...F..;p...,b...
    0010: C2 AE 2A B9 56 DE 49 B7 6D 1F 24 45 38 45 5F DA ..*.V.I.m.$E8E_.
    0020: AE CB C5 7F 05 9F 20 3B 70 1F 94 E3 5E E5 BC 17 ...... ;p...^...
    0030: 18 7D FE CE B3 9D F6 37 27 05 9D 3F 8C D2 82 16 .......7'..?....
    0040: 6F 3C 55 84 9E 9A A5 00 03 00 o<U.......
    *** Certificate chain
    [read] MD5 and SHA1 hashes: len = 1021
    0000: 0B 00 03 F9 00 03 F6 00 01 F8 30 82 01 F4 30 82 ..........0...0.
    0010: 01 9E 02 01 00 30 0D 06 09 2A 86 48 86 F7 0D 01 .....0...*.H....
    0020: 01 04 05 00 30 81 84 31 0B 30 09 06 03 55 04 06 ....0..1.0...U..
    0030: 13 02 49 4E 31 0B 30 09 06 03 55 04 08 13 02 54 ..IN1.0...U....T
    0040: 4E 31 10 30 0E 06 03 55 04 07 13 07 43 48 45 4E N1.0...U....CHEN
    0050: 4E 41 49 31 0D 30 0B 06 03 55 04 0A 13 04 41 32 NAI1.0...U....A2
    0060: 57 49 31 0C 30 0A 06 03 55 04 0B 13 03 44 45 56 WI1.0...U....DEV
    0070: 31 0D 30 0B 06 03 55 04 03 13 04 41 32 57 49 31 1.0...U....A2WI1
    0080: 2A 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1B *0(..*.H........
    0090: 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 40 61 69 administrator@ai
    00A0: 72 32 77 65 62 2E 63 6F 2E 69 6E 30 1E 17 0D 30 r2web.co.in0...0
    00B0: 31 30 33 30 38 32 33 31 32 32 37 5A 17 0D 30 32 10308231227Z..02
    00C0: 30 33 30 38 32 33 31 32 32 37 5A 30 81 84 31 0B 0308231227Z0..1.
    00D0: 30 09 06 03 55 04 06 13 02 49 4E 31 0B 30 09 06 0...U....IN1.0..
    00E0: 03 55 04 08 13 02 54 4E 31 10 30 0E 06 03 55 04 .U....TN1.0...U.
    00F0: 07 13 07 43 48 45 4E 4E 41 49 31 0D 30 0B 06 03 ...CHENNAI1.0...
    0100: 55 04 0A 13 04 41 32 57 49 31 0C 30 0A 06 03 55 U....A2WI1.0...U
    0110: 04 0B 13 03 44 45 56 31 0D 30 0B 06 03 55 04 03 ....DEV1.0...U..
    0120: 13 04 41 32 57 49 31 2A 30 28 06 09 2A 86 48 86 ..A2WI1*0(..*.H.
    0130: F7 0D 01 09 01 16 1B 61 64 6D 69 6E 69 73 74 72 .......administr
    0140: 61 74 6F 72 40 61 69 72 32 77 65 62 2E 63 6F 2E [email protected].
    0150: 69 6E 30 5C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 in0\0...*.H.....
    0160: 01 05 00 03 4B 00 30 48 02 41 00 D6 44 43 83 68 ....K.0H.A..DC.h
    0170: 77 B8 8B 05 FC 06 16 50 51 D7 66 91 7E 2C 13 FE w......PQ.f..,..
    0180: 18 F4 64 9A 81 9F B2 EA CE 11 21 7F 4B B6 0B 41 ..d.......!.K..A
    0190: 31 CE C1 90 5C 24 90 F8 A5 B8 9D 00 A8 81 59 17 1...\$........Y.
    01A0: D4 CB 32 FC 43 DB D8 7A 06 6C 43 02 03 01 00 01 ..2.C..z.lC.....
    01B0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 0...*.H.........
    01C0: 41 00 A3 FF F8 4B 49 B0 77 4E F8 8E 9D A1 99 58 A....KI.wN.....X
    01D0: 65 3E 39 E4 7D BD 33 67 47 62 7B CE EC 9D 2B FB e>9...3gGb....+.
    01E0: 59 F6 8D C6 BE 75 9F FE 17 C6 EB A8 77 36 40 F9 Y....u......w6@.
    01F0: 49 19 8B 83 60 CE 43 73 90 0D BA 2A 30 98 93 EF I...`.Cs...*0...
    0200: FF 6F 00 01 F8 30 82 01 F4 30 82 01 9E 02 01 00 .o...0...0......
    0210: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 30 0...*.H........0
    0220: 81 84 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 ..1.0...U....IN1
    0230: 0B 30 09 06 03 55 04 08 13 02 54 4E 31 10 30 0E .0...U....TN1.0.
    0240: 06 03 55 04 07 13 07 43 48 45 4E 4E 41 49 31 0D ..U....CHENNAI1.
    0250: 30 0B 06 03 55 04 0A 13 04 41 32 57 49 31 0C 30 0...U....A2WI1.0
    0260: 0A 06 03 55 04 0B 13 03 44 45 56 31 0D 30 0B 06 ...U....DEV1.0..
    0270: 03 55 04 03 13 04 41 32 57 49 31 2A 30 28 06 09 .U....A2WI1*0(..
    0280: 2A 86 48 86 F7 0D 01 09 01 16 1B 61 64 6D 69 6E *.H........admin
    0290: 69 73 74 72 61 74 6F 72 40 61 69 72 32 77 65 62 istrator@air2web
    02A0: 2E 63 6F 2E 69 6E 30 1E 17 0D 30 31 30 33 30 38 .co.in0...010308
    02B0: 32 33 31 32 32 37 5A 17 0D 30 32 30 33 30 38 32 231227Z..0203082
    02C0: 33 31 32 32 37 5A 30 81 84 31 0B 30 09 06 03 55 31227Z0..1.0...U
    02D0: 04 06 13 02 49 4E 31 0B 30 09 06 03 55 04 08 13 ....IN1.0...U...
    02E0: 02 54 4E 31 10 30 0E 06 03 55 04 07 13 07 43 48 .TN1.0...U....CH
    02F0: 45 4E 4E 41 49 31 0D 30 0B 06 03 55 04 0A 13 04 ENNAI1.0...U....
    0300: 41 32 57 49 31 0C 30 0A 06 03 55 04 0B 13 03 44 A2WI1.0...U....D
    0310: 45 56 31 0D 30 0B 06 03 55 04 03 13 04 41 32 57 EV1.0...U....A2W
    0320: 49 31 2A 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 I1*0(..*.H......
    0330: 16 1B 61 64 6D 69 6E 69 73 74 72 61 74 6F 72 40 ..administrator@
    0340: 61 69 72 32 77 65 62 2E 63 6F 2E 69 6E 30 5C 30 air2web.co.in0\0
    0350: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B ...*.H.........K
    0360: 00 30 48 02 41 00 D6 44 43 83 68 77 B8 8B 05 FC .0H.A..DC.hw....
    0370: 06 16 50 51 D7 66 91 7E 2C 13 FE 18 F4 64 9A 81 ..PQ.f..,....d..
    0380: 9F B2 EA CE 11 21 7F 4B B6 0B 41 31 CE C1 90 5C .....!.K..A1...\
    0390: 24 90 F8 A5 B8 9D 00 A8 81 59 17 D4 CB 32 FC 43 $........Y...2.C
    03A0: DB D8 7A 06 6C 43 02 03 01 00 01 30 0D 06 09 2A ..z.lC.....0...*
    03B0: 86 48 86 F7 0D 01 01 04 05 00 03 41 00 A3 FF F8 .H.........A....
    03C0: 4B 49 B0 77 4E F8 8E 9D A1 99 58 65 3E 39 E4 7D KI.wN.....Xe>9..
    03D0: BD 33 67 47 62 7B CE EC 9D 2B FB 59 F6 8D C6 BE .3gGb....+.Y....
    03E0: 75 9F FE 17 C6 EB A8 77 36 40 F9 49 19 8B 83 60 [email protected]...`
    03F0: CE 43 73 90 0D BA 2A 30 98 93 EF FF 6F .Cs...*0....o
    [read] MD5 and SHA1 hashes: len = 145
    0000: 0D 00 00 8D 01 01 00 89 00 87 30 81 84 31 0B 30 ..........0..1.0
    0010: 09 06 03 55 04 06 13 02 49 4E 31 0B 30 09 06 03 ...U....IN1.0...
    0020: 55 04 08 13 02 54 4E 31 10 30 0E 06 03 55 04 07 U....TN1.0...U..
    0030: 13 07 43 48 45 4E 4E 41 49 31 0D 30 0B 06 03 55 ..CHENNAI1.0...U
    0040: 04 0A 13 04 41 32 57 49 31 0C 30 0A 06 03 55 04 ....A2WI1.0...U.
    0050: 0B 13 03 44 45 56 31 0D 30 0B 06 03 55 04 03 13 ...DEV1.0...U...
    0060: 04 41 32 57 49 31 2A 30 28 06 09 2A 86 48 86 F7 .A2WI1*0(..*.H..
    0070: 0D 01 09 01 16 1B 61 64 6D 69 6E 69 73 74 72 61 ......administra
    0080: 74 6F 72 40 61 69 72 32 77 65 62 2E 63 6F 2E 69 [email protected]
    0090: 6E n
    *** ServerHelloDone
    [read] MD5 and SHA1 hashes: len = 4
    0000: 0E 00 00 00 ....
    main, SEND SSL v3.0 ALERT: warning, description = no_certificate
    *** ClientKeyExchange, RSA PreMasterSecret, v3.0
    [write] MD5 and SHA1 hashes: len = 68
    0000: 10 00 00 40 0C C4 88 95 C5 C9 2F 46 EF B9 EF EA ...@....../F....
    0010: AB C5 46 E2 38 4F 4A CA 19 D8 08 8D 36 70 2B 7D ..F.8OJ.....6p+.
    0020: 7F 8E 05 71 29 57 69 7B B2 6E 0C ED 61 03 DB 41 ...q)Wi..n..a..A
    0030: F1 1A F0 94 AC F0 23 C8 E4 15 60 E2 47 14 A9 3E ......#...`.G..>
    0040: 73 14 D3 C8 s...
    main, WRITE: SSL v3.0 Change Cipher Spec, length = 1
    *** Finished, v3.0
    [write] MD5 and SHA1 hashes: len = 40
    0000: 14 00 00 24 EC 0F 78 6D 4E 96 70 8D AB 0E 2F 6F ...$..xmN.p.../o
    0010: 24 59 2F AF E4 66 9B DE 65 2C 23 E0 2E B5 DB 15 $Y/..f..e,#.....
    0020: B8 9B 30 A6 E4 B8 4F 7F ..0...O.
    *** Finished, v3.0
    [read] MD5 and SHA1 hashes: len = 40
    0000: 14 00 00 24 98 0E E7 1C 54 D8 BE B3 3D 23 4C 65 ...$....T...=#Le
    0010: E9 B2 24 81 F6 F0 63 92 EB 92 8C 50 64 94 1F 04 ..$...c....Pd...
    0020: 7D 27 25 C4 19 F1 C8 A7 .'%.....
    main, RECV SSLv3 ALERT: warning, close_notify
    main, SEND SSL v3.0 ALERT: warning, description = close_notify

  • Untrusted server cert chain Error

    I am trying to connect to a HTTPS server using a jsp page, running JRUN 1.3 and JSSE 1.0.2.
    I have an error message consistenly that says: "untrusted server cert chain".
    I believe that the certificate is ok, and JSSE is configured properly.
    Here is the code I am using, do you know where the preoblem is?
    <html>
    <%@ page import="java.io.*"%>
    <%@ page import="java.net.*"%>
    <%@ page import="com.sun.net.ssl.*"%>
    <%@ page import="java.security.*"%>
    <%@ page import="java.util.*"%>
    <head>
         <title></title>
    </head>
    <body>
    <%
    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    System.setProperty("javax.net.debug", "help all");
    URL thisURL=new URL("https://test.com/index.html");
    URLConnection uCon= null;
    uCon = (URLConnection) thisURL.openConnection();
    InputStreamReader isr=new InputStreamReader(uCon.getInputStream());
    BufferedReader brObject=new BufferedReader(isr);
    //printing out
    String line = "";
    StringBuffer sb     =     new StringBuffer();
    while ((line = brObject.readLine()) != null){
              sb.append(line);
    sb.toString();
    %>
    </body>
    </html>

    Why dont u try to connect to
    https://www.verisign.com
    Code seems to be correct. If it doesnt work, mail me at
    [email protected]

  • Untrusted server cert chain

    Our product is a server. It uses Tomcat to receive HTTP requests.
    We would like tomcat to serve HTTP/SSL (https) directly.
    As described in the Tomcat documentation, we have used the Sun keytool.exe to create the SSL certificate.
    This certificate is autosigned.
    Tomcat is now running and supports SSL on port 8443.
    One client of our server try to send an HTTP request to our server.
    Here is the code of the client program:
         // Declaring SSL Provider
         com.sun.net.ssl.internal.ssl.Provider provider = new com.sun.net.ssl.internal.ssl.Provider ();               
         Security.addProvider(provider);
         // Opening connection
         URL processUrl = new URL("https://serverHostName:8443/serverApp/serverJSP.jsp");
         m_httpsCnct = (HttpsURLConnection)processUrl.openConnection();
         // Connection settings
         // Posting request
         OutputStreamWriter osw = new OutputStreamWriter(m_httpsCnct.getOutputStream());
    At this point, the following exception and debug info is thrown :
         %% No cached client session
         *** ClientHello, v3.1
         Thread-0, WRITE: SSL v3.1 Handshake, length = 59
         Thread-0, WRITE: SSL v2, contentType = 22, translated length = 16310
         Thread-0, READ: SSL v3.1 Handshake, length = 664
         *** ServerHello, v3.1
         %% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
         ** SSL_RSA_WITH_RC4_128_SHA
         *** Certificate chain
         Thread-0, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown
         Thread-0, WRITE: SSL v3.1 Alert, length = 2
         javax.net.ssl.SSLException: untrusted server cert chain
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
              at java.io.OutputStream.write(Unknown Source)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
              at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getOutputStream([DashoPro-V1.2-120198])
    I believe that my certificate is not trusted because it is autosigned.
    Is it true?
    Can I customize my client to accept this certificate?
    We register dynamically the SunJSSE Provider. It seems to take a long time. How can we avoid this?
    We didn't complete successfully the static registration.
    Any help would be appreciated.
    Thanks.

    I believe that the server is not trusted because it is not in your so-called "truststore." If you import the server certificate into a keystore using keytool and then reference that keystore as your "truststore", then you should be able to authenticate the server.
    One approach is to hit the server via a browser, save the server certificate, and export it. Then import it via keytool. You should be able to configure properties (jdk1.4 example below) such as:
    javax.net.ssl.trustStore=<path-to-truststore>
    javax.net.ssl.trustStoreType=JKS
    javax.net.ssl.trustStorePassword=<password>
    Good luck!

  • Untrusted server cert chain & does not recognize the certificate authority

    I have java code that makes an ssl connection to an HTTPS server.
    The code workes fine when I connect to a server that has a
    certificate that was issued by a recognizable authority.
    But when I try to connect to our test HTTPS server which has a
    certificate that was created by ourselves for debug, I get this
    java exception: "untrusted server cert chain".
    When I connect to our test HTTPS server with a browser, I get
    this message from the browser in a popup window:
    "www.xyz.com is a web site that uses a security certifcate to
    identify itself. However netscape 6 does not recognize the
    certificate authority that issued this certificate."
    At this point I am able to accept the certificate in the popup
    window and continue.
    Question: In my java code how can I accept a certificate
    that was signed by an unrecognizable authority just like the
    browser can. Or during debug, how can I set an override
    to accept ALL certs no matter what.
    Thanks.....Paul

    You will have to import your server test certificate into your client machine keystore. By default the keystore will be the 'cacerts' file in JAVA_HOME/jre/lib/security, get your server certificate in .pem format and use keytool to import it to the client.
    keytool -import -alias <anything> -file <full path of .pem file> -keystore <full path of cacerts file>
    The keystore password is 'changeit' by default, keytool comes with the JDK.
    The reasoning behind this is to prevent the misuse of test certificates, the client has to consciously import an untrusted certificate. When you install a real certificate on your server the client will be automatically validated if bought from a trusted CA (Thawte, Verisign).
    Take a look at the java.security.KeyStore class, you can use it to view your certificate chain.
    Ronny.

  • FieldName: null.java.lang.Exception

    I just bought a new iMac. I had a PC that had all my iTunes music on it. I have moved all of those tunes to my new iMac and many play fine on iTunes on the new iMac. Others ask for authentication and when I try to do this, it says my username and password are incorrect. I have had he same username (mcglover @yahoo.com) for years and until today used the same password. I changed my password two or three times, trying to get this resolved, but I always get the same error message:
    FieldName: null.java.lang.Exception (this is written in red)
    What is the problem?

    Click on your account name in the top right corner of the iTunes window. When a second window appears asking for your password, hit "logout" instead. Then click on the "login" in the top right corner again and type in your user name and password. Then try logging in again. If it still doesn't work, repeat the process two or three times and see if that will eventually clear the error (it did for other users who've had the same problem in the past).
    Hope this helps.

  • OAM Access Server - Cannot load cert chain file aaa_chain.pem

    Hi experts,
    I am in the midst of changing the Transport Layer Security (TLS) of OAM Access Server from Open mode to Cert mode, and encountering the error not able to load aaa_chain.pem.
    Below are the steps which I have did:-
    1. Change the TLS mode for both Access Server and Webgate from Open >> Cert mode in the Access System console
    2. Stop the Access Server from Services
    3. From the <access server install dir> run ConfigureAAAServer.exe to generate aaa_req.pem and aaa_key.pem.
    4. Copy the certificate request from the aaa_req.pem and submit to Internal CA (Ms CA).
    5. Download the Certificate and Certificate Chain in Base 64 encoding, and rename into *.pem. E.g. certnew.cer >> aaa_cert.pem certnew.p7b >> aaa_chain.pem.
    6. Copy *.pem files in to <access server install dir>/oblix/config
    7. Rerun ConfigureAAAServer.exe to install the cert, all went smoothly without issue.
    8. Start Access Server from Services. <<< Service failed to start.
    NOTE: I did the same thing for Policy Manager, used genCert.exe to generate certificate request, submit the CA to sign and installed.
    Check on the event viewer, the following error was found.
    **===========================================================================**
    Log Name: Application
    Source: ObAAAServer-AccSvr01
    Date: 16/8/2010 1:06:39 AM
    Event ID: 1
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: IDMsvr.SSO.com
    Description:
    The description for Event ID 1 from source ObAAAServer-AccSvr01 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
    If the event originated on another computer, the display information had to be saved with the event.
    The following information was included with the event:
    Access Server Exception: Error: Cannot load cert chain file C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem
    the message resource is present but the message is not found in the string/message table
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="ObAAAServer-AccSvr01" />
    <EventID Qualifiers="49152">1</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-15T17:06:39.000Z" />
    <EventRecordID>1072</EventRecordID>
    <Channel>Application</Channel>
    <Computer>IDMsvr.SSO.com</Computer>
    <Security />
    </System>
    <EventData>
    <Data>Access Server Exception: Error: Cannot load cert chain file C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem</Data>
    </EventData>
    </Event>
    **===========================================================================**
    The ConfigureAAAServer.exe_
    C:\Program Files (x86)\NetPoint\access\oblix\tools\configureAAAServer>configureA
    AAServer.exe reconfig "C:\Program Files (x86)\NetPoint\access"
    Please enter the Mode in which you want the Access Server to run : 1(Open) 2(Si
    mple) 3(Cert) : 3
    Do you want to request a certificate (1) or install a certificate (2) ? : 1
    Please enter the Pass phrase for this Access Server :
    Do you want to store the password in the file ? : 1(Y) 2(N) : 1
    Preparing to generate certificate. This may take up to 60 seconds. Please wai
    t.
    Loading 'screen' into random state - done
    Generating a 1024 bit RSA private key
    .............++++++
    ..++++++
    writing new private key to 'C:\Program Files (x86)\NetPoint\access\oblix\config\
    aaa_key.pem'
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [US]:.
    State or Province Name (full name) [Some-State]:.
    Locality Name (eg, city) []:.
    Organization Name (eg, company) [Some-Organization Pty Ltd]:.
    Organizational Unit Name (eg, section) []:.
    Common Name (eg, hostName.domainName.com) []:IDMsvr.sso.com
    Email Address []:.
    writing RSA key
    Your certificate request is in file : C:\Program Files (x86)\NetPoint\access/ob
    lix/config/aaa_req.pem
    Please get your certificate request signed by the Certificate Authority.
    On obtaining your certificate, please place your certificate in 'C:\Program Fil
    es (x86)\NetPoint\access/oblix/config/aaa_cert.pem' file and the certificate aut
    hority's certificate for the corresponding component (for example: WebGate, AXML
    Server) in 'C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem'
    file.
    Once you have your certificate placed at the above mentioned location, please f
    ollow the instructions on how to start the Access Server.
    More Information on setting up Access Server in Certificate mode can be obtaine
    d from the Setup Installation Guide.
    Access Server mode has been re-configured successfully.
    Please note that new security mode will take effect only after the security mod
    e for this Access Server is changed to 'cert' from the Access Manager System Con
    sole.
    Do you want to specify or update the failover information ? : 1(Y) 2(N) :2
    Please restart the Access Server from the Control Panel Services once you have
    placed your certificates at the above mentioned location.
    Press enter key to continue ...
    C:\Program Files (x86)\NetPoint\access\oblix\tools\configureAAAServer>configureA
    AAServer.exe reconfig "C:\Program Files (x86)\NetPoint\access"
    Please enter the Mode in which you want the Access Server to run : 1(Open) 2(Si
    mple) 3(Cert) : 3
    Do you want to request a certificate (1) or install a certificate (2) ? : 2
    Please enter the Pass phrase for this Access Server :
    Do you want to store the password in the file ? : 1(Y) 2(N) : 1
    Please provide the full path to the Certificate key file [C:\Program Files (x86)
    \NetPoint\access/oblix/config/aaa_key.pem] : C:\Program Files (x86)\NetPoint\acc
    ess\oblix\config\aaa_key.pem
    Please provide the full path to the Certificate file [C:\Program Files (x86)\Net
    Point\access/oblix/config/aaa_cert.pem] : C:\Program Files (x86)\NetPoint\access
    \oblix\config\aaa_cert.pem
    Please provide the full path to the Certificate authority's certificate chain fi
    le [C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem] : C:\Prog
    ram Files (x86)\NetPoint\access\oblix\config\aaa_chain.pem
    Access Server mode has been re-configured successfully.
    Please note that new security mode will take effect only after the security mod
    e for this Access Server is changed to 'cert' from the Access Manager System Con
    sole.
    Do you want to specify or update the failover information ? : 1(Y) 2(N) :2
    Please restart the Access Server from the Control Panel Services.
    Press enter key to continue ...
    **===========================================================================**
    I followed through the documentation on OAM Identity & Common Admin - Chapter 8 guide.
    Is there anything which I have missed or something to do with the certificate.
    Thanks in advance.
    Regards,
    Wing
    Edited by: user13340813 on Aug 19, 2010 8:56 PM

    No, you didn't do anything wrong, JeanPhilippe. I'm right there with you. There's even another thread on this issue:
    <http://discussions.apple.com/thread.jspa?messageID=10808126>
    I had the same problem: IMAP & POP services would not launch using SSL. Finally got it resolved today. It had nothing to do with certificates and their names, or creating them in openssl, and everything to do with a botched dovecot.conf file, courtesy of Server Admin.
    It appears that every time I changed the certificate for IMAP & POP SSL in Server Admin, it appended the new selection to the dovecot.conf file on 3 separate lines. The result was an unhealthy list of every certificate file Server Admin had ever been pointed to for this service.
    After making a backup, I edited the file (/etc/dovecot/dovecot.conf) down to the single cert file I wanted it to use. It happened to be first in the list, FWIW.
    If you want to duplicate this, look for the lines beginning with:
    "sslcertfile"
    "sslkeyfile"
    "sslcafile"
    Obviously you need to be careful in there. But I did not even have to bounce the service before it took my changes. Thankfully, Server Admin did not overwrite my edits (which I've seen happen with manual config of other services, such as the iChat service.)
    Good luck, and let me know if I can provide more detail.

  • User Name- and Password-Based Mutual Authentication

    Hi,
    The J2EE 1.4 Tutorial Update 1 shows an example of Client-Certificate Authentication over HTTP/SSL with JAX-RPC, but no User Name- and Password-Based Mutual Authentication example.
    Does this work the same? Does the client need a certificate for User Name- and Password-Based Mutual Authentication?
    I created my own self-signed certificate and imported it using the keytool. When I use my client to connect to my JAX-RPC web service, I get the following error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found.
    It seems that no trusted certificate is found... on the client side?! How do I specify the client certificate at the client side? I created a client certificate and added it to the keystore in the application server...
    If somebody should have an example of User Name- and Password-Based Mutual Authentication, I'd really apreciate it.
    Thanks, d3m0.

    Hi,
    I've almost the same problem.In an application based on Java Web Start, i try to attack a web service through HTTPS. Before the call of the web services, the client have discussed with the server through HTTPS, so the user have already accept the certificate (i use self-signed certificate too), i get the same exception.
    At the begining i've used classes from axis. I've found that axis doesn't want to support non trusted certificate. Some workaround were that the client access the private key of the server ... not really secure. So i've tried to use the JAX-RPC classes, always the exception.
    For the moment , we don't want to use trusted certificate and don't want to install on each user workstation the server certificate. I continue to investigate, if someone have some solution ? What i don't understand is why i've this exception altough i'm in a secure environment (JWS + user accepts the untrusted certificate).
    Sorry, i've never work on User Name- and Password-Based Mutual Authentication, but i think your exception come because of self-signed certificate.
    Regard,
    Pierre.

Maybe you are looking for

  • Printing multiple PDF files in Windows 7 at once

    When I had Windows XP I could select multiple pdf files in their folder then right click to print.  With Windows 7 this option is no longer there. I have searched everywhere for a solution to this problem.  I am not sure why Adobe (or Microsoft) took

  • DW cs4 not displaying correctly in IE9

    I built a site in DW cs4 it does not display properly in IE9, am I missing code? The website works great in Safari, FireFox, Google Chrome and then it goes wackie in IE9 ( and earlier IE) Here is the site: www.mexicobeachcharters.com Please help. jsw

  • My iPad just died...is there a reset switch?

    iPad is about a year and a half old.  Never had any problems.  I had been using it all night long and opened the cover.  NOTHING.  Black screen.  Tried the home and hold keys but still nothing.  I know the battery was about 80% charged.  I have tried

  • Authorization issue with iPod after replacing main computer hard drive

    Anyone know how to fix an authorization problem with iTunes? I've purchased several songs from them over the past couple of years, as well as the entire first season of Weeds. I just replaced my main hard drive since my old was going kaput, reloaded

  • Incoming payments(card payment) in biller direct not updating in SAP.

    Hi Friends, we are using the FSCM Biller direct for customer incoming payment.  we have maintained the payment method (incoming) and credit card number in customer master. every think is displaying in biller direct like open items and clear items.  B