No client certificate available, sending empty certificate message

Similar Messages

• Empty soap message

  I use abapProxy to invoke an external webservice via SOAP adapter but i get an error "invalid http response: null" in sxmb_moni  so i thought that there might be an mistake in request SOAP message and I installed TCPGateway to see logs about sending and coming message.
  When i invoke the proxy, sending part of TCPGateway is empty but as you guess , coming part of it shows an error "java.net.ConnectException: Connection timed out : connect"
  What maybe the reason for that SOAP adapter sends an empty SOAP message?
  Thanks

  Hi Abhishek;
  As i mentioned , i used TCPGateway program on XI server to see going message to external webservice..this gateway program takes request and forwards it but it still comes as empty  SOAP message from XI adapter to this TCPGateway program.
  as you guess, when you send empty soap message , external webservice doesnt respond to this request so it gets timeout error.
  ps: i tried to invoke this webservice via another third-party tool, it works properly.
  What would another reason except firewall settings for this issue ? because i do all of these control on XI server, namely before empty soap message goes.
  Thanks

• Iphone 4 (ios7) randomly sending blank text messages to my contacts

  My iphone 4 is sending empty text messages to a subset of my contacts. I am not initiating these messages. It happens everytime i boot my phone and also a few times during the day,
  I've changed my apple id...and that didnt help.
  I disabled the emails that I can be reached by using imessage.
  I dont know what else to do.
  Any help here would be appreciated.
  I am wondering if a 3rd party app has access to my imessage and contacts?
  Thanks!

  Try rebooting ur iPhone ( by holding the home and the sleep buttons for like 40 sec )
  Or try to connect ur iPhone to iTunes and restore it and active it as a new iPhone ( cuz backups may contain some bugs)
  Hope it works

• Client certificate is not send

  Hi
  I have not much experience in Java, so thank you in advance for your help.
  I have some piece of client code which setup the secure connection. Everything works fine until I use server authentication (in my certificate store I have trusted CA certificate and client certificate signed by this trusted CA). In mutual authentication handshake fails, because the cliend doesn't send any certificate (i checked it using network sniffer). I was looking for the way of enumerate the local certificates which are going to be send from client, but I can't understand how should I do it. There is my code below :
       System.setProperty("-Djavax.net.ssl.trustStore","G:/Program Files/Java/jre1.5.0_07/lib/security/cacerts".replace('/', File.separatorChar));
       System.setProperty("-Djavax.net.ssl.trustStorePassword","changeit");
       System.setProperty("-Djavax.net.debug","all");
       int port = 16993;
     String hostname = "10.10.1.11";
      SSLSocketFactory factory = null;
      SSLSocket socket = null;
      SSLSession session = null;
      String[] proto = new String[1];
      String[] ciphe = new String[1];
      String[] all_ciphe_supp = new String[33];
      System.out.println("Cipher Suite and Protocols test");
    try {
          factory = HttpsURLConnection.getDefaultSSLSocketFactory();
                } catch (Exception e) {
                     System.out.println( e.toString());
                if (factory != null) {
               // Connect to the server
                     try {
                          socket = (SSLSocket)factory.createSocket(hostname,port);
                          all_ciphe_supp = socket.getSupportedCipherSuites();
                          System.out.println("All ciphersuites and protocol supported");
                          socket.startHandshake();
                          session = socket.getSession();
                          System.out.println("Connection established using " + session.getProtocol() + " and " + session.getCipherSuite());
                          socket.close();
                     } catch (SSLPeerUnverifiedException e) {
                          System.out.println("Connection not established : " + e.toString());
                     } catch (IOException e) {
                          System.out.println("Connection not established : " + e.toString());
  }

  Thanks a lot, it is a little bit better, I can see debug messages at the output :)
  However the main problem still exists. In debug window I can see that client and CA certificates are added as trusted certificates, but no certificate is sent to server. Is it something wrong with certificate?
  I have the certificate in following formats: .der .p12 .pem
  I could only import .der using keytool (trying to import .p12 or .pem got Input not an X.509 certificate error), but using web browser I can use this certificate and mutual authentication goes ok.

• Why the website is requiring my computer to send a client certificate

  I can no longer access my course's website using Safari. A message pops-up informing that the site is requiring a "client certificate to validate my ID"  to get through the main page. When I click on the available certificates that Safari offers me, the same message pops-up again, and I can't go foward. When I access the same website using Chrome from a Vaio computer, this problem does not occur. What should I do? I never had this problem before.
  Thanks for your help.
  Renata

  Hello Peter249,
  >> but I don't have that option on the server and must supply it via code (C# .NET 4.0).
  From your description, it seems that you are trying to create a SSL communication between your server side and client side. As far as I know, we need to install the certificate file in both client side and server side and if you are using server mode, for
  creating the SSL communication, we must import a certificate with the associated private key to the server machine's Personal store. For details, please check this link:
  SSLStream example - how do I get certificates that work?
  By the way, since you are working with a web project, it is recommended to post asp.net related issues to:
  http://www.asp.net/
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• I'm attempting to access my work email through Microsoft Outlook web client.  The URL is mail.ad.msu.edu.  I get the following message:   The website "mail.ad.msu.edu" requires a client certificate.  This website requires a certificate to validate your id

  I'm attempting to access my work email through Microsoft Outlook web client.  The URL is mail.ad.msu.edu.  I get the following message:
  The website "mail.ad.msu.edu" requires a client certificate.
  This website requires a certificate to validate your identity.  Select the certificate to use when you connect to this website, then click Continue.
  The choice I am presented with is: adp3d (iChat Encryption Certificate) (Apple.Mac Certificate Authority)
  I'm thinking that this can't be correct, and in fact doesn't allow me to signing to the website. 
  How do I go about getting the proper certificate? 

  I'm attempting to access my work email through Microsoft Outlook web client.  The URL is mail.ad.msu.edu.  I get the following message:
  The website "mail.ad.msu.edu" requires a client certificate.
  This website requires a certificate to validate your identity.  Select the certificate to use when you connect to this website, then click Continue.
  The choice I am presented with is: adp3d (iChat Encryption Certificate) (Apple.Mac Certificate Authority)
  I'm thinking that this can't be correct, and in fact doesn't allow me to signing to the website. 
  How do I go about getting the proper certificate? 

• When I attempt to access my IRA account on line, I get a message saying that the web site requires a client certificate. The certificates listed in the drop down dialog box don't get accepted, even though one is indicated as valid and good until 10/2014.

  When I attempt to access my IRA account on line, I get a message saying that the web site requires a client certificate. The certificates listed in the drop down dialog box don't get accepted, even though one is indicated as valid and good until October 2014. I contacted the IRA account managment company and they sais it's an Apple issue. Any ideas?

  Some websites require a special client certficate for access. If you don't have that certficate, you'll have to contact the site operator to find out how to get one.
  Sometimes the problem is caused by a web server that is configured to request an optional client certificate. Safari treats the request as mandatory. In that case, other browsers such as Firefox and Chrome may be able to connect to the site, because they ignore the request.
  The first time you were prompted for a certificate, you may have clicked through a dialog that requested access to the Apple certificate in your keychain that is used to secure the iMessage service. In that case, you may be able to regain access to the site in Safari by doing as follows.
  Back up all data.
  Double-click anywhere in the line below on this page to select it:
  com.apple.idms.appleid.prd
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
  Paste into the search field in the Keychain Access window by clicking in it and pressing the key combination command-V. An item may appear in the list of keychain items. The Name will begin with string you searched for, and the Kind will be "certificate."
  Delete the item by selecting it and pressing the delete key. It will be recreated automatically the next time you launch the Messages or FaceTime application.
  The next time you visit a site that prompts for an optional client certificate, cancel out of the prompt. You may have to do this several times before the server stops asking.
  Credit for this idea to Christian Braukmueller of SAP.

• BizTalk 2010 Send FTPS - when is my client certificate needed?

  Based on this
  post, it's very unclear if a certificate is needed or not (in the Client Certificate Hash).  The most important quote I got out of that post is this:
  "I reached out to MS BizTalk support and they asked me not to use the certificate and just use FTP over SSL without certificate. We also changed the ftp firewall mode to passive and allocate storage to no."
  If FileZillaClient can connect and send a file to a customer/vendor without a local certificate, then why would BizTalk need one in an FTP SendPort?
  And secondly, if it is not needed, in what circumstances would you use it on an FTP SendPort.
  It's my understanding that the certificate is some certificate related to the BizTalk host account's personal store on the BizTalk machine, and not the thumbprint of the customer/vendor we are communicating with.
  For BT2013 this is
  MSDN's mysterious definition:
  > Specify the SHA1 hash of the client certificate that must be used in
  > the Secure Sockets Layer (SSL) negotiation.
  >
  > Based on this hash, the client certificate is picked up from the
  > personal store of the user account under which the BizTalk host
  > instance is running.
  This statement gives no guidance as to when it is needed or desired.
  This is the
  other good blog on the subject, but also implied cert is needed, in contradiction to Microsoft support in early link.
  Thanks,
  Neal Walters
  http://MyLifeIsMyMessage.net

  Hi,
  #How to use the new “FTPS adapter” with BizTalk 2010
  http://blogical.se/blogs/mikael/archive/2010/09/26/how-to-use-the-new-ftps-adapter-with-biztalk-2010.aspx
  And it should work with self-signed cert.Please refer to the demo:
  http://blogs.msdn.com/b/biztalknotes/archive/2014/10/10/using-ftps-adapter-in-biztalk-ftp-ssl.aspx
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Client Certificate Rejected, repeatedly +with great vigor

  Hi all --
  Perhaps you can give me a hand. I recently got a new Macbook Pro -- my first new CPU since the ole' clamshell back in 2001. Very happy with it as a whole but also finding that I am a bit behind the times in terms of my understanding of the software. Here is the problem: Yesterday I tried to access a page using Safari (2.0.3) from my history. I do not believe that it was a secure page as it was part of the dartmouth.edu website but it may have been. Anyway, a dialouge box popped up asking for my to use FileVaultMaster keychain. I did not know that I had such a thing but I typed in my master password. The page still did not open, but Safari displayed a text box saying that there was an error -- this particular error, in fact:
  <begin quote>
  The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message
  <end of quote>
  Now, when I try to access the basic Dartmouth homepage of http://www.dartmouth.edu, Safari converts it automatically to https://www.dartmouth.edu and asks for the keychain and then displays the error. I tried emptying the cache and resetting Safari (and even restarting the computer, although I understand that that is no longer necessairy with OS X) but to no avail. Can anyone clue me as to what is happening, and why?
  Thanks much in advance,
  -Sparco03
  MacBook Pro   Mac OS X (10.4.5)  

  I emailed [email protected] about this problem and here is the response. The solution of getting a valid Dartmouth certificate doesn't apply to non Dartmouth users, so I'm not sure what to do in that case.
  "You need to check your Keychain. The reason you are getting that error is because Safari is sending a Client Certificate back to the web server (which asked for it), but the web server can't verify that it's a good certificate. This usually happens when you have an expired certificate, or you have a non-Dartmouth certificate that Safari is likely sending because it can't find a Dartmouth one."
  "Whichever of these is the case, the solution is to get a valid Dartmouth certificate, which you can generate by going to https://collegeca.dartmouth.edu/ and following the directions on the web page. If you have an expired Dartmouth cert, you will need to delete that before you import your new, valid certificate."
  "The reason all of this is happening is specific to Intel Macs. The mechanism that Dartmouth has used, better than 7+ years, to authenticate browser users to web site (Kerberos) uses the SideCar helper application. This application doesn't run on Intel Macs, and it most likely never will. Fortunately, Dartmouth installed client certificates as an additional/alternate solution for web site authentication a few years ago. Since client certs work great on Intel Macs, we had to force Intel Macs to always use HTTPS when connecting to any site on www.dartmouth.edu. That way we can always be able to ask for your client cert, so that we don't break your ability to access protected sites that live on the www.dartmouth.edu server."

• Error 403.7 - Forbidden: SSL client certificate is required

  Hi people!
  I�m developing a java client to a WebService (developed in .NET). The communication protocol is HTTPS to the URL where the Web Service is located (something like https://10.200.140.117/dirNotes/serviceName.asmx.). I�ve been reading many posts but I could'nt find the solution to the problem wich has the following message: Error 403.7 - Forbidden: SSL client certificate is required".
  I�m using JDK 1.5 and developing and testing on Windows Plataform. I'm able to access the URL specified above directly from the browser, I installed the client certificate (the same that �ve put into the ,jks keystore. I�ve also imported the whole certificate chain of the server to the cacerts.
  I�ll paste the code and the console trace below. I�d be very grateful if you can help me. Thanks a lot.
  _THE CODE_
  package principal;
  import java.io.BufferedReader;
  import java.io.FileInputStream;
  import java.io.FileNotFoundException;
  import java.io.FileReader;
  import java.io.IOException;
  import java.net.URL;
  import java.net.UnknownHostException;
  import java.security.KeyStore;
  import java.security.Security;
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.KeyManagerFactory;
  import javax.net.ssl.SSLContext;
  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLSocketFactory;
  import javax.net.ssl.TrustManagerFactory;
  import org.apache.axis.client.Call;
  import org.apache.axis.client.Service;
  import entidade.Certificado;
  public class SSLClient {
  private static final int PORT_NUMBER = 443;
  private static final String HTTPS_ADDRESS = "10.200.140.117";
  private static String strCabecalhoMsg = "";
  private static String strDadosMsg = "";
  public static void main(String[] args) throws Exception {
  System.setProperty("javax.net.ssl.keyStore", Certificado.getStrNomeArquivoJKSServidor());
  System.setProperty("javax.net.ssl.keyStorePassword", "senha");
  System.setProperty("javax.net.ssl.trustStore", "Certificados/cacerts");
  System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
  System.setProperty("javax.net.ssl.keyStoreType", "JKS");
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty("javax.net.debug","ssl,handshake,record");
  KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  ks.load(new FileInputStream(Certificado.getStrNomeArquivoJKSServidor()),
  Certificado.getArranjoCharSenhaCertificadoServidor());
  KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  kmf.init(ks, Certificado.getArranjoCharSenhaCertificadoServidor());
  KeyStore ksT = KeyStore.getInstance(KeyStore.getDefaultType());
  ksT.load(new FileInputStream("C:/Arquivos de programas/Java/jre1.5.0_05/lib/security/cacerts"), "changeit".toCharArray());
  TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  tmf.init(ksT);
  SSLContext sc = SSLContext.getInstance("SSLv3");
  sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
  SSLSocketFactory factory = sc.getSocketFactory();
  try{
  // method to load the values of the strings strCabecalhoMsg and strDadosMsg
  carregarXMLCabecalhoDados();
  SSLSocket socket =(SSLSocket)factory.createSocket(HTTPS_ADDRESS, PORT_NUMBER);
  socket.startHandshake();
  String [] arr = socket.getEnabledProtocols();
  URL url = new URL("https://10.200.140.117/dirNotes");
  HttpsURLConnection.setDefaultSSLSocketFactory(factory);
  HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
  urlc.setDoInput(true);
  urlc.setUseCaches(false);
  Object[] params = {strCabecalhoMsg, strDadosMsg};
  Service service = new Service();
  Call call = (Call) service.createCall();
  call.setTargetEndpointAddress(url);
  call.setOperationName("serviceName");
  String ret = (String) call.invoke(params);
  System.out.println("Result: " + ret);
  catch (UnknownHostException uhe) {
  uhe.printStackTrace();
  System.err.println(uhe);
  catch (Exception uhe) {
  uhe.printStackTrace();
  System.err.println(uhe);
  private static void carregarXMLCabecalhoDados()
  try
  BufferedReader input = new BufferedReader( new FileReader("notas/cabecalho.xml"));
  String str;
  while((str=input.readLine()) != null)
  strCabecalhoMsg += str ;
  System.out.println("Cabe�a: " + strCabecalhoMsg);
  input = new BufferedReader( new FileReader("notas/nota.xml"));
  while((str=input.readLine()) != null)
  strDadosMsg += str ;
  System.out.println("Nota: " + strDadosMsg);
  catch (FileNotFoundException e)
  // TODO Auto-generated catch block
  e.printStackTrace();
  catch (IOException e)
  // TODO Auto-generated catch block
  e.printStackTrace();
  _THE TRACE_
  adding as trusted cert:
  Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
  *others trusted certs*
  trigger seeding of SecureRandom
  done seeding SecureRandom
  export control - checking the cipher suites
  export control - no cached value available...
  export control - storing legal entry into cache...
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1198158630 bytes = { 48, 135, 53, 24, 112, 72, 104, 220, 27, 114, 37, 42, 25, 77, 224, 32, 12, 58, 90, 217, 232, 3, 104, 251, 93, 82, 40, 91 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  main, WRITE: TLSv1 Handshake, length = 73
  main, WRITE: SSLv2 client hello message, length = 98
  main, READ: TLSv1 Handshake, length = 3953
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1198158523 bytes = { 56, 166, 181, 215, 86, 245, 8, 55, 214, 108, 128, 50, 8, 11, 0, 209, 38, 62, 187, 185, 240, 231, 56, 161, 212, 111, 194, 79 }
  Session ID: {222, 2, 0, 0, 147, 179, 182, 212, 18, 34, 199, 100, 168, 167, 48, 116, 140, 186, 151, 153, 226, 168, 163, 174, 24, 83, 208, 73, 179, 57, 86, 137}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  Version: V3
  *many chains and related data*
  Found trusted certificate:
  Version: V3
  Subject:
  *many trusted certificates and related data*
  *** ServerHelloDone
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  Random Secret: { 3, 1, 117, 112, 233, 166, 240, 9, 226, 67, 53, 111, 194, 84, 124, 103, 197, 28, 17, 36, 32, 48, 145, 166, 161, 61, 30, 63, 153, 214, 137, 113, 222, 204, 138, 77, 212, 75, 65, 192, 159, 215, 69, 156, 47, 188, 179, 219 }
  main, WRITE: TLSv1 Handshake, length = 134
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 75 70 E9 A6 F0 09 E2 43 35 6F C2 54 7C 67 ..up.....C5o.T.g
  0010: C5 1C 11 24 20 30 91 A6 A1 3D 1E 3F 99 D6 89 71 ...$ 0...=.?...q
  0020: DE CC 8A 4D D4 4B 41 C0 9F D7 45 9C 2F BC B3 DB ...M.KA...E./...
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 47 6A 73 26 30 87 35 18 70 48 68 DC 1B 72 25 2A Gjs&0.5.pHh..r%*
  0010: 19 4D E0 20 0C 3A 5A D9 E8 03 68 FB 5D 52 28 5B .M. .:Z...h.]R([
  Server Nonce:
  0000: 47 6A 73 BB 38 A6 B5 D7 56 F5 08 37 D6 6C 80 32 Gjs.8...V..7.l.2
  0010: 08 0B 00 D1 26 3E BB B9 F0 E7 38 A1 D4 6F C2 4F ....&>....8..o.O
  Master Secret:
  0000: 0B 3A 71 F8 BB 79 5E 07 78 C2 5F 13 4F 92 9D 87 .:q..y^.x._.O...
  0010: CF 69 0D 07 78 D2 59 46 1E C3 C1 5B A2 DB 04 B9 .i..x.YF...[....
  0020: 42 60 92 48 59 8E FD FD C3 5B BD 00 9C 54 7A 7E B`.HY....[...Tz.
  Client MAC write Secret:
  0000: 33 7C 19 C4 75 D2 CE 82 39 98 37 E5 7D 20 CB B1 3...u...9.7.. ..
  Server MAC write Secret:
  0000: 1E 1E 48 C7 D4 77 23 E4 22 26 8B 98 2E 92 5C 95 ..H..w#."&....\.
  Client write key:
  0000: EE 05 39 76 B2 85 63 6C F7 70 30 CB 6D 08 07 54 ..9v..cl.p0.m..T
  Server write key:
  0000: 5C 2E 3B 5E DC D9 EC C5 04 C4 D5 B5 12 11 B9 08 \.;^............
  ... no IV for cipher
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  *** Finished
  verify_data: { 143, 115, 243, 131, 242, 244, 12, 44, 191, 172, 205, 122 }
  main, WRITE: TLSv1 Handshake, length = 32
  main, READ: TLSv1 Change Cipher Spec, length = 1
  main, READ: TLSv1 Handshake, length = 32
  *** Finished
  verify_data: { 231, 215, 37, 250, 177, 121, 111, 192, 11, 41, 1, 165 }
  %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  setting up default SSLSocketFactory
  use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
  class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
  keyStore is : Certificados/certificadoSondaMonitor.jks
  keyStore type is : JKS
  keyStore provider is :
  init keystore
  init keymanager of type SunX509
  trustStore is: Certificados\cacerts
  trustStore type is : jks
  trustStore provider is :
  init truststore
  adding as trusted cert:
  Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
  adding as trusted cert:
  * many certificates*
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
  export control - checking the cipher suites
  export control - found legal entry in cache...
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1198158632 bytes = { 93, 1, 41, 236, 165, 146, 251, 117, 129, 195, 129, 72, 245, 181, 43, 48, 80, 251, 244, 198, 223, 85, 82, 101, 20, 159, 17, 26 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  main, WRITE: TLSv1 Handshake, length = 73
  main, WRITE: SSLv2 client hello message, length = 98
  main, READ: TLSv1 Handshake, length = 3953
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1198158525 bytes = { 109, 114, 234, 1, 130, 97, 251, 9, 61, 105, 56, 246, 239, 222, 97, 143, 22, 254, 65, 213, 10, 204, 153, 67, 237, 133, 223, 48 }
  Session ID: {23, 30, 0, 0, 26, 129, 168, 21, 252, 107, 124, 183, 171, 228, 138, 227, 94, 17, 195, 213, 216, 233, 205, 2, 117, 16, 21, 65, 123, 119, 171, 109}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  many chains again
  *** ServerHelloDone
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  Random Secret: { 3, 1, 116, 247, 155, 227, 25, 25, 231, 129, 199, 76, 134, 222, 98, 69, 149, 224, 75, 6, 60, 121, 115, 216, 244, 246, 102, 92, 188, 64, 113, 56, 190, 43, 32, 51, 90, 254, 141, 184, 71, 48, 41, 29, 173, 180, 46, 116 }
  main, WRITE: TLSv1 Handshake, length = 134
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 74 F7 9B E3 19 19 E7 81 C7 4C 86 DE 62 45 ..t........L..bE
  0010: 95 E0 4B 06 3C 79 73 D8 F4 F6 66 5C BC 40 71 38 ..K.<ys...f\.@q8
  0020: BE 2B 20 33 5A FE 8D B8 47 30 29 1D AD B4 2E 74 .+ 3Z...G0)....t
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 47 6A 73 28 5D 01 29 EC A5 92 FB 75 81 C3 81 48 Gjs(].)....u...H
  0010: F5 B5 2B 30 50 FB F4 C6 DF 55 52 65 14 9F 11 1A ..+0P....URe....
  Server Nonce:
  0000: 47 6A 73 BD 6D 72 EA 01 82 61 FB 09 3D 69 38 F6 Gjs.mr...a..=i8.
  0010: EF DE 61 8F 16 FE 41 D5 0A CC 99 43 ED 85 DF 30 ..a...A....C...0
  Master Secret:
  0000: FC C9 75 A4 2B F1 8A D8 AD 16 27 70 B7 E4 64 6C ..u.+.....'p..dl
  0010: 05 D7 33 4A 53 91 2F 51 1E 32 D3 3B 2E 18 2E BC ..3JS./Q.2.;....
  0020: E4 16 EE 2F 01 A1 08 48 19 09 32 68 CE 69 8F B1 .../...H..2h.i..
  Client MAC write Secret:
  0000: F1 95 3B CE 06 5B 8A 9B EC DE 1C 8F B4 AB D9 36 ..;..[.........6
  Server MAC write Secret:
  0000: BF 52 36 48 63 24 FE 74 22 BE 00 99 BE F0 6E E5 .R6Hc$.t".....n.
  Client write key:
  0000: 9F 08 0A 6E 8F 54 A3 66 1C BC C7 6B AE 88 67 E0 ...n.T.f...k..g.
  Server write key:
  0000: 06 A1 0B 4F 69 DE 5F AF 0E 6B B5 04 ED E8 EA F5 ...Oi._..k......
  ... no IV for cipher
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  *** Finished
  verify_data: { 148, 93, 105, 42, 110, 212, 55, 2, 150, 191, 13, 111 }
  main, WRITE: TLSv1 Handshake, length = 32
  main, READ: TLSv1 Change Cipher Spec, length = 1
  main, READ: TLSv1 Handshake, length = 32
  *** Finished
  verify_data: { 171, 150, 45, 10, 99, 35, 67, 174, 35, 52, 23, 192 }
  %% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
  main, setSoTimeout(600000) called
  main, WRITE: TLSv1 Application Data, length = 282
  main, WRITE: TLSv1 Application Data, length = 8208
  main, WRITE: TLSv1 Application Data, length = 1102
  main, READ: TLSv1 Application Data, length = 1830
  main, received EOFException: ignored
  main, called closeInternal(false)
  main, SEND TLSv1 ALERT: warning, description = close_notify
  main, WRITE: TLSv1 Alert, length = 18
  main, called close()
  main, called closeInternal(true)
  AxisFault
  faultCode: {http://xml.apache.org/axis/}HTTP
  faultSubcode:
  faultString: (404)Not Found
  faultActor:
  faultNode:
  faultDetail:
       {}:return code: 404
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
  <HTML><HEAD><TITLE>The page cannot be found</TITLE>
  <META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
  <STYLE type="text/css">
  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt verdana }
  A:link { color: red }
  A:visited { color: maroon }
  </STYLE>
  </HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
  <h1>The page cannot be found</h1>
  The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
  <hr>
  <p>Please try the following:</p>
  <ul>
  <li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
  <li>If you reached this page by clicking a link, contact
  the Web site administrator to alert them that the link is incorrectly formatted.
  </li>
  <li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
  </ul>
  <h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
  <hr>
  <p>Technical Information (for support personnel)</p>
  <ul>
  <li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
  <li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
  and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
  </ul>
  </TD></TR></TABLE></BODY></HTML>
       {http://xml.apache.org/axis/}HttpErrorCode:404
  (404)Not Found
       at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
       at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
       at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
       at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
       at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
       at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
       at org.apache.axis.client.Call.invoke(Call.java:2767)
       at org.apache.axis.client.Call.invoke(Call.java:2443)
       at org.apache.axis.client.Call.invoke(Call.java:2366)
       at org.apache.axis.client.Call.invoke(Call.java:1812)
       at principal.SSLClient.main(SSLClient.java:86)
  (404)Not Found
  -----

  I'm having the same problem with the same URL. I try many configuration and nothing works. My code is:
  public class NFeClient {
       static{
            Security.addProvider(new BouncyCastleProvider());
       public static void main(final String[] args) throws Exception {
            final String path = "https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx";
            final String keyStoreProvider = "BC";
            final String keyStoreType = "PKCS12";
            final String keyStore = "/home/mendes/certificados/cert.p12";
            final String keyStorePassword = "xxxx";
            System.setProperty("javax.net.ssl.keyStoreProvider",keyStoreProvider);
            System.setProperty("javax.net.ssl.keyStoreType",keyStoreType);
            System.setProperty("javax.net.ssl.keyStore",keyStore);
            System.setProperty("javax.net.ssl.keyStorePassword",keyStorePassword);
            System.setProperty("javax.net.ssl.trustStore","/home/mendes/workspace/NFE/jssecacerts");
            final SSLContext context =  SSLContext.getInstance("TLS");
            final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            final KeyStore ks = KeyStore.getInstance(keyStoreType);
            ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
            kmf.init(ks, keyStorePassword.toCharArray());
            context.init(kmf.getKeyManagers(), null, null);
            final URL url = new URL(path);
            final HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
            httpsConnection.setDoInput(true);
            httpsConnection.setRequestMethod("GET");
            httpsConnection.setRequestProperty("Host", "iis-server");
            httpsConnection.setRequestProperty("UserAgent", "Mozilla/4.0");
            httpsConnection.setSSLSocketFactory(context.getSocketFactory());
            try{
                 final InputStream is = httpsConnection.getInputStream();
                 final byte[] buff = new byte[1024];
                 int readed;
                 while((readed = is.read(buff)) > 0)
                      System.out.write(buff,0,readed);
            }catch(final IOException ioe){
                 ioe.printStackTrace();
  }and the response of the server is always the same:
  java.io.IOException: Server returned HTTP response code: 403 for URL: https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx
       at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1241)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
       at br.com.esales.nfe.signer.client.NFeClient.main(NFeClient.java:60)Edited by: mendes on Apr 25, 2008 9:56 AM

• Applet does not get client certificate from browser (Firefox, IE7)

  I'm writing a web service which runs Tomcat through Apache. One critical requirement is that the service be able to invoke certain device drivers on the end user's machine. Fortunately, there is a Java API for this, so this requirement can be fulfilled using an applet.
  Here's the problem. This is a B2B application, so we're using SSL and requiring client authentication. I'm no web security guru, but I managed to get SSL set up through Apache (with a self-signed certificate for now; we'll get a real one from a real CA when we're ready to go to production). I also managed to set up client authentication by creating my own CA and generating a client certificate, which I then copied to my test client (Win XPSP2) and imported into both Firefox (2.0.0.15) and IE (6.0.2900). The applet is signed with a real certificate, and that causes no problems. And all of the pages for my web service work as expected.
  All except one. The page which is supposed to load the applet pops a dialog stating 'Identification required. Please select certificate to be used for authentication', and presents a list of zero certificates.
  Actually, I get this dialog in Firefox on my XPSP2 box, and also when I test on a Vista Home Premium box running IE 7.0.6000. Puzzlingly, this behavior does NOT occur on my XPSP2 box when running through IE 6.0. It seems that with XPSP2 and IE 6.0, the JVM can manage to obtain the required client certificate from the browser and pass it along to Apache, but the JVM can't do this when running in Firefox or in IE 7.0 on Vista.
  I have gone to the Java Control Panel and verified that the 'Use certificates and keys in browser keystore' option is selected on both boxes.
  I've done a fair amount of research for this (including in this forum) and see that this appears to be a chronic difficulty with applets. What makes it worse is that I don't think I can use the standard workaround, which is to download the applet from a different host/virtual host, because the applet needs to communicate with the web service. Since we have the additional layer of Tomcat container-managed user authentication, the applet needs to be communicating with the server using the same session token as everything else.
  So at this point, I'm stuck. Does anyone know a solution to this problem? Two thoughts (I'm reaching at straws here):
  1) I have the certificate imported in both Firefox and IE as a 'personal' certificate. Is there someplace else I can put it so the JVM will know how to find it? A rather old thread in this forum mentioned something about setting properties in the Java Control Panel, but I see no place in the JCP to specify such properties, so I'm guessing that solution is no longer operative.
  2) I'm using a trick I found on the internet to make the applet load cleanly with both Firefox and IE, namely, I'm using the <OBJECT> tag to specify the applet class and codebase for IE, and then using <COMMENT><EMBED ... /></COMMENT> within the <OBJECT> declaration to specify the information for Firefox. Is there some other way of doing the markup that will give the JVM a hint that it should get a certificate from the browser?
  BTW . . . I would hate to drop support for Firefox, but if someone has an IE-only solution, I'll take it. Unfortunately, I reckon a Firefox-only solution would not fly.
  Thanks all.

  My applet is also signed by a valid certificate. The question of whether the applet is signed/self-signed/unsigned >isn't an issue --- I just wanted you to make sure the Applet runs because it is a know valid Java2 Applet that is 100% signed properly and verified to run.
  This eliminates the possibility that it is a JVM issue. However after reading your message further I am afraid
  it is not relevant to your issue.
  due to the client authentication, my browser (Firefox, IE7) refuses to even download the applet.
  I went to your site, and I can see your applet in both Firefox and IE6. However, I don't believe your site is set up >quite like mine, because it appears I can run your applet whether I have imported your X509 certificate or not. What I >did was:If that is true we are all dead :) No I think you just missed the cert in the IE databse. It doesn't have to be in the
  Applet database to function. Surprise!
  Check your IE/tools/internet options/content tab/certificates/trusted root certification authorities.
  I then opened the Java control panel and verified that the certificate isn't listed there, either. So unless the certificate >is being cached/read from some other location (which could be, this certificate stuff is largely black magic to me), >then your server isn't requiring client authentication, either accidentally or by design.No HyperView is a valid java2 Applet and actually writes to a file "hyperview.dat" though it is probably empty.
  If you click on a component in the view and then on the view and type "dumpgobs" it shoud write out some data about the current graphics objects so you can see it has complete read/write access..
  Further it opens up a complete NIO server ands starts listening for connections on a random port
  (Echoed in your java console) You can connect to it with telnet and watch impressive ping messages all day :)
  This all goes back to a few years BTW back before there was a plugin and there was only Netscape & IE.
  There are actually 2 certificate databases and what loads where depends on which type of cert you are using. Now self signed or not doesn't matter but what does matter is the type of certificate. IE: is it RSA/DSA/Sha1
  etc. The Netscape DB was a Berkley DB and MS used whatever they use. The Cert is a DSA/Sha1 cert
  which I like the best ATM as it (X fingers it stays so) always has worked.
  Sadly that tidbit doesn't help you either I am afraid.
  What I'm trying to do is require client authentication through Apache by including the following markup in a virtual >host definition:
  SSLCACertificateFile D:/Certificates/ca.crt
  SSLVerifyClient require
  SSLVerifyDepth 1You got me there I avoid markup at all costs and only code in C java and assembler :)
  Now unless I am wrong I think you are saying that you want the Applet to push the certificate to the server
  automatically and I don't think this happens. Least I have never heard of this happening from an Applet automatically.
  On my client machine, I have a certificate which was generated using OpenSSL and the ca.crt file listed. Testing >shows that the server is requiring a certificate from the client, and the web browser is always providing it.
  The problem is that when the browser fires up the Java plugin to run an applet, there is not sufficient communication >between the browser and the plugin so that the plugin can obtain the certificate from the browser and provide it to >the server.
  So the server refuses to send the applet bytecode to the JVM, and we're stuck.In terms of implementation ease I think you may have the cart before the horse because I think it would be far easier to run an Applet in the first place to do the authentication, and then send, for example, a jar file to bootstrap and run
  (or some classes) in the event the connection is valid. Then again one never knows it all and there may be some classes which enables the plugin as you wish. I have never heard of this being done with the plugin the way you suggest.
  I am thinking maybe there is another method of doing this I do not know.
  Did you try pushing the cert via JavaScript/LIveConnect?? That way it could run before the Applet and do the authentication.
  Maybe someone else has other ideas; did you try the security forum??
  Sorry but I am afraid that is not much help.
  I did snarf this tidbit which may have some relevance
  The current fix for this bug in Mantis and 1.4.1_02 is using JSSE API, Here are the step:
  In Java control panel, Advanced tab -> Java Runtime Parameters, specify:
  -Djavax.net.ssl.keyStore=<name and path to client keystore file>
  -Djavax.net.ssl.keyStorePassword=<password to access this client keystore file>
  If it is a PKCS12 format keystore, specify:
  -Djavax.net.ssl.keyStoreType=PKCS12
  In our future JRE release 1.5, we will create our own client authentication keystore file for JPI and use that for client authentication, for detail info, please see RFE 4797512.
  Dennis
  Posted Date : 2005-07-28 19:55:50.0Good Luck!
  Sincerely:
  (T)
  Edited by: tswain on 23-Jul-2008 10:07 AM

• Using X.509 Client Certificates - SAP ABAP Webgui (SSL)

  Hello,
  current runs the integrated ITS (Webgui). We now want the smart card and have adapted to the configuration:
  RZ10:
  icm/server_port_0=PROT=HTTPS,PORT=1443,TIMEOUT=180                                                                               
  icm/HTTPS/verify_client=2   
  table USREXTID: C=DE,ST=xxx,L=xxx,O=xxx,OU=xxx,CN=xxx,emailAddress=xxx
  smart card certification -> firefox 2.x and IE 7.x install.
  SICF: Webgui Service -> Login with Client Certificate
  The test (with IE or Firefox) was unsuccessful.
  SMICM Trace:
  [Thr 5708] >> -
  Begin of Secude-SSL Errorstack -
  >>
  [Thr 5708] ERROR in ssl3_get_client_certificate: (536871698/0x20000312) the client did not send a certificate handshake message
  [Thr 5708] << -
  End of Secude-SSL Errorstack -
  [Thr 5708] <<- ERROR: SapSSLSessionStart(sssl_hdl=003FFBC0)==SSSLERR_SSL_ACCEPT
  [Thr 5708] ->> SapSSLErrorName(rc=-56)
  [Thr 5708] <<- SapSSLErrorName()==SSSLERR_SSL_ACCEPT
  [Thr 5708] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn.c   1777]
  [Thr 5708] ->> SapSSLSessionDone(&sssl_hdl=023BC640)
  What should I do now?
  Thanks, Silke
  Full Trace:
  sysno      02
  sid        RD1
  systemid   560 (PC with Windows NT)
  relno      7000
  patchlevel 0
  patchno    148
  intno      20050900
  make:      multithreaded, ASCII, optimized
  pid        5468
  [Thr 5416] started security log to file dev_icm_sec
  [Thr 5416] ICM running on: sdatu100.pvw.tu-darmstadt.de
  [Thr 5416] MtxInit: 30001 0 2
  [Thr 5416] IcmInit: listening to admin port: 65000
  [Thr 5416] DpSysAdmExtCreate: ABAP is active
  [Thr 5416] DpSysAdmExtCreate: VMC (JAVA VM in WP) is not active
  [Thr 5416] DpShMCreate: sizeof(wp_adm)          13576     (1044)
  [Thr 5416] DpShMCreate: sizeof(tm_adm)          36258120     (18120)
  [Thr 5416] DpShMCreate: sizeof(wp_ca_adm)          18000     (60)
  [Thr 5416] DpShMCreate: sizeof(appc_ca_adm)     6000     (60)
  [Thr 5416] DpCommTableSize: max/headSize/ftSize/tableSize=2000/8/2112040/2112048
  [Thr 5416] DpShMCreate: sizeof(comm_adm)          2112048     (1048)
  [Thr 5416] DpSlockTableSize: max/headSize/ftSize/fiSize/tableSize=0/0/0/0/0
  [Thr 5416] DpShMCreate: sizeof(slock_adm)          0     (96)
  [Thr 5416] DpFileTableSize: max/headSize/ftSize/tableSize=0/0/0/0
  [Thr 5416] DpShMCreate: sizeof(file_adm)          0     (72)
  [Thr 5416] DpShMCreate: sizeof(vmc_adm)          0     (1296)
  [Thr 5416] DpShMCreate: sizeof(wall_adm)          (224040/329544/56/100)
  [Thr 5416] DpShMCreate: sizeof(gw_adm)     48
  [Thr 5416] DpShMCreate: SHM_DP_ADM_KEY          (addr: 028C0040, size: 38968448)
  [Thr 5416] DpShMCreate: allocated sys_adm at 028C0040
  [Thr 5416] DpShMCreate: allocated wp_adm at 028C1B30
  [Thr 5416] DpShMCreate: allocated tm_adm_list at 028C5038
  [Thr 5416] DpShMCreate: allocated tm_adm at 028C5068
  [Thr 5416] DpShMCreate: allocated wp_ca_adm at 04B591B0
  [Thr 5416] DpShMCreate: allocated appc_ca_adm at 04B5D800
  [Thr 5416] DpShMCreate: allocated comm_adm at 04B5EF70
  [Thr 5416] DpShMCreate: system runs without slock table
  [Thr 5416] DpShMCreate: system runs without file table
  [Thr 5416] DpShMCreate: allocated vmc_adm_list at 04D629A0
  [Thr 5416] DpShMCreate: allocated gw_adm at 04D629E0
  [Thr 5416] DpShMCreate: system runs without vmc_adm
  [Thr 5416] DpShMCreate: allocated ca_info at 04D62A10
  [Thr 5096] IcmProxyWatchDog: proxy watchdog started
  [Thr 5416] CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 0
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 1
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 2
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 3
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 4
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 5
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 6
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 7
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 8
  [Thr 5416] IcmCreateWorkerThreads: created worker thread 9
  [Thr 4352] IcmWatchDogThread: watchdog started
  [Thr 5672] =================================================
  [Thr 5672] = SSL Initialization  on  PC with Windows NT
  [Thr 5672] =   (700_REL,Mar 25 2008,mt,ascii,SAP_UC/size_t/void* = 8/32/32)
  [Thr 5672]   profile param "ssl/ssl_lib" = "D:\usr\sap\RD1\SYS\exe\run\sapcrypto.dll"
             resulting Filename = "D:\usr\sap\RD1\SYS\exe\run\sapcrypto.dll"
  [Thr 5672] =   found SAPCRYPTOLIB  5.5.5C pl17  (Aug 18 2005) MT-safe
  [Thr 5672] =   current UserID: SDATU100\SAPServiceRD1
  [Thr 5672] =   found SECUDIR environment variable
  [Thr 5672] =   using SECUDIR=D:\usr\sap\RD1\DVEBMGS02\sec
  [Thr 5672] =  secudessl_Create_SSL_CTX():  PSE "D:\usr\sap\RD1\DVEBMGS02\sec\SAPSSLC.pse" not found,
  [Thr 5672] =      using PSE "D:\usr\sap\RD1\DVEBMGS02\sec\SAPSSLS.pse" as fallback
  [Thr 5672] =  secudessl_Create_SSL_CTX():  PSE "D:\usr\sap\RD1\DVEBMGS02\sec\SAPSSLA.pse" not found,
  [Thr 5672] =      using PSE "D:\usr\sap\RD1\DVEBMGS02\sec\SAPSSLS.pse" as fallback
  [Thr 5672] ******** Warning ********
  [Thr 5672] *** No SSL-client PSE "SAPSSLC.pse" available
  [Thr 5672] *** -- this will probably limit SSL-client side connectivity
  [Thr 5672] ********
  [Thr 5672] = Success -- SapCryptoLib SSL ready!
  [Thr 5672] =================================================
  [Thr 5672] *** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject no
  X.509 cert data will be removed from header [http_plg.c   720]
  [Thr 5672] ISC: created 400 MB disk cache.
  [Thr 5672] ISC: created 50 MB memory cache.
  [Thr 5672] HttpSubHandlerAdd: Added handler HttpCacheHandler(slot=0, flags=12293) for /:0
  [Thr 5672] HttpExtractArchive: files from archive D:\usr\sap\RD1\SYS\exe\run/icmadmin.SAR in directory D:/usr/sap/RD1/DVEBMGS02/
  [Thr 5672] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=1, flags=4101) for /sap/admin:0
  [Thr 5672] CsiInit(): Initializing the Content Scan Interface
  [Thr 5672]            PC with Windows NT (mt,ascii,SAP_CHAR/size_t/void* = 8/32/32)
  [Thr 5672] CsiInit(): CSA_LIB = "D:\usr\sap\RD1\SYS\exe\run\sapcsa.dll"
  [Thr 5672] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=2, flags=12293) for /:0
  [Thr 5672] HttpSubHandlerAdd: Added handler HttpSAPR3Handler(slot=3, flags=1052677) for /:0
  [Thr 5672] Started service 1443 for protocol HTTPS on host "sdatu100.pvw.tu-darmstadt.de"(on all adapters) (processing timeout=9
  [Thr 5672] Started service 25000 for protocol SMTP on host "sdatu100.pvw.tu-darmstadt.de"(on all adapters) (processing timeout=8
  [Thr 5672] Tue Jul 15 14:38:37 2008
  [Thr 5672] *** WARNING => IcmNetCheck: NiAddrToHost(10.0.0.1) took 5 seconds [icxxman.c    4578]
  [Thr 5672] *** WARNING => IcmNetCheck: 1 possible network problems detected - please check the network/DNS settings [icxxman.c
  [Thr 3932] Tue Jul 15 14:39:32 2008
  [Thr 3932] *** WARNING => IcmCallAllSchedules: Schedule func 1 already running - avoid recursion [icxxsched.c  430]
  [Thr 5416] Tue Jul 15 14:40:23 2008
  [Thr 5416] IcmSetParam: Switched trace level to: 3
  [Thr 5416] *
  [Thr 5416] * SWITCH TRC-LEVEL to 3
  [Thr 5416] *
  [Thr 5416] NiBufIAlloc: malloc ICM_EXT, to 80 bytes
  [Thr 5416]
  NiBufSend starting
  [Thr 5416] NiIWrite: hdl 3 sent data (wrt=80,pac=1,MESG_IO)
  [Thr 5416] SiSelNSelect: start select (timeout=-1)
  [Thr 5416] SiSelNNext: sock 8088 selected (revt=r--)
  [Thr 5416] NiBufISelProcess: hdl 9 process r-
  [Thr 5416] NiBufIAlloc: malloc NIBUF-IN, to 72 bytes
  [Thr 5416] NiIRead: hdl 9 received data (rcd=72,pac=1,MESG_IO)
  [Thr 5416] NiBufIIn: NIBUF len=72
  [Thr 5416] NiBufIIn: packet complete for hdl 9
  [Thr 5416] NiBufISelUpdate: new MODE -- (r-) for hdl 9 in set0
  [Thr 5416] SiSelNSet: set events of sock 8088 to: ---
  [Thr 5416] NiBufISelUpdate: new STAT r-- (---) for hdl 9 in set0
  [Thr 5416] NiSelIListInsert: add hdl 9 [17] to buf-list (0) of set0
  [Thr 5416] NiSelISelectInt: 1 handles selected (1 buffered)
  [Thr 5416] IcmMsgProcess: Receive data from partner: WP(2), wp_no: 1
  [Thr 5416]
  NiBufReceive starting
  [Thr 5416] NiBufISelUpdate: new MODE r- (--) for hdl 9 in set0
  [Thr 5416] SiSelNSet: set events of sock 8088 to: rp-
  [Thr 5416] NiBufISelUpdate: new STAT - (r) for hdl 9 in set0
  [Thr 5416] NiSelIListRemove: remove hdl 9 [17] from buf-list (1) of set0
  [Thr 5416] IcmRecMsg: received 72 bytes
  [Thr 5416] ============================================
  [Thr 5416] | COM_DATA:
  [Thr 5416] | Offset: 0     | Version: 7000
  [Thr 5416] | MsgNo: 2     | Opcode: ICM_COM_OP_ICM_MONITOR (66)
  [Thr 5416] ============================================
  [Thr 5416] IcmHandleAdmMsg: op: 66
  [Thr 5416] NiBufIAlloc: malloc NiBufadm, to 0 bytes
  [Thr 5416] NiBufDup: ref 1 for buf 0252CE50
  [Thr 5416] IcmQueueAppend: queuelen:     1
  [Thr 5416] IcmCreateRequest: Appended request 13
  [Thr 5416] NiBufIAlloc: malloc ICM_EXT, to 80 bytes
  [Thr 5416]
  NiBufSend starting
  [Thr 4392] IcmWorkerThread: worker 3 got the semaphore
  [Thr 4392] REQUEST:
      Type: ADMMSG    Index = 12
  [Thr 4392] NiBufFree: ref 1 for buf 0252CE50
  [Thr 5416] NiIWrite: hdl 9 sent data (wrt=80,pac=1,MESG_IO)
  [Thr 4392] MPI<a>0#5 GetInbuf -1 138968 440 (1) -> 6
  [Thr 4392] IcmHandleMonitorMessage: called with opcode: 100
  [Thr 5416] SiSelNSelect: start select (timeout=-1)
  [Thr 4392] MPI<9>1#4 GetOutbuf -1 1489a0 65536 (0) -> 05348A00 0
  [Thr 4392] MPI<a>0#6 FreeInbuf#2 0 138968  0 -> 0
  [Thr 4392] MPI<9>1#5 FlushOutbuf l-1 1 1 1489a0 1104 6 -> 053489E0 0
  [Thr 4392] IcmWorkerThread: Thread 3: Waiting for event
  [Thr 5416] SiSelNNext: sock 8088 selected (revt=r--)
  [Thr 5416] NiBufISelProcess: hdl 9 process r-
  [Thr 5416] NiBufIAlloc: malloc NIBUF-IN, to 72 bytes
  [Thr 5416] NiIRead: hdl 9 received data (rcd=72,pac=1,MESG_IO)
  [Thr 5416] NiBufIIn: NIBUF len=72
  [Thr 5416] NiBufIIn: packet complete for hdl 9
  [Thr 5416] NiBufISelUpdate: new MODE -- (r-) for hdl 9 in set0
  [Thr 5416] SiSelNSet: set events of sock 8088 to: ---
  [Thr 5416] NiBufISelUpdate: new STAT r-- (---) for hdl 9 in set0
  [Thr 5416] NiSelIListInsert: add hdl 9 [17] to buf-list (0) of set0
  [Thr 5416] NiSelISelectInt: 1 handles selected (1 buffered)
  [Thr 5416] IcmMsgProcess: Receive data from partner: WP(2), wp_no: 1
  [Thr 5416]
  NiBufReceive starting
  [Thr 5416] NiBufISelUpdate: new MODE r- (--) for hdl 9 in set0
  [Thr 5416] SiSelNSet: set events of sock 8088 to: rp-
  [Thr 5416] NiBufISelUpdate: new STAT - (r) for hdl 9 in set0
  [Thr 5416] NiSelIListRemove: remove hdl 9 [17] from buf-list (1) of set0
  [Thr 5416] IcmRecMsg: received 72 bytes
  [Thr 5416] ============================================
  [Thr 5416] | COM_DATA:
  [Thr 5416] | Offset: 0     | Version: 7000
  [Thr 5416] | MsgNo: 2     | Opcode: ICM_COM_OP_ICM_MONITOR (66)
  [Thr 5416] ============================================
  [Thr 5416] IcmHandleAdmMsg: op: 66
  [Thr 5416] NiBufIAlloc: malloc NiBufadm, to 0 bytes
  [Thr 5416] NiBufDup: ref 1 for buf 0252CE50
  [Thr 5416] IcmQueueAppend: queuelen:     1
  [Thr 5416] IcmCreateRequest: Appended request 14
  [Thr 5416] NiBufIAlloc: malloc ICM_EXT, to 80 bytes
  [Thr 5416]
  NiBufSend starting
  [Thr 5784] IcmWorkerThread: worker 4 got the semaphore
  [Thr 5416] NiIWrite: hdl 9 sent data (wrt=80,pac=1,MESG_IO)
  [Thr 5416] NiBufFree: ref 1 for buf 0252CE50
  [Thr 5416] SiSelNSelect: start select (timeout=-1)
  [Thr 5784] REQUEST:
      Type: ADMMSG    Index = 13
  [Thr 5784] MPI<c>0#5 GetInbuf -1 1489a0 440 (1) -> 6
  [Thr 5784] IcmHandleMonitorMessage: called with opcode: 100
  [Thr 5784] MPI<b>1#4 GetOutbuf -1 138968 65536 (0) -> 053389C8 0
  [Thr 5784] MPI<c>0#6 FreeInbuf#2 0 1489a0  0 -> 0
  [Thr 5784] MPI<b>1#5 FlushOutbuf l-1 1 1 138968 1104 6 -> 053389A8 0
  [Thr 5784] IcmWorkerThread: Thread 4: Waiting for event
  [Thr 4352] Tue Jul 15 14:40:26 2008
  [Thr 4352] NiSelISelectInt: 0 handles selected (0 buffered)
  [Thr 4352] IcmWatchDogThread: check ni handles (timeout=10000)
  [Thr 4352] SiSelNFCSelect: start select (timeout=10000)
  [Thr 5416] Tue Jul 15 14:40:29 2008
  [Thr 5416] SiSelNNext: sock 8160 selected (revt=r--)
  [Thr 5416] NiSelIListInsert: add hdl 6 [3] to sel-list (0) of set0
  [Thr 5416] NiSelISelectInt: 1 handles selected (0 buffered)
  [Thr 5416] IcmExternalLogin: Connection request from Client received
  [Thr 5416] NiIAccept: hdl 6 accepted connection
  [Thr 5416] NiICreateHandle: hdl 8 state NI_INITIAL
  [Thr 5416] NiIInitSocket: set default settings for hdl 8 / sock 8076 (I4; ST)
  [Thr 5416] NiIBlockMode: set blockmode for hdl 8 FALSE
  [Thr 5416] NiIAccept: state of hdl 8 NI_ACCEPTED
  [Thr 5416] NiIAccept: hdl 6 accepted hdl 8 from 192.168.1.3:1305
  [Thr 5416] NiIAccept: hdl 8 took local address 130.83.89.22:1443
  [Thr 5416] IcmConnCheckStoredClientConn: next client timeout check in 3 sec
  [Thr 5416] IcmServIncrRefCount: sdatu100.pvw.tu-darmstadt.de:1443 - serv_ref_count: 2
  [Thr 5416] IcmQueueAppend: queuelen:     1
  [Thr 5416] IcmCreateRequest: Appended request 15
  [Thr 5416] IcmConnIntegrateServer: accepted connection from 192.168.1.3 on service 1443
  [Thr 3932] IcmWorkerThread: worker 5 got the semaphore
  [Thr 3932] REQUEST:
      Type: ACCEPT CONNECTION    Index = 14
  [Thr 3932] CONNECTION (id=1/8):
      used: 1, type: 1, role: 1, stateful: 0
      NI_HDL: 8, protocol: HTTPS(2)
      local host:  130.83.89.22:1443 ()
      remote host: 192.168.1.3:1305 ()
      status: NOP
      connect time: 15.07.2008 14:40:29
      MPI request:        <0>      MPI response:        <0>
      request_buf_size:   0        response_buf_size:   0
      request_buf_used:   0        response_buf_used:   0
      request_buf_offset: 0        response_buf_offset: 0
  [Thr 5416] SiSelNSelect: start select (timeout=-1)
  [Thr 3932] MPI:1 create pipe 052002C0 1
  [Thr 3932] MPI<d>1#1 Open( ANONYMOUS 1 1 ) -> 1
  [Thr 3932] MPI<d>1#2 Open( ANONYMOUS 1 0 ) -> 1
  [Thr 3932] MPI:0 create pipe 05200180 1
  [Thr 3932] MPI<e>0#1 Open( ANONYMOUS 0 0 ) -> 0
  [Thr 3932] MPI<e>0#2 Open( ANONYMOUS 0 1 ) -> 0
  [Thr 3932] ->> SapSSLSessionInit(&sssl_hdl=023BC640, role=2 (SERVER), auth_type=2 (REQUIRE_CLIENT_CERT))
  [Thr 3932] <<- SapSSLSessionInit()==SAP_O_K
  [Thr 3932]      in: args = "role=2 (SERVER), auth_type=2 (REQUIRE_CLIENT_CERT)"
  [Thr 3932]     out: sssl_hdl = 003FFBC0
  [Thr 3932] ->> SapSSLSetNiHdl(sssl_hdl=003FFBC0, ni_hdl=8)
  [Thr 3932] NiIBlockMode: set blockmode for hdl 8 TRUE
  [Thr 3932]   SSL NI-sock: local=130.83.89.22:1443  peer=192.168.1.3:1305
  [Thr 3932] <<- SapSSLSetNiHdl(sssl_hdl=003FFBC0, ni_hdl=8)==SAP_O_K
  [Thr 3932] ->> SapSSLSessionStart(sssl_hdl=003FFBC0)
  [Thr 3932]   SapISSLServerCacheExpiration(): Calling ServerCacheCleanup() (lifetime=900)
  [Thr 3932]   SapISSLServerCacheExpiration(srv,"D:\usr\sap\RD1\DVEBMGS02\sec\SAPSSLS.pse"): Cache max/before/now = 5000/1/1
  [Thr 5096] Tue Jul 15 14:40:32 2008
  [Thr 5096] SiSelNSelect: of 1 sockets 0 selected
  [Thr 5096] IcmProxyWatchDog: check sockets (timeout=10000)
  [Thr 5096] SiSelNSelect: start select (timeout=10000)
  [Thr 4352] Tue Jul 15 14:40:36 2008
  [Thr 4352] NiSelISelectInt: 0 handles selected (0 buffered)
  [Thr 4352] IcmCheckForBlockedThreads: check for blocked SSL-threads
  [Thr 4352] IcmWatchDogThread: check ni handles (timeout=10000)
  [Thr 4352] SiSelNFCSelect: start select (timeout=10000)
  [Thr 5096] Tue Jul 15 14:40:42 2008
  [Thr 5096] SiSelNSelect: of 1 sockets 0 selected
  [Thr 5096] IcmProxyWatchDog: check sockets (timeout=10000)
  [Thr 5096] SiSelNSelect: start select (timeout=10000)
  [Thr 3932] Tue Jul 15 14:40:45 2008
  [Thr 3932]   peer has closed connection
  [Thr 3932] <<- SapSSLSessionStart(sssl_hdl=003FFBC0)==SSSLERR_CONN_CLOSED
  [Thr 3932] ->> SapSSLSessionDone(&sssl_hdl=023BC640)
  [Thr 3932] <<- SapSSLSessionDone(sssl_hdl=003FFBC0)==SAP_O_K
  [Thr 3932] NiICloseHandle: shutdown and close hdl 8 / sock 8076
  [Thr 3932] MPI<d>1#3 Close( 1 ) del=0 -> 0
  [Thr 3932] MPI<d>1#5 Delete( 1 ) -> 0
  [Thr 3932] MPI<d>1#4 Close( 1 ) del=1 -> 0
  [Thr 3932] MPI<e>0#3 Close( 0 ) del=0 -> 0
  [Thr 3932] MPI<e>0#5 Delete( 0 ) -> 0
  [Thr 3932] MPI<e>0#4 Close( 0 ) del=1 -> 0
  [Thr 3932] IcmConnFreeContext: context 1 released
  [Thr 3932] IcmServDecrRefCount: sdatu100.pvw.tu-darmstadt.de:1443 - serv_ref_count: 1
  [Thr 3932] IcmWorkerThread: Thread 5: Waiting for event
  [Thr 5416] SiSelNNext: sock 8160 selected (revt=r--)
  [Thr 5416] NiSelIListInsert: add hdl 6 [3] to sel-list (0) of set0
  [Thr 5416] NiSelISelectInt: 1 handles selected (0 buffered)
  [Thr 5416] IcmExternalLogin: Connection request from Client received
  [Thr 5416] NiIAccept: hdl 6 accepted connection
  [Thr 5416] NiICreateHandle: hdl 8 state NI_INITIAL
  [Thr 5416] NiIInitSocket: set default settings for hdl 8 / sock 8092 (I4; ST)
  [Thr 5416] NiIBlockMode: set blockmode for hdl 8 FALSE
  [Thr 5416] NiIAccept: state of hdl 8 NI_ACCEPTED
  [Thr 5416] NiIAccept: hdl 6 accepted hdl 8 from 192.168.1.3:1309
  [Thr 5416] NiIAccept: hdl 8 took local address 130.83.89.22:1443
  [Thr 5416] IcmConnCheckStoredClientConn: check for client conn timeout
  [Thr 5416] IcmConnCheckStoredClientConn: next client timeout check in 60 sec
  [Thr 5416] IcmServIncrRefCount: sdatu100.pvw.tu-darmstadt.de:1443 - serv_ref_count: 2
  [Thr 5416] IcmQueueAppend: queuelen:     1
  [Thr 5416] IcmCreateRequest: Appended request 16
  [Thr 5416] IcmConnIntegrateServer: accepted connection from 192.168.1.3 on service 1443
  [Thr 5708] IcmWorkerThread: worker 6 got the semaphore
  [Thr 5708] REQUEST:
      Type: ACCEPT CONNECTION    Index = 15
  [Thr 5708] CONNECTION (id=1/9):
      used: 1, type: 1, role: 1, stateful: 0
      NI_HDL: 8, protocol: HTTPS(2)
      local host:  130.83.89.22:1443 ()
      remote host: 192.168.1.3:1309 ()
      status: NOP
      connect time: 15.07.2008 14:40:45
      MPI request:        <0>      MPI response:        <0>
      request_buf_size:   0        response_buf_size:   0
      request_buf_used:   0        response_buf_used:   0
      request_buf_offset: 0        response_buf_offset: 0
  [Thr 5416] SiSelNSelect: start select (timeout=-1)
  [Thr 5708] MPI:0 create pipe 05200180 1
  [Thr 5708] MPI<f>0#1 Open( ANONYMOUS 0 1 ) -> 0
  [Thr 5708] MPI<f>0#2 Open( ANONYMOUS 0 0 ) -> 0
  [Thr 5708] MPI:1 create pipe 052002C0 1
  [Thr 5708] MPI<10>1#1 Open( ANONYMOUS 1 0 ) -> 1
  [Thr 5708] MPI<10>1#2 Open( ANONYMOUS 1 1 ) -> 1
  [Thr 5708] ->> SapSSLSessionInit(&sssl_hdl=023BC640, role=2 (SERVER), auth_type=2 (REQUIRE_CLIENT_CERT))
  [Thr 5708] <<- SapSSLSessionInit()==SAP_O_K
  [Thr 5708]      in: args = "role=2 (SERVER), auth_type=2 (REQUIRE_CLIENT_CERT)"
  [Thr 5708]     out: sssl_hdl = 003FFBC0
  [Thr 5708] ->> SapSSLSetNiHdl(sssl_hdl=003FFBC0, ni_hdl=8)
  [Thr 5708] NiIBlockMode: set blockmode for hdl 8 TRUE
  [Thr 5708]   SSL NI-sock: local=130.83.89.22:1443  peer=192.168.1.3:1309
  [Thr 5708] <<- SapSSLSetNiHdl(sssl_hdl=003FFBC0, ni_hdl=8)==SAP_O_K
  [Thr 5708] ->> SapSSLSessionStart(sssl_hdl=003FFBC0)
  [Thr 5708] NiIBlockMode: set blockmode for hdl 8 FALSE
  [Thr 5708] NiIHdlGetStatus: hdl 8 / sock 8092 ok, data pending (len=1)
  [Thr 5708] NiIBlockMode: set blockmode for hdl 8 TRUE
  [Thr 5708]   SSL_get_state() returned 0x00001181 "SSLv3 read client certificate B"
  [Thr 5708] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
  [Thr 5708] SecudeSSL_SessionStart: SSL_accept() failed --
    secude_error 536871698 (0x20000312) = "the client did not send a certificate handshake message for its authentication and we c
  [Thr 5708] >> -
  Begin of Secude-SSL Errorstack -
  >>
  [Thr 5708] ERROR in ssl3_get_client_certificate: (536871698/0x20000312) the client did not send a certificate handshake message
  [Thr 5708] << -
  End of Secude-SSL Errorstack -
  [Thr 5708] <<- ERROR: SapSSLSessionStart(sssl_hdl=003FFBC0)==SSSLERR_SSL_ACCEPT
  [Thr 5708] ->> SapSSLErrorName(rc=-56)
  [Thr 5708] <<- SapSSLErrorName()==SSSLERR_SSL_ACCEPT
  [Thr 5708] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn.c   1777]
  [Thr 5708] ->> SapSSLSessionDone(&sssl_hdl=023BC640)
  [Thr 5708] <<- SapSSLSessionDone(sssl_hdl=003FFBC0)==SAP_O_K
  [Thr 5708] NiICloseHandle: shutdown and close hdl 8 / sock 8092
  [Thr 5708] MPI<f>0#3 Close( 0 ) del=0 -> 0
  [Thr 5708] MPI<f>0#5 Delete( 0 ) -> 0
  [Thr 5708] MPI<f>0#4 Close( 0 ) del=1 -> 0
  [Thr 5708] MPI<10>1#3 Close( 1 ) del=0 -> 0
  [Thr 5708] MPI<10>1#5 Delete( 1 ) -> 0
  [Thr 5708] MPI<10>1#4 Close( 1 ) del=1 -> 0
  [Thr 5708] IcmConnFreeContext: context 1 released
  [Thr 5708] IcmServDecrRefCount: sdatu100.pvw.tu-darmstadt.de:1443 - serv_ref_count: 1
  [Thr 5708] IcmWorkerThread: Thread 6: Waiting for event
  [Thr 4352] Tue Jul 15 14:40:46 2008
  [Thr 4352] NiSelISelectInt: 0 handles selected (0 buffered)
  [Thr 4352] IcmQueueAppend: queuelen:     1
  [Thr 4352] IcmCreateRequest: Appended request 17
  [Thr 4352] IcmWatchDogThread: check ni handles (timeout=10000)
  [Thr 4352] SiSelNFCSelect: start select (timeout=10000)
  [Thr 4196] IcmWorkerThread: worker 7 got the semaphore
  [Thr 4196] REQUEST:
      Type: SCHEDULER    Index = 16
  [Thr 4196] IcmGetSchedule: found slot 0
  [Thr 4196] IcmAlReportData: Reporting data to CCMS Alerting Infrastructure
  [Thr 4196] NiIGetServNo: servicename '1443' = port 05.A3/1443
  [Thr 4196] IcmConnCheckStoredClientConn: next client timeout check in 59 sec
  [Thr 4196] NiIGetServNo: servicename '1443' = port 05.A3/1443
  [Thr 4196] IcmGetServicePtr: new serv_ref_count: 2
  [Thr 4196] PlugInHandleAdmMessage: request received:
  [Thr 4196] PlugInHandleAdmMessage: opcode: 136, len: 272, dest_type: 2, subhdlkey: 262145
  [Thr 4196] HttpSubHandlerCall: Call Handler: HttpCacheHandler, task=4, header_len=0
  [Thr 4196] HttpCacheHandler: 4 0 006BBBC4 00000000
  [Thr 4196] SCACHE: adm request received:
  [Thr 4196] SCACHE: opcode: 136, len: 272, dest_type: 2, dest:
  [Thr 4196] MTX_LOCK 3038 00ADEE88
  [Thr 4196] MTX_UNLOCK 3051 00ADEE88
  [Thr 4196] IctCmGetCacheInfo#5 -> 0
  [Thr 4196] IcmNetBufWrapBuf: allocated netbuf: 00AD2B48, blocks used: 1
  [Thr 4196] IcmNetBufWrapBuf: allocated netbuf: 00AD2B48
  [Thr 4196] IcmNetBufFree: free netbuf: 00AD2B48 out of 1 used
  [Thr 4196] IcmConnFreeContext: context 1 released
  [Thr 4196] IcmServDecrRefCount: sdatu100.pvw.tu-darmstadt.de:1443 - serv_ref_count: 1
  [Thr 4196] IcmGetSchedule: next schedule in 30 secs
  [Thr 4196] IcmWorkerThread: Thread 7: Waiting for event
  [Thr 5096] Tue Jul 15 14:40:52 2008
  [Thr 5096] SiSelNSelect: of 1 sockets 0 selected
  [Thr 5096] IcmProxyWatchDog: check sockets (timeout=10000)
  [Thr 5096] SiSelNSelect: start select (timeout=10000)

  >
  silke kubelka wrote:
  > SMICM-Log:
  >
  *** No SSL-client PSE "SAPSSLC.pse" available
  >
  *** this will probably limit SSL-client side connectivity
  >
  > is this a problem?
  Well, since you want to enable the certificate-based user authentication (where your ABAP server is in the role of the SSL server) this does not matter. But if you intend to use your NWAS ABAP as SSL client (for outbound https communication) then it will matter. To resolve this problem you simply create an SSL Client PSE using transaction STRUST.
  Once you've managed to [configure your NWAS ABAP for SSL,|https://service.sap.com/sap/support/notes/510007] you should see (in the ICM trace) that a X.509 client certificate was received. If the certificate-based logon does not succeed, then it's most likely due to some mapping problems - those can be analysed by using the tracing approach described in [note 495911|https://service.sap.com/sap/support/notes/495911].
  If you need assistance in enabling the X.509 client certificate authentication you should submit an inquiry to SAP (message component BC-SEC-LGN).
  Best regards,
  Wolfgang

• How to load a client certificate into a servlet to access a Web Service

  Hi,
  I am having the following problem:
  I am trying to use a Web Service client (Axis) within a servlet running under
  WebLogic 8.1.
  I would like to have mutual SSL-based authentication between the client and the
  server hosting the Web Service. Thus, my client has to send a certificate to the
  server.
  My problem is: how to get the certificate into the request? I know that, for example,
  the HttpsURLConnection class of WebLogic has a loadIdentity method. But I can't
  use this class.
  Is there any other method to make sure that SSL requests use my client certificates?
  By the way, I am receiving the following error message from the server:
  <Apr 13, 2004 5:35:10 PM EEST> <Debug> <TLS> <000000> <Required peer certificate
  s not supplied by peer>
  <Apr 13, 2004 5:35:10 PM EEST> <Warning> <Security> <BEA-090508> <Certificate
  ch
  ain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  Anyone has an idea?
  Thanks for any hints,
  Zoltan Schreter
  Nokia

  Hi all,
  I have solved this problem basically by using weblogic's SSLSocketFactory instead
  of the default one used by Axis. I created a custom HttpSender (MyHttpSender)
  which uses this Factory. I then created a custom Config class which I pass to
  the constructor of Service. The Config class looks like this:
  public class MyConfig extends SimpleProvider {
  * Constructor - deploy client-side basic transports.
  public MyConfig() {
  deployTransport("java", new SimpleTargetedChain(new JavaSender()));
  deployTransport("local", new SimpleTargetedChain(new LocalSender()));
  deployTransport("http", new SimpleTargetedChain(new MyHttpSender()));
  The relevant code within MyHttpSender looks something like this:
  SSLClientInfo sslinfo = new SSLClientInfo();
  File ClientKeyFile = new File("C:/certificates/testkey.pem");
  File ClientCertsFile = new File("C:/certificates/testcert.pem");
  InputStream[] ins = new InputStream[2];
  ins[0] = new FileInputStream(ClientCertsFile);
  ins[1] = new FileInputStream(ClientKeyFile);
  String pwd = "mykeypass";
  sslinfo.loadLocalIdentity(ins[0], ins[1], pwd.toCharArray());
  javax.net.SocketFactory sockf = weblogic.security.SSL.SSLSocketFactory.getJSSE(sslinfo);
  sock = sockf.createSocket(host, port) ;
  By the way, this change also solved the other problem I posted about (not being
  able to tunnel through the https proxy).
  Cheeers,
  Zoltan Schreter
  Nokia
  "Tony" <TonyV> wrote:
  Which API's are you currently using for the SSL communication in the
  client
  side?
  Tony
  "Zoltan Schreter" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  I am having the following problem:
  I am trying to use a Web Service client (Axis) within a servlet runningunder
  WebLogic 8.1.
  I would like to have mutual SSL-based authentication between the clientand the
  server hosting the Web Service. Thus, my client has to send a certificateto the
  server.
  My problem is: how to get the certificate into the request? I knowthat,
  for example,
  the HttpsURLConnection class of WebLogic has a loadIdentity method.But I
  can't
  use this class.
  Is there any other method to make sure that SSL requests use my clientcertificates?
  By the way, I am receiving the following error message from the server:
  <Apr 13, 2004 5:35:10 PM EEST> <Debug> <TLS> <000000> <Required peercertificate
  s not supplied by peer>
  <Apr 13, 2004 5:35:10 PM EEST> <Warning> <Security> <BEA-090508><Certificate
  ch
  ain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  Anyone has an idea?
  Thanks for any hints,
  Zoltan Schreter
  Nokia

• IPhone Mail app; IMAP; x509 client certificate?

  The title says it all really.
  I have an x509 client certificate happily installed in my iPhone's keychain. This certificate works correctly in Safari, allowing access to sites which demand it. When I try to collect mail from an IMAP server which also requires a client certificate, it doesn't work.
  As far as I can work out, the Mail app is not sending my client certificate when the server requests it to do so. Is this true? Is there a way to configure the Mail app to respond correctly to the server's client certificate request? Any pointers or information welcome!

  I think so.
  Actually I think I need to get the App Password for Mail on my phone. It generates the app password and I enter it into the password in the gmail setup for mail.
  The problem is that when I hit next on that page, I get the message:
  "my name" is already added" and I cannot proceed.
  Before doing this setup I deleted my gmail account by tapping the email address and hitting delete in the Mail, Contact and Calendars setup..
  but, there is something hiding in my iPhone that remembers my old gmail password (I guess) and doesn't let me proceed.
  If I enter my gmail iChain password I get the same thing.
  If i do this in airplane mode (no connection to google) i also get the same.
  I talked to an apple care person who had me reset all my settings... still the same thing.
  I am trying to avoid a gull reset of the iPhone, but that may be in the cards.
  Going to go to the apple store and ask there, but i am not hopeful.
  Barry

• SOAP Receiver Adapter problem (client certificate required)

  My Scenario is similar to described in https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3721. [original link is broken] [original link is broken] [original link is broken] I have two PI servers running on one machine. I am trying to post message HTTPS with Client authentication via SOAP adapter from one PI system to SOAP adapter of other PI server. I have done the following configuration.
  PI Server AXD - (Client) - Receiver SOAP adapter
  PI Server AXQ - (Server) - Sender SOAP Adapter.
  Steps in AXD
  1. I have created a certificate of AXD in the service_ssl view of key storage.
  2. I have imported the AXQ public certificate in to AXD in the TrustedCAs of Key storage
  Steps in AXQ
  1. I have created a certificate of AXQ in the service_ssl view of key storage.
  2. I have imported the AXD public certificate in to AXQ in the TrustedCAs of Key storage.
  3. I have created a user in AXQ and assigned the certificate of AXD under usermangement in Security provider to this user.
  4. I have added the AXD certificate under Client Authentication tab with require client certificate option checked in the SSL Provider.
  5. I have assigned the user created in AXQ in the step above to the Sender Agreement.
  Now when I post message from AXD with Configure Client Authentication checked (Here I have selected the certificate of AXD and view as service_ssl) I am getting the following error.
  Exception caught by adapter framework: SOAP: response message contains an error XIServer/UNKNOWN/ADAPTER.JAVA_EXCEPTION - java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:884) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl0_3
  Any pointer to solve this problem is highly appreciated.
  Thanks
  Abinash

  Hi Hemant,
  I have couple of questions. Why do we need to import certificate for SOAP WS-Security and from where I can get it?
  As far as my scenario goes I am not using message level security.
  Secondly what do you mean by TRUSTED/WebServiceSecurity? I don't see any such view inside the Key Storage.  I can see a view named just WebServiceSecuity though.
  Also I don't have a decentralized adapter installation rather I have two separate PI instances having their own central adapter engine.
  Abinash