SSL Certificate Mismatch with AnyConnect client

Hello,
We are having a problem with the AnyConnect client when connecting to our VPN. We are running the following:
AnyConnect v2.4.0202
(2 each) ASA v8.2(1) -- active/standby failover
AnyConnect Essentials Licensing
NOTE: We are not using certificates for authentication.
Primary clients: Windows XP and Windows 7
Problem
We have purchased an Entrust certificate for our ASA failover cluster called "vpn.company.com" and the it is attached to the outside interface on the ASA.
Steps to Reproduce
Install the AnyConnect (AC) client via https://vpn.company.com/. Connection occurs here without issue.
Once the AC client is installed and we try to use it in stand-alone mode (i.e., w/o hitting the ASA w/ a browser), a certificate mismatch occurs, and AC brings up the Windows/IE Security Alert dialog (see attachment CertError.jpg).
The user must press Yes to bypass mismatch.
PROBLEM: On Windows 7, the user must have administrative privileges and run the AC client as administrator -- otherwise, they get a dialog saying "Unable to establich VPN" (see attachment Unable.jpg).
The issue is we have a valid certificate that should be used for the connection. However, when looking at the connections made by the AC client with Fiddler, it would appear that the AC client is trying to connect directly to the ASA's IP address, and not the name. This is a nuisance for XP users, and a show-stopper for Win7 users as they do not have admin privileges.
I have not been able to find any documentation on Cisco.com relating to this issue. In short, how do I get the AC client to use "vpn.company.com" so there is no Cert mismatch?
Thanks,
-Matt

Tim,
I will read through the article more thoroughly; I've already been through parts of it -- won't hurt to go through again. I did initially have the IP address in my XML file, and immediately removed it when I noticed that it was using the IP address in the FIddler dump. It hasn't had any effect unfortunately -- even with uninstalling and re-installing the AC client locally.
The only other article/post I've come across on Cisco's site that comes close is here:
Cisco Support Community: ASA VPN Load Balancing/Clustering with Digital Certificates Deployment Guide
which seems to suggest that I will need a UCC certificate (which seems ridiculous) to do some of what I need to do. However the issue with that post is that it still wouldn't fix the issue where the AC client is using the IP address.
I will let you know if I find any smoking guns in the doco link you sent. Any other thoughts appreciated. I can't believe Cisco made the setup of the AC client this convoluted.
Thanks!
-Matt

Similar Messages

ISE 1.2 Posture Assessment with AnyConnect Client

Hi Experts,
I need clarity for posture assessment with AnyConnect client. I understood that we had traditional NAC agent with ISE 1.1.
Since new Anyconnect version 4 has come which is used for ISE 1.3 posture assessment however I am not sure if I can use Anyconnect 4 with ISE 1.2 ? Can you please put light on this ?
if not , do I need to upgrade to ISE 1.3 ? what is the process to upgrade to ISE 1.3 ?
Thanks in advance

ISE can provision clients with agent and configure agent profiles.You have Client-provisioning policies that enable users to download and install resources on client devices.(Windows and Mac OS X NAC Agents, Cisco NAC Web Agent.

DS 6: SSL certificate mapping with subject/issuer containing (")

Hello,
I got my personal test certificate from Verisgin, with an issuer: CN=VeriSign Class 1 Individual Subscriber CA - G2, OU=Persona Not Validated, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
The subject of the certificate ends with: ...OU=Digital ID Class 1 - Netscape, OU=Persona Not Validated, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Trust Network, O="VeriSign, Inc."
My certmap.conf looks like:
certmap VeriSign [issuerDN]
VeriSign:FilterComps cn
VeriSign:verifycert on
VeriSign:CmapLdapAttr certSubjectDN
The question is what's the valid form of these strings containing (") in certmap.conf ([issuerDN]) to match the issuer and in certSubjectDN attribute - assuming it follows DirectoryString syntax. Note that they surround strings containing comma (,).
I see in logs:
conn=1 op=-1 msgId=-1 - SSL 128-bit RC4; client *OU=Digital ID Class 1 - Netscape,OU=Persona Not Validated,OU=\22www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98\22,OU=VeriSign Trust Network,O=\22VeriSign, Inc.\22; issuer CN=VeriSign Class 1 Individual Subscriber CA - G2,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=\22VeriSign, Inc.\22,C=US
I tested configuration against cert strings from logs, but they don't work. Strings containing (") also don't work.
Did anyone face the same issue?
Thanks for help in advance.

The DN normalized version of O="Verisign, Inc." is O=Verisign\, Inc.
You may want to try this. BUt I must admit that I've never tried to do certificate mapping with quotes.
The certificate mapping functionality hasn't changed since the Netscape DS 4 code when Sun and Netscape started to work together.
Ludovic.

Windows 8.1 Preview not working with AnyConnect Client

I had Windows 8 and was running Cisco AnyConnect client 3.0.10055 perfectly.
I upgraded to the Windows 8.1 preview and it tries to download update and then it fails and disconnects with the following message:
An unknown termination error occurred in the client.
Tried uninstalling and reinstalling the client, no luck.
Any ideas?
Thanks,
Eric

I had the same issue with windows 8.1 x64. I believe there is an issue with the windows 8.1 update process where it fails to update some of the drivers properly. I have noticed this issue with other windows drivers after the update. Follow the steps below and you VPN should work again.
1. Uninstall Cisco Anyconnect client.
2. Go to Device Manager and Disable Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
3. Go to C:\Windows\System32 and rename vpnva64.sys to vpnva64_Old.sys.
4. Reinstall Cisco Anyconnect client.
5. Go to Device Manager, you see duplicated Cisco AnyConnect VPN Virtual Adapters. Uninstall one of them but do not check the option to remove the driver.
6. Apply the registry fix in this blog: http://www.tomontech.com/2012/03/pro-tip-cisco-anyconnect-vpn-client-and-windows-8-consumer-preview/
7. Try to connect again and your Cisco VPN should work.

SSL certificates possible with different tools

I had the impression that the SSL certificate can be configured with Linux eg. RHEL only by following the normal procedure of installing mod_ssl package, using genkey …etc
But, I came to know that SSL certificate can be generated with the web server like Tomcat also. Is it correct that generation of SSL certificates is not limited to Linux only?
I hope my query is clear that if SSL certificates can be generated not only with Linux but with other tools also.
Please revert with the reply to my query.
Regards

Try using Google to get information.
Just because you happen to be a user of these forums (and also glancing at your posting history to see what sort of issues you are curious about) doesn't mean you should ask every question here at this web forum site.
When I place one of your sentences into Google,
"I came to know that SSL certificate can be generated with the web server like Tomcat also"
I get more than 800,000 search results that would easily guide toward better information than waiting for someone here to teach you about a non-Oracle topic.

SSL certificate issue with WLS 10.3

Hi All,
I am facing this issue with my WLS cluster.
<21-Apr-2010 10:42:00 o'clock BST> <Warning> <Security> <BEA-090482> <BAD_CERTIF
ICATE alert was received from system.core.com - 10.15.135.30.
Check the peer to determine why it rejected the certificate chain (trusted CA co
nfiguration, hostname verification). SSL debug tracing may be required to determ
ine the exact reason the certificate was rejected.>
<21-Apr-2010 10:42:00> <Warning> <Uncaught exception in server handler: javax.ne
t.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from
system.core.com - 10.15.135.30. Check the peer to determine wh
y it rejected the certificate chain (trusted CA configuration, hostname verifica
tion). SSL debug tracing may be required to determine the exact reason the certi
ficate was rejected.>
Please suggest. I have also tried the below settings.
Node Manager:
-Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
Admin Server:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
Many thanks in advance.

Hi Sandip,
I am facing this issue right after when I have configured the listen address to my system IP in Machine(NodeManager), earlier it was "localhost".
Also I have tried to generate the certificates e.g.
C:\bea\wlserver_10.3\server\bin>java utils.CertGen -cn system.core.com -keyfilepass DemoIdentityPassPhr
ase -certfile mycertificate -keyfile .keystore
Generating a certificate with common name system.core.com and key strength 1024
issued by CA with certificate from C:\bea\WLSERV~1.3\server\lib\CertGenCA.der file and key from C:\bea\WLSERV~1.3\server
\lib\CertGenCAKey.der file
C:\bea\wlserver_10.3\server\bin>java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePa
ssPhrase -keyfile .keystore.pem -keyfilepass DemoIdentityPassPhrase -certfile mycertificate.pem -alias demoidentity
No password was specified for the key entry
Key file password will be used
Imported private key .keystore.pem and certificate mycertificate.pem
into a new keystore DemoIdentity.jks of type jks under alias demoidentity
Tried the above but not wokring. Please advise.
Edited by: R Vashi on 21-Apr-2010 03:38

SSL Certificate problem with WL 5.1

"We are still using WLServer 5.1 SP12
I just installed a new certificate (request generated with WL, signed by our 'local' CA)
I always get the following message:
Do Okt 10 15:17:25 CEST 2002: <WebLogicServer> Loaded License : /apps/weblogic/license/WebLogicLicense.xml
Do Okt 10 15:17:25 CEST 2002: <WebLogicServer> Server loading from weblogic.class.path. EJB redeployment enabled.
java.lang.StringIndexOutOfBoundsException: String index out of range: 15
at java.lang.String.charAt(String.java:506)
at weblogic.security.ASN1.ASN1Utils.parseDateInt(ASN1Utils.java:300)
at weblogic.security.ASN1.ASN1Utils.inputASN1Date(ASN1Utils.java:292)
at weblogic.security.X509.input(X509.java:118)
at weblogic.security.X509.initialize(X509.java:64)
at weblogic.security.Certificate.<init>(Certificate.java:54)
at weblogic.security.X509.<init>(X509.java:44)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:207)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:318)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:238)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1245)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:879)

hi
Did you solved it?
If it is may i know how you solved it
thanks

No SSL VPN tunnel from AnyConnect to IOS

Dear all
Due to the annoying WWAN issues with the old Cisco VPN client (IPsec) I am trying to establish remote access to a LAN behind a Cisco 1803 using Anyconnect and SSL VPN.
But I simply cannot make it work.
I have a Cisco 1803 running IOS Version 12.4(15)T15 and I have tried Anyconnect 3.0 and 2.4 on Windows XP and MacOS 10.5, none of them established a VPN connection to the router, saying not a single word more but "Connection attempt has failed".
Here is my configuration on the router:
crypto pki trustpoint TP-self-signed-595019360
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-595019360
revocation-check none
rsakeypair TP-self-signed-595019360
crypto pki certificate chain TP-self-signed-595019360
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
[......skipped....]
interface Loopback123
ip address 192.168.123.254 255.255.255.0
ip local pool GS-POOL 192.168.123.1 192.168.123.10
webvpn gateway GS-GW
hostname GS-VPN-test
ip address x.x.x.x port 443
ssl trustpoint TP-self-signed-595019360
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn context GS-CONTEXT
ssl authenticate verify all
policy group GS-POLICY
   functions svc-required
   svc address-pool "GS-POOL"
default-group-policy GS-POLICY
gateway GS-GW
inservice
These are my debug settings:
#sh debug
WebVPN Subsystem:
WebVPN (verbose) debugging is on
debug webvpn entry GS-CONTEXT
WebVPN HTTP (verbose) debugging is on
WebVPN AAA debugging is on
WebVPN tunnel (verbose) debugging is on
WebVPN Single Sign On debugging is on
And these are all debug messages I get upon incoming connection:
Sep 13 13:12:03.267 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:12:03.271 MEST: WV: sslvpn process rcvd context queue event
At this poibnt I have to accept the self-sigbned certificate in the AnyConnect client. Doing so repeats these messages again five times. Then I hav to accept the certificate in the client a second time (WHY?) Then the router gives these messages:
Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:10.754 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:10.766 MEST: WV: http request: / with no cookie
Sep 13 13:14:10.766 MEST: WV-HTTP: Deallocating HTTP info
Sep 13 13:14:10.766 MEST: WV: Client side Chunk data written..
buffer=0x84E54AA0 total_len=191 bytes=191 tcb=0x85066820
Sep 13 13:14:10.766 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.050 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.054 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.354 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.366 MEST: WV: sslvpn process rcvd context queue event
Sep 13 13:14:11.366 MEST: WV: http request: /webvpn.html with domain cookie
Sep 13 13:14:11.366 MEST: WV-HTTP: Deallocating HTTP info
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54AA0 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54A80 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54A60 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.366 MEST: WV: [Q]Client side Chunk data written..
buffer=0x84E54A40 total_len=1009 bytes=1009 tcb=0x83DABBF4
Sep 13 13:14:11.370 MEST: WV: Client side Chunk data written..
buffer=0x84E54A20 total_len=641 bytes=641 tcb=0x83DABBF4
Sep 13 13:14:11.370 MEST: WV: sslvpn process rcvd context queue event
At this point the Anyconnect client says "Connection attempt failed" and that's all.
So please, any advice how to solve this?
And do I have to install any particular svc.pkg in the flash? As far as I have found out you can install only one client package (how do you server different clients then?). But if I use permanently installed AnyConnect on my client system the installed svc.pkg on the router doesn't matter at all, right?
Thanks a lot for any suggestions,
Grischa

Some more restrictions:
12.4(15)T does not support Anyconnect in standalone mode, only web-launch (i.e. starting AC from the clientless portal). You need 12.4(20)T or later for standalone mode.
In addition with an untrusted certificate you will run into this bug which is not resolved in 12.4(15)T:
CSCtb73337    AnyConnect does not work with IOS if cert not trusted/name mismatch
In short, if it's possible to upgrade, go to 15.0(1)M7 (or latest 12.4(24)Tx if 15.0 is out of the question)
If you're stuck with 12.4(15)T, only use AC 2.x with weblaunch and make sure the host trusts the router's certificate (create a trustpoint, enroll it, import the certificate on the client into the trusted root store).
hth
Herbert

Jcontrol.exe not starting after creating ssl certificate

hi,
Iu00B4ve got a netweaver AS Java (only) 640 SP19. I tried to create a SSL certificate (Test) with visual admin and after importing "getCert" i wanted to restart the SAP-System. The problem is that jcontrol.exe has not been started and stayed grey (status: stopped).
Hereu00B4s a part of the dev-trace:
[Thr 3796] Thu Nov 20 16:17:36 2008
[Thr 3796] *** ERROR => invalid return code of process [bootstrap_ID103537200] (exitcode=-2) [jstartxx.c 1465]
[Thr 3796] JControlExecuteBootstrap: error executing bootstrap node [bootstrap_ID103537200] (rc=-2)
[Thr 3796] JControlExecuteBootstrap: execute bootstrap process [bootstrap_ID103537250]
[Thr 3796] INFO: Unknown property [JLaunchParameters=]
[Thr 3796] [Node: server0 bootstrap] java home is set by profile parameter
 Java Home: D:\apps\j2sdk1.4.2_17-x64
dev_bootstrap:
trc file: "D:\usr\sap\CCM\JC10\work\dev_bootstrap", trc level: 1, release: "640"
node name : bootstrap
pid : 1992
system name : CCM
system nr. : 10
started at : Thu Nov 20 16:17:32 2008
arguments :
 arg[00] : D:\usr\sap\CCM\JC10/j2ee/os_libs/jlaunch.exe
 arg[01] : pf=D:\usr\sap\CCM\SYS\profile\CCM_JC10_iswdmz5
 arg[02] : -DSAPINFO=CCM_10_bootstrap
 arg[03] : pf=D:\usr\sap\CCM\SYS\profile\CCM_JC10_iswdmz5
[Thr 3736] Thu Nov 20 16:17:32 2008
[Thr 3736] INFO: Unknown property [box.number=CCMJC10iswdmz5]
[Thr 3736] INFO: Unknown property [ms.host=iswdmz5]
[Thr 3736] INFO: Unknown property [ms.port=3611]
[Thr 3736] INFO: Unknown property [system.id=10]
JStartupReadInstanceProperties: read instance properties [D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties]
-> ms host : iswdmz5
-> ms port : 3611
-> OS libs : D:\usr\sap\CCM\JC10\j2ee\os_libs
-> Admin URL :
-> run mode : NORMAL
-> run action : NONE
-> enabled : yes
Used property files
-> files [00] : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
Instance properties
-> ms host : iswdmz5
-> ms port : 3611
-> os libs : D:\usr\sap\CCM\JC10\j2ee\os_libs
-> admin URL :
-> run mode : NORMAL
-> run action : NONE
-> enabled : yes
Bootstrap nodes
-> [00] bootstrap : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
-> [01] bootstrap_ID10353720 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
-> [02] bootstrap_ID10353725 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
Worker nodes
-> [00] ID103537200 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
-> [01] ID103537250 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
[Thr 3736] JLaunchRequestQueueInit: create named pipe for ipc
[Thr 3736] JLaunchRequestQueueInit: create pipe listener thread
[Thr 3564] JLaunchRequestFunc: Thread 3564 started as listener thread for np messages.
[Thr 3732] WaitSyncSemThread: Thread 3732 started as semaphore monitor thread.
[Thr 3736] NiInit2: NI already initialized; param 'maxHandles' ignored
[Thr 3736] [Node: bootstrap] java home is set by profile parameter
 Java Home: D:\apps\j2sdk1.4.2_17-x64
JStartupIReadSection: read node properties [bootstrap]
-> node name : bootstrap
-> node type : bootstrap
-> node execute : yes
-> java path : D:\apps\j2sdk1.4.2_17-x64
-> java parameters : -Djco.jarm=1 -Djco.jarm=1
-> java vm version : 1.4.2_17-b06
-> java vm vendor : Java HotSpot(TM) 64-Bit Server VM (Sun Microsystems Inc.)
-> java vm type : server
-> java vm cpu : amd64
-> heap size : 128M
-> root path : D:\usr\sap\CCM\JC10\j2ee\cluster
-> class path : .\bootstrap\launcher.jar
-> OS libs path : D:\usr\sap\CCM\JC10\j2ee\os_libs
-> main class : com.sap.engine.offline.OfflineToolStart
-> framework class : com.sap.bc.proj.jstartup.JStartupFramework
-> registr. class : com.sap.bc.proj.jstartup.JStartupNatives
-> framework path : D:\usr\sap\CCM\JC10\j2ee\os_libs\jstartup.jar
-> parameters : com.sap.engine.bootstrap.Bootstrap ./bootstrap ID1035372
-> debuggable : yes
-> debug mode : no
-> debug port : 60000
-> shutdown timeout: 120000
[Thr 3704] JLaunchIStartFunc: Thread 3704 started as Java VM thread.
JHVM_LoadJavaVM: VM Arguments of node [bootstrap]
-> stack : 2097152 Bytes
-> arg[ 0]: exit
-> arg[ 1]: abort
-> arg[ 2]: -Denv.class.path=d:\apps\SAPJCo\sapjco.jar
-> arg[ 3]: -Djco.jarm=1
-> arg[ 4]: -Djco.jarm=1
-> arg[ 5]: -Dsys.global.dir=D:\usr\sap\CCM\SYS\global
-> arg[ 6]: -Dapplication.home=D:\usr\sap\CCM\JC10\j2ee\os_libs
-> arg[ 7]: -Djava.class.path=D:\usr\sap\CCM\JC10\j2ee\os_libs\jstartup.jar;.\bootstrap\launcher.jar
-> arg[ 8]: -Djava.library.path=D:\apps\j2sdk1.4.2_17-x64\jre\bin\server;D:\apps\j2sdk1.4.2_17-x64\jre\bin;D:\apps\j2sdk1.4.2_17-x64\bin;D:\usr\sap\CCM\JC10\j2ee\os_libs;D:\usr\sap\Python\.;d:\sapdb\programs\bin;d:\sapdb\programs\pgm;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\CA\SharedComponents\ScanEngine;C:\Program Files\CA\SharedComponents\CAUpdate\;C:\Program Files\CA\SharedComponents\ThirdParty\;C:\Program Files\CA\SharedComponents\SubscriptionLicense\;C:\Program Files\CA\eTrustITM;D:\apps\SAPJCo;D:\apps\j2sdk1.4.2_17-x64\bin;D:\usr\sap\CCM\JC10\exe;D:\usr\sap\CCM\SYS\exe\run
-> arg[ 9]: -Dmemory.manager=128M
-> arg[ 10]: -Xmx128M
-> arg[ 11]: -DLoadBalanceRestricted=no
-> arg[ 12]: -Djstartup.mode=BOOTSTRAP
-> arg[ 13]: -Djstartup.ownProcessId=1992
-> arg[ 14]: -Djstartup.ownHardwareId=D2128917885
-> arg[ 15]: -Djstartup.whoami=bootstrap
-> arg[ 16]: -Djstartup.debuggable=yes
-> arg[ 17]: -DSAPINFO=CCM_10_bootstrap
-> arg[ 18]: -DSAPSTARTUP=1
-> arg[ 19]: -DSAPSYSTEM=10
-> arg[ 20]: -DSAPSYSTEMNAME=CCM
-> arg[ 21]: -DSAPMYNAME=iswdmz5_CCM_10
-> arg[ 22]: -DSAPDBHOST=
-> arg[ 23]: -Dj2ee.dbhost=iswdmz5
[Thr 3704] JHVM_LoadJavaVM: Java VM created OK.
JHVM_BuildArgumentList: main method arguments of node [bootstrap]
-> arg[ 0]: com.sap.engine.bootstrap.Bootstrap
-> arg[ 1]: ./bootstrap
-> arg[ 2]: ID1035372
[Thr 3708] Thu Nov 20 16:17:34 2008
[Thr 3708] JLaunchIExitJava: exit hook is called (rc=0)
[Thr 3708] JLaunchCloseProgram: good bye (exitcode=0)
and the jvm_bootstrap.out:
Bootstrap MODE:
<INSTANCE GLOBALS>
determined by parameter [ID1035372].
Missing RunningMode property - runningin NORMAL mode.
Instance [ID1035372] will run in [NORMAL] mode, performing action [NONE]
Discovered property [instance.en.port] with value [3211] !
Discovered property [instance.en.host] with value [iswdmz5] !
Synchronizing file [.\.hotspot_compiler].
...Synched ok!
Synchronizing file [..\..\SDM\program\.hotspot_compiler].
...Synched ok!
Synch time: 922 ms
I hope this is enough information. Before importing the certificate from the SAP Support Portal the AS Java runned perfectly.
regards
Tobias Nagel

Additional information:
When I deactivate SSL by switching from automatic starting to manual starting in the configtool the jcontrol.exe process starts without any errors.

AnyConnect Client shows 'Connected' even when it is not

Hello,
We have one Windows 8 user, with AnyConnect Client version 3.1.05152 (but we've seen this with a previous version). He generally does not disconnect his client, so it will time out at some point during the night, according to our logs. However, several hours later, the client still indicates that it is connected. Has anyone else seen this, and found a solution for it?
Thanks
MJ

You can return a new Mac within 14 days of purchase.
Return it and get another one.
A new Mac comes with 90 days of free tech support from AppleCare.
AppleCare: 1-800-275-2273

Ssl-handshake fails with scandinavian chars in client certificate

Hello,
We've run into a problem with 2-way-ssl and certificates that have scandinavian
characters in the subject. The problem cert is used as client-certificate for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link that will immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they cause it,
but the certs ought to be according to specs: name-fields encoding is UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
java.lang.NullPointerException: Could not set value for ASN.1 string object..
java.lang.NullPointerException: Could not set value for ASN.1 string object.
 at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
 at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
 at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
 at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
 at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
 at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
 at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
 at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
 at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
 at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
 at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
 at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
 at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
 at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
 at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
 at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
 at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
 at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
 at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
 at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
 at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
 at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
 at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
 at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
 at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
 at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
 at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
 at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE-----

BMPString is another asn1 type that can be used for certificate attributes with
non-ascii characters. The workaround is simply to use the BMPString instead of
UTF8String for that subject name attribute in the certificate request. This off-course
assumes that you can replace the certificate, and have control over what asn1
type is used for the subject name attributes in the certificate request (via a
tool options, or by generating the request yourself), so it is probably not applicable.
Pavel.
"Ari Räisänen" <[email protected]> wrote:
>
Thanks again, Pavel!
I'm filing a support case about this. You talked about a workaround (BMPString).
Could you be more spesific? I haven't talked about this issue with Igor
yet.
Regards,
Ari
"Pavel" <[email protected]> wrote:
Sounds like a bug in certicom code. It should support UTF8String.
I'd file a support case.
You might be able to use BMPString instead as a workaround.
Pavel.
"Igor Styrman" <[email protected]> wrote:
Hello,
We've run into a problem with 2-way-ssl and certificates that have
scandinavian
characters in the subject. The problem cert is used as client-certificate
for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link thatwill
immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing
will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they
cause it,
but the certs ought to be according to specs: name-fields encoding
is
UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
(and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte
Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape
Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte
Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Premium
Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA
Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
failed
java.lang.NullPointerException: Could not set value for ASN.1 string
object..
java.lang.NullPointerException: Could not set value for ASN.1 string
object.
 at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
 at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
 at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
 at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
 at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
 at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
 at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
 at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
 at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
 at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
 at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
 at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
 at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
 at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
 at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
 at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
 at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
 at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
 at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
 at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
 at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
 at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
 at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
Source)
 at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
Source)
 at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
Source)
 at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
 at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
 at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
 at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
 at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
 at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
 at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
 at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
 at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE-----

AnyConnect client 3.1.04063 Windows 7 x64 users cannot make ssl connection

Over the past week several of my users have suddenly found they cannot connect with a previously working client. After the login banner is accepted they all get an error message "The certificate on the secure gateway is invalid. A VPN connection will not be established." Then another message "AnyConnect was not able to establish a conenction to the specified secure gateway. Please try connecting again." On the ASA 5540 logs I see successful authentication and then the device is trying to establish a ssl session which is denied and then connection is terminated.
I have verfied that the ssl certificates are valid and are installed in the trusted root certificates location. I have checked that ICS is disabled. I have checked that the vpn adapter display name is correct.
Does anyone have any ideas?

We are not using a self signed cert. We have a cert issued by the DoD. It seems like a user who had previously connected and is on Windows 7 x64 will not be able to connect. Users who have never connected and browse to the site will be able to successfully connect.
Additional information: I have cleared all DoD related certs and the server cert from the certmgr.msc on an affected Windows box. Uninstalled the AnyConnect application and all remnant files. Cleared SSL cache on both IE and Firefox browsers. I rebooted then tried connecting via the web address but am receiving the same issue.

Client certificate authentication with custom authorization for J2EE roles?

We have a Java application deployed on Sun Java Web Server 7.0u2 where we would like to secure it with client certificates, and a custom mapping of subject DNs onto J2EE roles (e.g., "visitor", "registered-user", "admin"). If we our web.xml includes:
<login-config>
 <auth-method>CLIENT-CERT</auth-method>
 <realm-name>certificate</realm-name>
<login-config>that will enforce that only users with valid client certs can access our app, but I don't see any hook for mapping different roles. Is there one? Can anyone point to documentation, or an example?
On the other hand, if we wanted to create a custom realm, the only documentation I have found is the sample JDBCRealm, which includes extending IASPasswordLoginModule. In our case, we wouldn't want to prompt for a password, we would want to examine the client certificate, so we would want to extend some base class higher up the hierarchy. I'm not sure whether I can provide any class that implements javax.security.auth.spi.LoginModule, or whether the WebServer requires it to implement or extend something more specific. It would be ideal if there were an IASCertificateLoginModule that handled the certificate authentication, and allowed me to access the subject DN info from the certificate (e.g., thru a javax.security.auth.Subject) and cache group info to support a specialized IASRealm::getGroupNames(string user) method for authorization. In a case like that, I'm not sure whether the web.xml should be:
<login-config>
 <auth-method>CLIENT-CERT</auth-method>
 <realm-name>MyRealm</realm-name>
<login-config>or:
<login-config>
 <auth-method>MyRealm</auth-method>
<login-config>Anybody done anything like this before?
--Thanks

We have JDBCRealm.java and JDBCLoginModule.java in <ws-install-dir>/samples/java/webapps/security/jdbcrealm/src/samples/security/jdbcrealm. I think we need to tweak it to suite our needs :
$cat JDBCRealm.java
* JDBCRealm for supporting RDBMS authentication.
* This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* In order to plug in a realm into the server you need to
* implement both a login module (see JDBCLoginModule for an example)
* which performs the authentication and a realm (as shown by this
* class) which is used to manage other realm operations.
* A custom realm should implement the following methods:
* <ul>
* <li>init(props)
* <li>getAuthType()
* <li>getGroupNames(username)
* </ul>
* IASRealm and other classes and fields referenced in the sample
* code should be treated as opaque undocumented interfaces.
final public class JDBCRealm extends IASRealm
 protected void init(Properties props)
 throws BadRealmException, NoSuchRealmException
 public java.util.Enumeration getGroupNames (String username)
 throws InvalidOperationException, NoSuchUserException
 public void setGroupNames(String username, String[] groups)
}and
$cat JDBCLoginModule.java
* JDBCRealm login module.
* This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* In order to plug in a realm into the server you need to implement
* both a login module (as shown by this class) which performs the
* authentication and a realm (see JDBCRealm for an example) which is used
* to manage other realm operations.
* The PasswordLoginModule class is a JAAS LoginModule and must be
* extended by this class. PasswordLoginModule provides internal
* implementations for all the LoginModule methods (such as login(),
* commit()). This class should not override these methods.
* This class is only required to implement the authenticate() method as
* shown below. The following rules need to be followed in the implementation
* of this method:
* <ul>
* <li>Your code should obtain the user and password to authenticate from
* _username and _password fields, respectively.
* <li>The authenticate method must finish with this call:
* return commitAuthentication(_username, _password, _currentRealm,
* grpList);
* <li>The grpList parameter is a String[] which can optionally be
* populated to contain the list of groups this user belongs to
* </ul>
* The PasswordLoginModule, AuthenticationStatus and other classes and
* fields referenced in the sample code should be treated as opaque
* undocumented interfaces.
* Sample setting in server.xml for JDBCLoginModule
* <pre>
* <auth-realm name="jdbc" classname="samples.security.jdbcrealm.JDBCRealm">
* <property name="dbdrivername" value="com.pointbase.jdbc.jdbcUniversalDriver"/>
* <property name="jaas-context" value="jdbcRealm"/>
* </auth-realm>
* </pre>
public class JDBCLoginModule extends PasswordLoginModule
 protected AuthenticationStatus authenticate()
 throws LoginException
 private String[] authenticate(String username,String passwd)
 private Connection getConnection() throws SQLException
}One more article [http://developers.sun.com/appserver/reference/techart/as8_authentication/]
You can try to extend "com/iplanet/ias/security/auth/realm/certificate/CertificateRealm.java"
[http://fisheye5.cenqua.com/browse/glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/certificate/CertificateRealm.java?r=SJSAS_9_0]
$cat CertificateRealm.java
package com.iplanet.ias.security.auth.realm.certificate;
* Realm wrapper for supporting certificate authentication.
* The certificate realm provides the security-service functionality
* needed to process a client-cert authentication. Since the SSL processing,
* and client certificate verification is done by NSS, no authentication
* is actually done by this realm. It only serves the purpose of being
* registered as the certificate handler realm and to service group
* membership requests during web container role checks.
* There is no JAAS LoginModule corresponding to the certificate
* realm. The purpose of a JAAS LoginModule is to implement the actual
* authentication processing, which for the case of this certificate
* realm is already done by the time execution gets to Java.
* The certificate realm needs the following properties in its
* configuration: None.
* The following optional attributes can also be specified:
* <ul>
* <li>assign-groups - A comma-separated list of group names which
* will be assigned to all users who present a cryptographically
* valid certificate. Since groups are otherwise not supported
* by the cert realm, this allows grouping cert users
* for convenience.
* </ul>
public class CertificateRealm extends IASRealm
 protected void init(Properties props)
 * Returns the name of all the groups that this user belongs to.
 * @param username Name of the user in this realm whose group listing
 * is needed.
 * @return Enumeration of group names (strings).
 * @exception InvalidOperationException thrown if the realm does not
 * support this operation - e.g. Certificate realm does not support
 * this operation.
 public Enumeration getGroupNames(String username)
 throws NoSuchUserException, InvalidOperationException
 * Complete authentication of certificate user.
 * As noted, the certificate realm does not do the actual
 * authentication (signature and cert chain validation) for
 * the user certificate, this is done earlier in NSS. This default
 * implementation does nothing. The call has been preserved from S1AS
 * as a placeholder for potential subclasses which may take some
 * action.
 * @param certs The array of certificates provided in the request.
 public void authenticate(X509Certificate certs[])
 throws LoginException
 // Set up SecurityContext, but that is not applicable to S1WS..
}Edited by: mv on Apr 24, 2009 7:04 AM

Problem in Authenticating Clients using SSL certificates in EP 7.0

Hi all,
Our team is configuring client authentication using ssl certificates to Enterprise Portal 7.0. We have exhausted our search on SDN and have also brought SAP on board to resolve this issue.
We have completed our configuration as defined in following links
http://help.sap.com/saphelp_nw04/helpdata/en/8a/8bc061dcf64638aa695f250ce7ca78/content.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/content.htm
and SAP note 583439.
But once a client types in the portal URL a message is shown that your certificate will be mapped to your user. Although we have manually mapped our certificate to a particular user but every time it asks for user ID and password.
So in short it dosent authenticate users on their certicates.
Following are snaps that I have taken from my default logs.
Latest snap.
Date , Time , Message , Severity , Category , Location , Application , User
02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Wrote 147 bytes in 1 records, 126 bytes net, 126 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Read 672 bytes in 1 records, 651 bytes net, 651 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Sending alert: Alert Warning: close notify , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Wrote 9523 bytes in 24 records, 9019 bytes net, 375 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Read 11234 bytes in 21 records, 10793 bytes net, 513 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Sending alert: Alert Warning: close notify , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:250 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:953 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:265 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:952 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:623 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:592 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:639 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:279 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:966 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:637 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:606 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:653 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:293 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:980 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:620 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:667 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:666 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:322 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:291 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:979 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:635 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:619 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:291 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:275 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:947 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:931 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:603 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:587 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Handshake completed, statistics: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Session added to session cache. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Received finished message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Received change_cipher_spec message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending finished message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending change_cipher_spec message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Resuming previous session... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Received v3 client_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:12:462 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:12:118 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:11:774 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:11:446 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:11:102 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:10:758 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:10:414 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:10:086 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:09:742 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:09:398 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:09:054 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:08:726 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:08:382 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:08:038 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:07:694 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:07:366 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:07:022 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:06:678 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:06:334 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:06:006 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:05:662 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:05:318 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Handshake completed, statistics: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Session added to session cache. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Received finished message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Received change_cipher_spec message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending finished message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending change_cipher_spec message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Resuming previous session... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Received v3 client_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Wrote 0 bytes in 0 records, 0 bytes net, 0 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Read 0 bytes in 0 records, 0 bytes net, 0 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Exception reading SSL message: java.io.EOFException: Connection closed by remote host. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Read 943 bytes in 3 records, wrote 861 bytes in 3 records. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Handshake completed, statistics: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Session added to session cache. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending finished message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending change_cipher_spec message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Received finished message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Received change_cipher_spec message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Exiting method , Path , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , oid: OBJECT ID = SubjectKeyIdentifier , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Certificate: Version: 3
Serial number: 4123385933
Signature algorithm: md5WithRSAEncryption (1.2.840.113549.1.1.4)
Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US
Valid not before: Tue Feb 20 09:17:00 EST 2007
      not after: Wed Feb 20 09:17:00 EST 2008
Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US
RSA public key (1024 bits):
public exponent: 10001
modulus: c1f13eb65d6d1f934c6504427dedfd963284979fd61e5d64ac8de1c647f85085f84e173d3bee65837aa97030ebfa6b9521e042b1244de3444e7e82a26a3542a419d6f0bbf276b71e0fb3083a5ed8353852816deec7dd9ceb5ded748ec4a52cb068af1a5e93299f882ee9cb531a60cb0e4b77372c832556e8d993a601d7214741
Certificate Fingerprint (MD5) : BD:B4:9E:51:A9:FA:8B:9B:40:5B:85:6E:5A:CC:B1:68
Certificate Fingerprint (SHA-1): 4B:BB:43:8C:CC:DC:A1:92:56:40:CE:0B:8E:88:DA:28:EC:2A:46:52
Extensions: 1
, Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): ChainVerifier: Found a trusted certificate, returning true , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Not after: Wed Feb 20 09:17:00 EST 2008 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Not before: Tue Feb 20 09:17:00 EST 2007 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Serial: f5c5e04d , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , cert [0 of 1] , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Entering method with ([Ljava.security.cert.X509Certificate;@7bc735, iaik.security.ssl.SSLTransport@539802) , Path , , com.sap.engine.services.ssl.verifyChain () , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Received certificate_verify handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Received client_key_exchange handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Client sent a 1024 bit RSA certificate, chain has 1 elements. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Received certificate handshake message with client certificate. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello_done handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate_request handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate handshake message with server certificate... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): CompressionMethods supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): CipherSuites supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Creating new session 79:5C:C5:27:04:EB:FC:68... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Received v2 client hello message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:146 , ssl_debug(72): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , Error in resource clean up for a disconnected client
java.lang.NullPointerException
     at com.sap.engine.services.httpserver.dispatcher.Processor.closeConnection(Processor.java:1684)
     at com.sap.engine.services.httpserver.dispatcher.Processor.fail(Processor.java:518)
     at com.sap.engine.core.manipulator.TCPRunnableConnection.disposeConnection(TCPRunnableConnection.java:470)
     at com.sap.engine.core.manipulator.TCPRunnableConnection$CloseThread.run(TCPRunnableConnection.java:1031)
     at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:525)
     at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
     at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
     at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
, Error , , com.sap.engine.services.httpserver.dispatcher , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.
[EXCEPTION]
java.io.EOFException: Connection closed by remote host.
     at iaik.security.ssl.Utils.a(Unknown Source)
     at iaik.security.ssl.o.b(Unknown Source)
     at iaik.security.ssl.o.c(Unknown Source)
     at iaik.security.ssl.r.f(Unknown Source)
     at iaik.security.ssl.f.c(Unknown Source)
     at iaik.security.ssl.f.a(Unknown Source)
     at iaik.security.ssl.r.d(Unknown Source)
     at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
     at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
     at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
     at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
     at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
     at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
     at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
     at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
     at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
, Error , /System/Network , com.sap.engine.core.manipulator.TCPRunnableConnection.init() , ,
02/27/2007 , 15:13:59:535 , Handshake failed
[EXCEPTION]
java.io.EOFException: Connection closed by remote host.
     at iaik.security.ssl.Utils.a(Unknown Source)
     at iaik.security.ssl.o.b(Unknown Source)
     at iaik.security.ssl.o.c(Unknown Source)
     at iaik.security.ssl.r.f(Unknown Source)
     at iaik.security.ssl.f.c(Unknown Source)
     at iaik.security.ssl.f.a(Unknown Source)
     at iaik.security.ssl.r.d(Unknown Source)
     at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
     at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
     at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
     at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
     at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
     at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
     at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
     at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
     at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
, Info , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): Sending alert: Alert Fatal: handshake failure , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): IOException while handshaking: Connection closed by remote host. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello_done handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate_request handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate handshake message with server certificate... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): CompressionMethods supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): CipherSuites supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Creating new session 65:0B:55:9C:7D:29:83:F8... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Received v2 client hello message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
Regards,
Atif Mukhtar

Atif,
Did you get a solution to the problem you were having? We have a similar problem.
Thanks,
Dave

Creating SSL certificate and configuring it with JBOSS 4.0.1

I have to post some data to a secured site from my application.
For this, I am creating connection to that site using URLConnection and to send data I create OutputStream using the connection.
But, while creating the stream it is showing SSLException and message is No trusted certificate found.
For this, I need to create SSL certificate (mostly using keytool command) and configure it with my application server which is JBOSS 4.0.1
Now, my problem is that I don't know the exact steps to create a certificate and configure it with JBOSS. Please provide the steps in detail.

I think you have this back to front. Unless this exception came from the server, in which case it is misconfigured, you don't have to create a certificate, you have to import the server's certificate, or that of one of its signers, into the client's truststore, and tell Java where the truststore is if it's in a non-standard location.
See http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html. You'll have to ask about the JBoss part in a JBoss forum.

SSL Certificate Mismatch with AnyConnect client

Similar Messages

Maybe you are looking for