RSA and Cyberflex

Similar Messages

• No luck with RSA and existing cert

  I want to encrypt data in my software, data which will be sent to me by the user, in such a way that only I can decrypt it. This seems to call for asymmetric encryption (only the public key would be embedded in the software), so I am trying to use RSA.
  Specifically I am trying to encrypt and decrypt data using the key pairs found in a cert that we bought from a cert authority. The cert says that key is a "Sun RSA public key, 1024 bits". In the following test, I encrypt using the cert's public key and decrypt using the same, for want of a method to return the private key but the results are the same if I initialize the cipher for decryption with the cert itself (which presumably contains the private key).
          Key key = cert.getPublicKey();
          Cipher cipher = Cipher.getInstance("RSA");
          cipher.init(Cipher.ENCRYPT_MODE, key);
          byte[] enc = cipher.doFinal(test.getBytes());
          cipher.init(Cipher.DECRYPT_MODE, key);
          byte[] dec = cipher.doFinal(enc);but at the decyrption stage I get the following error:
  Exception in thread "main" javax.crypto.BadPaddingException: Data must start with zero.which I don't know what to make of. It seems to me that I am following the (rather scant) instructions to the letter. If I specify "RSA/ECB/NoPadding" as the transformation I don't get the above error but the roundtrip fails to recreate the original string.
  Furthermore, as I said before, I wanted to use public key encryption because I must include the encryption key in the software and I do not want it to be sufficient to decrypt the cipher. I was hoping that with RSA you'd encrypt using the public key but that you'd need either the secret key or the whole cert to decrypt. However the Javadocs do not say so explicitely and I am left unsure as to how this works exactly. Can anyone shed some light?

  I agree, the documentation is inadequate. Have you also looked at the JCE reference (http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html)? This expands a lot on the javadocs for the classes. It might also help to learn more about cryptography; one book that others recommend is "Practical Cryptography" by Ferguson and Schneier.
  I think the one key misunderstanding you have is what is in a certificate. A certificate contains only the public key, some information about the identity of the owner of the private key, and a digital signature over this public key and identifying information. The private key is not in the certificate! Nor should it be. If it were, it would no longer be private and the security of the system would fall apart.
  The location of the private key depends entirely on the application that created the key pair. java's keytool, for example, stores the private key in a password protected file.
  The error you are seeing makes sense once you understand that , for an RSA cipher, the type of key, public or private, as well as the mode Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE, determine the interpretation of the subsequent update or doFinal method calls.
  Thus in your example, your first call to cipher.doFinal gives the RSA encryption of the data, which is what you wanted. Your second, however, attempts to decrypt this encrypted data with the public key, which makes no sense in this context. It checks to see if the result is has the proper padding, which it does not. If you tell it to assume no padding, you won't get an exception but the result still won't make any sense. You need to init the cipher with the private key for the second part.

• VPN Login first with RSA and then AD?

  I've run in to a situation I hadn't considered when we stood up our RSA 2-factor authentication for VPN. We use AnyConnect clients to hit our Cisco VPN concentrators which then passes off authentication responsibilities to ISE and ISE knows which Identity Store to use based on where the authentication request is coming from and what group(s) a person belongs to.   
  We now have a service provider that that will reach right in to a product they manage for us when we call and say there is a problem. However, the tech/engineer assigned to the issue could be one of many from their pool of available resources. The service provider only wants 1 token which will be "locked up" and the PIN "locked up" separately as well so when we report a problem they can connect and resolve it.
  I won't issue a single token to them because they are associated with AD accounts but I could create a generic account local to RSA they could authenticate against if they could then auth with their AD creds before connecting.
  So my question is has anyone done this? Is it possible to have AnyConnect ask for SecurID authentication and then come back with a prompt for AD authentication?
  Thanks

  Hi Darren,
  should be no problem, using double authentication:
  aaa-server myLDAP protocol ldap
  aaa-server myRSA protocol sdi
  tunnel-group foo general-attributes
  authentication-server-group myRSA
  secondary-authentication-server-group myLDAP [use-primary-username]
  This will prompt for 2 usernames & 2 passwords, unless you add "use-primary-username" but I guess in your case you do need 2 different usernames.
  hth
  Herbert

• VPN with RSA and LDAP Groups

  I'm tryin to rebuild our VPN environment with a pair of 5520. WE're going to use Anyconnect mobility exclusively with SSL. No IPSec and no SSL Webvpn.
  We have a large number of contractors using the VPN to access specific internal resources so I would like to use different IP subnets for each contractor assigned through group policy. I don't want to have a different URL for each contractor so I want to assign the group policy through LDAP group memebership. However, primary authentication will be via RSA 2 factor.
  How do I get the ASA to check group membership and hense assign the right group when primary authentication is through RSA?
  Thanks for any help.

  yes you can do the Authentication to an RSA server and the Authorization to the LDAP server.
  Please configure LDAP as an authorization server.
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml
  Do let me know how it goes.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• RSA and SPNEGO

  Hi -
  As part of one of our projects - We actually configured RSA authentication using the SI JAAS Module in the EP 7.0 Environment- and it worked successfully. Now, as next step, we are trying to configure the Portal for Single Sign On within the Network - via SPNEGO. Do you forsee any issues/customization or will it work without glitches? Any suggestions?
  Let me know.
  Thanks.

  Mayur,
  If you construct the JAAS stack correctly, you should be fine.
  You probably want:
  EvaluateTicket - sufficient
  SPNEGO - optional
  CreateTicket - sufficient
  RSA - optional
  CreateTicket - sufficient
  Basic - Requisite
  CreateTicket - optional
  The idea here is that CreateTicket only succeeds if there is a valid user in the context - so having CreateTicket as sufficient down the stack means that as soon as one of the (optional) modules above populates a valid user, a ticket is created and the stack is exited, all the way down to the usual Basic/CreateTicket pair at the bottom, which is your fallback username/password authentication.
  Hope this helps,
  Darren
  <a href="http://www.fortybeans.com/">Read my blog</a>

• How to apply RSA and MD5 on my data?

  Hello everyone...I am a college Student and I have a project two clients connected with server one of them by socket and another by RMI
  and I have been asked to apply CIA (confidentiality, integrity, availability) I know algorithms of cryptograpghy and authnication but I need a hint
  how to use these algorithms ...if there is a class to do this or a simple lesson how to encrypt and decrypt (code) I will be thankfull
  Best regards

  One of the most useful books you will find on the subject of Java cryptography is David Hook's "Beginning Cryptography with Java" (WROX). I would recommend you borrow this from your school/public library or buy it and study it; it will be one of the better investments you will make in your education, Gary Wolf. Good luck.

• Compability problem with Java and Python  RSA algorithm implementation

  I have client server application. Server is writtein in python, client in java. Client receives messages from server encrypted with RSA (http://stuvel.eu/rsa), and I'm unable to decrypt it. It seems that this is RSA algorithm compatibility problem. I'm using algorithm from java.security package, instatinating Cipher object like this: c = Cipher.getInstance("RSA"); . I noticed that this algorithm produces for input blocks of lengtrh <=117 ouput block of length 128. Server I guess uses the most triviall impelentation of RSA ( (1 byte is encrypted to 1 byte) So i want to make my java algorithm compatibile with this one which server uses. How to do that ? Do i have to instatinate Cipher object in different way ? Or use another library ?

  azedor wrote:
  First you said it was no good because it could only handle <= 117 byte inputs, now you say it is no good because it produces a 128-byte output. You're not making sense.First i said that this two RSA implementations are not compatibile, and first reason i noticed firstly is that Python imlementation for input of length N produces cryptogram of the same length. Not true. In general, the RSA encryption of any number of bytes less than the length of the modulus will produce a result of length near that of the modulus. When N is less than the length of the modulus, it is rare that N bytes of cleartext produces N bytes of ciphertext.
  Java implementation for data block of length <=117 produces alwasy 128 bytes of output.Pretty much correct and very much desirable. This is primarily a function of the PKCS1 padding which is used to solve two basic problems. First, as I alluded to in my first response, it is the nature of the algorithm that leading zeros are not preserved and second when the cleartext is very small (a few bytes) the exponentiation does not roll over and it is easy to decrypt the result. Both these problems are addressed by PKCS1 padding.
  >
  >
  After what sabre150 said i think of giving up idea of translating Python code to Java and considering to use another assymetric cryptography algorithms on both sides. Can you recommend me sth what should be compatibile with Python ?This seems to be at odds with your statement in reply #3 "Also have acces only to client code so i have to change sth in java." ! This statement is why I said "I suspect ... you have dug a deep hole".
  In your position I would use the Python bindings for openssl. Once more, Google is your friend.

• Is ASA integration with ISE and RSA for 2 factor authentication a valid/tested design

  Hi,
  Customer currently uses ASA to directly integrate with RSA kind of solution to provide 2 factor authentication mechanism for VPN user access.  We're considering to introduce ISE to this picture, and to offload posture analysis from ASA to ISE.  And the flow we're thinking is to have ASA interface to ISE and ISE interface to RSA and AD backend infrastructure.  And we still need the 2 factor authentication to work, i.e., customer gets a SMS code in addition to its login username and password.  I'm wondering if ASA/ISE/RSA/AD integrated solution (and with 2 factor authentication to work) is a tested solution or Cisco validate design?  Any potential issue may break the flow?
  Thanks in advance for any input!
  Tina

  Hi,
  I have an update for this quite broad question.
  I have now came a bit further on the path.
  Now the needed Radius Access Attribute are available in ISE after adding them in
  "Policy Elements" -> "Dictionaris" -> "System" -> "Radius" -> "Cisco-VPN3000".
  I added both the attribute 146 Tunnel-Group-Name which I realy need to achive what I want(select diffrent OTP-backends depending on Tunnel Group in ASA) and the other new attribute 150 Client-Type which could be intresting to look at as well.
  Here the "Diagnostics Tools" -> "Generel tools" -> "TCP Dump" and Wireshare helped me understand how this worked.
  With that I could really see the attributes in the radius access requests going in to the ASA.
  Now looking at a request in "Radius Authentication details" I have
  Other Attributes:
  ConfigVersionId=29,Device Port=1025,DestinationPort=1812,RadiusPacketType=AccessRequest,Protocol=Radius,CVPN3000/ASA/PIX7.x-Tunnel-Group-Name=SMHI-TG-RA-ISESMS,CVPN3000/ASA/PIX7.x-Client-Type=,CPMSessionID=ac100865000006294FD60A7F,.....
  Ok, the tunnel group name attribute seems to be understood correct, but Client-Type just say =, no value for that.
  That is strange, I must have defined that wrong(?), but lets leave that for now, I do not really need it for the moment being.
  So now when I have this Tunnel-Group-Name attribute available I want to use it in my Rule-Based Authentication Policy.
  Problem now is that as soon as I in an expression add a criteria containing Cisco-VPN3000:CVPN3000/ASA/PIX7.x-Tunnel-Group-Name matches .* (just anything), then that row does not match any more. It still work matching against NAS-IP and other attributes.
  What could it be I have missed?
  Best regards
  /Mattias

• ACS for 802.1x Authentication using RSA Tokens and Microsoft PEAP

  Has anyone been able to configure 802.1x authentication on Windows XP machines using RSA tokens using Cisco ACS as the RADIUS server?
  I have come up with bunch of incompatibilities between the offered support e.g.
  1. Microsoft PEAP does not support anything but smartcard/certificate or MSCHAP2.
  2. Cisco support PEAP and inside it MSCHAP2 or EAP-GTC
  We tried using RSA provided EAP client both the EAP security and EAP-OTP options within Microsoft PEAP but ACS rejects that as "EAP type not configured"
  I know it works with third party EAP software like Juniper Odyssey client and the Cisco Aegis Client but we need to make it work with the native Windows XP EAP client.

  Hi,
  We have tried to do the exact same setup as you and we also failed.
  When we tried to authenticate the user with PEAP-MSCHAPv2 (WinXP native) ACS gives "external DB password invalid", and does not even try (!) to send the login to the RSA server. No traffic is seen between RSA and ACS.
  MS-PEAP relies on hashing the password with MS-CHAPv2 encoding. This is not reversible. RSA, on the other hand, does not require hashing of the password due to the one time nature of it. So they (RSA) don't.
  When we authenticate using e.g. a 3rd party Dell-client, we can successfully authenticate using either PEAP-GTC (Cisco peap), EAP-FAST and EAP-FAST-GTC.
  A list with EAP protocols supported by the RSA is in attach.
  Also below is the link which says the MS-PEAP is NOT supported with the RSA, please check the
  table "EAP Authentication Protocol and User Database Compatibility "
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/o.htm#wp792699
  What we are trying to do now in the project is leaving the AP authentication open and try to authenticate it using RADIUS through a firewall or Cisco router authentication proxy.

• Integration between Cisco RADIUS and RSA

  Ciao. I need some help to configure the RADIUS, activating the RSA "NEXT TOKEN CODE" feature. Can you help me?

  If you have maintenance with RSA or your product is license, you can contact their support and they can give a step-by-step guide in PDF.
  I've done similar using RSA and RADIUS for network staff login to all Cisco network devices using a token. The step-by-step guide provided by their support is very helpful.

• Eror: RSA premaster secret error on JDK 1.5.0_07-b03, Solaris platform

  I have received error "[javax.net.ssl.SSLKeyException: RSA premaster secret error]
  caused by [java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding]"
  when running the following code snippet from command line[b]:
       TrustManager[] trustAllCerts = new TrustManager[]{
            new X509TrustManager() {
              public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                  return null;
              public void checkClientTrusted(
                  java.security.cert.X509Certificate[] certs, String authType) {
              public void checkServerTrusted(
                  java.security.cert.X509Certificate[] certs, String authType) {
          // Install the all-trusting trust manager
          SSLContext sc = SSLContext.getInstance("SSL");
          sc.init(null, trustAllCerts, new java.security.SecureRandom());                 
          HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
          URL url = new URL("https://svn.apache.org/repos/asf/");
          BufferedReader in = new BufferedReader(
                           new InputStreamReader(
                           url.openStream()));
          String inputLine;
          while ((inputLine = in.readLine()) != null)
       System.out.println(inputLine);
         in.close();Specially, the error only occurs when using JDK 1.5.0_07-b03 on Solaris platform.
  I have tried using other JDK versions (e.g: 1.4.2_09-b05, etc...) and NOT see the error.
  This is very strangle! It may be a bug of this JDK version?!!!
  The below is all providers available on this JDK; search among these providers
  I've found out a unusual point that we see no any provider implementing RSA.
  So I doubt that this missing can lead to error
  [java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding]
  ------------------- All providers avaible on JDK 1.5.0_07-b03, Solaris platform ------------
  SUN = SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
  X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  SunRsaSign = Sun RSA signature provider
  SunJSSE = Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  SunJCE = SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  SunJGSS = Sun (Kerberos v5)
  SunSASL = Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
  For the other JDK versions, we can see "implements RSA" and then everything works fine!
  ------------------- All providers avaible on other JDK versions, Windows/Solaris platform ------------
  SUN = SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  SunJSSE = Sun JSSE provider([b]implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  SunRsaSign = SUN's provider for RSA signatures
  SunJCE = SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  SunJGSS = Sun (Kerberos v5)
  I have downloaded and installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files version 5.0
  but the error still occurs!
  Does anybody know how to fix this error? Please!!!
  All debug logs:
  trigger seeding of SecureRandom
  done seeding SecureRandom
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1156020880 bytes = { 193, 133, 1, 170, 144, 169, 140, 138, 68, 202, 209, 91, 45, 104, 239, 18, 165, 7, 109, 248, 198, 11, 33, 107, 142, 135, 120, 149 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 73
  0000: 01 00 00 45 03 01 45 E7 7B 90 C1 85 01 AA 90 A9 ...E..E.........
  0010: 8C 8A 44 CA D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B ..D..[-h....m...
  0020: 21 6B 8E 87 78 95 00 00 1E 00 04 00 05 00 2F 00 !k..x........./.
  0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
  0040: 03 00 08 00 14 00 11 01 00 .........
  main, WRITE: TLSv1 Handshake, length = 73
  [write] MD5 and SHA1 hashes: len = 98
  0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
  0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
  0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
  0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
  0040: 00 11 45 E7 7B 90 C1 85 01 AA 90 A9 8C 8A 44 CA ..E...........D.
  0050: D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B 21 6B 8E 87 .[-h....m...!k..
  0060: 78 95 x.
  main, WRITE: SSLv2 client hello message, length = 98
  [Raw write]: length = 100
  0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
  0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2...
  0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@.
  0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................
  0040: 14 00 00 11 45 E7 7B 90 C1 85 01 AA 90 A9 8C 8A ....E...........
  0050: 44 CA D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B 21 6B D..[-h....m...!k
  0060: 8E 87 78 95 ..x.
  [Raw read]: length = 5
  0000: 16 03 01 00 4A ....J
  [Raw read]: length = 74
  0000: 02 00 00 46 03 01 45 E6 B7 07 AC 7B 34 BC 5A 65 ...F..E.....4.Ze
  0010: 97 CE 8B B3 9C 11 39 7B CC D2 94 A5 8C A0 B5 B5 ......9.........
  0020: FB CD 4E A2 A5 70 20 40 C1 0B 11 F0 83 F7 E4 80 ..N..p @........
  0030: F0 77 83 34 24 D5 1A 70 B4 B2 C6 16 DF 36 AD 95 .w.4$..p.....6..
  0040: EA 45 09 93 F0 7A 5E 00 04 00 .E...z^...
  main, READ: TLSv1 Handshake, length = 74
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1155905287 bytes = { 172, 123, 52, 188, 90, 101, 151, 206, 139, 179, 156, 17, 57, 123, 204, 210, 148, 165, 140, 160, 181, 181, 251, 205, 78, 162, 165, 112 }
  Session ID: {64, 193, 11, 17, 240, 131, 247, 228, 128, 240, 119, 131, 52, 36, 213, 26, 112, 180, 178, 198, 22, 223, 54, 173, 149, 234, 69, 9, 147, 240, 122, 94}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 45 E6 B7 07 AC 7B 34 BC 5A 65 ...F..E.....4.Ze
  0010: 97 CE 8B B3 9C 11 39 7B CC D2 94 A5 8C A0 B5 B5 ......9.........
  0020: FB CD 4E A2 A5 70 20 40 C1 0B 11 F0 83 F7 E4 80 ..N..p @........
  0030: F0 77 83 34 24 D5 1A 70 B4 B2 C6 16 DF 36 AD 95 .w.4$..p.....6..
  0040: EA 45 09 93 F0 7A 5E 00 04 00 .E...z^...
  [Raw read]: length = 5
  0000: 16 03 01 08 EB .....
  [Raw read]: length = 2283
  0000: 0B 00 08 E7 00 08 E4 00 04 99 30 82 04 95 30 82 ..........0...0.
  0010: 03 FE A0 03 02 01 02 02 03 3F 3E DD 30 0D 06 09 .........?>.0...
  0020: 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 EC 31 0B *.H........0..1.
  0030: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E 06 0...U....US1.0..
  0040: 03 55 04 08 13 07 41 72 69 7A 6F 6E 61 31 13 30 .U....Arizona1.0
  0050: 11 06 03 55 04 07 13 0A 53 63 6F 74 74 73 64 61 ...U....Scottsda
  0060: 6C 65 31 25 30 23 06 03 55 04 0A 13 1C 53 74 61 le1%0#..U....Sta
  0070: 72 66 69 65 6C 64 20 54 65 63 68 6E 6F 6C 6F 67 rfield Technolog
  0080: 69 65 73 2C 20 49 6E 63 2E 31 30 30 2E 06 03 55 ies, Inc.100...U
  0090: 04 0B 13 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 ...'http://www.s
  00A0: 74 61 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D tarfieldtech.com
  00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 31 31 30 2F 06 /repository110/.
  00C0: 03 55 04 03 13 28 53 74 61 72 66 69 65 6C 64 20 .U...(Starfield
  00D0: 53 65 63 75 72 65 20 43 65 72 74 69 66 69 63 61 Secure Certifica
  00E0: 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 2A tion Authority1*
  00F0: 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1B 70 0(..*.H........p
  0100: 72 61 63 74 69 63 65 73 40 73 74 61 72 66 69 65 ractices@starfie
  0110: 6C 64 74 65 63 68 2E 63 6F 6D 30 1E 17 0D 30 37 ldtech.com0...07
  0120: 30 31 32 36 31 34 31 38 35 35 5A 17 0D 30 39 30 0126141855Z..090
  0130: 31 32 36 31 34 31 38 35 35 5A 30 55 31 17 30 15 126141855Z0U1.0.
  0140: 06 03 55 04 0A 13 0E 73 76 6E 2E 61 70 61 63 68 ..U....svn.apach
  0150: 65 2E 6F 72 67 31 21 30 1F 06 03 55 04 0B 13 18 e.org1!0...U....
  0160: 44 6F 6D 61 69 6E 20 43 6F 6E 74 72 6F 6C 20 56 Domain Control V
  0170: 61 6C 69 64 61 74 65 64 31 17 30 15 06 03 55 04 alidated1.0...U.
  0180: 03 13 0E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 ...svn.apache.or
  0190: 67 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 g0..0...*.H.....
  01A0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 FC 1F .......0........
  01B0: 45 06 36 E7 1B D4 41 AD A5 FC 08 44 D2 9D C6 42 E.6...A....D...B
  01C0: 2D CB 52 94 74 70 6C 56 5D 84 4D 48 F2 2E 25 BA -.R.tplV].MH..%.
  01D0: 9A CC 79 39 60 61 82 11 DE E5 2B 2A 61 D8 23 BC ..y9`a....+*a.#.
  01E0: 2C 5D BC AD 61 2B 7B 36 6B CA 08 45 D5 D0 D0 03 ,]..a+.6k..E....
  01F0: A4 71 EB 06 93 9F 37 C9 D3 E8 71 25 C1 7A FF 82 .q....7...q%.z..
  0200: 88 E2 79 24 64 51 E6 FF 58 E7 D3 2E 0A AE 9F 1C ..y$dQ..X.......
  0210: 11 7E 9C 21 6F 4D D4 10 96 77 B5 FF 30 25 47 28 ...!oM...w..0%G(
  0220: 5D 34 B1 CE 50 78 55 C4 E3 F7 39 82 72 15 02 03 ]4..PxU...9.r...
  0230: 01 00 01 A3 82 01 D9 30 82 01 D5 30 09 06 03 55 .......0...0...U
  0240: 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 ....0.0...U.....
  0250: 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 ...0...U.%..0...
  0260: 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 +.........+.....
  0270: 03 02 30 56 06 03 55 1D 1F 04 4F 30 4D 30 4B A0 ..0V..U...O0M0K.
  0280: 49 A0 47 86 45 68 74 74 70 3A 2F 2F 63 65 72 74 I.G.Ehttp://cert
  0290: 69 66 69 63 61 74 65 73 2E 73 74 61 72 66 69 65 ificates.starfie
  02A0: 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 ldtech.com/repos
  02B0: 69 74 6F 72 79 2F 73 74 61 72 66 69 65 6C 64 69 itory/starfieldi
  02C0: 73 73 75 69 6E 67 2E 63 72 6C 30 52 06 03 55 1D ssuing.crl0R..U.
  02D0: 20 04 4B 30 49 30 47 06 0B 60 86 48 01 86 FD 6D .K0I0G..`.H...m
  02E0: 01 07 17 01 30 38 30 36 06 08 2B 06 01 05 05 07 ....0806..+.....
  02F0: 02 01 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 ...*http://certi
  0300: 66 69 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E ficates.godaddy.
  0310: 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 79 30 81 com/repository0.
  0320: 80 06 08 2B 06 01 05 05 07 01 01 04 74 30 72 30 ...+........t0r0
  0330: 29 06 08 2B 06 01 05 05 07 30 01 86 1D 68 74 74 )..+.....0...htt
  0340: 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 72 66 69 65 p://ocsp.starfie
  0350: 6C 64 74 65 63 68 2E 63 6F 6D 30 45 06 08 2B 06 ldtech.com0E..+.
  0360: 01 05 05 07 30 02 86 39 68 74 74 70 3A 2F 2F 63 ....0..9http://c
  0370: 65 72 74 69 66 69 63 61 74 65 73 2E 67 6F 64 61 ertificates.goda
  0380: 64 64 79 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F ddy.com/reposito
  0390: 72 79 2F 73 66 5F 69 73 73 75 69 6E 67 2E 63 72 ry/sf_issuing.cr
  03A0: 74 30 1D 06 03 55 1D 0E 04 16 04 14 FF 43 49 DF t0...U.......CI.
  03B0: 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 69 5B C4 7C ....1..YK..`i[..
  03C0: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AC 55 DE 0...U.#..0....U.
  03D0: B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 3E 8C EE ......h.S`..%>..
  03E0: E7 30 2D 06 03 55 1D 11 04 26 30 24 82 0E 73 76 .0-..U...&0$..sv
  03F0: 6E 2E 61 70 61 63 68 65 2E 6F 72 67 82 12 77 77 n.apache.org..ww
  0400: 77 2E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 67 w.svn.apache.org
  0410: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
  0420: 81 81 00 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B ......Q..a....;.
  0430: 4F B1 CC 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 O..^....pi."...F
  0440: 0D 98 31 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 ..1..>..t.T.....
  0450: 9F 35 66 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 .5f7.....[..rK..
  0460: 52 77 CB 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF Rw.C......."H.R.
  0470: B5 35 74 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B .5tB.hj..6.\[...
  0480: 60 D6 4F 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 `.Ox.....DC.!8i9
  0490: C2 3C BC 59 07 FB 84 9A CE 6F 38 6C E1 14 8C 88 .<.Y.....o8l....
  04A0: F6 92 B9 00 04 45 30 82 04 41 30 82 03 AA A0 03 .....E0..A0.....
  04B0: 02 01 02 02 02 01 04 30 0D 06 09 2A 86 48 86 F7 .......0...*.H..
  04C0: 0D 01 01 05 05 00 30 81 BB 31 24 30 22 06 03 55 ......0..1$0"..U
  04D0: 04 07 13 1B 56 61 6C 69 43 65 72 74 20 56 61 6C ....ValiCert Val
  04E0: 69 64 61 74 69 6F 6E 20 4E 65 74 77 6F 72 6B 31 idation Network1
  04F0: 17 30 15 06 03 55 04 0A 13 0E 56 61 6C 69 43 65 .0...U....ValiCe
  0500: 72 74 2C 20 49 6E 63 2E 31 35 30 33 06 03 55 04 rt, Inc.1503..U.
  0510: 0B 13 2C 56 61 6C 69 43 65 72 74 20 43 6C 61 73 ..,ValiCert Clas
  0520: 73 20 32 20 50 6F 6C 69 63 79 20 56 61 6C 69 64 s 2 Policy Valid
  0530: 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 ation Authority1
  0540: 21 30 1F 06 03 55 04 03 13 18 68 74 74 70 3A 2F !0...U....http:/
  0550: 2F 77 77 77 2E 76 61 6C 69 63 65 72 74 2E 63 6F /www.valicert.co
  0560: 6D 2F 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 m/1 0...*.H.....
  0570: 01 16 11 69 6E 66 6F 40 76 61 6C 69 63 65 72 74 ...info@valicert
  0580: 2E 63 6F 6D 30 1E 17 0D 30 34 30 31 31 34 32 31 .com0...04011421
  0590: 30 35 32 31 5A 17 0D 32 34 30 31 30 39 32 31 30 0521Z..240109210
  05A0: 35 32 31 5A 30 81 EC 31 0B 30 09 06 03 55 04 06 521Z0..1.0...U..
  05B0: 13 02 55 53 31 10 30 0E 06 03 55 04 08 13 07 41 ..US1.0...U....A
  05C0: 72 69 7A 6F 6E 61 31 13 30 11 06 03 55 04 07 13 rizona1.0...U...
  05D0: 0A 53 63 6F 74 74 73 64 61 6C 65 31 25 30 23 06 .Scottsdale1%0#.
  05E0: 03 55 04 0A 13 1C 53 74 61 72 66 69 65 6C 64 20 .U....Starfield
  05F0: 54 65 63 68 6E 6F 6C 6F 67 69 65 73 2C 20 49 6E Technologies, In
  0600: 63 2E 31 30 30 2E 06 03 55 04 0B 13 27 68 74 74 c.100...U...'htt
  0610: 70 3A 2F 2F 77 77 77 2E 73 74 61 72 66 69 65 6C p://www.starfiel
  0620: 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 69 dtech.com/reposi
  0630: 74 6F 72 79 31 31 30 2F 06 03 55 04 03 13 28 53 tory110/..U...(S
  0640: 74 61 72 66 69 65 6C 64 20 53 65 63 75 72 65 20 tarfield Secure
  0650: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 Certification Au
  0660: 74 68 6F 72 69 74 79 31 2A 30 28 06 09 2A 86 48 thority1*0(..*.H
  0670: 86 F7 0D 01 09 01 16 1B 70 72 61 63 74 69 63 65 ........practice
  0680: 73 40 73 74 61 72 66 69 65 6C 64 74 65 63 68 2E s@starfieldtech.
  0690: 63 6F 6D 30 81 9D 30 0D 06 09 2A 86 48 86 F7 0D com0..0...*.H...
  06A0: 01 01 01 05 00 03 81 8B 00 30 81 87 02 81 81 00 .........0......
  06B0: DB 11 43 6B DC D1 69 78 59 49 E8 6E 74 14 08 74 ..Ck..ixYI.nt..t
  06C0: 11 6C 7E B7 2A A8 22 D8 42 3C 7A CF 9F 50 B2 46 .l..*.".B<z..P.F
  06D0: AE A6 67 1A 23 22 BE 0F B3 34 FB AC AC 90 AA 5B ..g.#"...4.....[
  06E0: 28 C2 70 F6 B6 8A 80 2A E0 9B 9C 52 E0 91 A8 72 (.p....*...R...r
  06F0: A0 16 E1 C4 4E 7D 11 09 B3 9E B9 D4 F3 B2 50 C4 ....N.........P.
  0700: 6D 48 08 BD BC 2A 97 0C 6D A3 8A 6A 3C 9A CF 4A mH...*..m..j<..J
  0710: 34 DC 1E DE EA 5A 26 C0 A1 A2 82 A9 4A FB 86 22 4....Z&.....J.."
  0720: 12 90 3A B2 82 D4 92 91 9F A9 45 9F C3 A4 DB FB ..:.......E.....
  0730: 02 01 03 A3 82 01 21 30 82 01 1D 30 0C 06 03 55 ......!0...0...U
  0740: 1D 13 04 05 30 03 01 01 FF 30 0B 06 03 55 1D 0F ....0....0...U..
  0750: 04 04 03 02 01 06 30 4A 06 03 55 1D 1F 04 43 30 ......0J..U...C0
  0760: 41 30 3F A0 3D A0 3B 86 39 68 74 74 70 3A 2F 2F A0?.=.;.9http://
  0770: 63 65 72 74 69 66 69 63 61 74 65 73 2E 73 74 61 certificates.sta
  0780: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 rfieldtech.com/r
  0790: 65 70 6F 73 69 74 6F 72 79 2F 72 6F 6F 74 2E 63 epository/root.c
  07A0: 72 6C 30 4F 06 03 55 1D 20 04 48 30 46 30 44 06 rl0O..U. .H0F0D.
  07B0: 0B 60 86 48 01 86 F8 45 01 07 17 03 30 35 30 33 .`.H...E....0503
  07C0: 06 08 2B 06 01 05 05 07 02 01 16 27 68 74 74 70 ..+........'http
  07D0: 3A 2F 2F 77 77 77 2E 73 74 61 72 66 69 65 6C 64 ://www.starfield
  07E0: 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 tech.com/reposit
  07F0: 6F 72 79 30 39 06 08 2B 06 01 05 05 07 01 01 04 ory09..+........
  0800: 2D 30 2B 30 29 06 08 2B 06 01 05 05 07 30 01 86 -0+0)..+.....0..
  0810: 1D 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 .http://ocsp.sta
  0820: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 30 1D rfieldtech.com0.
  0830: 06 03 55 1D 0E 04 16 04 14 AC 55 DE B7 EA 13 EB ..U.......U.....
  0840: FC 98 68 E2 53 60 1E F1 25 3E 8C EE E7 30 09 06 ..h.S`..%>...0..
  0850: 03 55 1D 23 04 02 30 00 30 0D 06 09 2A 86 48 86 .U.#..0.0...*.H.
  0860: F7 0D 01 01 05 05 00 03 81 81 00 7E 1C 98 BE AD ................
  0870: 03 8D 25 85 EE 7C 90 88 22 2B FE 27 F4 42 B2 EC ..%....."+.'.B..
  0880: 7F B5 FC 72 68 05 A4 7D 91 EF 28 D1 7D 20 39 3B ...rh.....(.. 9;
  0890: 79 08 37 68 18 52 D5 8F 03 D2 89 4F 1E 11 D1 E9 y.7h.R.....O....
  08A0: A5 74 4B FC 5F 67 65 84 71 84 78 59 B7 D6 C9 D7 .tK._ge.q.xY....
  08B0: D7 93 35 E6 13 AB 94 3C 8E 93 40 89 8C C0 D7 F2 ..5....<..@.....
  08C0: E7 07 52 D1 70 8F 98 8C EB A0 6D D1 36 53 90 A0 ..R.p.....m.6S..
  08D0: 8F 16 30 1E DE C3 BF 7F 46 A5 95 2A F9 C8 DE 3B ..0.....F..*...;
  08E0: DB 77 F4 F2 32 B1 33 61 A2 30 35 .w..2.3a.05
  main, READ: TLSv1 Handshake, length = 2283
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: CN=svn.apache.org, OU=Domain Control Validated, O=svn.apache.org
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 177046192487125873479707395472231760712994023170823729107519357415283325331982921967730914213256528653757249574574965555061897079727590228489004259023952254673707171152878504377042389446926800477336348814644929883742996944532880480307810812469119330106553760163160996800432869396169888003096567731172086542869
  public exponent: 65537
  Validity: [From: Fri Jan 26 21:18:55 GMT+07:00 2007,
                 To: Mon Jan 26 21:18:55 GMT+07:00 2009]
  Issuer: [email protected], CN=Starfield Secure Certification Authority, OU=http://www.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  SerialNumber: [    3f3edd]
  Certificate Extensions: 9
  [1]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [DNSName: svn.apache.org, DNSName: www.svn.apache.org]]
  [2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
     accessLocation: URIName: http://ocsp.starfieldtech.com, accessMethod: 1.3.6.1.5.5.7.48.2
     accessLocation: URIName: http://certificates.godaddy.com/repository/sf_issuing.crt]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: AC 55 DE B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 .U.......h.S`..%
  0010: 3E 8C EE E7 >...
  [4]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: FF 43 49 DF 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 .CI.....1..YK..`
  0010: 69 5B C4 7C i[..
  [5]: ObjectId: 2.5.29.32 Criticality=false
  CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.114413.1.7.23.1]
  [PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.1
    qualifier: 0000: 16 2A 68 74 74 70 3A 2F   2F 63 65 72 74 69 66 69  .*http://certifi
  0010: 63 61 74 65 73 2E 67 6F   64 61 64 64 79 2E 63 6F  cates.godaddy.co
  0020: 6D 2F 72 65 70 6F 73 69   74 6F 72 79              m/repository
  [6]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  [7]: ObjectId: 2.5.29.37 Criticality=false
  ExtendedKeyUsages [
  [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
  [8]: ObjectId: 2.5.29.31 Criticality=false
  CRLDistributionPoints [
  [DistributionPoint:
  [URIName: http://certificates.starfieldtech.com/repository/starfieldissuing.crl]
  [9]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  DigitalSignature
  Key_Encipherment
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B 4F B1 CC ...Q..a....;.O..
  0010: 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 0D 98 31 ^....pi."...F..1
  0020: 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 9F 35 66 ..>..t.T......5f
  0030: 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 52 77 CB 7.....[..rK..Rw.
  0040: 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF B5 35 74 C......."H.R..5t
  0050: 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B 60 D6 4F B.hj..6.\[...`.O
  0060: 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 C2 3C BC x.....DC.!8i9.<.
  0070: 59 07 FB 84 9A CE 6F 38 6C E1 14 8C 88 F6 92 B9 Y.....o8l.......
  chain [1] = [
  Version: V3
  Subject: [email protected], CN=Starfield Secure Certification Authority, OU=http://www.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 153834384376450951242132342676627381305301509455009131953436945251656166351716579980793170359435953119090647821771205994017554233524628677596597325652224171754745353602402317658335611344705389502813919100965160981561608463541714784267134488000708910634129917477877983632663540633248439611336221142925273521147
  public exponent: 3
  Validity: [From: Thu Jan 15 04:05:21 GMT+07:00 2004,
                 To: Wed Jan 10 04:05:21 GMT+07:00 2024]
  Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  SerialNumber: [    0104]
  Certificate Extensions: 7
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: AC 55 DE B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 .U.......h.S`..%
  0010: 3E 8C EE E7 >...
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  [3]: ObjectId: 2.5.29.31 Criticality=false
  CRLDistributionPoints [
  [DistributionPoint:
  [URIName: http://certificates.starfieldtech.com/repository/root.crl]
  [4]: ObjectId: 2.5.29.32 Criticality=false
  CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
  [PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.1
    qualifier: 0000: 16 27 68 74 74 70 3A 2F   2F 77 77 77 2E 73 74 61  .'http://www.sta
  0010: 72 66 69 65 6C 64 74 65   63 68 2E 63 6F 6D 2F 72  rfieldtech.com/r
  0020: 65 70 6F 73 69 74 6F 72   79                       epository
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  Key_CertSign
  Crl_Sign
  [6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
     accessLocation: URIName: http://ocsp.starfieldtech.com]
  [7]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 7E 1C 98 BE AD 03 8D 25 85 EE 7C 90 88 22 2B FE .......%....."+.
  0010: 27 F4 42 B2 EC 7F B5 FC 72 68 05 A4 7D 91 EF 28 '.B.....rh.....(
  0020: D1 7D 20 39 3B 79 08 37 68 18 52 D5 8F 03 D2 89 .. 9;y.7h.R.....
  0030: 4F 1E 11 D1 E9 A5 74 4B FC 5F 67 65 84 71 84 78 O.....tK._ge.q.x
  0040: 59 B7 D6 C9 D7 D7 93 35 E6 13 AB 94 3C 8E 93 40 Y......5....<..@
  0050: 89 8C C0 D7 F2 E7 07 52 D1 70 8F 98 8C EB A0 6D .......R.p.....m
  0060: D1 36 53 90 A0 8F 16 30 1E DE C3 BF 7F 46 A5 95 .6S....0.....F..
  0070: 2A F9 C8 DE 3B DB 77 F4 F2 32 B1 33 61 A2 30 35 *...;.w..2.3a.05
  [read] MD5 and SHA1 hashes: len = 2283
  0000: 0B 00 08 E7 00 08 E4 00 04 99 30 82 04 95 30 82 ..........0...0.
  0010: 03 FE A0 03 02 01 02 02 03 3F 3E DD 30 0D 06 09 .........?>.0...
  0020: 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 EC 31 0B *.H........0..1.
  0030: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E 06 0...U....US1.0..
  0040: 03 55 04 08 13 07 41 72 69 7A 6F 6E 61 31 13 30 .U....Arizona1.0
  0050: 11 06 03 55 04 07 13 0A 53 63 6F 74 74 73 64 61 ...U....Scottsda
  0060: 6C 65 31 25 30 23 06 03 55 04 0A 13 1C 53 74 61 le1%0#..U....Sta
  0070: 72 66 69 65 6C 64 20 54 65 63 68 6E 6F 6C 6F 67 rfield Technolog
  0080: 69 65 73 2C 20 49 6E 63 2E 31 30 30 2E 06 03 55 ies, Inc.100...U
  0090: 04 0B 13 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 ...'http://www.s
  00A0: 74 61 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D tarfieldtech.com
  00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 31 31 30 2F 06 /repository110/.
  00C0: 03 55 04 03 13 28 53 74 61 72 66 69 65 6C 64 20 .U...(Starfield
  00D0: 53 65 63 75 72 65 20 43 65 72 74 69 66 69 63 61 Secure Certifica
  00E0: 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 2A tion Authority1*
  00F0: 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1B 70 0(..*.H........p
  0100: 72 61 63 74 69 63 65 73 40 73 74 61 72 66 69 65 ractices@starfie
  0110: 6C 64 74 65 63 68 2E 63 6F 6D 30 1E 17 0D 30 37 ldtech.com0...07
  0120: 30 31 32 36 31 34 31 38 35 35 5A 17 0D 30 39 30 0126141855Z..090
  0130: 31 32 36 31 34 31 38 35 35 5A 30 55 31 17 30 15 126141855Z0U1.0.
  0140: 06 03 55 04 0A 13 0E 73 76 6E 2E 61 70 61 63 68 ..U....svn.apach
  0150: 65 2E 6F 72 67 31 21 30 1F 06 03 55 04 0B 13 18 e.org1!0...U....
  0160: 44 6F 6D 61 69 6E 20 43 6F 6E 74 72 6F 6C 20 56 Domain Control V
  0170: 61 6C 69 64 61 74 65 64 31 17 30 15 06 03 55 04 alidated1.0...U.
  0180: 03 13 0E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 ...svn.apache.or
  0190: 67 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 g0..0...*.H.....
  01A0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 FC 1F .......0........
  01B0: 45 06 36 E7 1B D4 41 AD A5 FC 08 44 D2 9D C6 42 E.6...A....D...B
  01C0: 2D CB 52 94 74 70 6C 56 5D 84 4D 48 F2 2E 25 BA -.R.tplV].MH..%.
  01D0: 9A CC 79 39 60 61 82 11 DE E5 2B 2A 61 D8 23 BC ..y9`a....+*a.#.
  01E0: 2C 5D BC AD 61 2B 7B 36 6B CA 08 45 D5 D0 D0 03 ,]..a+.6k..E....
  01F0: A4 71 EB 06 93 9F 37 C9 D3 E8 71 25 C1 7A FF 82 .q....7...q%.z..
  0200: 88 E2 79 24 64 51 E6 FF 58 E7 D3 2E 0A AE 9F 1C ..y$dQ..X.......
  0210: 11 7E 9C 21 6F 4D D4 10 96 77 B5 FF 30 25 47 28 ...!oM...w..0%G(
  0220: 5D 34 B1 CE 50 78 55 C4 E3 F7 39 82 72 15 02 03 ]4..PxU...9.r...
  0230: 01 00 01 A3 82 01 D9 30 82 01 D5 30 09 06 03 55 .......0...0...U
  0240: 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 ....0.0...U.....
  0250: 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 ...0...U.%..0...
  0260: 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 +.........+.....
  0270: 03 02 30 56 06 03 55 1D 1F 04 4F 30 4D 30 4B A0 ..0V..U...O0M0K.
  0280: 49 A0 47 86 45 68 74 74 70 3A 2F 2F 63 65 72 74 I.G.Ehttp://cert
  0290: 69 66 69 63 61 74 65 73 2E 73 74 61 72 66 69 65 ificates.starfie
  02A0: 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 ldtech.com/repos
  02B0: 69 74 6F 72 79 2F 73 74 61 72 66 69 65 6C 64 69 itory/starfieldi
  02C0: 73 73 75 69 6E 67 2E 63 72 6C 30 52 06 03 55 1D ssuing.crl0R..U.
  02D0: 20 04 4B 30 49 30 47 06 0B 60 86 48 01 86 FD 6D .K0I0G..`.H...m
  02E0: 01 07 17 01 30 38 30 36 06 08 2B 06 01 05 05 07 ....0806..+.....
  02F0: 02 01 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 ...*http://certi
  0300: 66 69 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E ficates.godaddy.
  0310: 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 79 30 81 com/repository0.
  0320: 80 06 08 2B 06 01 05 05 07 01 01 04 74 30 72 30 ...+........t0r0
  0330: 29 06 08 2B 06 01 05 05 07 30 01 86 1D 68 74 74 )..+.....0...htt
  0340: 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 72 66 69 65 p://ocsp.starfie
  0350: 6C 64 74 65 63 68 2E 63 6F 6D 30 45 06 08 2B 06 ldtech.com0E..+.
  0360: 01 05 05 07 30 02 86 39 68 74 74 70 3A 2F 2F 63 ....0..9http://c
  0370: 65 72 74 69 66 69 63 61 74 65 73 2E 67 6F 64 61 ertificates.goda
  0380: 64 64 79 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F ddy.com/reposito
  0390: 72 79 2F 73 66 5F 69 73 73 75 69 6E 67 2E 63 72 ry/sf_issuing.cr
  03A0: 74 30 1D 06 03 55 1D 0E 04 16 04 14 FF 43 49 DF t0...U.......CI.
  03B0: 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 69 5B C4 7C ....1..YK..`i[..
  03C0: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AC 55 DE 0...U.#..0....U.
  03D0: B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 3E 8C EE ......h.S`..%>..
  03E0: E7 30 2D 06 03 55 1D 11 04 26 30 24 82 0E 73 76 .0-..U...&0$..sv
  03F0: 6E 2E 61 70 61 63 68 65 2E 6F 72 67 82 12 77 77 n.apache.org..ww
  0400: 77 2E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 67 w.svn.apache.org
  0410: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
  0420: 81 81 00 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B ......Q..a....;.
  0430: 4F B1 CC 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 O..^....pi."...F
  0440: 0D 98 31 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 ..1..>..t.T.....
  0450: 9F 35 66 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 .5f7.....[..rK..
  0460: 52 77 CB 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF Rw.C......."H.R.
  0470: B5 35 74 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B .5tB.hj..6.\[...
  0480: 60 D6 4F 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 `.Ox.....DC.!8i9
  0490: C2 3C BC 59 07 FB 84 9A CE 6F 38 6

  I have received error "[javax.net.ssl.SSLKeyException: RSA premaster secret error]
  caused by [java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding]"
  when running the following code snippet from command line[b]:
       TrustManager[] trustAllCerts = new TrustManager[]{
            new X509TrustManager() {
              public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                  return null;
              public void checkClientTrusted(
                  java.security.cert.X509Certificate[] certs, String authType) {
              public void checkServerTrusted(
                  java.security.cert.X509Certificate[] certs, String authType) {
          // Install the all-trusting trust manager
          SSLContext sc = SSLContext.getInstance("SSL");
          sc.init(null, trustAllCerts, new java.security.SecureRandom());                 
          HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
          URL url = new URL("https://svn.apache.org/repos/asf/");
          BufferedReader in = new BufferedReader(
                           new InputStreamReader(
                           url.openStream()));
          String inputLine;
          while ((inputLine = in.readLine()) != null)
       System.out.println(inputLine);
         in.close();Specially, the error only occurs when using JDK 1.5.0_07-b03 on Solaris platform.
  I have tried using other JDK versions (e.g: 1.4.2_09-b05, etc...) and NOT see the error.
  This is very strangle! It may be a bug of this JDK version?!!!
  The below is all providers available on this JDK; search among these providers
  I've found out a unusual point that we see no any provider implementing RSA.
  So I doubt that this missing can lead to error
  [java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding]
  ------------------- All providers avaible on JDK 1.5.0_07-b03, Solaris platform ------------
  SUN = SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
  X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  SunRsaSign = Sun RSA signature provider
  SunJSSE = Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  SunJCE = SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  SunJGSS = Sun (Kerberos v5)
  SunSASL = Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
  For the other JDK versions, we can see "implements RSA" and then everything works fine!
  ------------------- All providers avaible on other JDK versions, Windows/Solaris platform ------------
  SUN = SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  SunJSSE = Sun JSSE provider([b]implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  SunRsaSign = SUN's provider for RSA signatures
  SunJCE = SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  SunJGSS = Sun (Kerberos v5)
  I have downloaded and installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files version 5.0
  but the error still occurs!
  Does anybody know how to fix this error? Please!!!
  All debug logs:
  trigger seeding of SecureRandom
  done seeding SecureRandom
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1156020880 bytes = { 193, 133, 1, 170, 144, 169, 140, 138, 68, 202, 209, 91, 45, 104, 239, 18, 165, 7, 109, 248, 198, 11, 33, 107, 142, 135, 120, 149 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 73
  0000: 01 00 00 45 03 01 45 E7 7B 90 C1 85 01 AA 90 A9 ...E..E.........
  0010: 8C 8A 44 CA D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B ..D..[-h....m...
  0020: 21 6B 8E 87 78 95 00 00 1E 00 04 00 05 00 2F 00 !k..x........./.
  0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
  0040: 03 00 08 00 14 00 11 01 00 .........
  main, WRITE: TLSv1 Handshake, length = 73
  [write] MD5 and SHA1 hashes: len = 98
  0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
  0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
  0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
  0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
  0040: 00 11 45 E7 7B 90 C1 85 01 AA 90 A9 8C 8A 44 CA ..E...........D.
  0050: D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B 21 6B 8E 87 .[-h....m...!k..
  0060: 78 95 x.
  main, WRITE: SSLv2 client hello message, length = 98
  [Raw write]: length = 100
  0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
  0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2...
  0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@.
  0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................
  0040: 14 00 00 11 45 E7 7B 90 C1 85 01 AA 90 A9 8C 8A ....E...........
  0050: 44 CA D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B 21 6B D..[-h....m...!k
  0060: 8E 87 78 95 ..x.
  [Raw read]: length = 5
  0000: 16 03 01 00 4A ....J
  [Raw read]: length = 74
  0000: 02 00 00 46 03 01 45 E6 B7 07 AC 7B 34 BC 5A 65 ...F..E.....4.Ze
  0010: 97 CE 8B B3 9C 11 39 7B CC D2 94 A5 8C A0 B5 B5 ......9.........
  0020: FB CD 4E A2 A5 70 20 40 C1 0B 11 F0 83 F7 E4 80 ..N..p @........
  0030: F0 77 83 34 24 D5 1A 70 B4 B2 C6 16 DF 36 AD 95 .w.4$..p.....6..
  0040: EA 45 09 93 F0 7A 5E 00 04 00 .E...z^...
  main, READ: TLSv1 Handshake, length = 74
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1155905287 bytes = { 172, 123, 52, 188, 90, 101, 151, 206, 139, 179, 156, 17, 57, 123, 204, 210, 148, 165, 140, 160, 181, 181, 251, 205, 78, 162, 165, 112 }
  Session ID: {64, 193, 11, 17, 240, 131, 247, 228, 128, 240, 119, 131, 52, 36, 213, 26, 112, 180, 178, 198, 22, 223, 54, 173, 149, 234, 69, 9, 147, 240, 122, 94}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 45 E6 B7 07 AC 7B 34 BC 5A 65 ...F..E.....4.Ze
  0010: 97 CE 8B B3 9C 11 39 7B CC D2 94 A5 8C A0 B5 B5 ......9.........
  0020: FB CD 4E A2 A5 70 20 40 C1 0B 11 F0 83 F7 E4 80 ..N..p @........
  0030: F0 77 83 34 24 D5 1A 70 B4 B2 C6 16 DF 36 AD 95 .w.4$..p.....6..
  0040: EA 45 09 93 F0 7A 5E 00 04 00 .E...z^...
  [Raw read]: length = 5
  0000: 16 03 01 08 EB .....
  [Raw read]: length = 2283
  0000: 0B 00 08 E7 00 08 E4 00 04 99 30 82 04 95 30 82 ..........0...0.
  0010: 03 FE A0 03 02 01 02 02 03 3F 3E DD 30 0D 06 09 .........?>.0...
  0020: 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 EC 31 0B *.H........0..1.
  0030: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E 06 0...U....US1.0..
  0040: 03 55 04 08 13 07 41 72 69 7A 6F 6E 61 31 13 30 .U....Arizona1.0
  0050: 11 06 03 55 04 07 13 0A 53 63 6F 74 74 73 64 61 ...U....Scottsda
  0060: 6C 65 31 25 30 23 06 03 55 04 0A 13 1C 53 74 61 le1%0#..U....Sta
  0070: 72 66 69 65 6C 64 20 54 65 63 68 6E 6F 6C 6F 67 rfield Technolog
  0080: 69 65 73 2C 20 49 6E 63 2E 31 30 30 2E 06 03 55 ies, Inc.100...U
  0090: 04 0B 13 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 ...'http://www.s
  00A0: 74 61 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D tarfieldtech.com
  00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 31 31 30 2F 06 /repository110/.
  00C0: 03 55 04 03 13 28 53 74 61 72 66 69 65 6C 64 20 .U...(Starfield
  00D0: 53 65 63 75 72 65 20 43 65 72 74 69 66 69 63 61 Secure Certifica
  00E0: 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 2A tion Authority1*
  00F0: 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1B 70 0(..*.H........p
  0100: 72 61 63 74 69 63 65 73 40 73 74 61 72 66 69 65 ractices@starfie
  0110: 6C 64 74 65 63 68 2E 63 6F 6D 30 1E 17 0D 30 37 ldtech.com0...07
  0120: 30 31 32 36 31 34 31 38 35 35 5A 17 0D 30 39 30 0126141855Z..090
  0130: 31 32 36 31 34 31 38 35 35 5A 30 55 31 17 30 15 126141855Z0U1.0.
  0140: 06 03 55 04 0A 13 0E 73 76 6E 2E 61 70 61 63 68 ..U....svn.apach
  0150: 65 2E 6F 72 67 31 21 30 1F 06 03 55 04 0B 13 18 e.org1!0...U....
  0160: 44 6F 6D 61 69 6E 20 43 6F 6E 74 72 6F 6C 20 56 Domain Control V
  0170: 61 6C 69 64 61 74 65 64 31 17 30 15 06 03 55 04 alidated1.0...U.
  0180: 03 13 0E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 ...svn.apache.or
  0190: 67 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 g0..0...*.H.....
  01A0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 FC 1F .......0........
  01B0: 45 06 36 E7 1B D4 41 AD A5 FC 08 44 D2 9D C6 42 E.6...A....D...B
  01C0: 2D CB 52 94 74 70 6C 56 5D 84 4D 48 F2 2E 25 BA -.R.tplV].MH..%.
  01D0: 9A CC 79 39 60 61 82 11 DE E5 2B 2A 61 D8 23 BC ..y9`a....+*a.#.
  01E0: 2C 5D BC AD 61 2B 7B 36 6B CA 08 45 D5 D0 D0 03 ,]..a+.6k..E....
  01F0: A4 71 EB 06 93 9F 37 C9 D3 E8 71 25 C1 7A FF 82 .q....7...q%.z..
  0200: 88 E2 79 24 64 51 E6 FF 58 E7 D3 2E 0A AE 9F 1C ..y$dQ..X.......
  0210: 11 7E 9C 21 6F 4D D4 10 96 77 B5 FF 30 25 47 28 ...!oM...w..0%G(
  0220: 5D 34 B1 CE 50 78 55 C4 E3 F7 39 82 72 15 02 03 ]4..PxU...9.r...
  0230: 01 00 01 A3 82 01 D9 30 82 01 D5 30 09 06 03 55 .......0...0...U
  0240: 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 ....0.0...U.....
  0250: 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 ...0...U.%..0...
  0260: 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 +.........+.....
  0270: 03 02 30 56 06 03 55 1D 1F 04 4F 30 4D 30 4B A0 ..0V..U...O0M0K.
  0280: 49 A0 47 86 45 68 74 74 70 3A 2F 2F 63 65 72 74 I.G.Ehttp://cert
  0290: 69 66 69 63 61 74 65 73 2E 73 74 61 72 66 69 65 ificates.starfie
  02A0: 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 ldtech.com/repos
  02B0: 69 74 6F 72 79 2F 73 74 61 72 66 69 65 6C 64 69 itory/starfieldi
  02C0: 73 73 75 69 6E 67 2E 63 72 6C 30 52 06 03 55 1D ssuing.crl0R..U.
  02D0: 20 04 4B 30 49 30 47 06 0B 60 86 48 01 86 FD 6D .K0I0G..`.H...m
  02E0: 01 07 17 01 30 38 30 36 06 08 2B 06 01 05 05 07 ....0806..+.....
  02F0: 02 01 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 ...*http://certi
  0300: 66 69 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E ficates.godaddy.
  0310: 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 79 30 81 com/repository0.
  0320: 80 06 08 2B 06 01 05 05 07 01 01 04 74 30 72 30 ...+........t0r0
  0330: 29 06 08 2B 06 01 05 05 07 30 01 86 1D 68 74 74 )..+.....0...htt
  0340: 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 72 66 69 65 p://ocsp.starfie
  0350: 6C 64 74 65 63 68 2E 63 6F 6D 30 45 06 08 2B 06 ldtech.com0E..+.
  0360: 01 05 05 07 30 02 86 39 68 74 74 70 3A 2F 2F 63 ....0..9http://c
  0370: 65 72 74 69 66 69 63 61 74 65 73 2E 67 6F 64 61 ertificates.goda
  0380: 64 64 79 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F ddy.com/reposito
  0390: 72 79 2F 73 66 5F 69 73 73 75 69 6E 67 2E 63 72 ry/sf_issuing.cr
  03A0: 74 30 1D 06 03 55 1D 0E 04 16 04 14 FF 43 49 DF t0...U.......CI.
  03B0: 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 69 5B C4 7C ....1..YK..`i[..
  03C0: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AC 55 DE 0...U.#..0....U.
  03D0: B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 3E 8C EE ......h.S`..%>..
  03E0: E7 30 2D 06 03 55 1D 11 04 26 30 24 82 0E 73 76 .0-..U...&0$..sv
  03F0: 6E 2E 61 70 61 63 68 65 2E 6F 72 67 82 12 77 77 n.apache.org..ww
  0400: 77 2E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 67 w.svn.apache.org
  0410: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
  0420: 81 81 00 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B ......Q..a....;.
  0430: 4F B1 CC 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 O..^....pi."...F
  0440: 0D 98 31 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 ..1..>..t.T.....
  0450: 9F 35 66 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 .5f7.....[..rK..
  0460: 52 77 CB 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF Rw.C......."H.R.
  0470: B5 35 74 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B .5tB.hj..6.\[...
  0480: 60 D6 4F 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 `.Ox.....DC.!8i9
  0490: C2 3C BC 59 07 FB 84 9A CE 6F 38 6C E1 14 8C 88 .<.Y.....o8l....
  04A0: F6 92 B9 00 04 45 30 82 04 41 30 82 03 AA A0 03 .....E0..A0.....
  04B0: 02 01 02 02 02 01 04 30 0D 06 09 2A 86 48 86 F7 .......0...*.H..
  04C0: 0D 01 01 05 05 00 30 81 BB 31 24 30 22 06 03 55 ......0..1$0"..U
  04D0: 04 07 13 1B 56 61 6C 69 43 65 72 74 20 56 61 6C ....ValiCert Val
  04E0: 69 64 61 74 69 6F 6E 20 4E 65 74 77 6F 72 6B 31 idation Network1
  04F0: 17 30 15 06 03 55 04 0A 13 0E 56 61 6C 69 43 65 .0...U....ValiCe
  0500: 72 74 2C 20 49 6E 63 2E 31 35 30 33 06 03 55 04 rt, Inc.1503..U.
  0510: 0B 13 2C 56 61 6C 69 43 65 72 74 20 43 6C 61 73 ..,ValiCert Clas
  0520: 73 20 32 20 50 6F 6C 69 63 79 20 56 61 6C 69 64 s 2 Policy Valid
  0530: 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 ation Authority1
  0540: 21 30 1F 06 03 55 04 03 13 18 68 74 74 70 3A 2F !0...U....http:/
  0550: 2F 77 77 77 2E 76 61 6C 69 63 65 72 74 2E 63 6F /www.valicert.co
  0560: 6D 2F 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 m/1 0...*.H.....
  0570: 01 16 11 69 6E 66 6F 40 76 61 6C 69 63 65 72 74 ...info@valicert
  0580: 2E 63 6F 6D 30 1E 17 0D 30 34 30 31 31 34 32 31 .com0...04011421
  0590: 30 35 32 31 5A 17 0D 32 34 30 31 30 39 32 31 30 0521Z..240109210
  05A0: 35 32 31 5A 30 81 EC 31 0B 30 09 06 03 55 04 06 521Z0..1.0...U..
  05B0: 13 02 55 53 31 10 30 0E 06 03 55 04 08 13 07 41 ..US1.0...U....A
  05C0: 72 69 7A 6F 6E 61 31 13 30 11 06 03 55 04 07 13 rizona1.0...U...
  05D0: 0A 53 63 6F 74 74 73 64 61 6C 65 31 25 30 23 06 .Scottsdale1%0#.
  05E0: 03 55 04 0A 13 1C 53 74 61 72 66 69 65 6C 64 20 .U....Starfield
  05F0: 54 65 63 68 6E 6F 6C 6F 67 69 65 73 2C 20 49 6E Technologies, In
  0600: 63 2E 31 30 30 2E 06 03 55 04 0B 13 27 68 74 74 c.100...U...'htt
  0610: 70 3A 2F 2F 77 77 77 2E 73 74 61 72 66 69 65 6C p://www.starfiel
  0620: 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 69 dtech.com/reposi
  0630: 74 6F 72 79 31 31 30 2F 06 03 55 04 03 13 28 53 tory110/..U...(S
  0640: 74 61 72 66 69 65 6C 64 20 53 65 63 75 72 65 20 tarfield Secure
  0650: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 Certification Au
  0660: 74 68 6F 72 69 74 79 31 2A 30 28 06 09 2A 86 48 thority1*0(..*.H
  0670: 86 F7 0D 01 09 01 16 1B 70 72 61 63 74 69 63 65 ........practice
  0680: 73 40 73 74 61 72 66 69 65 6C 64 74 65 63 68 2E s@starfieldtech.
  0690: 63 6F 6D 30 81 9D 30 0D 06 09 2A 86 48 86 F7 0D com0..0...*.H...
  06A0: 01 01 01 05 00 03 81 8B 00 30 81 87 02 81 81 00 .........0......
  06B0: DB 11 43 6B DC D1 69 78 59 49 E8 6E 74 14 08 74 ..Ck..ixYI.nt..t
  06C0: 11 6C 7E B7 2A A8 22 D8 42 3C 7A CF 9F 50 B2 46 .l..*.".B<z..P.F
  06D0: AE A6 67 1A 23 22 BE 0F B3 34 FB AC AC 90 AA 5B ..g.#"...4.....[
  06E0: 28 C2 70 F6 B6 8A 80 2A E0 9B 9C 52 E0 91 A8 72 (.p....*...R...r
  06F0: A0 16 E1 C4 4E 7D 11 09 B3 9E B9 D4 F3 B2 50 C4 ....N.........P.
  0700: 6D 48 08 BD BC 2A 97 0C 6D A3 8A 6A 3C 9A CF 4A mH...*..m..j<..J
  0710: 34 DC 1E DE EA 5A 26 C0 A1 A2 82 A9 4A FB 86 22 4....Z&.....J.."
  0720: 12 90 3A B2 82 D4 92 91 9F A9 45 9F C3 A4 DB FB ..:.......E.....
  0730: 02 01 03 A3 82 01 21 30 82 01 1D 30 0C 06 03 55 ......!0...0...U
  0740: 1D 13 04 05 30 03 01 01 FF 30 0B 06 03 55 1D 0F ....0....0...U..
  0750: 04 04 03 02 01 06 30 4A 06 03 55 1D 1F 04 43 30 ......0J..U...C0
  0760: 41 30 3F A0 3D A0 3B 86 39 68 74 74 70 3A 2F 2F A0?.=.;.9http://
  0770: 63 65 72 74 69 66 69 63 61 74 65 73 2E 73 74 61 certificates.sta
  0780: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 rfieldtech.com/r
  0790: 65 70 6F 73 69 74 6F 72 79 2F 72 6F 6F 74 2E 63 epository/root.c
  07A0: 72 6C 30 4F 06 03 55 1D 20 04 48 30 46 30 44 06 rl0O..U. .H0F0D.
  07B0: 0B 60 86 48 01 86 F8 45 01 07 17 03 30 35 30 33 .`.H...E....0503
  07C0: 06 08 2B 06 01 05 05 07 02 01 16 27 68 74 74 70 ..+........'http
  07D0: 3A 2F 2F 77 77 77 2E 73 74 61 72 66 69 65 6C 64 ://www.starfield
  07E0: 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 tech.com/reposit
  07F0: 6F 72 79 30 39 06 08 2B 06 01 05 05 07 01 01 04 ory09..+........
  0800: 2D 30 2B 30 29 06 08 2B 06 01 05 05 07 30 01 86 -0+0)..+.....0..
  0810: 1D 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 .http://ocsp.sta
  0820: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 30 1D rfieldtech.com0.
  0830: 06 03 55 1D 0E 04 16 04 14 AC 55 DE B7 EA 13 EB ..U.......U.....
  0840: FC 98 68 E2 53 60 1E F1 25 3E 8C EE E7 30 09 06 ..h.S`..%>...0..
  0850: 03 55 1D 23 04 02 30 00 30 0D 06 09 2A 86 48 86 .U.#..0.0...*.H.
  0860: F7 0D 01 01 05 05 00 03 81 81 00 7E 1C 98 BE AD ................
  0870: 03 8D 25 85 EE 7C 90 88 22 2B FE 27 F4 42 B2 EC ..%....."+.'.B..
  0880: 7F B5 FC 72 68 05 A4 7D 91 EF 28 D1 7D 20 39 3B ...rh.....(.. 9;
  0890: 79 08 37 68 18 52 D5 8F 03 D2 89 4F 1E 11 D1 E9 y.7h.R.....O....
  08A0: A5 74 4B FC 5F 67 65 84 71 84 78 59 B7 D6 C9 D7 .tK._ge.q.xY....
  08B0: D7 93 35 E6 13 AB 94 3C 8E 93 40 89 8C C0 D7 F2 ..5....<..@.....
  08C0: E7 07 52 D1 70 8F 98 8C EB A0 6D D1 36 53 90 A0 ..R.p.....m.6S..
  08D0: 8F 16 30 1E DE C3 BF 7F 46 A5 95 2A F9 C8 DE 3B ..0.....F..*...;
  08E0: DB 77 F4 F2 32 B1 33 61 A2 30 35 .w..2.3a.05
  main, READ: TLSv1 Handshake, length = 2283
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: CN=svn.apache.org, OU=Domain Control Validated, O=svn.apache.org
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 177046192487125873479707395472231760712994023170823729107519357415283325331982921967730914213256528653757249574574965555061897079727590228489004259023952254673707171152878504377042389446926800477336348814644929883742996944532880480307810812469119330106553760163160996800432869396169888003096567731172086542869
  public exponent: 65537
  Validity: [From: Fri Jan 26 21:18:55 GMT+07:00 2007,
                 To: Mon Jan 26 21:18:55 GMT+07:00 2009]
  Issuer: [email protected], CN=Starfield Secure Certification Authority, OU=http://www.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  SerialNumber: [    3f3edd]
  Certificate Extensions: 9
  [1]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [DNSName: svn.apache.org, DNSName: www.svn.apache.org]]
  [2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
     accessLocation: URIName: http://ocsp.starfieldtech.com, accessMethod: 1.3.6.1.5.5.7.48.2
     accessLocation: URIName: http://certificates.godaddy.com/repository/sf_issuing.crt]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: AC 55 DE B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 .U.......h.S`..%
  0010: 3E 8C EE E7 >...
  [4]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: FF 43 49 DF 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 .CI.....1..YK..`
  0010: 69 5B C4 7C i[..
  [5]: ObjectId: 2.5.29.32 Criticality=false
  CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.114413.1.7.23.1]
  [PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.1
    qualifier: 0000: 16 2A 68 74 74 70 3A 2F   2F 63 65 72 74 69 66 69  .*http://certifi
  0010: 63 61 74 65 73 2E 67 6F   64 61 64 64 79 2E 63 6F  cates.godaddy.co
  0020: 6D 2F 72 65 70 6F 73 69   74 6F 72 79              m/repository
  [6]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  [7]: ObjectId: 2.5.29.37 Criticality=false
  ExtendedKeyUsages [
  [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
  [8]: ObjectId: 2.5.29.31 Criticality=false
  CRLDistributionPoints [
  [DistributionPoint:
  [URIName: http://certificates.starfieldtech.com/repository/starfieldissuing.crl]
  [9]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  DigitalSignature
  Key_Encipherment
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B 4F B1 CC ...Q..a....;.O..
  0010: 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 0D 98 31 ^....pi."...F..1
  0020: 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 9F 35 66 ..>..t.T......5f
  0030: 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 52 77 CB 7.....[..rK..Rw.
  0040: 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF B5 35 74 C......."H.R..5t
  0050: 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B 60 D6 4F B.hj..6.\[...`.O
  0060: 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 C2 3C BC x.....DC.!8i9.<.
  0070: 59 07 FB 84 9A CE 6F 38 6C E1 14 8C 88 F6 92 B9 Y.....o8l.......
  chain [1] = [
  Version: V3
  Subject: [email protected], CN=Starfield Secure Certification Authority, OU=http://www.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 153834384376450951242132342676627381305301509455009131953436945251656166351716579980793170359435953119090647821771205994017554233524628677596597325652224171754745353602402317658335611344705389502813919100965160981561608463541714784267134488000708910634129917477877983632663540633248439611336221142925273521147
  public exponent: 3
  Validity: [From: Thu Jan 15 04:05:21 GMT+07:00 2004,
                 To: Wed Jan 10 04:05:21 GMT+07:00 2024]
  Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  SerialNumber: [    0104]
  Certificate Extensions: 7
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: AC 55 DE B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 .U.......h.S`..%
  0010: 3E 8C EE E7 >...
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  [3]: ObjectId: 2.5.29.31 Criticality=false
  CRLDistributionPoints [
  [DistributionPoint:
  [URIName: http://certificates.starfieldtech.com/repository/root.crl]
  [4]: ObjectId: 2.5.29.32 Criticality=false
  CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
  [PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.1
    qualifier: 0000: 16 27 68 74 74 70 3A 2F   2F 77 77 77 2E 73 74 61  .'http://www.sta
  0010: 72 66 69 65 6C 64 74 65   63 68 2E 63 6F 6D 2F 72  rfieldtech.com/r
  0020: 65 70 6F 73 69 74 6F 72   79                       epository
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  Key_CertSign
  Crl_Sign
  [6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
     accessLocation: URIName: http://ocsp.starfieldtech.com]
  [7]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 7E 1C 98 BE AD 03 8D 25 85 EE 7C 90 88 22 2B FE .......%....."+.
  0010: 27 F4 42 B2 EC 7F B5 FC 72 68 05 A4 7D 91 EF 28 '.B.....rh.....(
  0020: D1 7D 20 39 3B 79 08 37 68 18 52 D5 8F 03 D2 89 .. 9;y.7h.R.....
  0030: 4F 1E 11 D1 E9 A5 74 4B FC 5F 67 65 84 71 84 78 O.....tK._ge.q.x
  0040: 59 B7 D6 C9 D7 D7 93 35 E6 13 AB 94 3C 8E 93 40 Y......5....<..@
  0050: 89 8C C0 D7 F2 E7 07 52 D1 70 8F 98 8C EB A0 6D .......R.p.....m
  0060: D1 36 53 90 A0 8F 16 30 1E DE C3 BF 7F 46 A5 95 .6S....0.....F..
  0070: 2A F9 C8 DE 3B DB 77 F4 F2 32 B1 33 61 A2 30 35 *...;.w..2.3a.05
  [read] MD5 and SHA1 hashes: len = 2283
  0000: 0B 00 08 E7 00 08 E4 00 04 99 30 82 04 95 30 82 ..........0...0.
  0010: 03 FE A0 03 02 01 02 02 03 3F 3E DD 30 0D 06 09 .........?>.0...
  0020: 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 EC 31 0B *.H........0..1.
  0030: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E 06 0...U....US1.0..
  0040: 03 55 04 08 13 07 41 72 69 7A 6F 6E 61 31 13 30 .U....Arizona1.0
  0050: 11 06 03 55 04 07 13 0A 53 63 6F 74 74 73 64 61 ...U....Scottsda
  0060: 6C 65 31 25 30 23 06 03 55 04 0A 13 1C 53 74 61 le1%0#..U....Sta
  0070: 72 66 69 65 6C 64 20 54 65 63 68 6E 6F 6C 6F 67 rfield Technolog
  0080: 69 65 73 2C 20 49 6E 63 2E 31 30 30 2E 06 03 55 ies, Inc.100...U
  0090: 04 0B 13 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 ...'http://www.s
  00A0: 74 61 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D tarfieldtech.com
  00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 31 31 30 2F 06 /repository110/.
  00C0: 03 55 04 03 13 28 53 74 61 72 66 69 65 6C 64 20 .U...(Starfield
  00D0: 53 65 63 75 72 65 20 43 65 72 74 69 66 69 63 61 Secure Certifica
  00E0: 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 2A tion Authority1*
  00F0: 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1B 70 0(..*.H........p
  0100: 72 61 63 74 69 63 65 73 40 73 74 61 72 66 69 65 ractices@starfie
  0110: 6C 64 74 65 63 68 2E 63 6F 6D 30 1E 17 0D 30 37 ldtech.com0...07
  0120: 30 31 32 36 31 34 31 38 35 35 5A 17 0D 30 39 30 0126141855Z..090
  0130: 31 32 36 31 34 31 38 35 35 5A 30 55 31 17 30 15 126141855Z0U1.0.
  0140: 06 03 55 04 0A 13 0E 73 76 6E 2E 61 70 61 63 68 ..U....svn.apach
  0150: 65 2E 6F 72 67 31 21 30 1F 06 03 55 04 0B 13 18 e.org1!0...U....
  0160: 44 6F 6D 61 69 6E 20 43 6F 6E 74 72 6F 6C 20 56 Domain Control V
  0170: 61 6C 69 64 61 74 65 64 31 17 30 15 06 03 55 04 alidated1.0...U.
  0180: 03 13 0E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 ...svn.apache.or
  0190: 67 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 g0..0...*.H.....
  01A0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 FC 1F .......0........
  01B0: 45 06 36 E7 1B D4 41 AD A5 FC 08 44 D2 9D C6 42 E.6...A....D...B
  01C0: 2D CB 52 94 74 70 6C 56 5D 84 4D 48 F2 2E 25 BA -.R.tplV].MH..%.
  01D0: 9A CC 79 39 60 61 82 11 DE E5 2B 2A 61 D8 23 BC ..y9`a....+*a.#.
  01E0: 2C 5D BC AD 61 2B 7B 36 6B CA 08 45 D5 D0 D0 03 ,]..a+.6k..E....
  01F0: A4 71 EB 06 93 9F 37 C9 D3 E8 71 25 C1 7A FF 82 .q....7...q%.z..
  0200: 88 E2 79 24 64 51 E6 FF 58 E7 D3 2E 0A AE 9F 1C ..y$dQ..X.......
  0210: 11 7E 9C 21 6F 4D D4 10 96 77 B5 FF 30 25 47 28 ...!oM...w..0%G(
  0220: 5D 34 B1 CE 50 78 55 C4 E3 F7 39 82 72 15 02 03 ]4..PxU...9.r...
  0230: 01 00 01 A3 82 01 D9 30 82 01 D5 30 09 06 03 55 .......0...0...U
  0240: 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 ....0.0...U.....
  0250: 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 ...0...U.%..0...
  0260: 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 +.........+.....
  0270: 03 02 30 56 06 03 55 1D 1F 04 4F 30 4D 30 4B A0 ..0V..U...O0M0K.
  0280: 49 A0 47 86 45 68 74 74 70 3A 2F 2F 63 65 72 74 I.G.Ehttp://cert
  0290: 69 66 69 63 61 74 65 73 2E 73 74 61 72 66 69 65 ificates.starfie
  02A0: 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 ldtech.com/repos
  02B0: 69 74 6F 72 79 2F 73 74 61 72 66 69 65 6C 64 69 itory/starfieldi
  02C0: 73 73 75 69 6E 67 2E 63 72 6C 30 52 06 03 55 1D ssuing.crl0R..U.
  02D0: 20 04 4B 30 49 30 47 06 0B 60 86 48 01 86 FD 6D .K0I0G..`.H...m
  02E0: 01 07 17 01 30 38 30 36 06 08 2B 06 01 05 05 07 ....0806..+.....
  02F0: 02 01 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 ...*http://certi
  0300: 66 69 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E ficates.godaddy.
  0310: 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 79 30 81 com/repository0.
  0320: 80 06 08 2B 06 01 05 05 07 01 01 04 74 30 72 30 ...+........t0r0
  0330: 29 06 08 2B 06 01 05 05 07 30 01 86 1D 68 74 74 )..+.....0...htt
  0340: 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 72 66 69 65 p://ocsp.starfie
  0350: 6C 64 74 65 63 68 2E 63 6F 6D 30 45 06 08 2B 06 ldtech.com0E..+.
  0360: 01 05 05 07 30 02 86 39 68 74 74 70 3A 2F 2F 63 ....0..9http://c
  0370: 65 72 74 69 66 69 63 61 74 65 73 2E 67 6F 64 61 ertificates.goda
  0380: 64 64 79 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F ddy.com/reposito
  0390: 72 79 2F 73 66 5F 69 73 73 75 69 6E 67 2E 63 72 ry/sf_issuing.cr
  03A0: 74 30 1D 06 03 55 1D 0E 04 16 04 14 FF 43 49 DF t0...U.......CI.
  03B0: 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 69 5B C4 7C ....1..YK..`i[..
  03C0: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AC 55 DE 0...U.#..0....U.
  03D0: B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 3E 8C EE ......h.S`..%>..
  03E0: E7 30 2D 06 03 55 1D 11 04 26 30 24 82 0E 73 76 .0-..U...&0$..sv
  03F0: 6E 2E 61 70 61 63 68 65 2E 6F 72 67 82 12 77 77 n.apache.org..ww
  0400: 77 2E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 67 w.svn.apache.org
  0410: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
  0420: 81 81 00 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B ......Q..a....;.
  0430: 4F B1 CC 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 O..^....pi."...F
  0440: 0D 98 31 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 ..1..>..t.T.....
  0450: 9F 35 66 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 .5f7.....[..rK..
  0460: 52 77 CB 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF Rw.C......."H.R.
  0470: B5 35 74 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B .5tB.hj..6.\[...
  0480: 60 D6 4F 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 `.Ox.....DC.!8i9
  0490: C2 3C BC 59 07 FB 84 9A CE 6F 38 6

• External Identity Sources, binding RSA securID to ISE

  Hi all,
  Say, my topology was using ISE doing VPN inline posture, and bind RSA securID (version 7.1) as external Identity Sources.
  During  the deployment, in order to let my iPEP node join the Policy Service  Node, for the certificate i using the third party CA server (Window  server 2008 R2) as the root CA, both of these 2 ISE were mutual  authenticated and done.
  My question. as i using  RSA secureID as external identity sources, native behaviour, Will the  ISE trust RSA with no identity certificate signed by the identitical  root CA?
  Should i enroll this RSA appliance issue the CSR to CA server to sign and in the PKI environment? Is there a need for this?
  Thanks
  Noel

  Noel,
  From my experience when integrating with the RSA token server you need the sdconf.rec file exported from the RSA and you import that into the ISE configuration. You then select this identity store with your authentication policies for vpn users. There isnt a need for any certificates when integrating with a token server (that was the last time I checked) and even if there would just need to trust each other's certficats.
  I hope that helps!
  Sent from Cisco Technical Support iPad App

• ISE 1.0.4 - identity Sequence refuses to use AD after RSA

  We are running ISE 1.0.4 with a requirement that on the surface is simple, but fails to execute properly no matter how I tweak it it.  It is:
  VPN users either need to be within a certain AD group or
  They need to authenticate against RSA.
  I set authentication to use an identitysequence with RSA listed first, then AD second.
  I set authorization to check identity server (using network access:AuthenticationIdentityStore).
  - If it’s RSA, pass it.
  - If it’s Active directory, AND the condition with a check on that group membership.  Pass if both pass.
  - Set the default authorization rule to deny access.
  This should work.  Here’s where it breaks down.  It all stems from the fact that the same userIds exist in RSA and AD and that ISE steadfastly refuses to attempt the second identity server method listed in the sequence if RSA is listed first.
  •-          If I list RSA first and the “authentication failed” policy is set to Reject: 
  For users not in RSA that I want to authenticate against AD, it rejects – it attempts against RSA but never hits AD (second server listed in the Identity sequence).  This is what is broken
  This works for users in RSA
  •-          If I list the RSA server first and the “authentication failed” policy is set to continue
  Users not in RSA will pass authentication that shouldn’t because the network access:AuthenticationIdentityStore value will be pointing to the RSA server, regardless of whether they actually passed to that server or not.
  Effectively users can connect regardless of whether their password is right or not
  This option sets it to proceed from authentication to authorization
  •-          If I list AD first in the sequence Since the same ID exists in both AD and RSA, it’ll fail as bad password against AD.  It'll never attempt against RSA.
  Am I missing a simple fix for this?  I have a testbed in which I can simulate the issue but since I don’t have an RSA server handy, I’m using an identity sequence with AD and fallback to internal.  It works as I’d expect, falling back from AD to local if the user doesn't exist in AD.  If the user is in AD, it never tries local and shows the attempt as a bad password.

  There is a configuration option on the RSA server definition (Authentication Control options)
  This Identity Store does not differentiate between 'authentication failed' and 'user not found' when an authentication attempt is rejected. From the options below, select how such an authentication reject from the Identity Store should be interpreted for Identity Policy processing and reporting .
  Treat Rejects as 'authentication failed'
  Treat Rejects as 'user not found'
  If RSA is first server in sequence it will only continue to the next server if follwoing option is select "Treat Rejects as 'user not found'
  In addition you had a comment about the value of "network access:AuthenticationIdentityStore" attribute. This will contain the name of the last ID store that was checked. If want to ensure that the authentication did in fact succeed should also check the following:
  "Network Access:AuthenticationStatus EQUALS AuthenticationPassed"

• Web server will not start due to RSA Securid errors

  We have an iPlanet 4.1 Service Pack 14 web server that was running fine until last friday. When we go to start the server we get the following error:
  Status:
  [https-ivpnas]: start failed. (2: unknown early startup error)
  [https-ivpnas]: conf_init: Error running init function securidinit: unknown error
  [https-ivpnas]: server exit: status 1
  Error
  An error occurred during startup.
  The server https-ivpnas was not started.
  The error log also contains this additional error:
  [27/Sep/2004:10:06:57] info ( 4164): successful server startup
  [27/Sep/2004:10:06:57] info ( 4164): iPlanet-WebServer-Enterprise/4.1SP14 BB1-01/15/2004 13:04
  [27/Sep/2004:10:06:58] catastrophe ( 4164): securidauth reports: InitAceClient returned FALSE
  This website uses RSA Securid for authentication. We have contacted RSA and they think it is a webserver problem. Any insight anyone can provide would be great. Thanks!

  The error message is generated by the RSA plugin, not Web Server. RSA should be able to help diagnose the problem further.

• RSA ECB jvm 1.4.2

  This is a topic rewritten because i add the code tag :(
  Hi, im trying to do a simple PKCS7 RSA encryption, i only
  need that a String can be encripted using RSA and padding
  with PKCS7 but, i cant. I read a lot of topic in this forum, but
  no one aparently do just i need...
  I read that bouncy castle, has a special support for get
  a Cipher instance that use the RSA for encrypt and
  PKCS7 for padding i read at the bouncy castle doc
  something like that:
  Security.addProvider(new BouncyCastleProvider());
  cipher = Cipher.getInstance("RSA/EBC/PKCS7", "BC");After that i get a key instance, and i generate the
  public key and the private key:
  KeyPairGenerator kg = KeyPairGenerator.getInstance("RSA");
  kg.initialize(512);
  KeyPair key = kg.generateKeyPair();
  Key publicKey = key.getPublic();
  Key privateKey = key.getPrivate();And finally i do the encryption:
  byte[] input = plainText.getBytes("UTF8");
  Cipher cipher = getCipher();
  cipher.init(Cipher.ENCRYPT_MODE, encriptationKey);
  byte[] cry = cipher.doFinal(input);
  byte[] encriptado = Base64.encode(cry);But when i run the method i see in the output console
  this message:
  java.lang.IllegalArgumentException: can't support mode EBC at org.bouncycastle.jce.provider.JCERSACipher.engineSetMode(JCERSACipher.java:112)
  at javax.crypto.Cipher.a(DashoA6275)
  at javax.crypto.Cipher.getInstance(DashoA6275)
  at org.EncriptionService.getCipher(EncriptionService.java:20)
  at org.EncriptionService.encript(EncriptionService.java:66)
  at org.EncriptionService.main(EncriptionService.java:40)
  java.lang.NullPointerException
  at org.EncriptionService.encript(EncriptionService.java:68)
  at org.EncriptionService.main(EncriptionService.java:40)Anyone can help me please ?? I read documentation at
  the bouncy castle, but i find nothing... :(
  Please if anyone has a little piece of code that encrypt a
  String with RSA and PKCS7 please posted it.
  thank you.

  See my response to your other post.