RECV TLSv1 ALERT: fatal, handshake_failure in Java 1.7
I have two Java applications. Both were originally running Java 1.6. The applications communicate via an HTTPS call. The client is being converted to Java 1.7 while the server is being left at Java 1.6 for now.
When the client is run using Java 1.7 it gets an exception, javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure. The client works fine using Java 1.6. The client running on Java 1.7 can communicate with other applications such as https://www.google.com/ without any problem.
The debug log indicates that the client is accepting the server certificate without any problem. It is the server that is sending the handshake_failure response.
The only significant difference I can see between the two logs is that using Java 1.6 client, the server selects the SSL_RSA_WITH_RC4_128_MD5 cipher suite while with the Java 1.7 client the server selects the TLS_RSA_WITH_AES_256_CBC_SHA cipher suite.
I can re-create the problem using a simple program and running it twice, once with Java 1.6 and once with Java 1.7.
package testhttps;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
public class Main {
private static final String JAVA_VERSION = "java.version";
private static final String JAVAX_NET_DEBUG = "javax.net.debug";
private static final String JAVAX_NET_SSL_TRUSTSTORE = "javax.net.ssl.trustStore";
private static final String DEBUG_OPTS = "ssl,handshake";
private static final String LOCAL_KS = "C:/Users/USER/Desktop/SERVERcert";
private static final String LOCAL_URL = "https://SERVER/invoke/tools.employees.apps:APPNAME";
private static final String GOOGLE_URL = "https://www.google.com/";
public static void main(String[] args) throws IOException {
System.out.println("Java Version: " + System.getProperty(JAVA_VERSION));
printSep();
System.setProperty(JAVAX_NET_DEBUG, DEBUG_OPTS);
System.setProperty(JAVAX_NET_SSL_TRUSTSTORE, LOCAL_KS);
runTest(LOCAL_URL);
printSep();
runTest(GOOGLE_URL);
private static void printSep() {
System.out.println("----------------------------------------");
System.out.println();
private static void runTest(String urlStr) {
System.out.println("URL: " + urlStr);
System.out.println();
try {
URL url = new URL(urlStr);
URLConnection connection = url.openConnection();
connection.connect();
InputStream stream = connection.getInputStream();
while (true) {
int n = stream.read();
if (n == -1)
break;
System.out.write(n);
stream.close();
System.out.println();
} catch (IOException e) {
System.out.println();
e.printStackTrace();
}
Debug log for Java 1.7 client. Gets handshake_failure.
Java Version: 1.7.0_17
URL: https://SERVER/invoke/tools.employees.apps:APPNAME
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Users\USER\Desktop\SERVERcert
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=www.google.com, O=Google Inc, L=Mountain View, ST=California, C=US
Issuer: CN=Google Internet Authority, O=Google Inc, C=US
Algorithm: RSA; Serial number: 0x14850d9e000000007d40
Valid from Wed Feb 20 06:34:56 MST 2013 until Fri Jun 07 13:43:27 MDT 2013
adding as trusted cert:
Subject: [email protected], CN=SERVER, OU=Web Team, O=COMPANY NAME, L=CITY, ST=STATE, C=US
Issuer: CN=COMPANY NAME Internal Issuing CA, DC=PARENT, DC=local
Algorithm: RSA; Serial number: 0x4208795e000000000d7d
Valid from Fri Mar 15 07:44:35 MDT 2013 until Sun Mar 15 07:44:35 MDT 2015
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1363720456 bytes = { 113, 24, 242, 51, 45, 18, 117, 236, 52, 147, 16, 22, 151, 59, 151, 33, 56, 187, 24, 145, 231, 25, 84, 44, 176, 112, 61, 79 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
main, WRITE: TLSv1 Handshake, length = 163
main, READ: TLSv1 Handshake, length = 3437
*** ServerHello, TLSv1
RandomCookie: GMT: 1363720456 bytes = { 115, 135, 78, 234, 92, 217, 33, 197, 14, 143, 108, 244, 200, 229, 61, 239, 136, 174, 40, 109, 70, 165, 24, 112, 160, 149, 80, 196 }
Session ID: {186, 54, 109, 12, 100, 9, 3, 187, 38, 58, 152, 239, 137, 244, 79, 87}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
%% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=SERVER, OU=Web Team, O=COMPANY NAME, L=CITY, ST=STATE, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 31516488916856175993354388556520068293794356693242681182245201286667548063641640358313574888462489933475402864236800262460826430243488030753558168637830135426373840447558297285290406873898984898413863294812616756309132288938801104047345625475355654376426138494767988080314969827787605621823083455352331480850948116669339339048031040543939696472504286395458369701032317090387365961443301475102633799830067724032223647096133387365632477706202020365811242759581209534410179060268963901969481769329740356404722306624236516162225426247695795946763666223293969793336832548340134282004822442343909786198074157323202609655959
public exponent: 65537
Validity: [From: Fri Mar 15 07:44:35 MDT 2013,
To: Sun Mar 15 07:44:35 MDT 2015]
Issuer: CN=COMPANY NAME Internal Issuing CA, DC=PARENT, DC=local
SerialNumber: [ 4208795e 00000000 0d7d]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0E 30 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......
[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 30 30 2E 06 26 2B 06 01 04 01 82 37 15 08 86 .00..&+.....7...
0010: D5 D8 7B 86 FA 8D 54 86 85 9F 20 87 92 89 64 CB ......T... ...d.
0020: D5 69 81 57 84 D5 FB 1A 84 99 9C 1D 02 01 64 02 .i.W..........d.
0030: 01 09 ..
[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=COMPANY%20NAME%20Internal%20Issuing%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=PARENT,DC=local?cACertificate?base?objectClass=certificationAuthority
accessMethod: caIssuers
accessLocation: URIName: http://grc/CertEnroll/CASERVER.PARENT.local_COMPANY%20NAME%20Internal%20Issuing%20CA.crt
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 26 0F F4 17 D4 4A 12 51 1A 7F FC 77 A9 FB 4D 9F &....J.Q...w..M.
0010: 2B 75 DB 71 +u.q
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=COMPANY%20NAME%20Internal%20Issuing%20CA,CN=CASERVER,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=PARENT,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://grc/CertEnroll/COMPANY%20NAME%20Internal%20Issuing%20CA.crl]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B5 10 57 84 BB 7F A0 ED BA E5 0C D3 00 06 A3 67 ..W............g
0010: 97 93 B2 9E ....
Algorithm: [SHA1withRSA]
Signature:
0000: 0E 24 50 64 FF A6 50 29 B8 AF 61 0F 37 9D 63 2F .$Pd..P)..a.7.c/
0010: 2A BD 90 7E 50 C2 2A 0C B8 16 09 2E FB 0A 0E A6 *...P.*.........
0020: 15 82 0F 1E AD DA 64 DD 36 31 6E 3C C7 33 55 7E ......d.61n<.3U.
0030: 35 0A 4E 49 3B 96 EC C4 4A 01 3F 39 9F 6A E8 11 5.NI;...J.?9.j..
0040: C9 22 45 16 51 9A 15 D6 C3 B3 50 BA FB 56 D3 62 ."E.Q.....P..V.b
0050: 42 D4 CF 76 2B 0B 04 1A 80 87 99 0C B7 97 C1 CE B..v+...........
0060: D5 93 90 E0 1B 84 31 EB 9F 75 A3 2C 52 00 CA 62 ......1..u.,R..b
0070: FE C8 55 23 45 D5 FE 67 D4 A0 30 61 FC 26 08 0B ..U#E..g..0a.&..
0080: 77 D1 26 61 60 31 CD 9A 76 5E 8E 66 85 C6 35 9B w.&a`1..v^.f..5.
0090: 61 41 C5 05 C9 04 42 F2 8D 3D DA F8 80 22 AA AA aA....B..=..."..
00A0: 92 50 CF 17 31 B6 93 CA 5E 85 5D B0 5F D2 77 07 .P..1...^.]._.w.
00B0: 32 D7 69 5A 14 DD 12 62 91 BA 4F 75 19 80 F8 C2 2.iZ...b..Ou....
00C0: 17 19 67 63 4A FF F3 A6 96 35 47 FC 22 2F 76 BA ..gcJ....5G."/v.
00D0: 37 ED EE B2 90 AC 30 C7 7A F9 E6 2E 59 10 8F 2A 7.....0.z...Y..*
00E0: 9E 03 54 18 A5 EB AD 48 3A 78 56 4F 22 BF 8D F7 ..T....H:xVO"...
00F0: 8E C8 21 D4 92 30 A8 FC BE 76 98 15 FB D1 1D C1 ..!..0...v......
chain [1] = [
Version: V3
Subject: CN=XXXX Issuing CA 1, DC=PARENT, DC=local
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 4096 bits
modulus: 710747583573312574266490133477718883175487276449197913367026878246770193366457918874117476848478441807997531601094195095347346667689692353006504772944438996992450206899974172461254170122772439064429800711214524654866811730387219923130077806688460698464420214016926635867290603880408310617196928261244715828938301877231716326135074613866166266159259934139101921704779393181418255236792357734373593843718044094652636084163613474834609513843820562318123712380380149595812702759706362225520298197347612448307537891820678903130283982229075610354246846288916706947063755002331306861708051010714413368970384817146977404909469979632866552303188492277584433342593521141366135313838512466732534501590138191730280137881018224930733224059655122933806684532601188457885427610523069862515778641416852689946070635946964424320750853912644963820761441121054160612741706028476665999908623924083348202525432243752651038591517730169571766303195624990856696540820396758325375089424534352671820926638511083232512074733251774179961972469706146941508467638490252757323558523275340769098076309821000325759423874166279533532418396039620418656504638481199111216522253786699411470101677803106926554982288403832319169109858989451431608015520012872771792487551381
public exponent: 65537
Validity: [From: Thu Mar 13 14:05:43 MDT 2008,
To: Tue Mar 13 14:15:43 MDT 2018]
Issuer: CN=XXXX Root CA, DC="PARENT.DC=local"
SerialNumber: [ 19e8d467 00000000 0008]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0C 1E 0A 00 53 00 75 00 62 00 43 00 41 .....S.u.b.C.A
[2]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 05 02 03 01 00 01 .......
[3]: ObjectId: 1.3.6.1.4.1.311.21.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 16 04 14 D5 C8 60 1F D4 BC C8 F4 29 18 65 55 ......`.....).eU
0010: 71 89 08 08 6E C4 1C B1 q...n...
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 37 65 99 AA A5 52 A4 DD F4 97 50 DA B5 6A 46 B1 7e...R....P..jF.
0010: EC F3 21 30 ..!0
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 73 7B 89 88 B8 20 C4 74 0E E9 15 70 F2 AA B5 93 s.... .t...p....
0010: 95 4B EF 10 .K..
Unparseable certificate extensions: 2
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Unparseable AuthorityInfoAccess extension due to
java.io.IOException: invalid URI name:file://\\tyson\CertEnroll\tyson_XXXX Root CA.crt
0000: 30 82 01 24 30 81 A3 06 08 2B 06 01 05 05 07 30 0..$0....+.....0
0010: 02 86 81 96 6C 64 61 70 3A 2F 2F 2F 43 4E 3D XX ....ldap:///CN=X
0020: XX XX XX 25 32 30 52 6F 6F 74 25 32 30 43 41 2C XXX%20Root%20CA,
0030: 43 4E 3D 41 49 41 2C 43 4E 3D 50 75 62 6C 69 63 CN=AIA,CN=Public
0040: 25 32 30 4B 65 79 25 32 30 53 65 72 76 69 63 65 %20Key%20Service
0050: 73 2C 43 4E 3D 53 65 72 76 69 63 65 73 2C 44 43 s,CN=Services,DC
0060: 3D 55 6E 61 76 61 69 6C 61 62 6C 65 43 6F 6E 66 =UnavailableConf
0070: 69 67 44 4E 3F 63 41 43 65 72 74 69 66 69 63 61 igDN?cACertifica
0080: 74 65 3F 62 61 73 65 3F 6F 62 6A 65 63 74 43 6C te?base?objectCl
0090: 61 73 73 3D 63 65 72 74 69 66 69 63 61 74 69 6F ass=certificatio
00A0: 6E 41 75 74 68 6F 72 69 74 79 30 3E 06 08 2B 06 nAuthority0>..+.
00B0: 01 05 05 07 30 02 86 32 68 74 74 70 3A 2F 2F 74 ....0..2http://t
00C0: 79 73 6F 6E 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F yson/CertEnroll/
00D0: 74 79 73 6F 6E 5F XX XX XX XX 25 32 30 52 6F 6F tyson_XXXX%20Roo
00E0: 74 25 32 30 43 41 2E 63 72 74 30 3C 06 08 2B 06 t%20CA.crt0<..+.
00F0: 01 05 05 07 30 02 86 30 66 69 6C 65 3A 2F 2F 5C ....0..0file://\
0100: 5C 74 79 73 6F 6E 5C 43 65 72 74 45 6E 72 6F 6C \tyson\CertEnrol
0110: 6C 5C 74 79 73 6F 6E 5F XX XX XX XX 20 52 6F 6F l\tyson_XXXX Roo
0120: 74 20 43 41 2E 63 72 74 t CA.crt
[2]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:file://\\tyson\CertEnroll\XXXX Root CA.crl
0000: 30 60 30 5E A0 5C A0 5A 86 2A 66 69 6C 65 3A 2F 0`0^.\.Z.*file:/
0010: 2F 5C 5C 74 79 73 6F 6E 5C 43 65 72 74 45 6E 72 /\\tyson\CertEnr
0020: 6F 6C 6C 5C XX XX XX XX 20 52 6F 6F 74 20 43 41 oll\XXXX Root CA
0030: 2E 63 72 6C 86 2C 68 74 74 70 3A 2F 2F 74 79 73 .crl.,http://tys
0040: 6F 6E 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F XX XX on/CertEnroll/XX
0050: XX XX 25 32 30 52 6F 6F 74 25 32 30 43 41 2E 63 XX%20Root%20CA.c
0060: 72 6C rl
Algorithm: [SHA1withRSA]
Signature:
0000: 3A 61 58 BB DE D8 ED 30 97 EF C0 CB 2C 2D 87 E4 :aX....0....,-..
0010: DE 74 0E F1 74 DC 97 EF BD E4 F7 40 D0 31 F6 D6 [email protected]..
0020: 9B B6 D5 6A AF E3 E7 14 F7 24 69 48 C4 71 50 63 ...j.....$iH.qPc
0030: 96 51 62 D6 BD BE AB 36 DB 9C 5E C2 7B 6F ED 0D .Qb....6..^..o..
0040: 63 FF 26 DE 0A EE 86 5B 43 B0 E4 E1 EE 4D 50 0A c.&....[C....MP.
0050: FE 58 27 4C 2A 06 94 22 5B 17 A4 99 FE F3 39 FE .X'L*.."[.....9.
0060: 66 52 E3 00 94 18 F0 CA A0 8D 30 F9 69 34 A2 BB fR........0.i4..
0070: 7F FC 50 BF 24 25 23 17 68 A1 8E B2 72 A3 C7 B1 ..P.$%#.h...r...
0080: C0 F7 CE 79 E2 A3 99 AE 4C 2B C4 C3 4B D5 DE 15 ...y....L+..K...
0090: B8 02 29 C6 8D 7D E6 FD 83 ED 56 E8 37 6A A7 96 ..).......V.7j..
00A0: 6F D0 B1 9D 39 CC E1 0E BB 59 79 22 01 CF 5C 2E o...9....Yy"..\.
00B0: D9 A7 11 FD CE 6E 47 0E 68 FE 3F AE CE 02 E4 45 .....nG.h.?....E
00C0: 64 2F 39 29 DB 30 82 B7 98 B0 D8 7B 81 0A A5 EB d/9).0..........
00D0: 87 95 12 BC A3 D1 27 3E E7 05 83 A3 BD 42 FC 7B ......'>.....B..
00E0: BD 9F 69 1A 2B 59 77 1C 90 04 E8 E1 F2 C5 9A 55 ..i.+Yw........U
00F0: CF B4 11 D0 D9 28 F3 C7 EB 58 7F 6B DE DE 33 5A .....(...X.k..3Z
Found trusted certificate:
Version: V3
Subject: [email protected], CN=SERVER, OU=Web Team, O=COMPANY NAME, L=CITY, ST=STATE, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 31516488916856175993354388556520068293794356693242681182245201286667548063641640358313574888462489933475402864236800262460826430243488030753558168637830135426373840447558297285290406873898984898413863294812616756309132288938801104047345625475355654376426138494767988080314969827787605621823083455352331480850948116669339339048031040543939696472504286395458369701032317090387365961443301475102633799830067724032223647096133387365632477706202020365811242759581209534410179060268963901969481769329740356404722306624236516162225426247695795946763666223293969793336832548340134282004822442343909786198074157323202609655959
public exponent: 65537
Validity: [From: Fri Mar 15 07:44:35 MDT 2013,
To: Sun Mar 15 07:44:35 MDT 2015]
Issuer: CN=COMPANY NAME Internal Issuing CA, DC=PARENT, DC=local
SerialNumber: [ 4208795e 00000000 0d7d]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0E 30 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......
[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 30 30 2E 06 26 2B 06 01 04 01 82 37 15 08 86 .00..&+.....7...
0010: D5 D8 7B 86 FA 8D 54 86 85 9F 20 87 92 89 64 CB ......T... ...d.
0020: D5 69 81 57 84 D5 FB 1A 84 99 9C 1D 02 01 64 02 .i.W..........d.
0030: 01 09 ..
[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=COMPANY%20NAME%20Internal%20Issuing%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=PARENT,DC=local?cACertificate?base?objectClass=certificationAuthority
accessMethod: caIssuers
accessLocation: URIName: http://grc/CertEnroll/CASERVER.PARENT.local_COMPANY%20NAME%20Internal%20Issuing%20CA.crt
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 26 0F F4 17 D4 4A 12 51 1A 7F FC 77 A9 FB 4D 9F &....J.Q...w..M.
0010: 2B 75 DB 71 +u.q
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=COMPANY%20NAME%20Internal%20Issuing%20CA,CN=CASERVER,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=PARENT,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://grc/CertEnroll/COMPANY%20NAME%20Internal%20Issuing%20CA.crl]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B5 10 57 84 BB 7F A0 ED BA E5 0C D3 00 06 A3 67 ..W............g
0010: 97 93 B2 9E ....
Algorithm: [SHA1withRSA]
Signature:
0000: 0E 24 50 64 FF A6 50 29 B8 AF 61 0F 37 9D 63 2F .$Pd..P)..a.7.c/
0010: 2A BD 90 7E 50 C2 2A 0C B8 16 09 2E FB 0A 0E A6 *...P.*.........
0020: 15 82 0F 1E AD DA 64 DD 36 31 6E 3C C7 33 55 7E ......d.61n<.3U.
0030: 35 0A 4E 49 3B 96 EC C4 4A 01 3F 39 9F 6A E8 11 5.NI;...J.?9.j..
0040: C9 22 45 16 51 9A 15 D6 C3 B3 50 BA FB 56 D3 62 ."E.Q.....P..V.b
0050: 42 D4 CF 76 2B 0B 04 1A 80 87 99 0C B7 97 C1 CE B..v+...........
0060: D5 93 90 E0 1B 84 31 EB 9F 75 A3 2C 52 00 CA 62 ......1..u.,R..b
0070: FE C8 55 23 45 D5 FE 67 D4 A0 30 61 FC 26 08 0B ..U#E..g..0a.&..
0080: 77 D1 26 61 60 31 CD 9A 76 5E 8E 66 85 C6 35 9B w.&a`1..v^.f..5.
0090: 61 41 C5 05 C9 04 42 F2 8D 3D DA F8 80 22 AA AA aA....B..=..."..
00A0: 92 50 CF 17 31 B6 93 CA 5E 85 5D B0 5F D2 77 07 .P..1...^.]._.w.
00B0: 32 D7 69 5A 14 DD 12 62 91 BA 4F 75 19 80 F8 C2 2.iZ...b..Ou....
00C0: 17 19 67 63 4A FF F3 A6 96 35 47 FC 22 2F 76 BA ..gcJ....5G."/v.
00D0: 37 ED EE B2 90 AC 30 C7 7A F9 E6 2E 59 10 8F 2A 7.....0.z...Y..*
00E0: 9E 03 54 18 A5 EB AD 48 3A 78 56 4F 22 BF 8D F7 ..T....H:xVO"...
00F0: 8E C8 21 D4 92 30 A8 FC BE 76 98 15 FB D1 1D C1 ..!..0...v......
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 E0 87 7E 29 17 FC A3 FC F6 69 75 A2 52 36 .....).....iu.R6
0010: 3F DB C3 32 C5 86 6F DA 8A 5A BC 65 2F 4E 7B 2D ?..2..o..Z.e/N.-
0020: E8 BF 3B E2 1E 3D B0 F0 A1 4E F4 A4 5F CD 83 AF ..;..=...N.._...
CONNECTION KEYGEN:
Client Nonce:
0000: 51 49 B9 08 71 18 F2 33 2D 12 75 EC 34 93 10 16 QI..q..3-.u.4...
0010: 97 3B 97 21 38 BB 18 91 E7 19 54 2C B0 70 3D 4F .;.!8.....T,.p=O
Server Nonce:
0000: 51 49 B9 08 73 87 4E EA 5C D9 21 C5 0E 8F 6C F4 QI..s.N.\.!...l.
0010: C8 E5 3D EF 88 AE 28 6D 46 A5 18 70 A0 95 50 C4 ..=...(mF..p..P.
Master Secret:
0000: 21 F1 45 A0 E1 2A 86 A9 44 5A 3F 7E 3D E4 FA 13 !.E..*..DZ?.=...
0010: 58 BE D3 DE F9 DD 1E E6 2D DF 72 B1 29 11 32 B3 X.......-.r.).2.
0020: 68 3C 26 B8 1C 7D 04 FC 93 E8 3B 98 FC 1A 2A 24 h<&.......;...*$
Client MAC write Secret:
0000: 30 01 3F 51 6A 18 05 A7 DC C4 79 01 FD 70 FE 34 0.?Qj.....y..p.4
0010: CA F3 2F 8A ../.
Server MAC write Secret:
0000: 9F 17 95 16 F6 29 D4 04 C2 13 A2 98 74 E6 95 9A .....)......t...
0010: E3 AF 3D 97 ..=.
Client write key:
0000: 03 59 5D D7 BE D9 B7 25 27 AA 86 79 62 57 15 76 .Y]....%'..ybW.v
0010: AA D6 71 73 29 2F 95 1A 75 33 E8 D2 62 55 E0 85 ..qs)/..u3..bU..
Server write key:
0000: 0E 31 B3 07 D7 F7 B8 02 5B F4 24 BE AD 71 4D 3F .1......[.$..qM?
0010: 5F F3 A7 55 05 93 06 BA 41 5E E9 A0 E7 A8 49 7C _..U....A^....I.
Client write IV:
0000: 71 92 6D AE AB 1B 0D EC 51 D5 2E C4 56 33 18 F3 q.m.....Q...V3..
Server write IV:
0000: 5E AA 39 43 C6 8C 6F B0 58 B9 DF 82 77 E2 B1 8A ^.9C..o.X...w...
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 114, 227, 19, 222, 162, 73, 80, 229, 15, 199, 23, 154 }
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at testhttps.Main.runTest(Main.java:39)
at testhttps.Main.main(Main.java:23)
Similar Messages
-
RECV SSLv3 ALERT: fatal, handshake_failure / URGENT
Hi,
Iam using JSSE to connect an Apache webserver. Some times I get an error from the server saying handshake failed. Appreciate if anyone can help resolve the same. Attaching the JSSE debug log and also the code.
JSSE Version : 1.0.3_03
JDK : 1.3.1
********** Code **********
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
System.setProperty("https.proxyHost", host);
System.setProperty("https.proxyPort", port);
System.setProperty("javax.net.ssl.keyStore", keyDBPath);
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", keyDBPass);
System.setProperty("javax.net.ssl.trustStore", trustDBPath);
System.setProperty("javax.net.ssl.trustStorePassword",trustDBPass);
url_in = new URL("https:\\....");
************************** JSSE debug Log ****************************
keyStore is : /ebp/eaifiles/sft/security/keydb/20050531000000000049.key
keyStore type is : PKCS12
init keystore
init keymanager of type SunX509
found key for : cn=db-ebillstest1,o=deutsche bank,c=sg,ou=db-ebills,[email protected],l=singapore
chain [0] = [
Version: V3
Subject: CN=db-eBillsTest1, O=Deutsche Bank, C=SG, OU=db-eBills, [email protected], L=Singapore
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@350e24
Validity: [From: Tue May 31 00:00:00 GMT 2005,
To: Wed May 31 00:00:00 GMT 2006]
Issuer: CN=dbeBills-RootV4.3.1
SerialNumber: [ 31343930 ]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Algorithm: [SHA1withRSA]
Signature:
0000: 2F 2E AE 75 36 97 53 7A B3 B9 AF 2A 2C DD 51 85 /..u6.Sz...*,.Q.
0010: BB C3 2C CB A6 86 DB 15 71 B4 FC D5 A8 F3 2D BA ..,.....q.....-.
0020: EB 0A 36 87 25 C3 34 FB 96 61 0F D4 96 C2 AF B4 ..6.%.4..a......
0030: 3F EA B7 FF 2A AE AB AF 78 FF 3F F3 D5 44 01 34 ?...*...x.?..D.4
0040: 5B F7 44 E4 03 3C 4C 3B FD 68 8F FC AA 3A 2F 01 [.D..<L;.h...:/.
0050: 3C F0 7B AA 4F 97 69 95 31 EC 21 7B B3 A6 BB 83 <...O.i.1.!.....
0060: 08 9C 2B 3C 1B F2 3D 05 0A 73 D8 3F 5E 26 51 9A ..+<..=..s.?^&Q.
0070: F6 01 95 23 D1 99 79 56 1E 1F 17 06 E4 AC 44 50 ...#..yV......DP
chain [1] = [
Version: V3
Subject: CN=dbeBills-RootV4.3.1
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@251bb9
Validity: [From: Fri Nov 05 00:00:00 GMT 2004,
To: Wed Nov 04 00:00:00 GMT 2009]
Issuer: CN=dbeBills-RootV4.3.1
SerialNumber: [ 31343734 ]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Algorithm: [SHA1withRSA]
Signature:
0000: B9 F3 DE F4 DB ED C0 E0 F8 C6 82 50 CC 5E 73 DB ...........P.^s.
0010: 75 61 04 3F 04 DB 52 7B 00 F3 06 DD C0 DD 92 5E ua.?..R........^
0020: E6 2E 4D 99 21 EA 94 56 11 91 B7 45 C7 85 30 B1 ..M.!..V...E..0.
0030: 8B 2F 19 9D AF DD A8 92 65 4C D7 37 69 D6 E2 A3 ./......eL.7i...
0040: 75 2E 54 97 8E F2 3E 10 C7 0A FE 78 36 CD DA EA u.T...>....x6...
0050: 2E D0 C1 4B 09 AB DE 3B 03 34 44 44 C7 A4 69 34 ...K...;.4DD..i4
0060: B1 96 78 D0 E7 BB 21 23 7B 5D D3 5C 43 F4 24 96 ..x...!#.].\C.$.
0070: 4F 09 76 8C C1 8C 98 CA 9F 84 50 BF AE 47 C3 B7 O.v.......P..G..
trustStore is: /ebp/eaifiles/sft/security/trustdb/sfttrustdb.db
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V3
Subject: CN=BIZBILL, [email protected]
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@2e2d61
Validity: [From: Tue Apr 20 16:00:00 GMT 2004,
To: Fri Dec 31 16:00:00 GMT 2004]
Issuer: CN=Root
SerialNumber: [ 31323732 ]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Algorithm: [SHA1withRSA]
Signature:
0000: AF 63 B6 B5 F7 0D 21 79 42 51 8C 5F 5A 16 44 9E .c....!yBQ._Z.D.
0010: 4F 8F 62 7C C3 55 5A F5 74 27 49 BF 87 B0 45 DA O.b..UZ.t'I...E.
0020: 4E 1D C1 D5 2E 0A 62 FC 87 12 55 AB B7 4E 62 9E N.....b...U..Nb.
0030: 27 55 A7 24 33 CE 34 47 B0 04 55 66 00 9E B2 74 'U.$3.4G..Uf...t
0040: 40 10 7C F3 86 4B 3E 4E 00 B6 5D 8E F9 F7 3D 18 @....K>N..]...=.
0050: 61 12 9F 18 F9 B1 58 61 CF 2C 12 74 D5 2E 9D 5C a.....Xa.,.t...\
0060: C3 91 C6 44 9D AB 73 EE 2B 70 88 CD A7 40 84 A8 ...D..s.+p...@..
0070: E6 2F FD 31 87 F3 0E 61 4A 07 25 B4 F8 71 AE 47 ./.1...aJ.%..q.G
adding as trusted cert: [
Version: V3
Subject: CN=ft.dbebills-sit-uat.db.com, OU=APHO, O=Deutsche Bank, L=Singapore, ST=Singapore, C=SG
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@66ee0e
Validity: [From: Wed Apr 21 09:38:05 GMT 2004,
To: Thu Apr 21 09:38:05 GMT 2005]
Issuer: CN=Certificate Manager-Ecommerce, OU=CIT GTO, O=Deutsche Bank, L=SG, ST=SG, C=SG
SerialNumber: [ 3c]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A7 00 B9 D1 4C 3A 35 C2 FB 82 29 75 C4 23 19 95 ....L:5...)u.#..
0010: D8 50 AE 80 .P..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 82 84 16 07 FF 03 73 F6 34 BB 0F A7 35 A3 88 78 ......s.4...5..x
0010: F5 60 CE 73 .`.s
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 61 EE 9E FE 32 9D 2A F4 A7 E8 ED 1B 35 25 21 5D a...2.*.....5%!]
0010: 17 65 A4 C8 F0 7D 26 45 C1 39 06 D9 DA 7C D0 9D .e....&E.9......
0020: DC E9 F3 D7 75 4B A7 85 87 C1 A6 01 53 CB 1C 2F ....uK......S../
0030: 09 61 12 55 16 4A A2 7B BD C4 DB F8 DB 21 42 2B .a.U.J.......!B+
0040: 9B CE EB 3C E0 73 4C 77 6F 79 0F 25 5C 43 67 DB ...<.sLwoy.%\Cg.
0050: D5 B2 89 8F 99 12 DA 85 59 0A 66 83 CE 6B AF 51 ........Y.f..k.Q
0060: 75 EB 27 49 B7 38 C8 64 22 8A 5F F0 38 E5 AA D3 u.'I.8.d"._.8...
0070: 12 7A 21 0E 6B 3E 0D B6 3D D9 53 48 4F E3 6C CD .z!.k>..=.SHO.l.
0080: EB 3B 25 63 8A 2F 06 60 19 5A D1 62 44 4E 38 A2 .;%c./.`.Z.bDN8.
0090: B4 ED CA 85 E2 DA B5 95 53 74 72 1D B4 26 CC 0D ........Str..&..
00A0: 03 15 E7 83 B6 18 77 23 E8 0F 1D 35 8A 0C 7B 1C ......w#...5....
00B0: 92 1D AE CD A1 87 04 6E 97 7B 17 9F 93 52 DB 3E .......n.....R.>
00C0: 94 B5 14 C0 FB CF 0B B0 CC 9A B5 10 75 70 2E 92 ............up..
00D0: 08 9C 9B 59 E8 ED 19 09 F7 EB CB E1 F7 08 37 6A ...Y..........7j
00E0: B6 5F 50 38 99 C5 FE 64 45 67 DA 41 E0 38 7D F1 ._P8...dEg.A.8..
00F0: D5 A8 12 21 11 4C E3 1D C2 3B 40 C4 D4 8A A7 3E ...!.L...;@....>
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=tcdss.trustcenter.de, O=TC TrustCenter AG, L=Hamburg, ST=Hamburg, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@16ef23
Validity: [From: Tue Mar 15 09:05:07 GMT 2005,
To: Mon May 01 09:05:07 GMT 2006]
Issuer: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
SerialNumber: [ 9f510000 000230e0 cfc2ad69 44a4]
Certificate Extensions: 5
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 31 16 2F 68 74 74 70 3A 2F 2F 77 77 77 2E 74 .1./http://www.t
0010: 72 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 rustcenter.de/gu
0020: 69 64 65 6C 69 6E 65 73 2F 69 6E 64 65 78 2E 68 idelines/index.h
0030: 74 6D 6C tml
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[4]: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 43 16 41 68 74 74 70 73 3A 2F 2F 6E 72 75 2E .C.Ahttps://nru.
0010: 74 63 63 6C 61 73 73 32 2E 74 72 75 73 74 63 65 tcclass2.trustce
0020: 6E 74 65 72 2E 64 65 2F 39 46 35 31 30 30 30 30 nter.de/9F510000
0030: 30 30 30 32 33 30 45 30 43 46 43 32 41 44 36 39 000230E0CFC2AD69
0040: 34 34 41 34 3F 44A4?
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: CB A6 03 8B BA F8 75 64 90 07 F3 29 8F E1 6C C2 ......ud...)..l.
0010: 1F 81 A4 28 16 6B EB 19 D6 82 AD 39 6E 92 F6 D2 ...(.k.....9n...
0020: 7E BD EA 55 37 F0 5A 03 A2 5E 31 3A 61 8B 70 C8 ...U7.Z..^1:a.p.
0030: 3B 91 BA 5A CE 27 51 C2 EA B0 1B 55 A4 18 4B DF ;..Z.'Q....U..K.
0040: FF 3D FE ED 91 73 8C C0 9F 92 93 C7 CD 66 30 F4 .=...s.......f0.
0050: E2 FB F5 06 05 9F BA 5B 81 24 2F 18 52 CE 53 A6 .......[.$/.R.S.
0060: 21 0B 63 D4 AE B3 FD E6 9C C2 EE 74 53 E6 E2 5E !.c........tS..^
0070: 8C 2A 0C 77 AB E9 F9 95 76 4C E8 B6 63 A3 CB 89 .*.w....vL..c...
adding as trusted cert: [
Version: V3
Subject: CN=Venkat, OU=EBPP, O=Deutsche Bank, L=SIngapore, ST=Singapore, C=SG
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@2df2c7
Validity: [From: Fri Mar 04 09:30:03 GMT 2005,
To: Sat Mar 04 09:30:03 GMT 2006]
Issuer: CN=Certificate Manager, OU=PCB, O=Deutsche Bank AG, L=Singapore, ST=Singapore, C=SG
SerialNumber: [ 08]
Certificate Extensions: 3
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 89 A4 2E 72 47 B7 E8 52 5A 4F 2D 56 5F A0 1E 87 ...rG..RZO-V_...
0010: 43 E2 AA 2E C...
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: DA F2 FA 04 B2 C6 E3 87 5C 32 B8 41 5A 74 CB 9E ........\2.AZt..
0010: B5 6F 85 01 55 A8 3F 0C EB 52 68 EC C0 4B 6D 0B .o..U.?..Rh..Km.
0020: 04 30 86 24 74 A2 CF DF 7F 20 06 3F 8E AD C3 6E .0.$t.... .?...n
0030: 76 01 97 F7 A3 A6 2D 51 4D D4 17 4D 74 78 13 C3 v.....-QM..Mtx..
adding as trusted cert: [
Version: V3
Subject: CN=www.ppg.com, OU=Terms of use at www.verisign.com/rpa (c)00, OU=PPG Industries, O=PPG Industries Inc., L=Pittsburgh, ST=Pennsylvania, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@1df480
Validity: [From: Wed Oct 01 00:00:00 GMT 2003,
To: Tue Oct 26 23:59:59 GMT 2004]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 7a070d62 d01d5e6f 878eb52e f981c2ea ]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
[2]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 5F 30 5D A1 5B A0 59 30 57 30 55 16 09 69 6D ._0].[.Y0W0U..im
0010: 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 05 2B age/gif0!0.0...+
0020: 0E 03 02 1A 04 14 AE 6C A8 E1 70 62 68 65 FB 55 .......l..pbhe.U
0030: 49 82 B5 82 32 5B 90 91 42 B7 30 25 16 23 68 74 I...2[..B.0%.#ht
0040: 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 73 69 tp://logo.verisi
0050: 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E 67 69 gn.com/vslogo.gi
0060: 66 f
[3]: ObjectId: 2.5.29.32 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 3D 30 3B 30 39 06 0B 60 86 48 01 86 F8 45 01 .=0;09..`.H...E.
0010: 07 17 03 30 2A 30 28 06 08 2B 06 01 05 05 07 02 ...0*0(..+......
0020: 01 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 ...https://www.v
0030: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 erisign.com/rpa
[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
0030: 76 65 72 2E 63 72 6C ver.crl
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[6]: ObjectId: 2.5.29.37 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 ..0...+.........
0010: 2B 06 01 05 05 07 03 02 +.......
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 3F DC 1E E4 DE 9A EE 95 D9 07 CE AF FA AA 54 10 ?.............T.
0010: 6C 56 BA A3 49 98 E4 C8 30 8D 24 E8 19 22 16 92 lV..I...0.$.."..
0020: 9D E8 B8 FE BB 8E 24 6E 9D AD B4 97 B3 1B 04 50 ......$n.......P
0030: 96 63 45 A9 03 DE 41 B8 77 22 EC 73 B4 C7 0E 55 .cE...A.w".s...U
0040: 77 9A 81 2B 2B 57 A9 D9 CE 83 57 27 69 D9 62 6A w..++W....W'i.bj
0050: CF A4 82 75 A8 1E AC 0B DD 98 4A E5 4E 99 5F A4 ...u......J.N._.
0060: F2 E3 4F 62 48 FE 1B 1A 6A B2 54 77 CD D0 9B 20 ..ObH...j.Tw...
0070: A1 4E A5 F5 BE 38 78 1B 7C 7E 41 1F F1 .N...8x...A..
adding as trusted cert: [
Version: V3
Subject: CN=ft.dbebills-sit-uat.db.com, OU=Deutsche Bank, O=APHO, L=Singapore, ST=Singapore, C=SG
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@1f08ca
Validity: [From: Wed Apr 06 06:11:49 GMT 2005,
To: Thu Apr 06 06:11:49 GMT 2006]
Issuer: CN=Certificate Manager, OU=PCB, O=Deutsche Bank AG, L=Singapore, ST=Singapore, C=SG
SerialNumber: [ 14]
Certificate Extensions: 3
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 89 A4 2E 72 47 B7 E8 52 5A 4F 2D 56 5F A0 1E 87 ...rG..RZO-V_...
0010: 43 E2 AA 2E C...
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 02 B6 98 37 77 89 D0 FE BD FC 73 35 5F 86 C3 47 ...7w.....s5_..G
0010: D2 60 F7 7F D8 26 BE 69 0E C6 C2 16 60 B8 25 C2 .`...&.i....`.%.
0020: 6A ED 49 09 30 52 5C A4 37 7E DE 9C 27 AE 32 F8 j.I.0R\.7...'.2.
0030: B6 6F 13 88 1C B7 4D 21 09 74 F4 50 01 16 67 83 .o....M!.t.P..g.
adding as trusted cert: [
Version: V1
Subject: [email protected], CN=194.45.147.44, OU=EBILLS, O=CSC PLOENZKE, L=WIESBADEN, ST=HESSEN, C=DE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@2f4fde
Validity: [From: Mon May 23 14:19:25 GMT 2005,
To: Thu May 18 14:19:25 GMT 2006]
Issuer: [email protected], CN=194.45.147.44, OU=EBILLS, O=CSC PLOENZKE, L=WIESBADEN, ST=HESSEN, C=DE
SerialNumber: [ 0 ]
Algorithm: [MD5withRSA]
Signature:
0000: 83 20 EE 98 23 F0 0B BA 6F FF 99 66 EE 74 00 0A . ..#...o..f.t..
0010: CA 13 F5 66 80 2D 86 68 08 8F 8D 7D CE 7D 4A 50 ...f.-.h......JP
0020: 76 E7 54 68 23 31 07 9B EC D2 B6 B2 4C FF DA 9E v.Th#1......L...
0030: CD BB 6A F0 5A 6A 67 37 D9 D8 29 9E 9E B0 AF DE ..j.Zjg7..).....
0040: AC A4 22 3D 72 A0 DB 98 48 C9 A1 26 32 8B 1B C1 .."=r...H..&2...
0050: 34 BE 53 52 4D 5A 3C E9 6C 03 02 79 1B C7 F0 2E 4.SRMZ<.l..y....
0060: 9E 2D C8 15 1E 4E CB 46 60 70 6B 9A 12 80 5C 77 .-...N.F`pk...\w
0070: C7 DC DF FA D4 95 F9 48 52 DC 64 E4 35 50 22 F6 .......HR.d.5P".
adding as trusted cert: [
Version: V3
Subject: CN=BILL, [email protected]
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@249c54
Validity: [From: Mon Apr 26 16:00:00 GMT 2004,
To: Thu Mar 31 16:00:00 GMT 2005]
Issuer: CN=Root
SerialNumber: [ 31323936 ]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Algorithm: [SHA1withRSA]
Signature:
0000: 43 3F F3 73 DC F0 F9 CC 42 C1 84 D0 EF D9 DA E7 C?.s....B.......
0010: AC D8 ED 33 0F 1F B7 F9 33 44 DC FB E8 3D B4 DE ...3....3D...=..
0020: EA 0D 06 CC D4 05 D9 CB FF 38 FC 66 83 59 C0 A9 .........8.f.Y..
0030: 9F 86 5F 7E EB 84 89 97 13 9D E8 57 FD 79 97 9C .._........W.y..
0040: 77 81 8C 74 CD E8 3B 57 29 F1 40 FA 94 5D F8 A4 w..t..;W).@..]..
0050: E6 91 19 B7 6E 4D A0 11 BE 64 2E A7 EF 43 BE 8B ....nM...d...C..
0060: 0A DB 08 AE B2 00 4F 4B C7 56 BE 64 D6 B9 59 1C ......OK.V.d..Y.
0070: 76 CE B9 60 B6 8D 9C D7 26 A6 2D D5 FD 20 0E 0F v..`....&.-.. ..
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1103321439 bytes = { 177, 1, 40, 203, 34, 64, 115, 231, 49, 198, 131, 41, 39, 61, 235, 196, 246, 250, 218, 72, 237, 195, 238, 146, 75, 131, 215, 17 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 42 C3 59 5F B1 01 28 CB 22 40 ...7..B.Y_..(."@
0010: 73 E7 31 C6 83 29 27 3D EB C4 F6 FA DA 48 ED C3 s.1..)'=.....H..
0020: EE 92 4B 83 D7 11 00 00 10 00 05 00 04 00 09 00 ..K.............
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
Flux Job /SUB/HERPPROC/0:206, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 42 C3 59 .............B.Y
0030: 5F B1 01 28 CB 22 40 73 E7 31 C6 83 29 27 3D EB _..(."@s.1..)'=.
0040: C4 F6 FA DA 48 ED C3 EE 92 4B 83 D7 11 ....H....K...
Flux Job /SUB/HERPPROC/0:206, WRITE: SSL v2, contentType = 22, translated length = 16310
Flux Job /SUB/HERPPROC/0:206, READ: SSL v3.1 Handshake, length = 74
*** ServerHello, v3.1
RandomCookie: GMT: 1103321645 bytes = { 64, 165, 150, 119, 79, 50, 213, 1, 63, 55, 101, 74, 132, 53, 176, 86, 103, 56, 226, 190, 45, 64, 217, 133, 36, 224, 165, 173 }
Session ID: {86, 92, 205, 118, 98, 208, 225, 182, 250, 233, 193, 34, 73, 46, 179, 174, 69, 225, 219, 44, 6, 87, 176, 78, 32, 130, 113, 140, 189, 107, 157, 122}
Cipher Suite: { 0, 5 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 42 C3 5A 2D 40 A5 96 77 4F 32 [email protected]
0010: D5 01 3F 37 65 4A 84 35 B0 56 67 38 E2 BE 2D 40 ..?7eJ.5.Vg8..-@
0020: D9 85 24 E0 A5 AD 20 56 5C CD 76 62 D0 E1 B6 FA ..$... V\.vb....
0030: E9 C1 22 49 2E B3 AE 45 E1 DB 2C 06 57 B0 4E 20 .."I...E..,.W.N
0040: 82 71 8C BD 6B 9D 7A 00 05 00 .q..k.z...
Flux Job /SUB/HERPPROC/0:206, READ: SSL v3.1 Handshake, length = 1805
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=tcdss.trustcenter.de, O=TC TrustCenter AG, L=Hamburg, ST=Hamburg, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@12dab2
Validity: [From: Tue Mar 15 09:05:07 GMT 2005,
To: Mon May 01 09:05:07 GMT 2006]
Issuer: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
SerialNumber: [ 9f510000 000230e0 cfc2ad69 44a4]
Certificate Extensions: 5
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 31 16 2F 68 74 74 70 3A 2F 2F 77 77 77 2E 74 .1./http://www.t
0010: 72 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 rustcenter.de/gu
0020: 69 64 65 6C 69 6E 65 73 2F 69 6E 64 65 78 2E 68 idelines/index.h
0030: 74 6D 6C tml
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[4]: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 43 16 41 68 74 74 70 73 3A 2F 2F 6E 72 75 2E .C.Ahttps://nru.
0010: 74 63 63 6C 61 73 73 32 2E 74 72 75 73 74 63 65 tcclass2.trustce
0020: 6E 74 65 72 2E 64 65 2F 39 46 35 31 30 30 30 30 nter.de/9F510000
0030: 30 30 30 32 33 30 45 30 43 46 43 32 41 44 36 39 000230E0CFC2AD69
0040: 34 34 41 34 3F 44A4?
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: CB A6 03 8B BA F8 75 64 90 07 F3 29 8F E1 6C C2 ......ud...)..l.
0010: 1F 81 A4 28 16 6B EB 19 D6 82 AD 39 6E 92 F6 D2 ...(.k.....9n...
0020: 7E BD EA 55 37 F0 5A 03 A2 5E 31 3A 61 8B 70 C8 ...U7.Z..^1:a.p.
0030: 3B 91 BA 5A CE 27 51 C2 EA B0 1B 55 A4 18 4B DF ;..Z.'Q....U..K.
0040: FF 3D FE ED 91 73 8C C0 9F 92 93 C7 CD 66 30 F4 .=...s.......f0.
0050: E2 FB F5 06 05 9F BA 5B 81 24 2F 18 52 CE 53 A6 .......[.$/.R.S.
0060: 21 0B 63 D4 AE B3 FD E6 9C C2 EE 74 53 E6 E2 5E !.c........tS..^
0070: 8C 2A 0C 77 AB E9 F9 95 76 4C E8 B6 63 A3 CB 89 .*.w....vL..c...
chain [1] = [
Version: V3
Subject: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@53e355
Validity: [From: Mon Mar 09 11:59:59 GMT 1998,
To: Sat Jan 01 11:59:59 GMT 2011]
Issuer: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
SerialNumber: [ 03ea]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[2]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 26 16 24 68 74 74 70 3A 2F 2F 77 77 77 2E 74 .&.$http://www.t
0010: 72 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 rustcenter.de/gu
0020: 69 64 65 6C 69 6E 65 73 idelines
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 84 52 FB 28 DF FF 1F 75 01 BC 01 BE 04 56 97 6A .R.(...u.....V.j
0010: 74 42 24 31 83 F9 46 B1 06 8A 89 CF 96 2C 33 BF tB$1..F......,3.
0020: 8C B5 5F 7A 72 A1 85 06 CE 86 F8 05 8E E8 F9 25 .._zr..........%
0030: CA DA 83 8C 06 AC EB 36 6D 85 91 34 04 36 F4 42 .......6m..4.6.B
0040: F0 F8 79 2E 0A 48 5C AB CC 51 4F 78 76 A0 D9 AC ..y..H\..QOxv...
0050: 19 BD 2A D1 69 04 28 91 CA 36 10 27 80 57 5B D2 ..*.i.(..6.'.W[.
0060: 5C F5 C2 5B AB 64 81 63 74 51 F4 97 BF CD 12 28 \..[.d.ctQ.....(
0070: F7 4D 66 7F A7 F0 1C 01 26 78 B2 66 47 70 51 64 .Mf.....&x.fGpQd
updated/found trusted cert: [
Version: V3
Subject: [email protected], CN=tcdss.trustcenter.de, O=TC TrustCenter AG, L=Hamburg, ST=Hamburg, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@12dab2
Validity: [From: Tue Mar 15 09:05:07 GMT 2005,
To: Mon May 01 09:05:07 GMT 2006]
Issuer: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
SerialNumber: [ 9f510000 000230e0 cfc2ad69 44a4]
Certificate Extensions: 5
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 31 16 2F 68 74 74 70 3A 2F 2F 77 77 77 2E 74 .1./http://www.t
0010: 72 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 rustcenter.de/gu
0020: 69 64 65 6C 69 6E 65 73 2F 69 6E 64 65 78 2E 68 idelines/index.h
0030: 74 6D 6C tml
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[4]: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 43 16 41 68 74 74 70 73 3A 2F 2F 6E 72 75 2E .C.Ahttps://nru.
0010: 74 63 63 6C 61 73 73 32 2E 74 72 75 73 74 63 65 tcclass2.trustce
0020: 6E 74 65 72 2E 64 65 2F 39 46 35 31 30 30 30 30 nter.de/9F510000
0030: 30 30 30 32 33 30 45 30 43 46 43 32 41 44 36 39 000230E0CFC2AD69
0040: 34 34 41 34 3F 44A4?
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: CB A6 03 8B BA F8 75 64 90 07 F3 29 8F E1 6C C2 ......ud...)..l.
0010: 1F 81 A4 28 16 6B EB 19 D6 82 AD 39 6E 92 F6 D2 ...(.k.....9n...
0020: 7E BD EA 55 37 F0 5A 03 A2 5E 31 3A 61 8B 70 C8 ...U7.Z..^1:a.p.
0030: 3B 91 BA 5A CE 27 51 C2 EA B0 1B 55 A4 18 4B DF ;..Z.'Q....U..K.
0040: FF 3D FE ED 91 73 8C C0 9F 92 93 C7 CD 66 30 F4 .=...s.......f0.
0050: E2 FB F5 06 05 9F BA 5B 81 24 2F 18 52 CE 53 A6 .......[.$/.R.S.
0060: 21 0B 63 D4 AE B3 FD E6 9C C2 EE 74 53 E6 E2 5E !.c........tS..^
0070: 8C 2A 0C 77 AB E9 F9 95 76 4C E8 B6 63 A3 CB 89 .*.w....vL..c...
[read] MD5 and SHA1 hashes: len = 1805
0000: 0B 00 07 09 00 07 06 00 03 A0 30 82 03 9C 30 82 ..........0...0.
0010: 03 05 A0 03 02 01 02 02 0F 00 9F 51 00 00 00 02 ...........Q....
0020: 30 E0 CF C2 AD 69 44 A4 30 0D 06 09 2A 86 48 86 0....iD.0...*.H.
0030: F7 0D 01 01 05 05 00 30 81 BC 31 0B 30 09 06 03 .......0..1.0...
0040: 55 04 06 13 02 44 45 31 10 30 0E 06 03 55 04 08 U....DE1.0...U..
0050: 13 07 48 61 6D 62 75 72 67 31 10 30 0E 06 03 55 ..Hamburg1.0...U
0060: 04 07 13 07 48 61 6D 62 75 72 67 31 3A 30 38 06 ....Hamburg1:08.
0070: 03 55 04 0A 13 31 54 43 20 54 72 75 73 74 43 65 .U...1TC TrustCe
0080: 6E 74 65 72 20 66 6F 72 20 53 65 63 75 72 69 74 nter for Securit
0090: 79 20 69 6E 20 44 61 74 61 20 4E 65 74 77 6F 72 y in Data Networ
00A0: 6B 73 20 47 6D 62 48 31 22 30 20 06 03 55 04 0B ks GmbH1"0 ..U..
00B0: 13 19 54 43 20 54 72 75 73 74 43 65 6E 74 65 72 ..TC TrustCenter
00C0: 20 43 6C 61 73 73 20 32 20 43 41 31 29 30 27 06 Class 2 CA1)0'.
00D0: 09 2A 86 48 86 F7 0D 01 09 01 16 1A 63 65 72 74 .*.H........cert
00E0: 69 66 69 63 61 74 65 40 74 72 75 73 74 63 65 6E ificate@trustcen
00F0: 74 65 72 2E 64 65 30 1E 17 0D 30 35 30 33 31 35 ter.de0...050315
0100: 30 39 30 35 30 37 5A 17 0D 30 36 30 35 30 31 30 090507Z..0605010
0110: 39 30 35 30 37 5A 30 81 93 31 0B 30 09 06 03 55 90507Z0..1.0...U
0120: 04 06 13 02 44 45 31 10 30 0E 06 03 55 04 08 13 ....DE1.0...U...
0130: 07 48 61 6D 62 75 72 67 31 10 30 0E 06 03 55 04 .Hamburg1.0...U.
0140: 07 13 07 48 61 6D 62 75 72 67 31 1A 30 18 06 03 ...Hamburg1.0...
0150: 55 04 0A 13 11 54 43 20 54 72 75 73 74 43 65 6E U....TC TrustCen
0160: 74 65 72 20 41 47 31 1D 30 1B 06 03 55 04 03 13 ter AG1.0...U...
0170: 14 74 63 64 73 73 2E 74 72 75 73 74 63 65 6E 74 .tcdss.trustcent
0180: 65 72 2E 64 65 31 25 30 23 06 09 2A 86 48 86 F7 er.de1%0#..*.H..
0190: 0D 01 09 01 16 16 74 63 61 64 6D 69 6E 40 74 72 ......tcadmin@tr
01A0: 75 73 74 63 65 6E 74 65 72 2E 64 65 30 81 9F 30 ustcenter.de0..0
01B0: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 ...*.H..........
01C0: 8D 00 30 81 89 02 81 81 00 AF 9E 59 FD 3F 23 29 ..0........Y.?#)
01D0: 01 E0 B9 C8 88 E1 A5 5C 63 14 3D ED 21 20 04 27 .......\c.=.! .'
01E0: A5 EE 3B B2 F1 E8 4F 4B 3B 4C 74 BE 8C 29 7A 41 ..;...OK;Lt..)zA
01F0: 89 FD A3 98 48 BF 8C 7B 72 9A 5B 7B 20 06 37 56 ....H...r.[. .7V
0200: 08 04 E3 8D 57 6D 02 3A 94 78 84 71 11 A7 26 56 ....Wm.:.x.q..&V
0210: 55 71 9D 55 E4 1C 54 2A 5A 2A 22 7A 23 A4 B4 F1 Uq.U..T*Z*"z#...
0220: 04 EC 18 D1 B8 EA D8 CF 24 97 C4 91 81 75 68 38 ........$....uh8
0230: 7C 63 3B BF 74 64 17 8D 28 7F F5 14 B8 7B 65 5F .c;.td..(.....e_
0240: 8A 51 E8 72 ED 1C 77 39 27 02 03 01 00 01 A3 81 .Q.r..w9'.......
0250: C6 30 81 C3 30 0C 06 03 55 1D 13 01 01 FF 04 02 .0..0...U.......
0260: 30 00 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 0.0...U.........
0270: 05 E0 30 3E 06 09 60 86 48 01 86 F8 42 01 08 04 ..0>..`.H...B...
0280: 31 16 2F 68 74 74 70 3A 2F 2F 77 77 77 2E 74 72 1./http://www.tr
0290: 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 69 ustcenter.de/gui
02A0: 64 65 6C 69 6E 65 73 2F 69 6E 64 65 78 2E 68 74 delines/index.ht
02B0: 6D 6C 30 11 06 09 60 86 48 01 86 F8 42 01 01 04 ml0...`.H...B...
02C0: 04 03 02 06 40 30 50 06 09 60 86 48the debug output mess you posted, does not make much sense as we don't have the picture about the running env. Run your code with one server thread and post the relative log again.
before posint that in a proper way, check your settings for timeout and cachesize of the underlying SSLSessionContext and see if that will help you produce better mesaures matching your response times etc. -
Peer sent alert: Alert Fatal: bad certificate
Dear Experts,
When we try to load an application on our MSS, we get this alert iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate. Here the full exception that we get:
com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRuntimeException: Failed to UPDATEDATAINPDF
at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:419)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.afterApplicationModification(ClientApplication.java:1132)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.afterApplicationModification(ClientComponent.java:895)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doRespond(WindowPhaseModel.java:573)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:152)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:321)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRuntimeException: PDFDocument Processor failed to process Render Request.
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentProcessor.process(PDFDocumentProcessor.java:55)
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentInteractiveFormHandlingContext.execute(PDFDocumentInteractiveFormHandlingContext.java:100)
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentInteractiveFormHandlingContext.execute(PDFDocumentInteractiveFormHandlingContext.java:123)
at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:340)
... 29 more
Caused by: com.sap.tc.webdynpro.pdfobject.core.PDFObjectRuntimeException: Service call exception; nested exception is:
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:408)
at com.sap.tc.webdynpro.pdfobject.core.PDFObject.render(PDFObject.java:3944)
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRenderHandler.handle(PDFDocumentRenderHandler.java:148)
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentProcessor.process(PDFDocumentProcessor.java:52)
... 32 more
Caused by: java.rmi.RemoteException: Service call exception; nested exception is:
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:85)
at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:95)
at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:385)
... 35 more
Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
at iaik.security.ssl.r.f(Unknown Source)
at iaik.security.ssl.x.b(Unknown Source)
at iaik.security.ssl.x.a(Unknown Source)
at iaik.security.ssl.r.d(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source)
at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:669)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:470)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:427)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getRequestStream(HTTPTransport.java:355)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:550)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1433)
at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:78)
... 37 more
Can anyone suggest a corrective measurement for this issue?
Thank You in advance
Regards
RameshHi Ramesh,
we are facing the similar issue while consuming external webservices
Here is the error:
Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac at iaik.security.ssl.r.f(Unknown Source) at iaik.security.ssl.x.b(Unknown Source) at iaik.security.ssl.x.a(Unknown Source) at iaik.security.ssl.r.d(Unknown Source) at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source) at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
com.sap.tc.webdynpro.model.webservice.api.WDWSModelExecuteException: Exception on execution of web service with WSDL URL 'http://lxxxxxxx:50000/webdynpro/resources/demo.sap.com/mywebservice/Components/com.sap.demo.mywebservice.webservice.comp.WebserviceComp/VECTOR.wsdl' with operation 'VECTOR' in interface 'VECTORPortType' at com.sap.tc.webdynpro.model.webservice.model.WSGenericModelClassExecutable.execute(WSGenericModelClassExecutable.java:84) at com.sap.tc.webdynpro.model.webservice.gci.WSTypedModelClassExecutable.execute(WSTypedModelClassExecutable.java:49) at com.sap.demo.mywebservice.webservice.comp.WebserviceComp.executeVECTOR(WebserviceComp.java:313) at com.sap.demo.mywebservice.webservice.comp.wdp.InternalWebserviceComp.executeVECTOR(InternalWebserviceComp.java:303) at com.sap.demo.mywebservice.webservice.comp.WebserviceCompView.onActionGetDetails(WebserviceCompView.java:195) at com.sap.demo.mywebservice.webservice.comp.wdp.InternalWebserviceCompView.wdInvokeEventHandler(InternalWebserviceCompView.java:289) at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:131) at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:72) at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:156) at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:91) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97) at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:514) at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:52) at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1547) at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1361) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToApplicationDoProcessing(AbstractExecutionContextDispatcher.java:154) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForAppProcessing.doService(DispatchHandlerForAppProcessing.java:35) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127) at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToApplicationDoProcessing(ExecutionContextDispatcher.java:114) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:80) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:571) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:602) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:523) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:270) at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:729) at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:256) at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:258) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:202) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.doService(DispatchHandlerForRequestManager.java:38) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127) at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToRequestManager(ExecutionContextDispatcher.java:140) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:92) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:104) at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87) at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:61) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:140) at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:37) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:466) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:291) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:396) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:385) at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:48) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:76) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:240) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:78) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:43) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:42) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:425) at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:250) at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:45) at com.sap.engine.core.thread.execution.Executable.run(Executable.java:109) at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:314) Caused by: com.sap.engine.services.webservices.espbase.client.bindings.exceptions.TransportBindingException: Connection IO Exception. Check nested exception for details. (Peer sent alert: Alert Fatal: bad record mac) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:399) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call_SOAP(SOAPTransportBinding.java:1083) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.callWOLogging(SOAPTransportBinding.java:779) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call(SOAPTransportBinding.java:746) at com.sap.engine.services.webservices.espbase.client.dynamic.impl.DInterfaceInvokerImpl.invokeOperation(DInterfaceInvokerImpl.java:76) at com.sap.tc.webdynpro.model.webservice.model.WSGenericModelClassExecutable.execute(WSGenericModelClassExecutable.java:73) ... 75 more Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac at iaik.security.ssl.r.f(Unknown Source) at iaik.security.ssl.x.b(Unknown Source) at iaik.security.ssl.x.a(Unknown Source) at iaik.security.ssl.r.d(Unknown Source) at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source) at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:636) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:499) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:450) at com.sap.engine.services.webservices.espbase.client.bindings.ClientHTTPTransport.getRequestStream(ClientHTTPTransport.java:489) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:357) ... 80 more
Please let me know how do you solved this problem....
I will be very thankful to you
please do me the needful
Thanks & regards
Swetha
Edited by: Swetha Nellore on Mar 12, 2009 9:18 AM
Edited by: Swetha Nellore on Mar 12, 2009 9:18 AM -
This is regarding CBMA in single stack SAP PI 7.3.1. I have set up the alert mail using default java mail client.I do receive the alerts via mail. But my requirement is to direct all the alert mails to Business workplace inbox in ECC.
So I need to set up PI to redirect mails to ECC Business workplace user inbox (sbwp). From here rules are set up & routed per distribution list.
Please guide me how I can achieve this requirement.Hi,
yes, it is a little bit different. This is the issue..... Â
But I am not sure if your links will help:
1) /people/william.li/blog/2008/02/13/sap-pi-71-mapping-enhancements-series-using-graphical-variable
is about a different solution. I do not need to count the number of lines of the source message.
And the second variable is about concat line by line from unbound node to unbound node.
My issue is:
Souce:
Message line (0...unbound) ! ! ! ! ! ! ! !
.   ResultLine  (1..1)
Mapping:
=>Â Â ResultLine1
      ResultLine2
      ResultLine........         => into UDF to an element (1..1) in one mapping operation.
So that all "ResultLine"s are included.
The result is explained in the given link for Mail attachment with UDF.
So I am not sure how to use this thread for my issue.
In the comments of that blog Christoph Gerber writes that the new variable feature can only handle single values.
So it is not suitable for my purposes as I have a list of values here that needs to be moved into the target message field.
2) http://wiki.sdn.sap.com/wiki/display/Java/UsingEditJavaSectioninMessageMapping
shows where to find the button "Java section" which is not available here in 7.1
3) /people/sap.user72/blog/2005/10/01/xi-new-features-in-sp14
too is about the nice little button for Java Section that is no longer existing on PI 7.1 screen for mappings. Â
So my issue is: How to replace the Java section function with global variables in PI 7.1?
Best regards
Dirk -
Fatal error in Java Parser V2 :Status??
We still have a problem with entity references
in V2 of the JAVA XML parser (see Rolf van Deuresen 24-11).
It is a very urgent problem for us. We think that the XML-team
is working on it. Can you inform me abouth the status with the
(bug??)-fix. If you need more information on the problem, please
ask.
Greetings,
Erik van den Berg.
nullAttachments: "1|type=text/plain|desc=SAXSample output|17142|file=output.txt|"
Oracle XML Team wrote:
: Erik van den Berg (guest) wrote:
: : Oracle XML Team wrote:
: : : Erik van den Berg (guest) wrote:
: : : : We still have a problem with entity references
: : : : in V2 of the JAVA XML parser (see Rolf van Deuresen 24-
11).
: : : : It is a very urgent problem for us. We think that the
XML-
: : team
: : : : is working on it. Can you inform me abouth the status
with
: : the
: : : : (bug??)-fix. If you need more information on the
problem,
: : : please
: : : : ask.
: : : : Greetings,
: : : : Erik van den Berg.
: : : Have you downloaded the latest version 2.0.2.5 that was
made
: : : available this week?
: : : Oracle XML Team
: : : http://technet.oracle.com
: : : Oracle Technology Network
: : I have downloaded the new version 2.0.2.5 of the Java
parser,
: : and it stil doesn't work. Please refer to the original
message
: : from Rolf van Deursen (24th november 1999) for the details.
: : Maybe it will help you if I mail you a XML file that fails.
If
: : so, please give me your email account.
: : Greetings,
: : Erik van den Berg.
: You can attach files to messages in the forum here.
: Oracle XML Team
: http://technet.oracle.com
: Oracle Technology Network
Here's the XML that raises the Fatal error. The following
information is generated by the parser:
Fatal Error of Java SAX parser v2.0.2.5:
XML-0121: (Fatal Error) End tag does not match start
tag 'WOONPLAATS'. at line 517, column 4151 of XML document.
I attached the output of the SAXSample class, so you can trace
the line and column where the error occurs. Also attached is the
XML file (4Mb).
An other error that occurs with this XML is the following
situation:
<VOLGNR_FILM> 001</VOLGNR_FILM>
this piece of XML is parsed with the following events:
StartElement:VOLGNR_FILM
Characters:NR_
Characters:001
EndElement:VOLGNR_FILM
So the spaces are replace with a part of the start tag! This is
also only with large files. I tested this piece of XML in a
seperate file. Then it was parsed correctly.
Kind regards,
Erik.
null -
SOAP receiver via HTTPS leads to Alert Fatal: bad certificate
Hello everybody,
I working on a scenario where i have to send a message out via https to a partner.
The server requires a client certificate which is installed and configured.
When I now send out some data I get the following error:
com.sap.aii.af.ra.ms.api.RecoverableException: Peer sent alert: Alert Fatal: bad certificate: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
The partner told me that I also have to install the server certificate. Is this correct? I thought it is not neccessary to install the certificate from Server, is it?
Regards,
ThomasHi,
You would need to load the SSL certificate of your customer if it is a self signed certificate in the TrsutedCA's view in your Visual Admin.
The request is being rejected by XI as the https connection is bot being established as the certificate is not present in the Trusted CA's.
Regards,
Bhavesh -
SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
Hello everybody,
I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".
Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.
Below is the SSL debug log
ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...
ssl_debug(15): Received v3 server_hello handshake message.
ssl_debug(15): Server selected SSL version 3.1.
ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...
ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(15): CompressionMethod selected by server: NULL
ssl_debug(15): Server does not supports secure renegotiation.
ssl_debug(15): Received certificate handshake message with server certificate.
ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.
ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(15): Received certificate_request handshake message.
ssl_debug(15): Accepted certificate types: RSA, DSA
ssl_debug(15): Accepted certificate authorities:
ssl_debug(15): CN=XXXXXXXXXXXXXXXXXXXXXXXX
ssl_debug(15): CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15): CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15): Received server_hello_done handshake message.
ssl_debug(15): Sending certificate handshake message with RSA client certificate...
ssl_debug(15): Sending client_key_exchange handshake...
ssl_debug(15): Sending certificate_verify handshake message...
ssl_debug(15): Sending change_cipher_spec message...
ssl_debug(15): Sending finished message...
ssl_debug(15): Received alert message: Alert Fatal: decrypt error
ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
ssl_debug(15): Shutting down SSL layer...
My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).
Does somebody have an idea what could cause this SSL handshake failure?
Best regards,
MaximThe XPI inspector gave more understanding of the situation. It shows which certificates the remote server is sending, which client certificate is used for authentication and many other topics. Interesting enough the XPI inspector shows that PI trusts the server key whereas the NWA log at the very same time tells that it doesn't. I have posted an OSS message asking to explain why there is this discrepancy.
-
Alert Categories in Server Java ESB
Hi guys , I need configurate an alert categories in Server Java enterprise Service Builder.
How it could be configurate?
Can you send me any blogs of help than contemplates this requeriment?
Technical Detail:
Version
Service pack 07
Release NW07_07_REL
Thanks and RegardsHi ,
As specified by Baskar you can also create alert category from runtime workbench also.
3) Notes:
750287 XI 3.0 Runtime Workbench: Alert configuration does not start
Alert Configuration
http://help.sap.com/saphelp_nw04/helpdata/en/80/942f3ffed33d67e10000000a114084/frameset.htm
Alert Inbox
http://help.sap.com/saphelp_nw04/helpdata/en/80/942f3ffed33d67e10000000a114084/frameset.htm
Alert Notification Step-by-Step
http://help.sap.com/saphelp_nw04/helpdata/en/49/cbfb40f17af66fe10000000a1550b0/frameset.htm
Defining Alert Classifications
http://help.sap.com/saphelp_nw04/helpdata/en/49/cbfb40f17af66fe10000000a1550b0/frameset.htm
Triggering Alerts
http://help.sap.com/saphelp_nw04/helpdata/en/49/cbfb40f17af66fe10000000a1550b0/frameset.htm
Setting up alerts
Setting up alerts in RZ20
Alert Management
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e04141e8-0f11-2a10-adaa-9d97b062c2df
Alert Notification
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/90f449a8-a6db-2910-a386-d2b5999f5751
Understanding u'r SAP EarlyWatch Alert Report
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4b88cb90-0201-0010-5bb1-a65272a329bf -
I always get FATAL ALERT: Fatal Exception everytime i try to hot sync
i am trying to sync my tungsten E2 which i just bought refurbished. i installed my own software since my last tungsten E2 went kaput ( so i previously owned a tungsten E2 ). i always get FATAL ALERT: Fatal Exception everytime i try to hot sync. what is wrong? thank you.
Post relates to: Tungsten E2As with most problems that occur on a Palm PDA, it is either software or hardware related and we have to determine which one.
If your device is not locked up, the best method is to first make a complete backup of your unit to your SD card using the free "NVBackup" (available from http://www.freewarepalm.com) After the backup is complete, Hard Reset the unit, then test to see if full functionality returns.
To perform a Hard Reset:
While pressing and holding the Power button down, tap and release the Reset button in back and continue to hold the Power button down. When the grey Palm logo appears, you can release the Power button.
You should now see the warning page in about 5 languages. Press the UP direction on the 5-way pad to complete the task. Your Palm will reset itself several times as it re-installs the original programs and erases all your previous data.
DO NOT HOTSYNC YET! Test the unit before reinstalling any software. If the unit works correctly, your problem is being caused by a "drug interaction" of software - maybe one rogue program, or a combination of several. You'll have to reinstall the third-party programs one or a few at a time to find the problem one. To avoid re-installing a software issue, rename your /Backup directory in your Palm folder (on a PC it's found here: C/Program Files/Palm(One)/"your HotSync ID name truncated"/Backup) to something like "/BackupOLD". Now perform the HotSync, choose your HotSync name you've been using, and all your PIM data will return, but not the third-party programs. Test for functionality again. If all is good, start installing the old programs from your /BackupOLD directory one (or a few if brave) at a time.
If the unit does not work after a Hard Reset is performed correctly, then it may be Hardware-related. (If it's a connection problem via either BlueTooth or Wifi, be sure nothing has changed on the unit you're trying to connect to!)
Hope this has helped,
Wyrenut
I am a Volunteer here, not employed by HP.
You too can become an HP Expert! Details HERE!
If my post has helped you, click the Kudos Thumbs up!
If it solved your issue, Click the "Accept as Solution" button so others can benefit from the question you asked! -
Configuring Alert in RZ20 from Java system
Hi Experts!!!
We have configured solman for ccms alert monitoring,We get the alerts displayed inthe solman for all the system in the landscape.But is it possible for us to monitor the java system (add-in installation) using rz20 from the abap system.We have configured the csmreg user and generated file and also registered the user through visual admin,But in the j2ee engines there data is not displayed.There were no errors occured during the configuration.
Regards,
Vamshi.Have you changed your java administrator password recently? If so, have you changed it in the configtool as well?
Kind regards,
Mark -
Fatal Error with Java ME Device Manager and SDK Updates
I recently installed the Java ME 3 EA SDK Platform which looks promising. Everything seem to work fine. In the process of new updates and the desire to remove some older versions of Java, I installed a new Java versions (1.6.0_11) and removed some old ones (1.6_0_04 and 1.6_0_10).
Following this whenever I startup my machine, following the attempted start of the Java ME Device Manager, I get a "Fatal Error: Cannot start child. Error code: 0" dialog.
Following this I get an exception indicating:
java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:519)
at java.net.Socket.connect(Socket.java:469)
at java.net.Socket.<init>(Socket.java:366)
at java.net.Socket.<init>(Socket.java:180)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:22)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:128)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:595)
Caused: java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
java.net.ConnectException: Connection refused: connect
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:601)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:97)
Caused: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost; nested exception is:
java.net.ConnectException: Connection refused: connect]
at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:101)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:185)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1871)
at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1841)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:257)
Caused: java.io.IOException: Failed to retrieve RMIServer stub
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:323)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248)
at com.sun.jme.toolkit.remoting.client.rmiimpl.ObjectServerConnectionImpl.connect(Unknown Source)
at com.sun.jme.toolkit.remoting.client.rmiimpl.ObjectServerConnectionImpl.start(Unknown Source)
at com.sun.jme.toolkit.remoting.client.rmiimpl.ObjectServerConnectionImpl.lookupMBean(Unknown Source)
at com.sun.jme.toolkit.remoting.client.rmiimpl.ObjectServerConnectionImpl.findObject(Unknown Source)
at org.netbeans.modules.javame.common.container.devicemanager.DevicemanagerHelper.openConnection(DevicemanagerHelper.java:56)
at org.netbeans.modules.javame.common.container.devicemanager.DevicemanagerHelper.getDeviceManager(DevicemanagerHelper.java:73)
at org.netbeans.modules.j2me.cdc.platform.jme_sdk.autoinstaller.AutoInstaller.ensureDMStarted(AutoInstaller.java:228)
at org.netbeans.modules.j2me.cdc.platform.jme_sdk.autoinstaller.AutoInstaller.restored(AutoInstaller.java:65)
at org.netbeans.core.startup.NbInstaller.loadCode(NbInstaller.java:419)
at org.netbeans.core.startup.NbInstaller.load(NbInstaller.java:340)
at org.netbeans.ModuleManager.enable(ModuleManager.java:888)
at org.netbeans.core.startup.ModuleList.installNew(ModuleList.java:428)
at org.netbeans.core.startup.ModuleList.trigger(ModuleList.java:364)
at org.netbeans.core.startup.ModuleSystem.restore(ModuleSystem.java:276)
at org.netbeans.core.startup.Main.getModuleSystem(Main.java:163)
at org.netbeans.core.startup.Main.start(Main.java:315)
at org.netbeans.core.startup.TopThreadGroup.run(TopThreadGroup.java:110)
[catch] at java.lang.Thread.run(Thread.java:619)
When I try to start the SDK itself, I also get "Cannot find java.exe in specified jdkhome. Neither E:\java\jdk1.6.0_10\jre\bin\java.exe or E:\java\jdk11.6.0.0_10\bin\java.exe exists. Do you want to try to use default version?". This also happens with I try starting Netbeans as well.
When I say No, it appears to not start at all. When I say Yes, it appears to try to start but I continually get errors as listed above for the Java ME Device Manager startup error.
After reinstalling the _10 version, things started to work again, so I suspect this is due to my removal of the an older version of the JDK.
How is the proper way to "update" without causing similar errors? Are the environment variable JAVA_HOME, JAVA2_HOME, or some other variable used to specify the JDK/JRE in use? I would rather not be forced to change my startup each time to specify a -jdkhome related parameter.
Should I install the new version, find install the "Java Platform" in the SDK/Netbeans, set it as
Also...
How do you set the default version from within the SDK/Netbeans?
And is there a way to prevent the Device Manager from starting?
EricYou can try this link to see if it solves your problem.
[http://java.lillegutt.com/?p=3]
Cheers, -
Firefox 2.0.0.8 = security alert when calling a Java applet method
I have a JavaHelp applet that I launch using a method that I called
from JavaScript when a user clicks on a link.
A problem I found with Firefox 2.0.0.8 and JRE 1.4 is that when I
click on the link it will try to display a security alert window, but
the window appears to freeze up when it is being displayed and hangs
the browser. For example, I cannot see any of the buttons that should
be on the security window. Rather the main window is empty. However,
if my applet exposes a button that the user can directly click, the
security window displays properly and can be dismissed.
With the same JavaHelp applet, the link works fine if I use it Firefox
2.0 and JRE 1.6 or JRE 1.5, and with IE 6.0 and IE 7.0. I uninstalled
and reinstalled Firefox with JRE 1.4, and I couldn't reproduce the
problem. However, I'm concerned that this problem may resurface in
the future.
Has anyone ever seem a similar problem? And if so, are there any easy
workarounds?>
I have a JavaHelp applet.. >I suggest you launch it using Java Web Start (JWS).
Here is a test of a direct launch of the HelpButton JavaHelp applet.
<http://www.physci.org/jh/test.html#launch>
It would only take minor changes to the code to make the button entirely redundant, and have the code automatically launch the HelpViewer, once the user clicks the link to the JNLP launch file.
That 'JavaHelp/JWS' page is my test page for launching JavaHelp in a variety of forms. -
Connecting Java client to SSL server with existing certificates
I am currently trying to connect my Java client to an existing server application
written in C++. I have been provided the needed certificates (root.pem, server.pem,
and client.pem). My code simply creates a SSLSocket and then attempts to read
from it. Something goes wrong during the handshake process and I get a SSLHandshakeException. The certificates have been added to the keystore
I am using, and I do not know any other action to take.
Here is the debug output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: keystore.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O=company-USA, L=City, ST=AL, C=US
Issuer: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167aa
Valid from Tue Sep 12 09:42:01 CDT 2006 until Thu Oct 12 09:42:01 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=ISAC Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=company, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
SSL socket created
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158089181 bytes = { 138, 112, 170, 91, 246, 86, 216, 146, 160, 188, 243, 154, 238, 132, 33, 219, 251, 3, 93, 25, 191, 247, 41, 14, 99, 135, 130, 23 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 79
0000: 01 00 00 4B 03 01 45 07 0A DD 8A 70 AA 5B F6 56 ...K..E....p.[.V
0010: D8 92 A0 BC F3 9A EE 84 21 DB FB 03 5D 19 BF F7 ........!...]...
0020: 29 0E 63 87 82 17 00 00 24 00 04 00 05 00 2F 00 ).c.....$...../.
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00 5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00 ...............
Client Thread, WRITE: TLSv1 Handshake, length = 79
[write] MD5 and SHA1 hashes: len = 107
0000: 01 03 01 00 42 00 00 00 20 00 00 04 01 00 80 00 ....B... .......
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00 ..../..5..3..9..
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13 2..8............
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 .....@..........
0040: 00 80 00 00 08 00 00 14 00 00 11 45 07 0A DD 8A ...........E....
0050: 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 DB FB p.[.V........!..
0060: 03 5D 19 BF F7 29 0E 63 87 82 17 .]...).c...
Client Thread, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
0000: 80 6B 01 03 01 00 42 00 00 00 20 00 00 04 01 00 .k....B... .....
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 ....../..5..3..9
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 ..2..8..........
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 .......@........
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 45 07 0A .............E..
0050: DD 8A 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 ..p.[.V........!
0060: DB FB 03 5D 19 BF F7 29 0E 63 87 82 17 ...]...).c...
Client Thread, received EOFException: error
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Client Thread, SEND TLSv1 ALERT: fatal, description = handshake_failure
Client Thread, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
Client Thread, called closeSocket()
Error: Remote host closed connection during handshake
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake(I am the original poster of this message, I had to create a new username though).
The original problem had to do with incompatibilities with the protocol and/or cipher suites
used. Now, the client and server perform most of the handshake process, but something
goes wrong as the server requests the client certificate. In other words, the server requires
mutual authentication, but for some reason it seems like my JSSE client won't send over
it's client certificate. I don't get any type of bad certificate exceptions, so I'm not sure
where the source of the error lies.
Updated output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : keystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: truststore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=default, O="default Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default-Server, OU=HawkEye, O=default, L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ac
Valid from Tue Sep 12 14:42:28 CDT 2006 until Thu Oct 12 14:42:28 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158242806 bytes = { 71, 195, 185, 44, 86, 96, 14, 11, 171, 76, 105, 135, 136, 114, 53, 54, 137, 75, 202, 254, 112, 208, 240, 91, 199, 246, 175, 207 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
Client Thread, WRITE: TLSv1 Handshake, length = 79
Client Thread, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1158242807 bytes = { 63, 93, 48, 73, 98, 251, 160, 215, 61, 110, 246, 12, 5, 209, 95, 194, 152, 193, 0, 181, 135, 26, 150, 174, 52, 92, 56, 250 }
Session ID: {83, 31, 134, 30, 76, 200, 183, 120, 7, 94, 26, 65, 186, 91, 197, 25, 10, 193, 94, 220, 198, 250, 162, 153, 6, 89, 12, 250, 66, 105, 249, 211}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
Client Thread, READ: TLSv1 Handshake, length = 1903
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
chain [1] = [
Version: V3
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 140862286957037297158683104484469503810921697537964422595574798580128510755934413463045842414762254029728885690233847950678735782281077619629628663140568366247472189890316085560712610474766899389736269383565795688749374256479726939861138704211990111677657317335172626254520371267441364353295155431963634875809
public exponent: 65537
Validity: [From: Tue Sep 12 09:40:32 CDT 2006,
To: Thu Oct 12 09:40:32 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ f6e3ada8 7dc4004f]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: AB 84 38 1F 7B 71 D8 87 FF 24 DB C2 7E DC D0 0B ..8..q...$......
0010: 60 60 14 A8 F8 D5 46 AD 6B FC 33 90 6F 43 08 17 ``....F.k.3.oC..
0020: AE 2B EE 6C 2B 29 85 E2 A6 67 EE 5D A4 61 F3 9E .+.l+)...g.].a..
0030: E7 CA B1 27 F9 11 36 ED 93 05 7B E1 20 90 57 B5 ...'..6..... .W.
0040: C6 F9 8A 9D 50 CD B3 4A 54 DC 1B 52 EC EA 7A 0B ....P..JT..R..z.
0050: B6 E6 95 FD DD 80 BE 66 F0 77 F4 E7 9A 8A A3 EF .......f.w......
0060: 9B 68 57 0C 9C 4B 4C C0 24 C5 34 16 D3 8E 45 27 .hW..KL.$.4...E'
0070: CA 23 F1 E0 C5 5E FB FB AA 1C 21 6E CB 5B 57 D9 .#...^....!n.[W.
Found trusted certificate:
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
Client Thread, READ: TLSv1 Handshake, length = 13
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
*** ServerHelloDone
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 27, 159, 38, 131, 132, 24, 47, 148, 161, 90, 7, 39, 189, 28, 178, 156, 20, 151, 220, 192, 239, 182, 115, 234, 99, 225, 68, 250, 199, 173, 96, 181, 78, 180, 238, 37, 243, 72, 19, 91, 249, 11, 49, 83, 1, 150 }
Client Thread, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 1B 9F 26 83 84 18 2F 94 A1 5A 07 27 BD 1C ....&.../..Z.'..
0010: B2 9C 14 97 DC C0 EF B6 73 EA 63 E1 44 FA C7 AD ........s.c.D...
0020: 60 B5 4E B4 EE 25 F3 48 13 5B F9 0B 31 53 01 96 `.N..%.H.[..1S..
CONNECTION KEYGEN:
Client Nonce:
0000: 45 09 62 F6 47 C3 B9 2C 56 60 0E 0B AB 4C 69 87 E.b.G..,V`...Li.
0010: 88 72 35 36 89 4B CA FE 70 D0 F0 5B C7 F6 AF CF .r56.K..p..[....
Server Nonce:
0000: 45 09 62 F7 3F 5D 30 49 62 FB A0 D7 3D 6E F6 0C E.b.?]0Ib...=n..
0010: 05 D1 5F C2 98 C1 00 B5 87 1A 96 AE 34 5C 38 FA .._.........4\8.
Master Secret:
0000: 0E 63 38 16 86 A1 84 72 33 2C D7 07 D7 C3 AC E0 .c8....r3,......
0010: AD 5B CD 3B 2E 2A 02 91 1E FE 17 97 4E 3B 56 C3 .[.;.*......N;V.
0020: 5D 0F 7A 99 90 0D 3D 4E 5F 39 C5 EB 6E AD DA 71 ].z...=N_9..n..q
Client MAC write Secret:
0000: 99 32 FA 60 0B 88 36 CD 88 02 D5 4A CA D2 A6 49 .2.`..6....J...I
0010: 69 60 42 B6 i`B.
Server MAC write Secret:
0000: 43 3F 85 72 FB 6D 28 1C BA 1E 8A 26 56 DE 18 FB C?.r.m(....&V...
0010: 01 83 20 7F .. .
Client write key:
0000: 6F 58 29 AB B3 8C F5 75 3C 70 04 DF 9D 01 43 F5 oX)....u<p....C.
Server write key:
0000: 4A D7 E9 63 53 32 78 DF E0 99 89 60 A4 1A 3C E7 J..cS2x....`..<.
Client write IV:
0000: 24 FB 0E 12 AB D2 70 6D 80 B1 B2 BC 78 1A 55 88 $.....pm....x.U.
Server write IV:
0000: E4 75 62 25 46 95 0F 7A 44 16 E2 39 38 AD 29 CD .ub%F..zD..98.).
HawkEye Client Thread, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 98, 254, 245, 75, 252, 23, 91, 164, 67, 197, 69, 44 }
Client Thread, WRITE: TLSv1 Handshake, length = 48
Client Thread, READ: TLSv1 Alert, length = 2
Client Thread, RECV TLSv1 ALERT: fatal, handshake_failure
Client Thread, called closeSocket()
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Error: Received fatal alert: handshake_failure
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure -
Handshake_failure using Oracle Wallet as keystore
I am trying to use an Oracle Wallet as a keystore for my connection to a webservice over SSL. The proper certificates have been added to the truststore but when I call handshake() on the SSLSocket I get this error in my debug log:
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
Internet Explorer has successfully imported the certificate (ewallet.p12) and I can connect to the webservice through IE, FireFox is picky and generates an unknown error.
I suspect something is going on with the wallet so I am now in the process of generating a new certificate using openSSL, but I'd still like to know if any of this sounds familiar to any of you....Update:
After creating a certificate with openSSL I was successful in opening the connection to the webservice (with a testclass, using SSLSocket and calling cerateSocket() ). Unfortunately, my application would still not communicate with it. After a lot of testing and debugging I found out that in my standalone java class one single connection is created and maintained and used for the communication. In the embedded OC4J that comes with JDev 10.1.3.2 also one single (cached) connection is used, so that also works.
In iAS 10.1.3.0 the created session (the one with the certificate) is not used when trying to communicate with the webservice. The log simply said (no cached session) and a new one was created, with system parameters that did not point to any certificate, and so the handshake_failure occurred again.
After setting the system parameters of the OC4J to point to the keyStore to be used, i was able to communicate with the webserver.
Could anyone tell me if this is a known bug and if so, has it been fixed in 10.1.3.1?
FYI: the code I used was:
1) HTTPConnection.setDefaultSSLFactory() to initialize the session with trustStore and keyStore
2) SOAPConnectionFactory fc = SOAPConnectionFactory .newINstance();
SOAPConnection conn = fc.createConnection();
conn apparently does not use the HTTPConnection created in step 1. A new connection is made without certificates. This caused the error. -
Help with getting Web Start working with two-way SSL
I have successfully transferred data (myclient.jnlp) utilizing web browsers (IE and Mozilla) from my web server (which is set up for two-way SSL "CLIENT-CERT" required) after using the browser's utility to "import" my client-side cert (in .p12 format).
After the browser connects and downloads the "myclient.jnlp" contents and places it in a temporary file, it then kicks off the javaws process with the temporary file as a parameter. The first thing javaws does is utilize the codebase and href values (found in the temporary file) to make a "GET" call to the server for the "myclient.jnlp" file (again).
However, this fails (with a SSL handshake error) since javaws uses a different keystore than IE - the server does not receive the client-side cert. I have imported the root CA and the client cert (in .pem format) into the $JAVA_HOME/jre/lib/security/cacerts file using the keytool command but alas my server still indicates a lack of a client-side cert.
Has anyone else tried this and got it working?Hi Richard,
Indeed it appears that the 1.5 version will have more built-in capability for client certs. It has the look of the IE browser import capability. Unfortunately, I am stuck with having to utilize 1.4.2 for the time being. Since I have posted my original message I have found more information but have yet to get it all working. The truststore in javaws 1.4.2 does have a default (the 1.4.2 jre's cacert file - stragely enough not the same one that gets updated when you import the root CA! - but this has been noted in many other threads). The javaws keystore does not have a default and I have tried, to no avail yet, to utilize some command line parameters, see http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Customization - to get my client cert "available" and recognized by javaws.
With the help of some debug flags here is the output on my javaws "output" log - all seems to go well up to the point of the client's Certificate chain (which appears to be empty), after the ServerHelloDone :
trustStore is: C:\j2sdk1.4.2_04\jre\lib\security\cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
snipped all the regular trusted certs, left my root CA as proof it is recognized...
adding as trusted cert:
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Wed May 26 16:38:59 EDT 2004 until Fri Jun 25 16:38:59 EDT 2004
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1070211537 bytes = { 205, 211, 129, 234, 88, 129, 152, 176, 223, 180, 161, 138, 246, 183, 181, 89, 61, 252, 63, 35, 21, 34, 253, 32, 254, 124, 38, 198 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 40 CA 22 D1 CD D3 81 EA 58 81 ...E..@.".....X.
0010: 98 B0 DF B4 A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 .........Y=.?#."
0020: FD 20 FE 7C 26 C6 00 00 1E 00 04 00 05 00 2F 00 . ..&........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
Thread-3, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 ..@.".....X.....
0050: A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C .....Y=.?#.". ..
0060: 26 C6 &.
Thread-3, WRITE: SSLv2 client hello message, length = 98
Thread-3, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
RandomCookie: GMT: 1070211539 bytes = { 81, 106, 82, 45, 233, 226, 89, 6, 38, 240, 71, 122, 90, 226, 255, 207, 9, 102, 205, 127, 223, 211, 4, 84, 79, 16, 101, 89 }
Session ID: {34, 167, 132, 174, 141, 4, 57, 197, 190, 207, 105, 117, 241, 9, 97, 81}
Cipher Suite: SSL_RSA_WITH_DES_CBC_SHA
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_DES_CBC_SHA]
** SSL_RSA_WITH_DES_CBC_SHA
[read] MD5 and SHA1 hashes: len = 58
0000: 02 00 00 36 03 01 40 CA 22 D3 51 6A 52 2D E9 E2 ...6..@.".QjR-..
0010: 59 06 26 F0 47 7A 5A E2 FF CF 09 66 CD 7F DF D3 Y.&.GzZ....f....
0020: 04 54 4F 10 65 59 10 22 A7 84 AE 8D 04 39 C5 BE .TO.eY.".....9..
0030: CF 69 75 F1 09 61 51 00 09 00 .iu..aQ...
Thread-3, READ: TLSv1 Handshake, length = 607
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
Found trusted certificate:
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
[read] MD5 and SHA1 hashes: len = 607
0000: 0B 00 02 5B 00 02 58 00 02 55 30 82 02 51 30 82 ...[..X..U0..Q0.
0010: 01 FB A0 03 02 01 02 02 01 00 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 05 05 00 30 57 31 0B 30 09 06 H........0W1.0..
0030: 03 55 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 .U....US1.0...U.
0040: 08 13 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 ...Virginia1.0..
0050: 03 55 04 07 13 07 46 61 69 72 66 61 78 31 11 30 .U....Fairfax1.0
0060: 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 ...U....Zork.org
0070: 31 10 30 0E 06 03 55 04 03 13 07 52 6F 6F 74 20 1.0...U....Root
0080: 43 41 30 1E 17 0D 30 34 30 35 32 36 32 30 33 38 CA0...0405262038
0090: 35 39 5A 17 0D 30 34 30 36 32 35 32 30 33 38 35 59Z..04062520385
00A0: 39 5A 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 9Z0W1.0...U....U
00B0: 53 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 S1.0...U....Virg
00C0: 69 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 inia1.0...U....F
00D0: 61 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 airfax1.0...U...
00E0: 08 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 .Zork.org1.0...U
00F0: 04 03 13 07 52 6F 6F 74 20 43 41 30 5C 30 0D 06 ....Root CA0\0..
0100: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B 00 30 .*.H.........K.0
0110: 48 02 41 00 E2 BD 8D E9 59 8E 07 35 2B ED 20 57 H.A.....Y..5+. W
0120: 38 00 C8 3D 34 85 50 E2 93 A0 17 C7 98 45 F3 5F 8..=4.P......E._
0130: CD 7B 4A DA 6E F0 C7 0F 7A 03 3E 69 A9 7C CD 15 ..J.n...z.>i....
0140: 46 F0 D1 C8 7A 0A E9 09 DD B7 6F 5B CD 80 29 E6 F...z.....o[..).
0150: 3A 6A 49 65 02 03 01 00 01 A3 81 B1 30 81 AE 30 :jIe........0..0
0160: 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 1D 06 ...U....0....0..
0170: 03 55 1D 0E 04 16 04 14 3F A7 DF 1F FA 90 1F 98 .U......?.......
0180: 4F BA 42 9F 21 7D B4 C4 88 76 14 DA 30 7F 06 03 O.B.!....v..0...
0190: 55 1D 23 04 78 30 76 80 14 3F A7 DF 1F FA 90 1F U.#.x0v..?......
01A0: 98 4F BA 42 9F 21 7D B4 C4 88 76 14 DA A1 5B A4 .O.B.!....v...[.
01B0: 59 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 53 Y0W1.0...U....US
01C0: 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 69 1.0...U....Virgi
01D0: 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 61 nia1.0...U....Fa
01E0: 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 08 irfax1.0...U....
01F0: 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 04 Zork.org1.0...U.
0200: 03 13 07 52 6F 6F 74 20 43 41 82 01 00 30 0D 06 ...Root CA...0..
0210: 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 29 .*.H.........A.)
0220: CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D 9E ..H../.J.s.q.X..
0230: 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD C4 .D....<.........
0240: FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 AE .R..re....ba5...
0250: FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 .........w..j..
Thread-3, READ: TLSv1 Handshake, length = 220
*** CertificateRequest
Cert Types: RSA, DSS, Ephemeral DH (RSA sig),
Cert Authorities:
<CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
<CN=Server CA, OU=Server Division, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
[read] MD5 and SHA1 hashes: len = 220
0000: 0D 00 00 D8 03 01 02 05 00 D2 00 59 30 57 31 0B ...........Y0W1.
0010: 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0F 06 0...U....US1.0..
0020: 03 55 04 08 13 08 56 69 72 67 69 6E 69 61 31 10 .U....Virginia1.
0030: 30 0E 06 03 55 04 07 13 07 46 61 69 72 66 61 78 0...U....Fairfax
0040: 31 11 30 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 1.0...U....Zork.
0050: 6F 72 67 31 10 30 0E 06 03 55 04 03 13 07 52 6F org1.0...U....Ro
0060: 6F 74 20 43 41 00 75 30 73 31 0B 30 09 06 03 55 ot CA.u0s1.0...U
0070: 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 08 13 ....US1.0...U...
0080: 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 03 55 .Virginia1.0...U
0090: 04 07 13 07 46 61 69 72 66 61 78 31 11 30 0F 06 ....Fairfax1.0..
00A0: 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 31 18 .U....Zork.org1.
00B0: 30 16 06 03 55 04 0B 13 0F 53 65 72 76 65 72 20 0...U....Server
00C0: 44 69 76 69 73 69 6F 6E 31 12 30 10 06 03 55 04 Division1.0...U.
00D0: 03 13 09 53 65 72 76 65 72 20 43 41 ...Server CA
Thread-3, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 175, 38, 47, 77, 131, 125, 209, 147, 174, 228, 183, 99, 34, 2, 100, 186, 77, 47, 65, 233, 82, 133, 183, 113, 8, 193, 51, 241, 167, 105, 4, 187, 57, 130, 161, 11, 178, 11, 134, 84, 96, 106, 203, 11, 195, 51 }
[write] MD5 and SHA1 hashes: len = 77
0000: 0B 00 00 03 00 00 00 10 00 00 42 00 40 39 9F EC ..........B.@9..
0010: 5F 92 FA 3D 5E 3D 0C 19 10 72 DA BE B6 14 76 62 _..=^=...r....vb
0020: AE 39 75 0B 74 10 C7 B1 42 D7 A1 22 C0 0E B8 A2 .9u.t...B.."....
0030: 22 80 73 20 36 A2 FD BB F9 3E F4 F0 91 CE 95 F8 ".s 6....>......
0040: 05 D7 22 FC 2C CF 1B AB 19 82 03 D2 F5 ..".,........
Thread-3, WRITE: TLSv1 Handshake, length = 77
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 AF 26 2F 4D 83 7D D1 93 AE E4 B7 63 22 02 ...&/M.......c".
0010: 64 BA 4D 2F 41 E9 52 85 B7 71 08 C1 33 F1 A7 69 d.M/A.R..q..3..i
0020: 04 BB 39 82 A1 0B B2 0B 86 54 60 6A CB 0B C3 33 ..9......T`j...3
CONNECTION KEYGEN:
Client Nonce:
0000: 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 A1 8A @.".....X.......
0010: F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C 26 C6 ...Y=.?#.". ..&.
Server Nonce:
0000: 40 CA 22 D3 51 6A 52 2D E9 E2 59 06 26 F0 47 7A @.".QjR-..Y.&.Gz
0010: 5A E2 FF CF 09 66 CD 7F DF D3 04 54 4F 10 65 59 Z....f.....TO.eY
Master Secret:
0000: 67 B9 58 74 69 18 0B 2E 00 EB AC 9B 77 15 B4 65 g.Xti.......w..e
0010: 61 A1 AC D0 F1 D5 4C CA 0E 51 FC 58 A0 11 B7 87 a.....L..Q.X....
0020: EC 72 26 D0 83 18 27 49 8F B6 32 FF E3 89 1D E4 .r&...'I..2.....
Client MAC write Secret:
0000: D5 96 AB F7 1E 46 5F 46 8A E9 3E DF A0 5E 32 5E .....F_F..>..^2^
0010: 00 FB B8 D8 ....
Server MAC write Secret:
0000: E6 7D 8E F5 6A 4C 94 4C D6 2A 3A 4D FC C1 94 A3 ....jL.L.*:M....
0010: C5 6C 5F B6 .l_.
Client write key:
0000: 18 1D 51 8C 74 6D 18 57 ..Q.tm.W
Server write key:
0000: 0D 4E 7A F1 5A D6 5F 5B .Nz.Z._[
Client write IV:
0000: 4C BB 4D FA 4F EB CB 4E L.M.O..N
Server write IV:
0000: B7 6A CA E9 66 7D 25 88 .j..f.%.
Thread-3, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DES/CBC/NoPadding
*** Finished
verify_data: { 20, 20, 38, 13, 43, 235, 102, 72, 75, 212, 21, 21 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
Padded plaintext before ENCRYPTION: len = 40
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
0010: 90 9C E9 09 F4 48 96 A6 8F AA 04 DF E9 36 72 F0 .....H.......6r.
0020: 42 F0 60 78 03 03 03 03 B.`x....
Thread-3, WRITE: TLSv1 Handshake, length = 40
Thread-3, READ: TLSv1 Alert, length = 2
Thread-3, RECV TLSv1 ALERT: fatal, handshake_failure
Thread-3, called closeSocket()
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
So I'll toil away trying to get *right* combination of settings - please let me know if you have any ideas! FYI here are the command line settings I am using for the keystore:
-Djavax.net.ssl.keyStore=c:\myClientIdKeyStore -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=myClientIdKeyStorePass
Thanks,
Paul
Maybe you are looking for
-
Include art board images in packaged Links folder
Is there a way to include the images placed on the art board in the packaged Links folder? Meaning include all the images when packaging not just the ones in the document. Here's my weird workflow as well. Maybe someone could suggest a change that wo
-
Hey I am using an iPod touch 2g with 2.2.1 firmware. I just bought a video cable (i-tec) it says "made for iPod" on it, but when I try to use it watch movies on my tv it does not work.
-
Problem with internationalization
Hi, I'm trying to create an application in which you can choose the language. I've read the trail on the internationalization and I managed to have some results. In fact, for the moment, I have a window with flags when I launch the application, and w
-
Has anyone used server based PDF creation components? I am after some recomendations as I am sure someone here must have used one before. All I want to do is use a template on the server, and populate fields from a database when requested. It needs t
-
Hi, I have a WLC 5500 with image 7.0.98, and I can not use bonjour services. My broadcast and multicast are enabled. Ethernet Multicast Forwarding............... Enable Ethernet Broadcast Forwarding............... Enable AP Multicast/Broadcast Mode..