Peer not authenticated?

Similar Messages

• "Peer Not Authenticated" exception.

  I am trying to connect to a SSL enabled Lotus Domino Mail Server, using JSSE.
  At the client side this is the exception encountered:
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
       at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain([DashoPro-V1.2-120198])
       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java, Compiled Code)
       at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java, Compiled Code)
       at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2459)
       at HTTPClient.HTTPConnection.Get(HTTPConnection.java:812)
       at com.tibco.portal.transformation.APHTTPCache.getHTTPResponse(Unknown Source)
       at com.tibco.portal.transformation.APHTTPCache.getSingleResponse(Unknown Source)
       at com.tibco.portal.transformation.APHTTPCache.getContent(Unknown Source)
       at com.tibco.portal.transformation.APHttpSourceInstance.getContentObject(Unknown Source)
       at com.tibco.portal.transformation.APHttpSourceInstance.getUnstructuredContent(Unknown Source)
  And at the Lotus Domino server end this is the error logged:
  [25/Jul/2001:10:05:02 +0800] [PUT NOT ALLOWED] [host: 10.96.68.234] SSL Handshake failed
  I already have the correct certificate imported.
  Any help is appreciated.
  -Asha

  Hi Asha,
  Try by setting setNeedClientAuth(true) on the SSLSocketFactory .
  Netscape 4.51 works fine.It works fine. IE 5.0 apparently doesn't like to do client authentication over an HTTPS SSL socket which has already been handshaked. If the server instead requests client authentication for the initial handshake on the HTTPS socket then everything works fine with IE. The SSLPeerNotAuthenticated exception correct reflects the fact that IE has chosen to not client authenticate.
  Hope this will help you.
  Regards,
  Anil.
  Techncial Support Engineer.

• SSLPeerUnverifiedException: peer not authenticated

  Hello, I'm trying to setup service at SMP which should connect to our NW Gateway using SSL. But when I'm trying to ping endpoint service I see error
  "Backend system cannot be reached"
  Error in the server.log -
  2014 08 01 10:59:24#+0300#ERROR#com.sap.mobile.platform.server.online.admin.ping.PingService##anonymous#http-bio-8083-exec-4###Exception:::Root cause::: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated|
  I added NW cer file to smp_keystore.jks and sapjvm keystore, but it doesn't help. NW certificate is self signed, can it be the cause of problem?
  P.S. version of SMP is 3.0.0

  Alexander Rykalin
  Has your problem been resolved?
  I encountered the same issue recently. This is how i was able to resolve it:
  1. Set the JAVA Env Variables
       JAVA_HOME : C:\Program Files\Java\jdk1.8.0_05
       PATH: C:\Program Files\Java\jdk1.8.0_05\bin
  2. Since it is HTTPS based backend destination,  import its certificate to SMP keystore file
      Run this below under  C:\SAP\MobilePlatform3\Server\configuration
  keytool -import -v -alias sapgatewaycert -keystore smp_keystore.jks -storepass changeit -file c:\certificatelocation.cer
  where changeit: smp keystore password (you must have set it during SMP server installation)
  3. Press 'Y' for confirmation
  4. Restart SMP server machine.
  Rgrds,
  JK

• Random Peer Not Authenticated

  We've encountered a rather delicious problem that we believe might be a bug in JSSE. We have a URL with valid Verisign certificate. We have a Java client that uses Inovention's HTTPClient library which in turn is set to use Sun's JSSE for HTTPS. We can run for days with no problems and then all of sudden the client refuses to validate the server certificate, throwing a Peer Not Authenticated Exception. We turned on the -Djavax.net.debug=all flag and found that both the "good" and "bad" handshakes had completely identical request/response packets -- up until the point when somewhere deep Sun's JSSE code an ArrayIndexOutOfBounds exception was thrown causing JSSE to think the certificate was not go (hence a Peer Not Authenticated Exception). We decomplied/recompiled JSSE with a few lines of debugging to print out a stack trace of the ArrayIndexOutOfBounds exception, but it didn't really tell us much.
  Here is the unencrypted SSL handshake dump (plus extra debugging). We are completely baffled at this one and are thinking about trying a different SSL implementation.
  chain [0] = [
  Version: V3
  Subject: CN=GETADNDATA.ACXIOM.COM, OU=ADNPLPWEB1, O=ACXIOM, L=Conway, ST=Arkansas, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@9b72a131
  Validity: [From: Tue Feb 19 19:00:00 EST 2002,
                 To: Mon Mar 03 18:59:59 EST 2003]
  Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  SerialNumber: [    7d6e3ded edac9ca1 6eace72a 1c3659e2 ]
  Certificate Extensions: 7
  [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
  0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
  0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
  [2]: ObjectId: 2.16.840.1.113733.1.6.15 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 0B 16 09 31 37 36 33 39 31 39 34 34 ....176391944
  [3]: ObjectId: 2.5.29.32 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 3D 30 3B 30 39 06 0B 60 86 48 01 86 F8 45 01 .=0;09..`.H...E.
  0010: 07 17 03 30 2A 30 28 06 08 2B 06 01 05 05 07 02 ...0*0(..+......
  0020: 01 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 ...https://www.v
  0030: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 erisign.com/rpa
  [4]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
  0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
  0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
  0030: 76 65 72 2E 63 72 6C ver.crl
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  DigitalSignature
  Key_Encipherment
  [6]: ObjectId: 2.5.29.37 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 ..0...+.........
  0010: 2B 06 01 05 05 07 03 02 +.......
  [7]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [MD5withRSA]
  Signature:
  0000: 09 83 38 05 2D 9B 5B A7 17 4F 48 AB 3D 52 34 13 ..8.-.[..OH.=R4.
  0010: 1E B8 28 B3 3F A9 EB 02 27 37 35 0B A6 5A AB DF ..(.?...'75..Z..
  0020: B2 E2 35 FE 59 F7 33 2A 67 C5 B6 BC 1D 3C 0C BF ..5.Y.3*g....<..
  0030: FD 71 90 9F 5F 15 A6 F7 A5 8E 88 CF A6 64 A0 56 .q.._........d.V
  0040: 73 33 2D 3A 9E 9E 1D 1D 03 3B 76 C9 E6 05 08 0E s3-:.....;v.....
  0050: 14 8C 19 28 EB 00 D6 44 F1 06 42 AB C6 50 9A 05 ...(...D..B..P..
  0060: 2F 42 06 A1 9D DA 40 22 FA EF 21 27 43 C6 8A 05 /B....@"..!'C...
  0070: 6D 33 08 0A 31 89 3F 05 32 78 57 F4 85 m3..1.?.2xW..
  chain [1] = [
  Version: V1
  Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@afd22131
  Validity: [From: Tue Nov 08 19:00:00 EST 1994,
                 To: Thu Jan 07 18:59:59 EST 2010]
  Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  SerialNumber: [    02ad667e 4e45fe5e 576f3c98 195eddc0 ]
  Algorithm: [MD2withRSA]
  Signature:
  0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
  0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
  0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
  0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
  0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
  0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
  0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
  0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
  Entering method b(X509Certificate[])
  Got a PublicKey: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@afd22131
  java.lang.ArrayIndexOutOfBoundsException: 0
       at COM.rsa.jsafe.dd.a([DashoPro-V1.2-120198])
       at COM.rsa.jsafe.ak.b([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.JS_Signature.engineVerify([DashoPro-V1.2-120198])
       at java.security.Signature$Delegate.engineVerify(Signature.java:652)
       at java.security.Signature.verify(Signature.java:385)
       at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:288)
       at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:252)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.b(X509TrustManagerImpl.java:289)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.isServerTrusted(X509TrustManagerImpl.java:236)
       at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.isServerTrusted([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
       at java.io.OutputStream.write(OutputStream.java:66)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getSession([DashoPro-V1.2-120198])
       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java)
       at com.mbusa.trillium.AbiliTecRequest.postRequest(AbiliTecRequest.java)
       at com.mbusa.trillium.AbiliTecRequest.execute(AbiliTecRequest.java)
       at com.mbusa.trillium.AppendLinkRequest.fillAbiliTecID(AppendLinkRequest.java)
       at com.mbusa.trillium.TrilliumAPIHandler.basicGetAbiliTecID(TrilliumAPIHandler.java)
       at com.mbusa.trillium.TrilliumAPIHandler.matchClient(TrilliumAPIHandler.java)
       at com.mbusa.trillium.TrilliumAPIHandler.matchClient(TrilliumAPIHandler.java)
       at java.lang.reflect.Method.invoke(Native Method)
       at com.mbusa.lang.DynamicObject.perform(DynamicObject.java)
       at com.mbusa.lang.DynamicObject.perform(DynamicObject.java)
       at com.mbusa.service.RemoteMethodHandler.selfPerform(RemoteMethodHandler.java)
       at com.mbusa.service.RemoteMethodHandler.performCommand(RemoteMethodHandler.java)
       at com.mbusa.service.RemoteMethodHandler.handle(RemoteMethodHandler.java)
       at com.mbusa.net.CommAdapter.run(CommAdapter.java)
       at java.lang.Thread.run(Thread.java:481)
  verify failed: [
  Version: V3
  Subject: CN=GETADNDATA.ACXIOM.COM, OU=ADNPLPWEB1, O=ACXIOM, L=Conway, ST=Arkansas, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@9b72a131
  Validity: [From: Tue Feb 19 19:00:00 EST 2002,
                 To: Mon Mar 03 18:59:59 EST 2003]
  Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  SerialNumber: [    7d6e3ded edac9ca1 6eace72a 1c3659e2 ]
  Certificate Extensions: 7
  [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
  0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
  0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
  [2]: ObjectId: 2.16.840.1.113733.1.6.15 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 0B 16 09 31 37 36 33 39 31 39 34 34 ....176391944
  [3]: ObjectId: 2.5.29.32 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 3D 30 3B 30 39 06 0B 60 86 48 01 86 F8 45 01 .=0;09..`.H...E.
  0010: 07 17 03 30 2A 30 28 06 08 2B 06 01 05 05 07 02 ...0*0(..+......
  0020: 01 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 ...https://www.v
  0030: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 erisign.com/rpa
  [4]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
  0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
  0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
  0030: 76 65 72 2E 63 72 6C ver.crl
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  DigitalSignature
  Key_Encipherment
  [6]: ObjectId: 2.5.29.37 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 ..0...+.........
  0010: 2B 06 01 05 05 07 03 02 +.......
  [7]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [MD5withRSA]
  Signature:
  0000: 09 83 38 05 2D 9B 5B A7 17 4F 48 AB 3D 52 34 13 ..8.-.[..OH.=R4.
  0010: 1E B8 28 B3 3F A9 EB 02 27 37 35 0B A6 5A AB DF ..(.?...'75..Z..
  0020: B2 E2 35 FE 59 F7 33 2A 67 C5 B6 BC 1D 3C 0C BF ..5.Y.3*g....<..
  0030: FD 71 90 9F 5F 15 A6 F7 A5 8E 88 CF A6 64 A0 56 .q.._........d.V
  0040: 73 33 2D 3A 9E 9E 1D 1D 03 3B 76 C9 E6 05 08 0E s3-:.....;v.....
  0050: 14 8C 19 28 EB 00 D6 44 F1 06 42 AB C6 50 9A 05 ...(...D..B..P..
  0060: 2F 42 06 A1 9D DA 40 22 FA EF 21 27 43 C6 8A 05 /B....@"..!'C...
  0070: 6D 33 08 0A 31 89 3F 05 32 78 57 F4 85 m3..1.?.2xW..
  verify exception was: java.lang.ArrayIndexOutOfBoundsException: 0
  Thread-99, SEND SSL v3.1 ALERT: fatal, description = certificate_unknown
  Thread-99, WRITE: SSL v3.1 Alert, length = 2
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
       at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain([DashoPro-V1.2-120198])
       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java)
       at com.mbusa.trillium.AbiliTecRequest.postRequest(AbiliTecRequest.java)
       at com.mbusa.trillium.AbiliTecRequest.execute(AbiliTecRequest.java)
       at com.mbusa.trillium.AppendLinkRequest.fillAbiliTecID(AppendLinkRequest.java)
       at com.mbusa.trillium.TrilliumAPIHandler.basicGetAbiliTecID(TrilliumAPIHandler.java)
       at com.mbusa.trillium.TrilliumAPIHandler.matchClient(TrilliumAPIHandler.java)
       at com.mbusa.trillium.TrilliumAPIHandler.matchClient(TrilliumAPIHandler.java)
       at java.lang.reflect.Method.invoke(Native Method)
       at com.mbusa.lang.DynamicObject.perform(DynamicObject.java)
       at com.mbusa.lang.DynamicObject.perform(DynamicObject.java)
       at com.mbusa.service.RemoteMethodHandler.selfPerform(RemoteMethodHandler.java)
       at com.mbusa.service.RemoteMethodHandler.performCommand(RemoteMethodHandler.java)
       at com.mbusa.service.RemoteMethodHandler.handle(RemoteMethodHandler.java)
       at com.mbusa.net.CommAdapter.run(CommAdapter.java)
       at java.lang.Thread.run(Thread.java:481)
  %% Client cached [Session-11, SSL_RSA_WITH_RC4_128_MD5]
  %% Try resuming [Session-11, SSL_RSA_WITH_RC4_128_MD5] from port 37667
  *** ClientHello, v3.1
  RandomCookie: GMT: 998650415 bytes = { 250, 15, 76, 81, 166, 214, 100, 36, 42, 123, 172, 48, 87, 224, 204, 87, 104, 13, 13, 252, 139, 7, 6, 69, 80, 241, 187, 253 }
  Session ID: {0, 0, 235, 228, 46, 58, 167, 168, 42, 79, 80, 97, 137, 186, 26, 43, 4, 5, 187, 20, 122, 144, 61, 98, 248, 133, 29, 131, 119, 169, 179, 28}
  Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 91
  0000: 01 00 00 57 03 01 3C 86 32 2F FA 0F 4C 51 A6 D6 ...W..<.2/..LQ..
  0010: 64 24 2A 7B AC 30 57 E0 CC 57 68 0D 0D FC 8B 07 d$*..0W..Wh.....
  0020: 06 45 50 F1 BB FD 20 00 00 EB E4 2E 3A A7 A8 2A .EP... .....:..*
  0030: 4F 50 61 89 BA 1A 2B 04 05 BB 14 7A 90 3D 62 F8 OPa...+....z.=b.
  0040: 85 1D 83 77 A9 B3 1C 00 10 00 05 00 04 00 09 00 ...w............
  0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
  Thread-67, WRITE: SSL v3.1 Handshake, length = 91
  Thread-67, READ: SSL v3.1 Handshake, length = 1536
  *** ServerHello, v3.1
  RandomCookie: GMT: 30987 bytes = { 105, 65, 51, 210, 246, 7, 94, 128, 115, 207, 84, 178, 116, 120, 61, 85, 225, 208, 70, 111, 239, 140, 160, 95, 126, 6, 74, 20 }
  Session ID: {0, 0, 229, 0, 57, 140, 255, 11, 220, 44, 246, 19, 150, 78, 207, 18, 103, 155, 161, 60, 76, 244, 15, 184, 185, 137, 56, 9, 167, 236, 245, 181}
  Cipher Suite: { 0, 4 }
  Compression Method: 0
  %% Created: [Session-24, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 00 00 79 0B 69 41 33 D2 F6 07 ...F....y.iA3...
  0010: 5E 80 73 CF 54 B2 74 78 3D 55 E1 D0 46 6F EF 8C ^.s.T.tx=U..Fo..
  0020: A0 5F 7E 06 4A 14 20 00 00 E5 00 39 8C FF 0B DC ._..J. ....9....
  0030: 2C F6 13 96 4E CF 12 67 9B A1 3C 4C F4 0F B8 B9 ,...N..g..<L....
  0040: 89 38 09 A7 EC F5 B5 00 04 00 .8........
  *** Certificate chain

  After much trial and error, it seems to have turned out that the JDK version was to blame. The code was running on an AIX box with the IBM JDK 1.2. After upgrading to the IBM JDK 1.3.1 (and still using Sun's JSSE 1.0.2), the problem went away.
  Unfortunately, after 4 months of no problems, the problem has mysteriously come back after server's machine was rebuilt (and hence received a new certificate).

• SSLPeerUnverifiedException: peer not authenticated (HELP!)

  I'm trying to write a very simple Java app that connects to a IIS/Tomcat server and uploads a file (using PUT) via HTTPS (using JSSE and the HTTPClient package w/JSSE patch.) I've done this with no problems using straight HTTP, however I'm not having much success with HTTPS. It seems to be a certificate issue as I'm getting the error:
  javax.net.ssl.SSLPeerUnverified Exception: peer not authenticated
  As I'm a novice at this SSL stuff, I'm clueless on how to set up the appropriate certificates. I've tried creating a certificate on the server with keytool, and then exporting that cert and importing it on the client - but that hasn't helped. Nor have I been able to find any documentation that's of much help on the web. If someone could point me in the right direction, I'd appreciate it very much.
  Thanks,

  Hi!
  You can find a good doc at: developerWorks, from IBM.
  Search for "Custom SSL for advanced JSSE developers", you can also
  find other good tutorials.
  Using SSL you can request to the client to autenticate itself or not.
  That exception always appear when you have enabled that option.
  You can use "ServerSocket serverSocket.setNeedClientAuth(false);"
  to disabled it.
  If you are looking for an authenticated client you have to import server certificate in the client's truststore.
  If you need more help tell me.
  Bye

• Peer not authenticated exception on every SSL request

  I'm using VeriSign-issued SSL certificates and WebLogic appears to be working fine with them.  No browser issues, no server errors -- unless I enable SSL debugging.  We were investigating an earlier issue (See: Extremely slow Apache 2.2-WebLogic 12c proxy behavior when using SSL) and we noticed that with every SSL request, we see the following error in the weblogic-server.log:
  ####<Nov 18, 2013 3:46:52 PM CST> <Debug> <SecuritySSL> <zlxv8131.vci.att.com> <CASWEBAdminServer> <ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1384811212294> <BEA-000000> <Exception processing certificates: peer not authenticated
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
          at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
          at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:203)
          at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:163)
          at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:74)
          at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:300)
          at weblogic.servlet.internal.HttpConnectionHandler.dispatch(HttpConnectionHandler.java:558)
  We continue to see this for every HTTPS request -- every initial GET for the page, and all GETs for associated scripts, images, stylesheets, etc. 
  This is WebLogic 12.1.1.0 on Red Hat Enterprise Linux 6.  I have the following startup options set:
  -Dweblogic.StdoutDebugEnabled=true
  -Dssl.debug=true
  -Dweblogic.security.SSL.nojce=true
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  -Dweblogic.security.SSL.enforceConstraints=off
  Is this actually a concern, given that we only see it when extended SSL debugging is enabled?  When I Google (or search the Oracle forums) for this error, I find only my earlier posting, or folks dealing with self-signed certificates.  Surely this is a more common issue.  We are experiencing it on several different WebLogic installations on different servers.  Exact same error on every SSL request, yet the page renders fine and there are no processing errors or delays -- just the debugging error above.
  Any assistance would be much appreciated!
  --sam

  I using WebLogic 12.1.2 and having the same problem.
  <Dec 5, 2013 3:13:01 PM SGT> <Debug> <SecuritySSL> <BEA-000000> <Exception processing certificates: peer not authenticated
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
          at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
          at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:222)
          at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:165)
          at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:75)
          at weblogic.servlet.internal.ServletRequestImpl.initFromRequestParser(ServletRequestImpl.java:303)
          at weblogic.servlet.internal.HttpConnectionHandler.dispatch(HttpConnectionHandler.java:570)
          at weblogic.servlet.internal.MuxableSocketHTTP.dispatch(MuxableSocketHTTP.java:119)
          at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:216)
          at weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:186)
          at weblogic.socket.JSSEFilterImpl.dispatch(JSSEFilterImpl.java:216)
          at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:996)
          at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:928)
          at weblogic.socket.NIOSocketMuxer.process(NIOSocketMuxer.java:507)
          at weblogic.socket.NIOSocketMuxer.processSockets(NIOSocketMuxer.java:473
          at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:30)
          at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:
  43)
          at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:147)
          at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:119)
  >
  The page renders fine but when I use t3s connection (for ssl) as following:
  Context oContext ;
  Hashtable <String,String> oHashtable = new Hashtable<String,String>();
  oHashtable.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
  oHashtable.put(Context.PROVIDER_URL,  "t3s://localhost:7002");
  oContext = new InitialContext(oHashtable);
  I will get the following error:
  <Dec 5, 2013 3:19:09 PM SGT> <Debug> <SecuritySSL> <BEA-000000> <[Thread[Execute
  Thread: '0' for queue: 'weblogic.socket.Muxer',5,Thread Group for Queue: 'weblogic.socket.Muxer']]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
  javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
          at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
          at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619)
          at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587)
          at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1756)
          at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1060)
          at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884)
          at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
  Please help on this. Thanks.

• "peer not authenticated" - Connecting to ORDS with SQL Developer

  Background
  Configuring ORDS (2.0.7) to my database, with APEX_LISTENER and APEX_REST_PUBLIC_USER created via APEX 4.2.2 script.
  Listener is running as expected - and APEX works as expected.
  ORDS credential setup (as made evident by the credentials file with the user name inside)
  Addition of the line to the ords/default.xml:  <entry key="security.verifySSL">false</entry>
  To allow connection without using SSL.
  Current Status
  I am able to connect using SQL Developer "Restful Data Services" feature using the "HTTP" connection and the credentials that have been setup successfully.
  Problem
  Attempting to configure a SQL Developer (4.0.2.15) connection using the same account, but HTTPS with 443 - the connection results in the error message:
  Authentication Failure
  Cannot connect to S42
  peer not authenticated
  Additional
  I am using an installation of Tomcat and a version of Glassfish to test this feature.  I have received the same error on both test cases.
  I have also tested by removing the <entry key="security.verifySSL">false</entry>
  Is there a specific type of HTTPS certificate that is required to connect using HTTPS? 
  Did I miss a different setting?
  Regards,
  Tim St.

  Got this working, needed a change to the config file on weblogic server by our DBA.

• Peer not authenticated error CFHTTP

  Hi
  I'm trying to call a web page using cfhttp. The url works fine and returns XML when called directly from the browser (any browser) but fails with the following error message when called from a .cfm file using cfhttp:
  struct
  Charset
  [empty string]
  ErrorDetail
  I/O Exception: peer not authenticated
  Filecontent
  Connection Failure
  Header
  [empty string]
  Mimetype
  Unable to determine MIME type of file.
  Responseheader
  struct [empty]
  Statuscode
  Connection Failure. Status code unavailable.
  Text
  YES
  Symptoms:
  It's a secured url (https) so I've attempted using the port 443 (which I verified with the vendor) and a plethora of other combinations of parameters.
  I was reviewing past errors like this via Google searches on different CF forums where they stated that the solution was either a bug fix from Adobe or that you needed to download the security certificate onto your own server, but all of those references were to CF9, and I'm running CF10. I've been able to use CFHTTP on other SSL protected sites and the response comes back just fine, just this particular URL. Why would this URL fail with this message and not others? And why would the url display without error from a call from a browser but not CF10?
  I was also able to make the call to the page successfully using the command line tool curl.
  What do I need to do with ColdFusion10 to get my CFHTTP requests to work?
  Thanks in advance,
  Rich

  If the certificates from the certificate chain are not listed as trusted in the Java key store, then the request will fail. This is the way the JVM works (which is where CF is running).  If you are using a self-signed certificate or a certificate from a certificate authority that is not trusted by the JVM, then it will fail, every time.
  There was also a bug in CF9 Enterprise which would sometimes result in a certificate not being accepted, but I believe that has been fixed in CF10. It was acutally a problem with a 3rd party crypto library that was included in CF enterprise.
  So, chances are that you are goign to need to imort one or more certificates into the JVM keystore. You said you've already found sintructions on how to do that, so I won't rehash.  If it is a self-signed cert, you will need to import that.  If it is a cert with a CA parent, then you should just be able to install the CA root cert.
  Hope this helps.
  Jason

• Peer not authenticated error recieved when discovering new database targets

  I am using OEM GC 10.2.0.4 On one of my OEM servers I get an error when attempting to discover new database targets. This occurs on the two database servers used for development. I can successfully discover targets on the OEM server itself.
  The error is "peer not authenticated"
  Also this error is recieved when trying to configure a database
  oracle.sysman.emSDK.emd.comm.CommException: peer not authenticated
  I have uninstalled and reinstalled the agents on both servers. After uninstalling the agent the command
  exec mgmt_admin.cleanup_agent('HOSTNAME:AGENT_PORT');
  commit;
  was run on the OEM repository database.
  Any suggestions as to what might be causing this?
  Thanks.

  Here is the solution
  peer not authenticated?
  Hope this helps.
  Regards
  Click here to [See the ORA-27102 Error and Soltuion on Solaris|http://www.oracleracexpert.com/2009/08/ora-27102-out-of-memory-on-solaris.html]
  Click here to [See the solution for ORA-19755 Error during recovery/DB startup|http://www.oracleracexpert.com/2009/09/ora-19755-could-not-open-change.html]
  http://www.oracleracexpert.com

• "peer not authenticated" in IDT when connecting to https

  I am trying to create an ODATA connection in Information Design Tool (4.1 SP2).
  In the Service Root URI, if I use HTTPS, it gives me an error: "peer not authenticated"
  I have this issue in both external (like https://api.datamarket.azure.com/data.ashx/data.gov/Crimes/) and internal websites
  Any idea how I can fix this?

  Here is the solution
  peer not authenticated?
  Hope this helps.
  Regards
  Click here to [See the ORA-27102 Error and Soltuion on Solaris|http://www.oracleracexpert.com/2009/08/ora-27102-out-of-memory-on-solaris.html]
  Click here to [See the solution for ORA-19755 Error during recovery/DB startup|http://www.oracleracexpert.com/2009/09/ora-19755-could-not-open-change.html]
  http://www.oracleracexpert.com

• Urgent Help Please : Peer not authenticated

  Hello Everyone,
  I am using JBoss with Tomcat. I have imported my CER file into the JRE/lib/cacerts file as a trusted certificate. I have a simple client and a simple servlet.
  Here is the code.
  Client
  import java.io.*;
  import java.io.FileInputStream;
  import java.security.KeyStore;
  import java.security.KeyStoreException;
  import java.security.NoSuchAlgorithmException;
  import javax.net.ssl.*;
  public class TestSecureClient
  private SSLContext ctx;
  private TrustManagerFactory tmf;
  private KeyStore ks;
  private char[] passphrase = "localhost".toCharArray();
  public TestSecureClient()
  // System.setProperty("javax.net.ssl.trustStore","C:\\j2sdk1.4.0_01\\jre\\lib\\security\\cacerts");
  System.setProperty("javax.net.debug", "ssl");
  try
  loadKeystore();
  catch (Exception e)
  e.printStackTrace();
  private void loadKeystore()
  throws Exception
  System.out.println("set up context, keystore and trustManagerFactory");
  ctx = SSLContext.getInstance("SSL");
  tmf = TrustManagerFactory.getInstance("SunX509");
  ks = KeyStore.getInstance("JKS");
  System.out.println(
  "set context to ssl, tmf to X509 and keystore to JKS");
  ks.load(new FileInputStream("C:\\keys\\.keystore"), passphrase);
  System.out.println("loading testkeys using passphrase");
  tmf.init(ks);
  System.out.println("initialise keystore using passphrase");
  ctx.init(null, tmf.getTrustManagers(), null);
  System.out.println("initialise the key manager");
  connect();
  private void connect()
  throws Exception
  SSLSocketFactory factory = ctx.getSocketFactory();
  System.out.println("got socket factory, now trying to create socket");
  SSLSocket socket = (SSLSocket)factory.createSocket("localhost", 8443);
  System.out.println("starting handshake");
  socket.addHandshakeCompletedListener(new HandshakeCompletedListener() {
  public void handshakeCompleted(HandshakeCompletedEvent event)
  System.out.println("Handshake finished!");
  System.out.println("\t CipherSuite:" + event.getCipherSuite());
  System.out.println("\t SessionId " + event.getSession());
  System.out.println(
  "\t PeerHost " + event.getSession().getPeerHost());
  socket.startHandshake();
  System.out.println("SSL Socket Connected");
  postToServlet(socket);
  private void postToServlet(SSLSocket pSocket)
  try
  PrintWriter out = new PrintWriter(new BufferedWriter(new OutputStreamWriter(pSocket.getOutputStream())));
  out.println(
  "GET https://localhost/httpstest/SimpleServlet HTTP/1.1");
  out.println();
  out.flush();
  * Make sure there were no surprises
  if (out.checkError())
  System.out.println(
  "SSLSocketClient: java.io.PrintWriter error");
  /* read response */
  BufferedReader in = new BufferedReader(new InputStreamReader(pSocket.getInputStream()));
  String inputLine;
  while ((inputLine = in.readLine()) != null)
  System.out.println(inputLine);
  in.close();
  out.close();
  pSocket.close();
  catch (Exception e)
  System.out.println(e);
  public static void main(String[] args)
  new TestSecureClient();
  Here is my SimpleServlet
  import java.io.*;
  import java.io.IOException;
  import java.io.ObjectInputStream;
  import java.io.ObjectOutputStream;
  import java.io.PrintWriter;
  import java.io.Serializable;
  import java.security.*;
  import javax.net.ssl.*;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServlet;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import javax.servlet.http.HttpSession;
  public class SimpleServlet
            extends HttpServlet
       * Handle the HTTP GET method by building a simple web page.
       *@param request
       *@param response
       *@exception ServletException
       *@exception IOException
       public void doGet( HttpServletRequest request, HttpServletResponse response )
            throws ServletException, IOException
            System.setProperty( "javax.net.ssl.trustStore", "C:\\j2sdk1.4.2_03\\jre\\lib\\security\\cacerts" );
            PrintWriter out;
            String title = "Simple Servlet Output";
            System.setProperty( "javax.net.debug", "ssl" );
            // set content type and other response header fields first
            response.setContentType( "text/html" );
            // then write the data of the response
            out = response.getWriter();
            out.println( "<HTML><HEAD><TITLE>" );
            out.println( title );
            out.println( "</TITLE></HEAD><BODY>" );
            out.println( "<H1>" + title + "</H1>" );
            out.println( "<P>This is output from SimpleServlet." );
            out.println( "</BODY></HTML>" );
            out.close();
  When I run my client I get the following output
  Working directory is C:\httpstest
  java -classpath C:\httpstest TestSecureClientset up context, keystore and trustManagerFactory
  set context to ssl, tmf to X509 and keystore to JKS
  loading testkeys using passphrase
  adding as trusted cert:
  Subject: CN=Joyce Stack, OU=Digisoft, O=Digisoft, L=Cork, ST=Cork, C=IE
  Issuer: CN=Joyce Stack, OU=Digisoft, O=Digisoft, L=Cork, ST=Cork, C=IE
  Algorithm: DSA; Serial number: 0x4020d3da
  Valid from Wed Feb 04 11:13:30 GMT 2004 until Tue May 04 11:13:30 GMT 2004
  initialise keystore using passphrase
  trigger seeding of SecureRandom
  done seeding SecureRandom
  initialise the key manager
  got socket factory, now trying to create socket
  starting handshake
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1078739209 bytes = { 61, 63, 239, 146, 243, 227, 70, 130, 242, 150, 202, 206, 5, 23, 7, 105, 12, 35, 16, 133, 45, 22, 144, 68, 228, 239, 35, 15 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  main, WRITE: TLSv1 Handshake, length = 73
  main, WRITE: SSLv2 client hello message, length = 98
  main, READ: TLSv1 Handshake, length = 1180
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1078739209 bytes = { 145, 80, 195, 109, 127, 182, 76, 181, 210, 119, 119, 44, 187, 165, 173, 75, 3, 93, 72, 45, 14, 90, 168, 94, 147, 39, 208, 212 }
  Session ID: {64, 76, 65, 9, 142, 208, 247, 95, 51, 150, 99, 147, 143, 113, 220, 153, 78, 69, 189, 136, 130, 100, 6, 252, 61, 169, 146, 195, 155, 252, 19, 57}
  Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  Compression Method: 0
  %% Created: [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
  ** TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: CN=Joyce Stack, OU=Digisoft, O=Digisoft, L=Cork, ST=Cork, C=IE
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3
  Key: Sun DSA Public Key
  Parameters:DSA
       p: fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
  455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
  6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
  83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
       q: 9760508f 15230bcc b292b982 a2eb840b f0581cf5
       g: f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
  5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
  3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
  cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a
  y:
  8195bc0c 910d19d2 56cfa64c 1f3fbcd0 9d4298fd 2edf919f 230e035e 4a11b3f1
  6a0a5ca2 ca14752f dec12729 39657256 b074eff3 87e97309 e3cb5ab5 3e975434
  113119cd 1c0314d5 a33b893f 80dce9c6 a81dab21 9b3fd4e2 066e3834 f302c091
  a04d0701 66e8201c f3d013cf 6011bd54 85c4104c ba3a9514 ccb6d662 f774ca02
  Validity: [From: Wed Feb 04 11:13:30 GMT 2004,
                 To: Tue May 04 11:13:30 GMT 2004]
  Issuer: CN=Joyce Stack, OU=Digisoft, O=Digisoft, L=Cork, ST=Cork, C=IE
  SerialNumber: [    4020d3da]
  Algorithm: [SHA1withDSA]
  Signature:
  0000: 30 2E 02 15 00 92 12 A2 F2 12 5A A2 EE 3A 11 8D 0.........Z..:..
  0010: 09 7A 68 1A 04 49 AE 73 DE 02 15 00 8A D4 5E 9A .zh..I.s......^.
  0020: C6 25 B5 23 BB A4 CB 46 78 8B F3 D8 9C 11 0B D0 .%.#...Fx.......
  Found trusted certificate:
  Version: V1
  Subject: CN=Joyce Stack, OU=Digisoft, O=Digisoft, L=Cork, ST=Cork, C=IE
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3
  Key: Sun DSA Public Key
  Parameters:DSA
       p: fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
  455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
  6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
  83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
       q: 9760508f 15230bcc b292b982 a2eb840b f0581cf5
       g: f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
  5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
  3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
  cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a
  y:
  8195bc0c 910d19d2 56cfa64c 1f3fbcd0 9d4298fd 2edf919f 230e035e 4a11b3f1
  6a0a5ca2 ca14752f dec12729 39657256 b074eff3 87e97309 e3cb5ab5 3e975434
  113119cd 1c0314d5 a33b893f 80dce9c6 a81dab21 9b3fd4e2 066e3834 f302c091
  a04d0701 66e8201c f3d013cf 6011bd54 85c4104c ba3a9514 ccb6d662 f774ca02
  Validity: [From: Wed Feb 04 11:13:30 GMT 2004,
                 To: Tue May 04 11:13:30 GMT 2004]
  Issuer: CN=Joyce Stack, OU=Digisoft, O=Digisoft, L=Cork, ST=Cork, C=IE
  SerialNumber: [    4020d3da]
  Algorithm: [SHA1withDSA]
  Signature:
  0000: 30 2E 02 15 00 92 12 A2 F2 12 5A A2 EE 3A 11 8D 0.........Z..:..
  0010: 09 7A 68 1A 04 49 AE 73 DE 02 15 00 8A D4 5E 9A .zh..I.s......^.
  0020: C6 25 B5 23 BB A4 CB 46 78 8B F3 D8 9C 11 0B D0 .%.#...Fx.......
  *** Diffie-Hellman ServerKeyExchange
  DH Modulus: { 244, 136, 253, 88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56, 13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35, 192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52, 253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255, 60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134, 196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10, 80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137, 75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
  DH Base: { 2 }
  Server DH Public Key: { 141, 230, 60, 171, 152, 244, 227, 94, 165, 6, 166, 49, 28, 143, 106, 97, 130, 220, 0, 77, 153, 189, 151, 141, 253, 7, 162, 141, 32, 251, 80, 129, 8, 193, 79, 130, 240, 22, 21, 68, 185, 27, 253, 69, 190, 136, 9, 117, 147, 143, 193, 134, 226, 95, 62, 17, 17, 80, 34, 227, 229, 218, 173, 34, 3, 75, 29, 202, 89, 88, 220, 221, 96, 226, 160, 29, 79, 139, 242, 204, 223, 25, 255, 47, 196, 173, 40, 133, 234, 49, 161, 68, 208, 29, 67, 143, 7, 138, 124, 43, 60, 52, 12, 207, 247, 218, 36, 195, 237, 10, 251, 39, 87, 205, 42, 60, 175, 202, 168, 127, 142, 8, 218, 30, 241, 190, 62, 126 }
  Anonymous
  *** ServerHelloDone
  *** ClientDiffieHellmanPublic
  DH Public key: { 243, 101, 241, 11, 194, 68, 62, 212, 66, 86, 168, 117, 239, 154, 190, 75, 93, 94, 222, 53, 150, 202, 232, 200, 64, 174, 162, 89, 24, 144, 88, 235, 151, 92, 255, 22, 110, 49, 124, 214, 130, 196, 165, 129, 245, 100, 235, 61, 227, 50, 154, 78, 159, 83, 53, 227, 111, 228, 146, 72, 82, 180, 222, 181, 142, 156, 4, 90, 117, 193, 107, 144, 28, 201, 138, 10, 253, 232, 93, 197, 58, 181, 242, 65, 214, 131, 167, 143, 87, 162, 194, 26, 169, 116, 228, 142, 19, 217, 58, 38, 24, 225, 78, 139, 32, 6, 218, 128, 182, 242, 162, 237, 241, 231, 198, 87, 204, 253, 190, 153, 63, 198, 102, 18, 62, 190, 60, 133 }
  main, WRITE: TLSv1 Handshake, length = 134
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 1B 0D FB 74 3D E0 23 74 BB 83 02 BD BF 14 E4 43 ...t=.#t.......C
  0010: 8D F7 1D 44 10 46 31 C4 BD BB 46 65 FD 97 BD 71 ...D.F1...Fe...q
  0020: 64 79 05 0D 44 B3 37 91 A6 11 77 B5 5E 02 79 A9 dy..D.7...w.^.y.
  0030: 7A 35 1D 4A E6 BF 9F 99 BD D9 2F B1 B0 B8 CB FC z5.J....../.....
  0040: 26 82 AA 93 EC 9A F7 B7 9A 67 A6 8F C7 60 68 96 &........g...`h.
  0050: 0B 5A C9 A4 B0 6B 95 50 56 82 54 CC C9 04 C4 03 .Z...k.PV.T.....
  0060: B3 E0 93 BB 60 B6 84 36 0F 3A 5E 27 23 B3 53 63 ....`..6.:^'#.Sc
  0070: E8 EC 41 5F 18 83 FD E6 BD 73 51 22 16 D5 93 6B ..A_.....sQ"...k
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 40 4C 41 09 3D 3F EF 92 F3 E3 46 82 F2 96 CA CE @LA.=?....F.....
  0010: 05 17 07 69 0C 23 10 85 2D 16 90 44 E4 EF 23 0F ...i.#..-..D..#.
  Server Nonce:
  0000: 40 4C 41 09 91 50 C3 6D 7F B6 4C B5 D2 77 77 2C @LA..P.m..L..ww,
  0010: BB A5 AD 4B 03 5D 48 2D 0E 5A A8 5E 93 27 D0 D4 ...K.]H-.Z.^.'..
  Master Secret:
  0000: 7D A1 14 9A 48 7C ED 98 CF 3F D8 92 3C EE E5 05 ....H....?..<...
  0010: 05 BF 1A 8D 10 68 DC E2 A4 88 CF A4 AC FF 1D E2 .....h..........
  0020: E0 D4 FC F8 CB BA B8 7C B0 38 B2 BE 31 82 24 BC .........8..1.$.
  Client MAC write Secret:
  0000: CB 03 D5 D7 1C C2 85 4C 5A 26 0D 24 82 B9 4D 81 .......LZ&.$..M.
  0010: D9 3B E6 86 .;..
  Server MAC write Secret:
  0000: 42 9B 99 CB 1E B9 6C 1C 24 EC C1 15 9B 9A 44 5B B.....l.$.....D[
  0010: DD 69 D9 7D .i..
  Client write key:
  0000: 98 43 93 ED 3D 19 30 BA CF 49 07 60 44 6C EA 53 .C..=.0..I.`Dl.S
  Server write key:
  0000: C3 29 D5 46 BF 83 D9 C6 DD 87 8F A1 CB 0C 63 EA .).F..........c.
  Client write IV:
  0000: B5 8F 11 7C 52 44 A1 BD 6C 52 30 6F B2 E4 44 98 ....RD..lR0o..D.
  Server write IV:
  0000: A8 9D A4 EB 18 F1 72 3A A0 F7 ED DB 0B 24 1A 3D ......r:.....$.=
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  JsseJce: Using cipher AES/CBC/NoPadding from provider SunJCE
  *** Finished
  verify_data: { 214, 56, 105, 255, 211, 177, 74, 194, 123, 99, 106, 59 }
  main, WRITE: TLSv1 Handshake, length = 48
  main, READ: TLSv1 Change Cipher Spec, length = 1
  JsseJce: Using cipher AES/CBC/NoPadding from provider SunJCE
  main, READ: TLSv1 Handshake, length = 48
  *** Finished
  verify_data: { 118, 147, 184, 159, 16, 28, 169, 25, 218, 82, 145, 10 }
  %% Cached client session: [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
  SSL Socket Connected
  main, WRITE: TLSv1 Application Data, length = 80
  Handshake finished!
       CipherSuite:TLS_DHE_DSS_WITH_AES_128_CBC_SHA
       SessionId [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
       PeerHost localhost
  main, READ: TLSv1 Application Data, length = 160
  HTTP/1.1 200 OK
  Content-Type: text/html
  Content-Length: 154
  Date: Mon, 08 Mar 2004 09:46:51 GMT
  Server: Apache Coyote/1.0
  main, READ: TLSv1 Application Data, length = 176
  <HTML><HEAD><TITLE>
  Simple Servlet Output
  </TITLE></HEAD><BODY>
  <H1>Simple Servlet Output</H1>
  <P>This is output from SimpleServlet.
  </BODY></HTML>
  main, READ: TLSv1 Alert, length = 32
  main, RECV TLSv1 ALERT: warning, close_notify
  main, called closeInternal(false)
  main, SEND TLSv1 ALERT: warning, description = close_notify
  main, WRITE: TLSv1 Alert, length = 32
  main, called close()
  main, called closeInternal(true)
  main, called close()
  main, called closeInternal(true)
  main, called close()
  main, called closeInternal(true)
  Process java exited with code 0
  Working directory is C:\httpstest
  My JBoss has the following error
  09:46:51,171 DEBUG [JSSE14Support] Error getting client certs
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
  at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(DashoA6275)
  at org.apache.tomcat.util.net.jsse.JSSE14Support.getX509Certificates(JSSE14Support.java:151)
  at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:161)
  at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748)
  at org.apache.coyote.Response.action(Response.java:222)
  at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:321)
  at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601)
  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
  at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
  at java.lang.Thread.run(Thread.java:534)
  Can someone please help me. What do I do now ? What am I suppose to be doing...???
  Cheers,
  Joyce

  Just in case someone else needs this. I was using JBoss 3.2.2 and I upgraded to JBoss 3.2.3. I think this was a bug in the Tomcat bundle.

• Oracle Enterprise Manager 12c - Agent communication error:  peer not authenticated

  Hello,
  I'm using a VIP for my OMS instances, I have installed a CA signed SSL cert, I'm using a intermediate CA certificate as well. The browser sees it as secure and trusted. I can curl or wget from the same linux box the agent is on with no problem, the cert is trusted.
  When I try to secure any agents to my OMS, it always fails on this error:
  2013-09-26 10:28:43,589 [main] INFO  agent.SecureAgentCmd secureAgentWithOMS.486 - Downloading from https://<url>:4903/empbs/wallets/agent.<url>/b64InternetCertificate.txt to /u01/app/agent/agent_inst/sysman/config/b64InternetCertificate.txt
  2013-09-26 10:28:43,590 [main] INFO  agent.SecureAgentCmd downloadFile.1082 - Download URL source: https://<url>:4903/empbs/wallets/agent.<url>/b64InternetCertificate.txt
  2013-09-26 10:28:43,590 [main] INFO  agent.SecureAgentCmd downloadFile.1083 - Download destination: /u01/app/agent/agent_inst/sysman/config/b64InternetCertificate.txt
  2013-09-26 10:28:43,592 [main] INFO  agent.SecureAgentCmd downloadFile.1111 - download pathAndQuery /empbs/wallets/agent.<url>t/b64InternetCertificate.txt
  2013-09-26 10:28:43,634 [main] INFO  agent.SecureAgentCmd downloadFile.1114 - Response Status Code: 200
  2013-09-26 10:28:43,645 [main] INFO  agent.SecureAgentCmd secureAgent.289 - Computing Hostname to be used to form UploadURL
  2013-09-26 10:28:43,656 [main] INFO  agent.SecureAgentCmd getOmsHostName.615 - OMS CN: <url>
  2013-09-26 10:28:43,656 [main] INFO  agent.SecureAgentCmd getOmsHostName.617 - Issuer CN is: <url>
  2013-09-26 10:28:43,656 [main] INFO  agent.SecureAgentCmd secureAgent.294 - Hostname to be used to form UploadURL: <url>
  2013-09-26 10:28:43,656 [main] INFO  agent.SecureAgentCmd secureAgent.299 - Computed Upload url :https://<url>:4903/empbs/upload
  2013-09-26 10:28:43,656 [main] INFO  agent.SecureAgentCmd secureAgent.300 - Check if HTTPS Upload URL is accessible from the agent...
  2013-09-26 10:28:43,657 [main] INFO  agent.SecureAgentCmd secureAgent.301 - Accessing: https://<url>:4903/empbs/upload
  2013-09-26 10:28:43,717 [main] ERROR agent.SecureAgentCmd main.242 - Failed to secure the Agent:
  javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
          at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:401)
          at oracle.sysman.emctl.secure.agent.SecureAgentCmd.checkUpload(SecureAgentCmd.java:535)
          at oracle.sysman.emctl.secure.agent.SecureAgentCmd.secureAgent(SecureAgentCmd.java:303)
          at oracle.sysman.emctl.secure.agent.SecureAgentCmd.main(SecureAgentCmd.java:235)
  [26-09-2013 10:28:43] USERINFO ::Securing agent...   Failed.
  It looks good until it tries to verify the certificate, anyone seen this before?

  Have you configured the certificate for https upload as per section 2.3.9.2 of the following doc?
  http://docs.oracle.com/cd/E24628_01/doc.121/e36415/sec_features.htm#CJACJDJJ
  Regards,
  - Loc

• NTP Server: receive: aspiring active peer not authenticated

  Hello
  I had Solaris 9 running on our office server which was also the NTP server. Now I installed Solaris 10 and copied over the backup of the files ntp.conf, ntp.keys, ntp.client and ntp.server.
  The NTP server is running OK but every 6 mins I get this message in /var/adm/messages:
  Aug 13 11:36:38 bhsbsc001 xntpd[7221]: [ID 816908 daemon.warning] receive: aspiring active peer not authenticated
  Could you please help and point in the right direction what is going wrong.
  Many Thanks
  pioneer

  First, I appreciate this infomation. The same things happened to me.
  However, I still have basic questions.
  Why did this happen?
  Same configurations on both 8 and 10, warnings showed up on Solaris 10 and nothing happend on Solaris8.
  I know there are many differences between those, such as OS version, xntp version and more.
  but still not clear to me....

• EM Recovery Error (peer not authenticated)

  Hi Guys,
  A week ago my production database EM had corrupted and I fixed it by resetting the password of sysman and do some file works in windows. But it was not completely fixed. Now I'm open the EM it says
  Enterprise Manager is not able to connect to the database instance. The state of the components are listed below. I have only two options ether Startup or Perform Recovery. And when I'm going with any options it give an error saying peer not authenticated. Please help me to solve this issue.
  Thank you,
  Tharaka

  have you sysman user?
  To solve this issue you must recreate repository or recreate sysman user.

• Peer Not Authenticated Message from DDPB

  I am trying to use DDPB with my Playbook and it wont connect - I get the aboved message. Anyone any ideas? The Laptop running DDPB is running W7 Professional 64-bit...It did work fine on a netbook running W7 Home Premium 32bit. Oh and I upgraded my tablet to the latest software this morning...

  If the certificates from the certificate chain are not listed as trusted in the Java key store, then the request will fail. This is the way the JVM works (which is where CF is running).  If you are using a self-signed certificate or a certificate from a certificate authority that is not trusted by the JVM, then it will fail, every time.
  There was also a bug in CF9 Enterprise which would sometimes result in a certificate not being accepted, but I believe that has been fixed in CF10. It was acutally a problem with a 3rd party crypto library that was included in CF enterprise.
  So, chances are that you are goign to need to imort one or more certificates into the JVM keystore. You said you've already found sintructions on how to do that, so I won't rehash.  If it is a self-signed cert, you will need to import that.  If it is a cert with a CA parent, then you should just be able to install the CA root cert.
  Hope this helps.
  Jason