Netscape Object Signing
Hi. I've been trying to figure this out for over a week now, and customer support at Thawte is not very helpful.
I purchased the netscape object signing certificate from Thawte. I used it to sign a .jar file compiled and archived by jdk1.1.8(using signtool 1.3). But when I try to load it I get "Applet testApplet class testApplet could not be loaded" If I try to load the unsigned .jar file, it loads fine. When I run the unsigned applet from a local hard drive, it actually asks for permission and can access routines out of the sandbox(and actually works), but when it is run from the server it stops asking for permission(does not work). In either case the signed applet does not load.
Thanks in advance for your help.
Certificate if purchased from Thawte. No security dialog. Using Netscape JVM (no plug-in installed on Netscape).
I don't know what you mean by java console...nothing loads on the browser, and the error message I mentioned in the first posting appears on the bottom of the browser.
Similar Messages
-
VeriSign Java Object Signing (Class 3) Digital ID
Hi,
I have a VeriSign Java Object Signing (Class 3) Digital ID.
How do i convert this to a file i can use for signing?
I previously had a '.p12' file and used jarsigner which worked.
Any help would be greatly appreciated!
Thanks,
JI just received our Verisign "Java Object Signing
(Class 3) Digital ID". When I try to import it I get
the following error:
keytool error: java.lang.Exception: Input not an X.509
certificate.
The command I am using to import the cert is :
keytool -import -alias pcs -file cert.cer -keystore
vs.keystore -trustcacerts
Any idea what I am doing wrong? I am using JDK 1.3,
do I need to upgrade to 1.4 to import certs currently
being provided by Verisign?
Thanks,
JimIf you did as I did and ordered a rsa certificate, you need to add the option
-keyalg rsa
to your command line.
lmd -
Code Signing certificate expired
Hello,
I please need an information about SGDEE 4.1 login applet: it seems
applet code signing certificate was expired on September 2, 2005.
I have no problem (after I deleted all expired root certificates from
local client repository) with Internet Explorer 6SP1, but Mozilla Firefox
always prompt me a warning with this contents:
Serial:
[62374265099632433790334794162326322759]
Issuer:
N=VeriSign Class 3 Code Signing 2001 CA,
OU=Terms of use at https://www.verisign.com/rpa (c)01,
OU=VeriSign Trust Network,
O="VeriSign, Inc."
Valid From: Wed Sep 01 02:00:00 CEST 2004,
To: Fri Sep 02 01:59:59 CEST 2005
Subject:
CN="Tarantella, Inc.",
OU=Digital ID Class 3 - Netscape Object Signing,
O="Tarantella, Inc.",
L=Santa Cruz,
ST=California,
C=US
Thank you very much in advance,
Best Regards,
Valerio MorozzoI know this is an older post, but it helped me find out how to make the migration procedure for native installer. I tried it with self signed certificate created by ADT tool and everything went fine.
But now, we obtained a commercial AIR signing certificate from Thawte and the process failes in step 3) ADT saying
'Certificate in PATH_TO_P12 could not be used to sign setup.msi' on Windows.
On mac, it says that signing native installer on OSX is not supported, so I skipped the signing option in step 3) and it worked fine.
I can skip the signing option on Windows as well and the process succeeds, but running the installer on machines with previous versions of application results in "Installer mis-configured' error message - the same error as if the migration process was not applied.
I already contacted Thawte if it is a certificate issue, reply from them was 'AIR certificate can only sign .air applications'. But when I build a native application directly from FlashBuilder and sign it with the Thawte certificate the whole process seem to succeed. The application can be installed on machines without previous version of the application. Those who already have the older version get the 'Installer mis-configured' error message.
I want to mark out again, that the same process but with a self signed certificate created with ADT, is successfull and the application can be installer as an update on machines with older version of the app. So I assume the workflow is correct.
Any ideas? Or somebody having the same issue?
Thanks -
Version 15 no longer allows copy to clipboard
We have been setting signed.applets.codebase_principal_support in FireFox to allow copying to the clipboard in Window XP and Windows 7. It has worked fine until version 15, and it no longer works. If we cannot use this feature, we will have to convert all of our users to IE or some other browser that allows us to do the copy.
So… of what I can tell so far, it is quite true that Firefox no longer allows scripts to access the clipboard, with the exception of making add-ons in the XUL environment. When I first ran into this problem in version 15 on a page I was running locally, the error returned was
A script from "file://" was denied UniversalXPConnect privileges
in response to the statement '''netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect')'''.
Nowadays, you’ll get
TypeError: netscape.security.PrivilegeManager is undefined
I first learned of this method of accessing the clipboard from [https://developer.mozilla.org/en-US/docs/Using_the_Clipboard one of the Mozilla Developer docs]. The article begins: “Mozilla provides a number of interfaces for accessing the clipboard”. I’ve not yet found any information about the other interfaces.
Thanks to Google, I did find a live link for [http://docs.oracle.com/cd/E19957-01/816-6171-10/ Netscape Object Signing: Establishing Trust for Downloaded Software], which [http://www.mozilla.org/projects/security/components/signed-scripts.html Signed Scripts in Mozilla] recommends reading before working with signed scripts. The Signed Scripts article says you should use Mozilla’s signtool, apparently from a suite of programs called [http://www.mozilla.org/projects/security/pki/nss/tools/ NSS tools]. It provides that link to the tools, but the only link for the signtool program is to the source code files that you must compile. The [http://www.mozilla.org/projects/security/pki/nss/tools/ man page] for the program is also at the Mozilla Developer Network. I’ll try to study this material soon and provide a more straightforward guide.
In the meantime, I found [http://forum.maxthon.com/viewthread.php?tid=79469 a forum] that talks about another approach to accessing the clipboard by way of saying '''[https://developer.mozilla.org/en-US/docs/Rich-Text_Editing_in_Mozilla document.designMode = “on”]'''. This makes every element editable, as though every element’s contentEditable property were assigned to true. In fact, both properties came from IE.
In the forum I linked to, there’s a JS example were '''designMode''' is turned on and a [https://developer.mozilla.org/en-US/docs/DOM/range Range] is used to select text. The command '''document.execCommand("copy", false, null)''' is intended to actually copy the text, but if you try this in Firefox, you’ll get
Error: Access to XPConnect service denied
I also tried toggling '''signed.applets.codebase_principal_support''' to '''true''' and restarting Firefox but, unfortunately, the JavaScript console still reports no '''PrivilegeManager''' property underneath '''netscape.security''', and '''document.execCommand''' gives its same error in '''designMode'''.
One popular workaround for allowing Firefox to add text to the clipboard is [http://jonrohan.github.com/ZeroClipboard/ ZeroClipboard], which uses an invisible flash movie. You can associate the movie with any element and it acts as a conduit for an element’s access to the event model. I’ve not used it yet, but the example works. -
Steps to create your own self signed certificate with java plugin working
You need two tools that comes with your jdk which are keytool and jarsigner.
Steps explain below in detail. Don't use netscape signtool, it will NEVER work!
* keytool -genkey -keyalg rsa -alias tstkey -keypass 2br2h2m -dname "cn=Test Object Signing Certificate, o=AI Khalil, ou=Java Products, c=AU"
cn = Certificate name
o = organistation
ou = organistation unit
c = country (first two letters)
If don't put the -dname, you can fill it line by line.
The -keypass has to be verify at the end, and you have to wait for it to create the rsa signing keys.
On NT by default it will put the alias information at D:\WINNT\Profiles\Administrator (if log in as administrator) with the default file called ".keystore". Windows 98 etc, don't know, search for .keystore
file. When you update it, check for the timestamp change and you know if you at the right spot.
You can store your alias information via the -storepass option to your current directory you work on, if you don't want to update the default .keystore file?
The .keystore contains a list of alias so you don't have to do this process again and again.
Another tip if you want your certificate encryption validity to be more than the default one month is simply
add the -validity <valDays>, after the -genkey option, to make your certificate usage for encryption to last much longer.
Note: You MUST use the -keyalg rsa because for starters the rsa encyption alogorthim is supported on ALL browsers instead of the default DSA and the other one SHA. Java plugins must work with the RSA algorthim when signing applets, else you will get all sorts of weird errors :)
Do not use signtool because thats a browser dependant solution!! Java plugin is supposed to work via running it owns jre instead of the browser JVM. So if you going to use netscape signtool, it starts to become a mess! ie certificate will install, but applet won't start and give you funny security exception errors :)
* keytool -export -alias tstkey -file MyTestCert.crt
It will read the alias information in the .keystore information picking up the rsa private/public keys info and
create your self sign certificate. You can double click this certificate to install it? But don't think this step is needed but maybe for IE? Someone else can check that part.
If you make a mistake with the alias, simply keytool -delete -v -alias <your alias key>
If not in default .keystore file, then simply keytool -delete -v -alias <your alias key> -keystore <your keystore filename>
* Put your classes in your jar file, my example is tst.jar.
* jarsigner tst.jar tstkey
Sign your testing jar file with your alias key that supports the RSA encryption alogorthim.
* jarsigner -verify -verbose -certs tst.jar
Check that its been verified.
The last step is the most tricky one. Its to do with having your own CA (Certified Authority) so you don't
have to fork out money straight away to buy a Verisign or Twarte certificate. The CA listing as you see in
netscape browsers under security/signers, is NOT where the plugin looks at. The plugin looks at a file called
CACERTS. Another confusion is that the cacerts file is stored in your jre/lib/security AND also at your
JavaSoft/Jre/<Java version>/lib/security. When you install the Java plugin for the first time in uses your
JavaSoft folder and its the cacerts file that has to be updated you add your own CA, because thats where
the plugin look at, NOT THE BROWSER. Everything about plugin is never to do with the browser!! :)
* keytool -import -file MyTestCert.crt -alias tstkey -keystore "D:\Program Files\JavaSoft\JRE\1.3.1\lib\security/cacerts"
Off course point to your own cacerts file destination.
Password to change it, is "changeit"
Before you do this step make a copy of it in its own directory in case you do something silly.
This example will add a CA with alias of my key called "tstkey" and store to my example destination.
* keytool -list -v -keystore "E:/jdk/jdk1.3/jre/lib/security/cacerts"
List to see if another CA is added with your alias key.
Your html, using Netscape embed and Internet explorer object tags to point to the java plugin,
your own self sign applet certificate should work
Cheers
Abraham KhalilI follow Signed Applet in Plugin, and it's working on
my computer. Thanks
But When I open my applet from another computer on
network, why it does not work ..?
How to make this applet working at another computer
without change the policy file ..?
thanks in advance,
AnomYou must install the certificate on that computers plugin. Can this be done from the web? can anyone suggest a batch file or otherwise that could do this for end users?
I want a way for end users to accept my cert as Root or at least trust my cert so I dont have to buy one. I am not worried about my users refusing to accept my cert. just how do I make it easy for them? IE you can just click the cert from a link, but that installs for IE, and not the plugin where it needs to be. -
Verisign signed JAR and HotJava
The verisign signed JAR panel comes up
on Opera 5.12 when loading the verisign signed JAR through the APPLET tag and under netscape 6.1 via the HTMLconverter stuff. Thats good but
Under HotJava nothing happens? It thinks its not signed.
What do I need to do? We want to recommend HotJava
period.
[email protected]Sorry if have not been specific enough.
Verisign is providing an object signing certificate, which is supported by either Netscape, IE or browsers implementing the appropriate interfaces (like Opera).
HotJAVA afaik does not support this specific type.
Additionally, looking at the HotJAVA web site there is no indication that it does.
If you would like to have a signed applet working with HotJAVA you should generate your certs with the keytool and import it in the keystore on your clients so you are able to sign your applets the SDK way.
Again, the Verisign x509.v3 object signing cert does not seem to be supported, nor should be Thawte's or any other commercial CA.
Oliver -
Javascript security problem in IE/Netscape
I am facing with the javascript security problem in IE/Netscape. I have solved this problem partially, but there are more issues involved.
Here's the scenario:
There is an HTML page on client's hard disk (main.htm) containing two frames:
frame 1 contains a page that lies that is deployed from my server, say
src="http://127.0.0.1:8080/MyApplication.htm"
frame 2 contains a page that lies on the client's server, say
src="http://www.clientside.com/clientPage.htm"
My page in frame 1 wants to access the URL of the page in frame 2 (through a button click, say ). This is done in MyApplication.htm through javascript as:
window.parent.frame2.location.href;
Now when the above line is executed, i get the following error:
In IE(5.0): "permission denied"
In Netscape(4.7): "access disallowed from scripts at http://127.0.0.1:8080/MyApplication.htm to documents at another domain."
(which is understandable)
I have partially solved the above problem in Netscape, by granting access permissions to MyApplication.htm (page on my server) to access the
"http://www.clientside.com/clientPage.htm" page at client's domain.
This is done as follows:
1. First enable code base principals in client's Netscape by adding the following line in prefs.js file of Netscape
"user_pref("signed.applets.codebase_principal_support", true);"
2. Secondly i must add the following line in java script of "MyApplication.htm"
"netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserAccess");"
Now when the client clicks the button on my frame he'll get a netscape window asking him to grant permissions to MyApplication.htm.
After granting permission, MyApplication.htm can retrieve the URL of clientPage.htm (even if he browses to another url)
As you can see this problem is solved partially, but i want that the page "main.htm" (which is now on the client's hard disk),
must be deployed at client's server (in which case not even the above technique works).........what should i do? any alternates or other solution?
Secondly i want this to work with IE too, (which should according to their documentation, but does not and is therfore a big IE bug-as mentioned on the net)
Any sort of help in this case would greatly appreciated.
Thanks
Faisal Moin Khani believe you are posting in the wrong forum.
This forum is foro XML web services. -
Signing Bouncy Castle or third party provider's jar file with signtool
Hi,
I am using JDK 1.4.2 and bouncy castle as a provider for RSA.
It worked fine until recently when my company asked me to compile and build the jar from the source code from bouncy castle, instead of using the binary version provided in their website.
But I only have a certificate obtained from Verisign. So I used signtool 1.3 from netscape to sign the jar file, which could be verified by jarsigner. But when use this one signed by my company's certificate. it didn't work. The exception is
java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/
ECB/PKCS1Padding
at javax.crypto.Cipher.getInstance(DashoA6275)
When I switch back to the signed jar file provided by bouncy castle, everything worked ok again.
It looks that jar file is not recognized properly.
Can anyone tell me if I can use the signtool to sign the provider's jar file? Or I have to sign with jarsigner?
Thanks for the help.Thanks for your reply.
I am reluctant to use the lightweight crypto API
becaues it will be difficult to switch to anther
service provider.True. However, if you switch to another Provider, you'll have the same trouble you're having with BC regarding rebuilding from source.
In BC's website, they don't have "cleanroom" JCE
listed for JDK 1.4
Can you give some resource for that?Hmmm - no, I can't. I haven't needed the cleanroom impl, so I stopped paying attention to it. I do't know if BC is working on a 1.4-compatible one or not. You might post a note to the dev-crypto mailing list BC runs.
Can I sign BC's jar file by my JCE certificate if I
obtain one from SUN?Unless you're recognized by Sun as a company that does significant security development, you will NOT get a security-signing cert. Several of us have already made the attempt.
The net is, what your bosses are asking for is unreasonable, and is preventing you from getting your job done. If they continue to insist that you build your security code from source, then your CANNOT use the JCE structure, period. In that case, you might as well use the BC lightweight API.
Grant -
I have a code signing certificate from StartSSL.com.
After validation I only get a yellow question mark in the application installer.
That is already better than the red exclamation mark with a self-signed certificate.
Can someone give me an example of an AIR application out there that has ALL GREEN in the install dialog?
What certification authority do I need to sign up with to get an ALL GREEN installation dialog?
Thanks,
DavidHy David, this is an answer I got from StartSSL.
Have you tried to install your application using the Adobe AIR 2.0 Runtime? It would be interesting to know, how your install dialog looks there.
Hi Beat,
On 05/10/2010 08:22 PM, From Beat Besmer:
Dear Sir or Madam
I have a rather simple question: Will I be able to sign an Adobe AIR Application with the “Start SSL Verified” Object Sign Feature? I have not found any information on this on your Website or the FAQs.
It depends what the basis for the trust anchor is, but I suspect since Adobe doesn't support the StartCom root yet, there will be probably a warning for this type of application.
So far Windows, Apple and Mozilla applications and extensions are supported.
Regards
Signer:
Eddy Nigg, COO/CTO
StartCom Ltd.
Twitter:
Follow StartSSL™
XMPP:
[email protected]
Phone:
+1.213.341.0390 -
Dear all,
I found a free Code Signing website (http://www.ascertia.com/OnlineCA/codesign.aspx?linkID=40) and I followed their guide (How does object signing work with Ascertia Code Signing Digital IDs). In the step 4 in their guide, I met blow error message.
C:> keytool �import �alias MyCert �file TestNew.cer
keytool error: java.lang.Exception: Failed to establish chain from reply
If someone available could you visit their website and test their free code signing service? I�m not sure about where is the source of this error, my side or their side. If someone success the code sign their site, can you explain your steps? I will appreciate your reply.
Thank you,Hi,
what file format did you use when you exported the certificates? I used p7b and when it asked to browse for the file , i used the same file (certficate) that was generated by ascertia site. am i doing the right thing?? after i exported all the certificates, i used the import command to import my certificate which is the p7b file, and i got the error message public keys in reply and keystore dont match.
according to their instructions, it mentions that I should submit the CSR that i get after i execute certreq command , then save the CSR as .cer then execute the import command. I got the error message, failed to establish chain from reply.
so i followed your instructions about the p7b file, and it didnt work for me. i might be doing something wrong when i export the certificates.
could you please give me instructions on how to do that.
I appreciate your help.
Thanks
M -
Trusted Midlet and midelt Signing
Hi,
Am fairly new to this concept.. i have just finished developing an network based application and when I try to run it on a Sony Ericsson phone I keep getting a securityexception..
this can be avoided by making my midlte a trusted one.. for that I probably need to obtain a certificate from verisign or thwate... however i am not sure about the exact procedure..
i will probably get the certificate but then how do I use that to sign my midlet.. and what abt the key - value pair, or will that come with the certificate.. do i need to include this certificate as a part of my jar?
am sorry if i sound daft.. the thing is am clueless and i need some serious guidance from some of the gurus out there..
appreciate your help and patience..
thanks.Hi there,
I finally managed to secure a Java Object Signing certificate from Verisign, however beyond that I have not been able to make any progress...
I followed the steps exactly as outlined in the Eclipse ME guide for midlet signing.. let me just recollect the exact steps..
1. Generate the keys. By using the keytool -keygen option
2. Generate the cert reg and send to verisign
3. After verisign sends the certificate, import it back into the key store..
4. Use the key store now to sign the jar and jad (2 steps here, one for computing checksum, 2nd for signing the jad)
After all this.. when i try and install this midlet on my nokia phone.. it refuses to install.. goes on to the last stage and says security error unable to install..
Tried installing it on a sony ericsson.. it refuses to recognize the jad file itself.. just throws an error saying download failed..
am so lost as to what could be going wrong..
maybe its worth a mention - when I tried importing the certificate into my keystore it threw this warning..
Certificate fingerprints:
MD5: << some numbers >>
SHA1: << some numbers >>
... is not trusted. Install reply anyway? [no]: yes
Certificate reply was installed in keystore
What could be going wrong.. the certificate? or am i missing a step? please help.. -
How do I set up my own certificate authority
I tried google on the above question, and the most recent thing I found was 7 years old. replacing the phrase used generates a lot of hits with a very poor signal to noise ratio.
I have OpenSSL (in the cygwin distribution), which is quite recent, but frankly its documentation leaves just about everything to be desired. I found pyca, but it has no documentation at all (and it is a couple years old).
I tried the steps appended below, but invariably the attempt to sign the certificates fails with an obscure error message about OpenSSL not finding one thing or another.
At this stage, I just don't care whether I do this using something in the J2SDK such as keytool or OpenSSL, as long as I can get it done. Or if there is some other opensource software tool I can use, terrific. This is primarily for the purpose of securing communications within an Intranet, and secondarily for signing applets and applications distributed through WebStart. If I am not mistaken, I'll need a certificate for each of my servers. Right?
If you know of an URL where this is well explained and illustrated, great. Give that to me.
Otherwise, a simple illustration (or a correction of what I've appended below) would be appreciated. I believe I understand what ought to be happening. It ought to be rather simple to do, but there are these irritating and frustrating minor details getting in the way. For example, the steps I show below seem simple, but everything appears to get messed up by some of the contents of openssl.cnf in 'usr/ssl', in the cygwin directory, and there is no explanation of how to set things up for the first time you use OpenSSL within Cygwin (or on unix for that matter).
Any assistance would be appreciated.
Thanks,
Ted
========failed attempt=====================
# Generation of Certificate Authority(CA)
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -config /usr/ssl/openssl.cnf
# Create server request and key
openssl req -new -keyout server-key.pem -out server-req.pem -days 36502 -config /usr/ssl/openssl.cnf
# Remove the passphrase from the key
openssl rsa -in server-key.pem -out server-key.pem
# Sign server cert
openssl ca -policy policy_anything -out server-cert.pem -infiles server-req.pem -config /usr/ssl/openssl.cnf
# Create client request and key
openssl req -new -keyout client-key.pem -out client-req.pem -days 36502 -config /usr/ssl/openssl.cnf
# Remove a passphrase from the key
openssl rsa -in client-key.pem -out client-key.pem
# Sign client cert
openssl ca -policy policy_anything -out client-cert.pem -infiles client-req.pem -config /usr/ssl/openssl.cnfThe following works for me:
NB: Some of the output has been removed in the interests of privacy (this will not affect the outcome)
1. Create CA key and certificate
1.1 Create a new file called "serial" containing the value "01".
1.2 Create an empty file "index.txt"
1.3 Create a subdirectory "newcerts"
1.4 Execute.... create a key for your CA
[ben@localhost ca]$ openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
.....................................+++
..........................................................+++
e is 65537 (0x10001)
1.5 Execute... create a certificate for your own CA
[ben@localhost ca]$ openssl req -config ./openssl.cnf -new -x509 -key ca.key -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:
County or State (full name) []:
City or town (eg, Hitchin) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
2. Create PK key and .csr
2.1 Execute...
[ben@localhost ca]$ keytool -genkey -alias PK
Enter keystore password: password
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=, OU=, O=, L=, ST=, C=GB correct?
[no]: yes
Enter key password for <PK>
(RETURN if same as keystore password):
2.2 Create .csr
[ben@localhost ca]$ keytool -certreq -alias PK -file PK.csr
Enter keystore password: password
3. Sign PK with CA cert
[ben@localhost ca]$ openssl ca -config ./openssl.cnf -in PK.csr -out PK.pem -keyfile ca.key -days 365
Using configuration from ./openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 0 (0x0)
Validity
Not Before: Jan 5 19:48:33 2006 GMT
Not After : Jan 5 19:48:33 2007 GMT
Subject:
countryName = GB
stateOrProvinceName =
organizationName =
organizationalUnitName =
commonName =
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
D6:2D:7E:71:77:9E:1A:BB:54:69:98:63:6A:6A:E2:BA:12:C4:D7:DD
X509v3 Authority Key Identifier:
keyid:92:7C:33:7C:EC:1D:76:C5:B8:F0:30:6D:10:12:40:E5:E7:EA:24:31
DirName:/C=GB/ST=/L=/O=/OU=/CN=/emailAddress=
serial:F0:D1:38:36:65:6D:71:D5
Certificate is to be certified until Jan 5 19:48:33 2007 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
4. Convert PK certificate into DER format
[ben@localhost ca]$ openssl x509 -in PK.pem -out PK.der -outform DER
5. Import CA certificate into keystores
[ben@localhost ca]$ keytool -import -alias ca -file cacert.pem
Enter keystore password: password
Owner: EMAILADDRESS=, CN=, OU=, O=, L=, ST=, C=GB
Issuer: EMAILADDRESS=, CN=, OU=, O=, L=, ST=, C=GB
Serial number: f0d13836656d71d5
Valid from: Thu Jan 05 19:41:09 GMT 2006 until: Fri Jan 05 19:41:09 GMT 2007
Certificate fingerprints:
MD5: AF:3D:8E:25:12:24:04:1F:40:70:BC:A0:9E:0E:44:84
SHA1: B8:E8:0B:A5:86:33:21:0C:B5:3C:6E:F2:DE:7B:31:0F:59:AE:21:E4
Trust this certificate? [no]: yes
Certificate was added to keystore
6. Import signed PK into keystore
[ben@localhost ca]$ keytool -import -alias pk -file PK.der
Enter keystore password: password
Certificate reply was installed in keystore
REF:
http://www.yorku.ca/dkha/docs/jsse_cert/jsse_cert.htm
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
http://www.openssl.org/docs/apps/ca.html#
openssl.cnf:#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = . # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
#crlnumber = $dir/crlnumber # the current crl number must be
# commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
# we use PrintableString+UTF8String mask so if pure ASCII texts are used
# the resulting certificates are compatible with Netscape
string_mask = MASK:0x2002
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = GB
countryName_min = 2
countryName_max = 2
stateOrProvinceName = County or State (full name)
stateOrProvinceName_default =
localityName = City or town (eg, Hitchin)
localityName_default =
0.organizationName = Organization Name (eg, company)
0.organizationName_default =
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always -
In SSL Handshake : failed extension check error
Hi all,
Could anyone help in this?
Im facing a problem in SSL handshaking using JSSE, J2SDK1.4.
The CertificateException message is :
Invalid Netscape CertType extension for SSL client
And the source of error is : failed extension check
The following is the trace SSL Server.
D:\users\Jp\java\jssesamples\sockets\server\class>java -Djavax.net.debug=SSL,handshake,data,trustmanager ClassFileServer 1089
. TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
found key for : serverkey
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
adding private entry as trusted cert: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
adding as trusted cert: [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
trigger seeding of SecureRandom
done seeding SecureRandom
matching alias: serverkey
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 74
0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
0020: 12 00 00 03 02 00 80 00 00 11 3D 94 3D E6 6A 85 ..........=.=.j.
0030: 4E 4B 5F DC 11 A2 3C F3 59 F7 1E 96 93 87 31 6A NK_...<.Y.....1j
0040: CD 2B 58 8A A1 7E A4 7D C5 C7 .+X.......
Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
*** ClientHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 106, 133, 78, 75, 95, 220, 17, 162, 60, 243, 89, 247, 30, 150, 147, 135, 49, 106, 20
5, 43, 88, 138, 161, 126, 164, 125, 197, 199 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_
CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES4
0_CBC_SHA]
Compression Methods: { 0 }
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 163, 141, 218, 216, 192, 179, 129, 194, 37, 124, 119, 173, 229, 90, 173, 39, 166, 16
6, 58, 146, 118, 120, 174, 234, 161, 101, 91, 104 }
Session ID: {61, 148, 61, 230, 252, 82, 216, 137, 71, 131, 250, 161, 21, 201, 221, 98, 131, 132, 212, 15, 253, 235, 102, 35,
90, 154, 189, 159, 119, 125, 204, 167}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN>
<CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In>
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 1970
0000: 02 00 00 46 03 01 3D 94 3D E6 A3 8D DA D8 C0 B3 ...F..=.=.......
0010: 81 C2 25 7C 77 AD E5 5A AD 27 A6 A6 3A 92 76 78 ..%.w..Z.'..:.vx
0020: AE EA A1 65 5B 68 20 3D 94 3D E6 FC 52 D8 89 47 ...e[h =.=..R..G
0030: 83 FA A1 15 C9 DD 62 83 84 D4 0F FD EB 66 23 5A ......b......f#Z
0040: 9A BD 9F 77 7D CC A7 00 04 00 0B 00 06 35 00 06 ...w.........5..
0050: 32 00 03 0A 30 82 03 06 30 82 02 6F A0 03 02 01 2...0...0..o....
0060: 02 02 01 11 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 98 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0090: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
00A0: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
00B0: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
00C0: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
00D0: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
00E0: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
00F0: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
0100: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 30 1E ficate Manager0.
0110: 17 0D 30 32 30 39 32 37 30 37 30 36 34 34 5A 17 ..020927070644Z.
0120: 0D 30 33 30 39 32 37 30 37 30 36 34 34 5A 30 81 .030927070644Z0.
0130: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
0140: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
0150: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
0160: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
0170: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
0180: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
0190: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
01A0: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
01B0: 41 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 A0..0...*.H.....
01C0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 A5 66 .......0.......f
01D0: A2 53 DE A9 94 5F 48 C1 4B 67 E2 A8 AE EB 86 40 .S..._H.Kg.....@
01E0: F0 BD 58 94 1E 25 7F B3 AA A5 FB 9D B7 33 DB 6C ..X..%.......3.l
01F0: 5A 21 2D 95 44 5E 5A 28 AB 59 40 0C C2 D2 CC EE Z!-.D^Z(.Y@.....
0200: C8 74 DD 62 25 43 5C CE 79 FF 6D 9B 04 25 8E BD .t.b%C\.y.m..%..
0210: 05 9C 9C D6 55 DC 13 23 98 C5 5D 5C 01 5F D6 54 ....U..#..]\._.T
0220: 34 22 20 CE A1 AE C8 0C B4 FC 03 4D 2B C8 2B 54 4" ........M+.+T
0230: 3A 98 50 33 11 2F 27 C2 60 9E F9 40 52 26 05 A9 :.P3./'.`..@R&..
0240: B6 E8 F4 73 1A B0 E9 11 EF C3 23 D9 1D FB 02 03 ...s......#.....
0250: 01 00 01 A3 76 30 74 30 11 06 09 60 86 48 01 86 ....v0t0...`.H..
0260: F8 42 01 01 04 04 03 02 06 40 30 0E 06 03 55 1D [email protected].
0270: 0F 01 01 FF 04 04 03 02 04 F0 30 1F 06 03 55 1D ..........0...U.
0280: 23 04 18 30 16 80 14 61 03 42 D0 1B 10 56 EE 2E #..0...a.B...V..
0290: F1 24 61 D5 25 B3 31 03 27 85 AA 30 2E 06 03 55 .$a.%.1.'..0...U
02A0: 1D 11 04 27 30 25 81 23 63 6F 73 6C 74 65 6D 70 ...'0%.#cosltemp
02B0: 2E 6A 61 79 61 70 72 61 6B 61 73 68 40 6F 72 62 .jayaprakash@orb
02C0: 69 74 65 63 68 2E 63 6F 2E 69 6E 30 0D 06 09 2A itech.co.in0...*
02D0: 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 39 C0 .H............9.
02E0: C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 51 AF .94*RlGH......Q.
02F0: DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 E9 94 .CT.4...bp.%....
0300: EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 32 28 .....(..b.4..d2(
0310: 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 94 6D Z.N......$-(...m
0320: F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 9F F1 ...4.cp.M8y.....
0330: C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A 7C EE .h........0.....
0340: 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D D9 B2 .2.^.Y.<....5...
0350: F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F 00 03 ........`.".._..
0360: 22 30 82 03 1E 30 82 02 87 A0 03 02 01 02 02 01 "0...0..........
0370: 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 .0...*.H........
0380: 30 81 98 31 0B 30 09 06 03 55 04 06 13 02 49 6E 0..1.0...U....In
0390: 31 14 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 1.0...U....Mahar
03A0: 61 73 68 74 72 61 31 18 30 16 06 03 55 04 07 13 ashtra1.0...U...
03B0: 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 45 50 5A .Andheri / SEEPZ
03C0: 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 62 69 74 1#0!..U....Orbit
03D0: 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 20 4C 69 ech Solutions Li
03E0: 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 0B 13 04 mited1.0...U....
03F0: 51 50 45 47 31 25 30 23 06 03 55 04 03 13 1C 4F QPEG1%0#..U....O
0400: 72 62 69 74 65 63 68 20 43 65 72 74 69 66 69 63 rbitech Certific
0410: 61 74 65 20 4D 61 6E 61 67 65 72 30 1E 17 0D 30 ate Manager0...0
0420: 32 30 37 31 38 31 39 30 30 30 30 5A 17 0D 32 38 20718190000Z..28
0430: 30 37 31 38 31 39 30 30 30 30 5A 30 81 98 31 0B 0718190000Z0..1.
0440: 30 09 06 03 55 04 06 13 02 49 6E 31 14 30 12 06 0...U....In1.0..
0450: 03 55 04 08 13 0B 4D 61 68 61 72 61 73 68 74 72 .U....Maharashtr
0460: 61 31 18 30 16 06 03 55 04 07 13 0F 41 6E 64 68 a1.0...U....Andh
0470: 65 72 69 20 2F 20 53 45 45 50 5A 31 23 30 21 06 eri / SEEPZ1#0!.
0480: 03 55 04 0A 13 1A 4F 72 62 69 74 65 63 68 20 53 .U....Orbitech S
0490: 6F 6C 75 74 69 6F 6E 73 20 4C 69 6D 69 74 65 64 olutions Limited
04A0: 31 0D 30 0B 06 03 55 04 0B 13 04 51 50 45 47 31 1.0...U....QPEG1
04B0: 25 30 23 06 03 55 04 03 13 1C 4F 72 62 69 74 65 %0#..U....Orbite
04C0: 63 68 20 43 65 72 74 69 66 69 63 61 74 65 20 4D ch Certificate M
04D0: 61 6E 61 67 65 72 30 81 9F 30 0D 06 09 2A 86 48 anager0..0...*.H
04E0: 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 ............0...
04F0: 81 81 00 DC 3A 63 36 00 7B F1 7C C4 C0 6B 52 1F ....:c6......kR.
0500: 4B 71 46 28 3E C0 C3 B9 0B E9 FB 2D CA 7F E3 90 KqF(>......-....
0510: 84 60 60 C3 3B C3 B1 0F 9F CF 5C 3B 6E 3C C4 6D .``.;.....\;n<.m
0520: BD 11 12 9F A5 A7 FE EE 1A 4C 67 9E D7 BE 1B 1E .........Lg.....
0530: 1C C5 5A 0F 42 B1 4A 88 CA 49 13 02 0F 3F 79 EE ..Z.B.J..I...?y.
0540: A2 86 4D 88 3D 98 48 30 2E AB A4 D1 6B 9B 95 39 ..M.=.H0....k..9
0550: 81 03 CA 1C 7D 14 8E EB 9D CB 09 C5 BD 50 58 A0 .............PX.
0560: 52 81 5C DD E9 09 EC BD 83 05 24 10 73 68 A5 5A R.\.......$.sh.Z
0570: 44 4B 09 02 03 01 00 01 A3 76 30 74 30 11 06 09 DK.......v0t0...
0580: 60 86 48 01 86 F8 42 01 01 04 04 03 02 00 D7 30 `.H...B........0
0590: 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF ...U.......0....
05A0: 30 1D 06 03 55 1D 0E 04 16 04 14 61 03 42 D0 1B 0...U......a.B..
05B0: 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA 30 .V...$a.%.1.'..0
05C0: 1F 06 03 55 1D 23 04 18 30 16 80 14 61 03 42 D0 ...U.#..0...a.B.
05D0: 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA ..V...$a.%.1.'..
05E0: 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 86 0...U...........
05F0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0600: 81 81 00 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 ..........EL....
0610: 86 B9 37 BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D ..7.;O..].;p5...
0620: 54 B7 89 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B T..[J2..aZ...$..
0630: F4 23 40 D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 .#@.M.Sz.NN...:W
0640: EF 43 02 C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 .C..........t%S.
0650: 7B 38 2F 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D .8/\..p..._..<U-
0660: FF 2A FB 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA .*....*....]_6..
0670: 57 EF 74 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 W.t...R...h..N..
0680: A2 0C 7F 0D 00 01 27 02 01 02 01 22 00 83 30 81 ......'...."..0.
0690: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
06A0: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
06B0: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
06C0: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
06D0: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
06E0: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
06F0: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
0700: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
0710: 41 00 9B 30 81 98 31 0B 30 09 06 03 55 04 06 13 A..0..1.0...U...
0720: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0730: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
0740: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
0750: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
0760: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
0770: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
0780: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
0790: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
07A0: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 0E 00 ficate Manager..
07B0: 00 00 ..
Thread-1, WRITE: TLSv1 Handshake, length = 1970
Thread-1, READ: TLSv1 Handshake, length = 1727
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
failed extension check: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
ext exception was: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
Thread-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-1, WRITE: TLSv1 Alert, length = 2
Thread-1, called closeSocket()
Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape
CertType extension for SSL client
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL cli
ent
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)I'm having a related problem. It only occurs on the 1.4.1 version of the JRE. The 1.4.0 works fine. I've created my own custom socket for an RMI server that uses SSL to encrypt any data being sent. I have a valid certificate that works fine to encrypt data from my web server. The client gets the same exception that was posted above. Here is the stack trace on the client's machine if they are running the 1.4.1 JRE:
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
at com.msfw.imageserver.RMIServer_Stub.processRequest(Unknown Source)
at com.msfw.business.Server.rmiQuery(Server.java:389)
at com.msfw.business.Server.callServer(Server.java:540)
at com.msfw.business.Server.callServer(Server.java:523)
at com.msfw.business.Server.callServer(Server.java:518)
at com.msfw.business.Server.callServer(Server.java:572)
at com.msfw.business.Server.callServer(Server.java:578)
at com.msfw.idwebview.IdViewApplet.callServer(IdViewApplet.java:6058)
at com.msfw.idwebview.IdViewApplet.appletRun(IdViewApplet.java:889)
at com.msfw.idwebview.IdViewApplet.start(IdViewApplet.java:1177)
at com.msfw.splash.SplashApplet.init(SplashApplet.java:101)
at sun.applet.AppletPanel.run(AppletPanel.java:347)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
... 15 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
... 26 more
I also created my own homemade certificate and get the same results. Like I said before, the 1.4.0 JRE doesn't do this so it seems to be a new bug in the 1.4.1. Does anyone know how to get around this or what is causing this problem? Thanks. -
Applet hangs during https communication
I have an application using applet to servlet communication,the https communication is established by URLConnection.However after certain time of communication the applet just hangs at getOutputStream .without any error or exception.
The environment is JRE 1.4.2_07 and Tomcat with SSL enabled.I spent lot of time tracking this bug but could not find any answer.
I want to bring to your notice that getOutputStream() hangs or blocks only for https but works fine with http,also not during start of applet but after changing the applet state.I assume it may not be the problem from URLConnection may be the applet looses the https authentication during state change and hangs in connect or getOutputStream().we are considering to move to HttpClient but not sure if its going to resolve this problem.Any ideas ar appreciated.
many thanks.As requested here is the full trace , marked in bold where the communication is hanging.The applet has loaded twice in this case. Any comments will be helpful as its very urgent.
Java(TM) Plug-in: Version 1.4.2_07
Using JRE version 1.4.2_07 Java HotSpot(TM) Client VM
User home directory = C:\Dokumente und Einstellungen\jmohammad.SSOL
Loading user-defined proxy configuration ...
Done.
Loading proxy configuration from Internet Explorer ...
Done.
Loading direct proxy configuration ...
Done.
Proxy Configuration: No proxy
Cache is disabled by user
Dump system properties ...
acl.read = +
acl.read.default =
acl.write = +
acl.write.default =
application.home = C:\PROGRA~1\Java\J2RE14~1.2_0
awt.toolkit = sun.awt.windows.WToolkit
browser = sun.plugin
browser.vendor = Sun Microsystems, Inc.
browser.version = 1.1
deployment.browser.path = C:\Programme\Internet Explorer\iexplore.exe
deployment.browser.vm.iexplorer = true
deployment.browser.vm.mozilla = true
deployment.cache.max.size = 0
deployment.console.startup.mode = SHOW
deployment.javapi.cache.enabled = false
deployment.javapi.jre.1.5.0_05.args =
deployment.javapi.jre.1.5.0_05.osarch = x86
deployment.javapi.jre.1.5.0_05.osname = Windows
deployment.javapi.jre.1.5.0_05.path = C:\Programme\Java\jre1.5.0_05
deployment.javapi.lifecycle.exception = true
deployment.javaws.jre.0.enabled = true
deployment.javaws.jre.0.location = http://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.osarch = x86
deployment.javaws.jre.0.osname = Windows
deployment.javaws.jre.0.path = C:\Programme\Java\j2re1.4.2_07\bin\javaw.exe
deployment.javaws.jre.0.platform = 1.4
deployment.javaws.jre.0.product = 1.4.2_07
deployment.javaws.jre.0.registered = true
deployment.javaws.jre.1.enabled = true
deployment.javaws.jre.1.location = http://java.sun.com/products/autodl/j2se
deployment.javaws.jre.1.osarch = x86
deployment.javaws.jre.1.osname = Windows
deployment.javaws.jre.1.path = C:\IDE\jdk1.3.1\jre\bin\javaw.exe
deployment.javaws.jre.1.platform = 1.3
deployment.javaws.jre.1.product = 1.3.1
deployment.javaws.jre.1.registered = true
deployment.javaws.jre.2.enabled = true
deployment.javaws.jre.2.location = http://java.sun.com/products/autodl/j2se
deployment.javaws.jre.2.osarch = x86
deployment.javaws.jre.2.osname = Windows
deployment.javaws.jre.2.path = C:\Programme\Java\jre1.5.0_05\bin\javaw.exe
deployment.javaws.jre.2.platform = 1.5
deployment.javaws.jre.2.product = 1.5.0_05
deployment.javaws.jre.2.registered = true
deployment.javaws.splash.cache = C:\Dokumente und Einstellungen\jmohammad\Anwendungsdaten\Sun\Java\Deployment\javaws\cache\splashes\splash.xml
deployment.javaws.splash.index = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\cache\javaws\splash\splash.xml
deployment.javaws.version = javaws-1.4.2_07
deployment.javaws.viewer.bounds = 0,0,687,497
deployment.system.cacerts = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
deployment.system.home = C:\WINDOWS\Sun\Java\Deployment
deployment.system.jssecacerts = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
deployment.system.profile = C:\WINDOWS
deployment.system.security.policy = file:/C:/WINDOWS/Sun/Java/Deployment/security/java.policy
deployment.system.tray.icon = true
deployment.user.cachedir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\cache
deployment.user.certs = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\security\deployment.certs
deployment.user.extdir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\ext
deployment.user.home = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment
deployment.user.jssecerts = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\security\deployment.jssecerts
deployment.user.logdir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\log
deployment.user.profile = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten
deployment.user.security.policy = file:/C:/Dokumente%20und%20Einstellungen/jmohammad.SSOL/Anwendungsdaten/Sun/Java/Deployment/security/java.policy
deployment.user.tmpdir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\cache\tmp
deployment.version = 1.5.0
file.encoding = Cp1252
file.encoding.pkg = sun.io
file.separator = \
file.separator.applet = true
http.agent = Mozilla/4.0 (Windows XP 5.1)
http.auth.serializeRequests = true
https.protocols = SSLv3,SSLv2Hello
java.awt.graphicsenv = sun.awt.Win32GraphicsEnvironment
java.awt.printerjob = sun.awt.windows.WPrinterJob
java.class.path = C:\PROGRA~1\Java\J2RE14~1.2_0\classes
java.class.version = 48.0
java.class.version.applet = true
java.endorsed.dirs = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\endorsed
java.ext.dirs = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\ext
java.home = C:\PROGRA~1\Java\J2RE14~1.2_0
java.io.tmpdir = C:\DOKUME~1\JMOHAM~1.SSO\LOKALE~1\Temp\
java.library.path = C:\Programme\Internet Explorer;.;C:\WINDOWS\system32;C:\WINDOWS;C:\Programme\Internet Explorer;;C:\j2sdk1.4.2\bin;C:\apache-ant-1.5.3\bin;C:\oracle\ora92\bin;C:\Programme\Oracle\jre\1.3.1\bin;C:\Programme\Oracle\jre\1.1.8\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\ULTRAE~1;C:\tools
java.protocol.handler.pkgs = sun.plugin.net.protocol|sun.plugin.net.protocol
java.runtime.name = Java(TM) 2 Runtime Environment, Standard Edition
java.runtime.version = 1.4.2_07-b05
java.specification.name = Java Platform API Specification
java.specification.vendor = Sun Microsystems Inc.
java.specification.version = 1.4
java.util.prefs.PreferencesFactory = java.util.prefs.WindowsPreferencesFactory
java.vendor = Sun Microsystems Inc.
java.vendor.applet = true
java.vendor.url = http://java.sun.com/
java.vendor.url.applet = true
java.vendor.url.bug = http://java.sun.com/cgi-bin/bugreport.cgi
java.version = 1.4.2_07
java.version.applet = true
java.vm.info = mixed mode
java.vm.name = Java HotSpot(TM) Client VM
java.vm.specification.name = Java Virtual Machine Specification
java.vm.specification.vendor = Sun Microsystems Inc.
java.vm.specification.version = 1.0
java.vm.vendor = Sun Microsystems Inc.
java.vm.version = 1.4.2_07-b05
javaplugin.cache.disabled = true
javaplugin.cache.size = 0
javaplugin.console = show
javaplugin.exception = true
javaplugin.jre.params = -Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
javaplugin.jre.path = Default
javaplugin.jre.type = Default
javaplugin.maxHeapSize = 96m
javaplugin.nodotversion = 142_07
javaplugin.proxy.config.type = direct
javaplugin.proxy.usebrowsersettings = true
javaplugin.trace = true
javaplugin.trace.option = basic|net|security|ext|liveconnect
javaplugin.version = 1.4.2_07
javaplugin.vm.options = -Djava.class.path=C:\PROGRA~1\Java\J2RE14~1.2_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\J2RE14~1.2_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.4.2_07 -Djavaplugin.nodotversion=142_07 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\J2RE14~1.2_0 -Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect -Djava.protocol.handler.pkgs=sun.plugin.net.protocol
line.separator = \r\n
line.separator.applet = true
os.arch = x86
os.arch.applet = true
os.name = Windows XP
os.name.applet = true
os.version = 5.1
os.version.applet = true
package.restrict.access.netscape = false
package.restrict.access.sun = true
package.restrict.definition.java = true
package.restrict.definition.netscape = true
package.restrict.definition.sun = true
path.separator = ;
path.separator.applet = true
sun.arch.data.model = 32
sun.boot.class.path = C:\PROGRA~1\Java\J2RE14~1.2_0\lib\rt.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\i18n.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\sunrsasign.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\jsse.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\jce.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\charsets.jar;C:\PROGRA~1\Java\J2RE14~1.2_0\classes;C:\PROGRA~1\Java\J2RE14~1.2_0\lib\plugin.jar
sun.boot.library.path = C:\PROGRA~1\Java\J2RE14~1.2_0\bin
sun.cpu.endian = little
sun.cpu.isalist = pentium i486 i386
sun.io.unicode.encoding = UnicodeLittle
sun.java2d.fontpath =
sun.net.client.defaultConnectTimeout = 120000
sun.os.patch.level = Service Pack 2
trustProxy = true
user.country = US
user.dir = C:\Dokumente und Einstellungen\jmohammad.SSOL\Desktop
user.home = C:\Dokumente und Einstellungen\jmohammad.SSOL
user.language = en
user.name = jmohammad
user.timezone =
user.variant =
Done.
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
Registered modality listener
Invoking JS method: document
Invoking JS method: URL
Referencing classloader: sun.plugin.ClassLoaderInfo@14acfcd, refcount=1
Loading applet ...
Initializing applet ...
Starting applet ...
Connecting https://10.96.8.57:8443/SIThreePViewer/applets/PassThru_1_01.jar with no proxy
Connecting https://10.96.8.57:8443/SIThreePViewer/applets/PassThru_1_01.jar with cookie "JSESSIONID=243FF5B4D70B9F9F97DE12DEC05FF456"
Loading Root CA certificates from C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
Loaded Root CA certificates from C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
Loading Https Root CA certificates from C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
Loaded Https Root CA certificates from C:\PROGRA~1\Java\J2RE14~1.2_0\lib\security\cacerts
Loading JPI Https certificates from C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\security\deployment.jssecerts
Loaded JPI Https certificates from C:\Dokumente und Einstellungen\jmohammad.SSOL\Anwendungsdaten\Sun\Java\Deployment\security\deployment.jssecerts
Loading certificates from JPI session certificate store
Loaded certificates from JPI session certificate store
Checking if certificate is in JPI session certificate store
Checking if Https certificate is in JPI permanent certificate store
Check if certificate can be verified using certificates in Root CA certificate store
Certificate to be verified:
Version: V1
Subject: CN=Boris Pradl, OU=WEB, O=Dr. Ing. h.c. F. Porsche AG, L=Stuttgart, ST=Baden-Wuerttemberg, C=DE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
c35e99d0 2f5798b0 30592005 1e84fb5f a57c2db9 a970b747 a8766e74 eafe7624
2232e7f1 2896022a 49596866 b1ac4ebd f7a3f884 16025e27 d080c50b 86402262
3c354699 4ca6542d d36c9155 31dd8d53 01539ff8 04ebbd40 5c243a33 4fb3d907
e4b454e9 038cff6b 6ce3166a 9652d24a 9ce66fee c8bbf6f5 63bf7e4a 27ba744d
Validity: [From: Thu Dec 02 09:03:44 CET 2004,
To: Wed Mar 02 09:03:44 CET 2005]
Issuer: CN=Boris Pradl, OU=WEB, O=Dr. Ing. h.c. F. Porsche AG, L=Stuttgart, ST=Baden-Wuerttemberg, C=DE
SerialNumber: [ 41aecc60]
Algorithm: [MD5withRSA]
Signature:
0000: 42 D6 0E 25 E3 18 C3 F4 FF 93 CC CA 08 44 F8 8E B..%.........D..
0010: 03 BD 37 4E 73 01 ED 1F 8A 18 71 55 41 EE 7E B1 ..7Ns.....qUA...
0020: 33 22 CD 7E E4 81 DC 06 9C F6 A3 32 90 79 82 23 3".........2.y.#
0030: E1 69 2C 8B A0 11 4E 2A 06 AE 8E 5C AC 54 F6 2D .i,...N*...\.T.-
0040: 9F 64 AA 33 51 EB 4C 65 00 4C CC 5E B7 5B 58 5D .d.3Q.Le.L.^.[X]
0050: 12 C7 B5 7F A9 28 18 E2 35 51 07 D7 A1 11 A6 01 .....(..5Q......
0060: DD 88 38 05 AD B4 5E EC 88 E0 7C 66 5C 5E B5 82 ..8...^....f\^..
0070: EA B8 CF 5A 6A 9E 1B F6 9A CF E0 63 40 0C 3F CA ...Zj......c@.?.
Comparing certificate against Root CA certificate:
Version: V3
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
ce2f19bc 17b777de 93a95f5a 0d174f34 1a0c98f4 22d959d4 c46846f0 b435c585
0320c6af 45a52151 4541eb16 5836326f e2506264 f9fd519c aa24d9f4 9d832a87
0a21d312 38346c8d 006e5aa0 d942ee1a 2195f952 4c555ac5 0f384f46 fa6df82e
35d61d7c ebe2f0b0 7580c8a9 13acbe88 ef3a6eab 5f2a3862 02b0127b fe8fa603
Validity: [From: Mon Jun 21 06:00:00 CEST 1999,
To: Sun Jun 21 06:00:00 CEST 2020]
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
SerialNumber: [ 04]
Certificate Extensions: 4
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4A 78 32 52 11 DB 59 16 36 5E DF C1 14 36 40 6A Jx2R..Y.6^...6@j
0010: 47 7C 4C A1 G.L.
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4A 78 32 52 11 DB 59 16 36 5E DF C1 14 36 40 6A Jx2R..Y.6^...6@j
0010: 47 7C 4C A1 G.L.
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 75 5B A8 9B 03 11 E6 E9 56 4C CD F9 A9 4C C0 0D u[......VL...L..
0010: 9A F3 CC 65 69 E6 25 76 CC 59 B7 D6 54 C3 1D CD ...ei.%v.Y..T...
0020: 99 AC 19 DD B4 85 D5 E0 3D FC 62 20 A7 84 4B 58 ........=.b ..KX
0030: 65 F1 E2 F9 95 21 3F F5 D4 7E 58 1E 47 87 54 3E e....!?...X.G.T>
0040: 58 A1 B5 B5 F8 2A EF 71 E7 BC C3 F6 B1 49 46 E2 X....*.q.....IF.
0050: D7 A0 6B E5 56 7A 9A 27 98 7C 46 62 14 E7 C9 FC ..k.Vz.'..Fb....
0060: 6E 03 12 79 80 38 1D 48 82 8D FC 17 FE 2A 96 2B n..y.8.H.....*.+
0070: B5 62 A6 A6 3D BD 7F 92 59 CD 5A 2A 82 B2 37 79 .b..=...Y.Z*..7y
Comparing certificate against Root CA certificate:
Version: V1
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
dd84d4b9 b4f9a7d8 f304789c de3ddc6c 1316d97a dd245166 c0c72659 0dac0608
c294d133 1ff08335 1f6e1bc8 deaa6e15 4e5427ef c46d1aec 0be30ef0 44a557c7
40581ea3 471f71ec 60f66d94 c81839ed fe421856 dfe44c49 10784e01 76356312
36dd66bc 010436a3 5568d5a2 3609acab 21265406 ad3fca14 e0accaad 061d95e2
f89df1e0 60ffc27f 752b4ccc dafe8799 21eabafe 3e54d7d2 5978db3c 6ecfa013
001ab827 a1e4be67 96caa0c5 b39cddc9 759eeb30 9a5fa3cd d9ae7819 3f23e95c
db29bdad 55c81b54 8c63f6e8 a6eac737 125ca329 1e02d9db 1f3bb4d7 0f564781
15044aaf 8327d1c5 5888c1dd f6aaa7a3 18da68aa 6d1151e1 bf656b9f 9676d13d
Validity: [From: Fri Oct 01 02:00:00 CEST 1999,
To: Thu Jul 17 01:59:59 CEST 2036]
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 8b5b7556 8454850b 00cfaf38 48ceb1a4]
Algorithm: [SHA1withRSA]
Signature:
0000: AB 66 8D D7 B3 BA C7 9A B6 E6 55 D0 05 F1 9F 31 .f........U....1
0010: 8D 5A AA D9 AA 46 26 0F 71 ED A5 AD 53 56 62 01 .Z...F&.q...SVb.
0020: 47 2A 44 E9 FE 3F 74 0B 13 9B B9 F4 4D 1B B2 D1 G*D..?t.....M...
0030: 5F B2 B6 D2 88 5C B3 9F CD CB D4 A7 D9 60 95 84 _....\.......`..
0040: 3A F8 C1 37 1D 61 CA E7 B0 C5 E5 91 DA 54 A6 AC :..7.a.......T..
0050: 31 81 AE 97 DE CD 08 AC B8 C0 97 80 7F 6E 72 A4 1............nr.
0060: E7 69 13 95 65 1F C4 93 3C FD 79 8F 04 D4 3E 4F .i..e...<.y...>O
0070: EA F7 9E CE CD 67 7C 4F 65 02 FF 91 85 54 73 C7 .....g.Oe....Ts.
0080: FF 36 F7 86 2D EC D0 5E 4F FF 11 9F 72 06 D6 B8 .6..-..^O...r...
0090: 1A F1 4C 0D 26 65 E2 44 80 1E C7 9F E3 DD E8 0A ..L.&e.D........
00A0: DA EC A5 20 80 69 68 A1 4F 7E E1 6B CF 07 41 FA ... .ih.O..k..A.
00B0: 83 8E BC 38 DD B0 2E 11 B1 6B B2 42 CC 9A BC F9 ...8.....k.B....
00C0: 48 22 79 4A 19 0F B2 1C 3E 20 74 D9 6A C3 BE F2 H"yJ....> t.j...
00D0: 28 78 13 56 79 4F 6D 50 EA 1B B0 B5 57 B1 37 66 (x.VyOmP....W.7f
00E0: 58 23 F3 DC 0F DF 0A 87 C4 EF 86 05 D5 38 14 60 X#...........8.`
00F0: 99 A3 4B DE 06 96 71 2C F2 DB B6 1F A4 EF 3F EE ..K...q,......?.
Comparing certificate against Root CA certificate:
Version: V1
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
a7880121 742ce71a 03f098e1 973c0f21 08f19cdb 97e99afc c2040613 be5f52c8
cc1e2c12 562cb801 692ccc99 1fadb096 ae7904f2 1339c17b 98ba082c e8c28413
2caa69e9 09f4c7a9 02a442c2 234f4ad8 f00ea2fb 316cc9e6 6f992707 f5e6f44c
789e6deb 4686fab9 86c954f2 b2c4afd4 461c5ac9 1530ff0d 6cf52d0e 6dce7f77
Validity: [From: Mon May 18 02:00:00 CEST 1998,
To: Wed Aug 02 01:59:59 CEST 2028]
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
SerialNumber: [ b92f60cc 889fa17a 4609b85b 706c8aaf]
Algorithm: [SHA1withRSA]
Signature:
0000: 72 2E F9 7F D1 F1 71 FB C4 9E F6 C5 5E 51 8A 40 r.....q.....^Q.@
0010: 98 B8 68 F8 9B 1C 83 D8 E2 9D BD FF ED A1 E6 66 ..h............f
0020: EA 2F 09 F4 CA D7 EA A5 2B 95 F6 24 60 86 4D 44 ./......+..$`.MD
0030: 2E 83 A5 C4 2D A0 D3 AE 78 69 6F 72 DA 6C AE 08 ....-...xior.l..
0040: F0 63 92 37 E6 BB C4 30 17 AD 77 CC 49 35 AA CF .c.7...0..w.I5..
0050: D8 8F D1 BE B7 18 96 47 73 6A 54 22 34 64 2D B6 .......GsjT"4d-.
0060: 16 9B 59 5B B4 51 59 3A B3 0B 14 F4 12 DF 67 A0 ..Y[.QY:......g.
0070: F4 AD 32 64 5E B1 46 72 27 8C 12 7B C5 44 B4 AE ..2d^.Fr'....D..
Comparing certificate against Root CA certificate:
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
d0b275f6 78d0ae5a 50f4e950 a99f8cd7 ef919470 e8d22490 768985d6 dface601
173280f0 9d9347bc 9a659d1f 97aebfe9 86756320 89bd8058 9d040c9d a8c124e9
0be53178 bdfc2d0c 376a9e78 80e94675 f9eda3fb 137bc8c1 4cd2a3ef f53cb062
8f4a5d3b dd95678f 13b9c13c d6a7269b ecc33b7a d94dbc6d 9be81501 e3f047a9
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
To: Sat Jan 01 00:59:59 CET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 02a60000 01]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
Comparing certificate against Root CA certificate:
Version: V1
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
cbba9c52 fc781f1a 1e6f1b37 73bdf8c9 6b941230 4ff03647 f5d0910a f517c8a5
61c11640 4dfb8a61 90e57620 c111067d ab2c6ea6 f511418e fa2dad2a 6159a467
264cd0e8 bc525b70 200458d1 7ac9a469 bc831764 ad058bbc d058ce8d 8cf5ebf0
42490b9d 97276732 6ee1ae93 151c70bc 204d2f18 de9288e8 6c855711 1ae97ee3
261154a2 45965583 ca3089e8 dcd8a3ed 2a803f7f 7965573e 15206608 2f9593bf
aa472fa8 4697f012 e2fec20a 2b51e676 e6b746b7 e20da6cc a8c34c59 5589e6e8
535c1cea 9df06216 0ba7c95f 0cf0dec2 76ceaff7 6af2fa41 a6a23314 c9e57a63
d39e6237 d585659e 0ee65324 741b5e1d 12535bc7 2ce78349 3b15ae8a 68b95797
Validity: [From: Fri Oct 01 02:00:00 CEST 1999,
To: Thu Jul 17 01:59:59 CEST 2036]
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 9b7e0649 a33e62b9 d5ee9048 7129ef57]
Algorithm: [SHA1withRSA]
Signature:
0000: 11 14 96 C1 AB 92 08 F7 3F 2F C9 B2 FE E4 5A 9F ........?/....Z.
0010: 64 DE DB 21 4F 86 99 34 76 36 57 DD D0 15 2F C5 d..!O..4v6W.../.
0020: AD 7F 15 1F 37 62 73 3E D4 E7 5F CE 17 03 DB 35 ....7bs>.._....5
0030: FA 2B DB AE 60 09 5F 1E 5F 8F 6E BB 0B 3D EA 5A .+..`._._.n..=.Z
0040: 13 1E 0C 60 6F B5 C0 B5 23 22 2E 07 0B CB A9 74 ...`o...#".....t
0050: CB 47 BB 1D C1 D7 A5 6B CC 2F D2 42 FD 49 DD A7 .G.....k./.B.I..
0060: 89 CF 53 BA DA 00 5A 28 BF 82 DF F8 BA 13 1D 50 ..S...Z(.......P
0070: 86 82 FD 8E 30 8F 29 46 B0 1E 3D 35 DA 38 62 16 ....0.)F..=5.8b.
0080: 18 4A AD E6 B6 51 6C DE AF 62 EB 01 D0 1E 24 FE .J...Ql..b....$.
0090: 7A 8F 12 1A 12 68 B8 FB 66 99 14 14 45 5C AE E7 z....h..f...E\..
00A0: AE 69 17 81 2B 5A 37 C9 5E 2A F4 C6 E2 A1 5C 54 .i..+Z7.^*....\T
00B0: 9B A6 54 00 CF F0 F1 C1 C7 98 30 1A 3B 36 16 DB ..T.......0.;6..
00C0: A3 6E EA FD AD B2 C2 DA EF 02 47 13 8A C0 F1 B3 .n........G.....
00D0: 31 AD 4F 1C E1 4F 9C AF 0F 0C 9D F7 78 0D D8 F4 1.O..O......x...
00E0: 35 56 80 DA B7 6D 17 8F 9D 1E 81 64 E1 FE C5 45 5V...m.....d...E
00F0: BA AD 6B B9 0A 7A 4E 4F 4B 84 EE 4B F1 7D DD 11 ..k..zNOK..K....
Comparing certificate against Root CA certificate:
Version: V3
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
9374b4b6 e4c54bd6 a1687f62 d5ecf751 57b3724a 98f5d089 c9ad63cd 4d35516a
84d4adc9 68796fb8 eb11db87 ae5c2451 13f15425 84af292b 9fe380e2 d9cbddc6
45493488 905e0197 efea53a6 ddfcc1de 4b2a25e4 e935fa55 0506e589 7aeaa411
573bfc7c 3d36cd67 356da4a9 2559bd66 f5f927e4 9567d63f 92805ef2 347d2b85
Validity: [From: Mon Feb 07 17:16:40 CET 2000,
To: Fri Feb 07 17:46:40 CET 2020]
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
SerialNumber: [ 389ef6e4]
Certificate Extensions: 8
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 10 30 0E 1B 08 56 35 2E 30 3A 34 2E 30 03 02 ..0...V5.0:4.0..
0010: 04 90 ..
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 84 8B 74 FD C5 8D C0 FF 27 6D 20 37 45 7C FE 2D ..t.....'m 7E..-
0010: CE BA D3 7D ....
[3]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 84 8B 74 FD C5 8D C0 FF 27 6D 20 37 45 7C FE 2D ..t.....'m 7E..-
0010: CE BA D3 7D ....
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[7]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Mon Feb 07 17:16:40 CET 2000, To: Fri Feb 07 17:46:40 CET 2020]
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 4E 6F 35 80 3B D1 8A F5 0E A7 20 CB 2D 65 55 D0 No5.;..... .-eU.
0010: 92 F4 E7 84 B5 06 26 83 12 84 0B AC 3B B2 44 EE ......&.....;.D.
0020: BD CF 40 DB 20 0E BA 6E 14 EA 30 E0 3B 62 7C 7F ..@. ..n..0.;b..
0030: 8B 6B 7C 4A A7 D5 35 3C BE A8 5C EA 4B BB 93 8E .k.J..5<..\.K...
0040: 80 66 AB 0F 29 FD 4D 2D BF 1A 9B 0A 90 C5 AB DA .f..).M-........
0050: D1 B3 86 D4 2F 24 52 5C 7A 6D C6 F2 FE E5 4D 1A ..../$R\zm....M.
0060: 30 8C 90 F2 BA D7 4A 3E 43 7E D4 C8 50 1A 87 F8 0.....J>C...P...
0070: 4F 81 C7 76 0B 84 3A 72 9D CE 65 66 97 AE 26 5E O..v..:r..ef..&^
Comparing certificate against Root CA certificate:
Version: V1
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
950fa0b6 f0509ce8 7ac788cd dd170e2e b094d01b 3d0ef694 c08a94c7 06c89097
c8b8641a 7a7e6c3c 53e13728 73607fb2 9753079f 53f96d58 94d2af8d 6d886780
e6edb295 cf7231ca a51c72ba 5c02e764 42e7f9a9 2cd63a0d ac8d42aa 240139e6
9c3f0185 570d5887 45f8d385 aa936926 85704880 3f1215c7 79b41f05 2f3b6299
Validity: [From: Thu Aug 13 02:29:00 CEST 1998,
To: Tue Aug 14 01:59:00 CEST 2018]
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
SerialNumber: [ 01a5]
Algorithm: [MD5withRSA]
Signature:
0000: 6D EB 1B 09 E9 5E D9 51 DB 67 22 61 A4 2A 3C 48 m....^.Q.g"a.*<H
0010: 77 E3 A0 7C A6 DE 73 A2 14 03 85 3D FB AB 0E 30 w.....s....=...0
0020: C5 83 16 33 81 13 08 9E 7B 34 4E DF 40 C8 74 D7 [email protected].
0030: B9 7D DC F4 76 55 7D 9B 63 54 18 E9 F0 EA F3 5C ....vU..cT.....\
0040: B1 D9 8B 42 1E B9 C0 95 4E BA FA D5 E2 7C F5 68 ...B....N......h
0050: 61 BF 8E EC 05 97 5F 5B B0 D7 A3 85 34 C4 24 A7 a....._[....4.$.
0060: 0D 0F 95 93 EF CB 94 D8 9E 1F 9D 5C 85 6D C7 AA ...........\.m..
0070: AE 4F 1F 22 B5 CD 95 AD BA A7 CC F9 AB 0B 7A 7F .O."..........z.
Comparing certificate against Root CA certificate:
Version: V3
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
c7c15f4e 71f1cef0 60860fd2 587fd333 972d17a2 7530b596 64262f68 c344aba8
75e60067 34579e65 c7229b73 e6d3dd08 0e3755aa 2546816c bdfea8f6 7557578c
906c4ac3 3e8b4b43 0ac91156 9a9a2722 99cf559e 61d902e2 7cb67c38 07dce37f
4f9ab903 4180b675 67130b9f e85736c8 5d0036de 6614da6e 761f4f37 8c821389
Validity: [From: Fri Feb 04 18:20:00 CET 2000,
To: Tue Feb 04 18:50:00 CET 2020]
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
SerialNumber: [ 389b113c]
Certificate Extensions: 8
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 10 30 0E 1B 08 56 35 2E 30 3A 34 2E 30 03 02 ..0...V5.0:4.0..
0010: 04 90 ..
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CB 6C C0 6B E3 BB 3E CB FC 22 9C FE FB 8B 92 9C .l.k..>.."......
0010: B0 F2 6E 22 ..n"
[3]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: CB 6C C0 6B E3 BB 3E CB FC 22 9C FE FB 8B 92 9C .l.k..>.."......
0010: B0 F2 6E 22 ..n"
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[7]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Fri Feb 04 18:20:00 CET 2000, To: Tue Feb 04 18:50:00 CET 2020]
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 62 DB 81 91 CE C8 9A 77 42 2F EC BD 27 A3 53 0F b......wB/..'.S.
0010: 50 1B EA 4E 92 F0 A9 AF A9 A0 BA 48 61 CB EF C9 P..N.......Ha...
0020: 06 EF 1F D5 F4 EE DF 56 2D E6 CA 6A 19 73 AA 53 .......V-..j.s.S
0030: BE 92 B3 50 02 B6 85 26 72 63 D8 75 50 62 75 14 ...P...&rc.uPbu.
0040: B7 B3 50 1A 3F CA 11 00 0B 85 45 69 6D B6 A5 AE ..P.?.....Eim...
0050: 51 E1 4A DC 82 3F 6C 8C 34 B2 77 6B D9 02 F6 7F Q.J..?l.4.wk....
0060: 0E EA 65 04 F1 CD 54 CA BA C9 CC E0 84 F7 C8 3 -
Is verisign cert "multi purpose"?
If i get a certificate from thawte, I can get the multi-purpose authenticode cert, export it from IE, import it into netscape and be able to sign netscape objects as well as CAB files.
Can I do the same thing with the verisign cert? Verisign doesn't talk about this on their website, but maybe they just want people to pay $800 instead of $400? Just curious if anyone has tried this. If you have tried it, let me know.
(before anyone asks, yes, I would love to go with thawte, and have in the past, but my organization has recently made the decision that thawte is no longer an option, so I have to go with verisign)
Thanks!
KirbyTo fully answer my own question,
I got a verisign authenticode certificate, and was not able to export it in pk12 format that is necessary for netscape to be able to import it.
I've got a verisign netscape cert on order that I am pretty sure will work for netscape and the java plugins/webstart, as has been mentioned.
Re: my company's decision. With the disclaimer fully in effect that I'm not in a position of power and am just a programmer wanting a certificate and thus might not have all of the facts or even the correct facts on the issues at hand... From what I understood, thawte got quite a bit more restrictive on where the private key could be stored. From what I understand, the private keys would have to be stored in a central location for the entire organization which wasn't reasonable for our size of 5 - 10,000 as it would have caused undue hardship on the gatekeepers as well as people actually wanting something signed. Verisign apparently didn't have the same strictness.
Maybe you are looking for
-
Error while opening an workbook
Hi I have done some changes to a query and transported Query as well as Work book to production. When i open the work book I get the below error and gets disconnected form BW <internal Error > Receiving from theBW server failed BW server raised exc
-
I bought an App for smileys, etc. doesn't work on iPad or iTouch. Any suggestions?
-
How to reset to factory settings?
I need to do this now and I have all of my contacts backed up finally (I think). I just dont have my Apps backed up so I will just re-install them after my phone has been restored.
-
Wont shutdown, and other problems...
My G4 iMac won't shut down properly -- the screen goes black, but the fan keeps spinning so I have to hold the power button in to power down. Now, when I start up I get the grey screen with the apple, followed by a blank blue screen for a while follo
-
Invalid column name 'formula6'.
This error occurs when i attempt to process the dimension. "- Error occurs during UpdateRemainData. Invalid column name 'formula6'." When I uncheck the InApp FORMULAH1 and FORMULAH2 properties it process without error. When I have them as InApp, i