Ssl handshake details
Hi,
Is it possible to show ssl handshake process step by step and how? Or is it totally hidden?
-Djavax.net.debug=ssl,handshake
Similar Messages
-
Ssl handshake error when activating changes in admin console
An error occurred during activation of changes, please see the log for details.
[Deployer:149150]An IOException occurred while reading input.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
[Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
WLS 10.3 on Windows 2008: I configured one of my managed servers for SSL and I'm able to reach deployments via browser and the keystore/certificate chain I have setup. However, I'm getting the above error in Admin Console all over the place. I am unable to commit configuration changes without deleting the SSL managed server. The admin server is still HTTP via 7001. I'm not sure where to look to resolve this issue. Any ideas appreciated.It seems like you did not update the trust store of your AdminServer. It acts as a ssl client of your managed server and cannot verify its identity certificate.
-
SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr
Getting following error while invoking webservice over ssl.
"SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr"
We generated webservice java stub using JDeveloper based on wsdl provided to us from 3rd party. We are able to test this webservice successfully without ssl . Once ssl is enabled by the 3rd party webservice provider we faced
"java.lang.UnsatisfiedLinkError: no njssl9 in java.library.path" error in JDeveloper.
In JDeveloper we were able to resolve this by following details provided at
Lehmann's web log on "Securing a Web Service - Client SSL" (http://radio.weblogs.com/0132036/2004/02/13.html ).
We then run the same java stub from oracle application server 9iAS 1.0.2.2.2. This is when we get error
"SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr"
Debugging further we see that in 9iAS we have following in our class path.
..iAS/jlib/jssl-1_1.jar:..iAS/jlib/javax-ssl-1_1.jar:..iAS/soap/webapps/soap/WEB-INF/lib/soap.jar
we took the same files and added to libraries in JDeveloper and are able to reproduce the same error in JDeveloper. We turned on Debug on oracle.jssl.debug and with that we see following details
instantiate the hashtable
SocketTable write Enter fdin 1
SocketTable write offset 0 length 72
SocketTable write: 72 bytes
SocketTable read Enter
SocketTable read: 1 bytes
SocketTable read Enter
SocketTable read: 2 bytes
SSLSocketImpl close Thread:main
In close removing fd 1Thread main
[SOAPException: faultCode=SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr...
Any suggestions on how to resolve this error in oracle application server 9iAS ?
Note: We run Oracle E-Business Suite on this same 9iAS so any change we make should not impact the oracle applications running on this server.hi,
thi sis very simple soloution for this. open the wsdl into the internet explorer. when wsdl file open save this wsdl with the .xml extension. when u want to make dat contorl or web sekelton or proxy dont use the hhtps:// ????????/ url give the path there for the .xml file which u save for this. i am sure u will invoke all the services which is provoider by the web service.
have nice day
best regards -
SSL handshake failed: X509CertChainIncompleteErr - How to call secure WS?
Hi all, I'm trying to use a third party web service over SSL. I'm using jdk 1.5.0_11 and jDev 10.1.3.0.4.
Here is what I've done so far:
1 - I generated a web service proxy using jDev's wizard.
2 - I created a simple keystore with keytool with the following cmd:
keytool -genkey -keystore techdspc.keystore -storepass ****** . I copied the .keystore file in my project under the src directory.
3 - I used the wizard "Secure Proxy" on my web service with the following options:
- "Use x509 to authenticate"
- I specified my newly created keystore file as the keystore path as well as the password.
- I left the default choice to all the other options.
Once the files were all created by the wizard, I tried out the proxy and got the following error:
ATTENTION: Unable to connect to URL: https://test.eai.adpclaims.com/WSProxy/WS_Proxy.asmx due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
at audatex3.runtime.WSProxySoap_Stub.transmit(WSProxySoap_Stub.java:679)
at audatex3.WSProxySoapClient.transmit(WSProxySoapClient.java:83)
at audatex3.WSProxySoapClient.main(WSProxySoapClient.java:43)
The owner of the Web Service told me that the error is without a doubt on the proxy side. Si my question is: What am I doing wrong?
Your help will be greatly appreciated.
thanks!I tried generating an other keystore with a slightly different cmd and I still get the same error so this does not seem to be the problem...
Any ideas?¸
Thanks -
Write Channel Closed, possible SSL handshaking or trust failure
Hi,
I Have a problem while working with Two-way SSL. I get Write Channel Closed, possible
SSL handshaking or trust failure error while contacting the server for invoking
a webservice secured by SSL.
I could figure out that the error is happening on client side while validating
the server certificate.
One more observation that i was able to find is, it works fine if the Server certificate
and the client certificate are signed by the same (root) CA.
I tried various options but couldn't find my luck. The BEA documentation in this
regards is not at all sufficient.
If i give strict checking false on my client end, the application works fine.
But for my scenario i want strict checking to be happend (otherwise there is no
point in going for SSL itself).
I am using WLSSLAdapter on my client side. The client application is a standalone
java class running out of weblogic (ideally running on JRun).
The way i have coded in my java class is:
String certificatePath = "C:/Cerificates/cert.pem";
String caCertificatePath = "C:/Cerificates/clientca.pem";
String targetURL = "https://localhost:443/feedservice/FeedService";
//set weblogic ServiceFactory
System.setProperty( "javax.xml.rpc.ServiceFactory",
"weblogic.webservice.core.rpc.ServiceFactoryImpl" );
System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
adapter.setProtocolVersion("SSL3");
adapter.setStrictChecking(true);
adapter.setVerbose(true);
FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
String pwd = "password";
System.out.println("Loding Certificate from ........"+certificatePath);
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
System.out.println("Loding CA Certificate from ........"+caCertificatePath);
adapter.setTrustedCertificatesFile(caCertificatePath);
// optionally set the Adapter factory to use this instance always.
sslFactory.setDefaultAdapter(adapter);
sslFactory.setUseDefaultAdapter(true);
// Webservice invocation code..
call.setTargetEndpointAddress(targetURL);
call.setProperty("weblogic.webservice.client.ssladapter",adapter);
Object result = call.invoke(new Object[]{"test.xml"});
The error that i get :
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Exception in handler's handleRequest().
Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write Channel
Closed, possible SSL handshaking or trust fail
ure
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...The signature validation failure means your trusted CA certificate is not the issuer
of the identity certificate. The identity certificate issuer name can match to
the trusted CA certificate name, but the signature check really determines whether
it is the issuer.
Pavel.
"Chandra Sekhar Rao" <[email protected]> wrote:
>
Hi payal,
I have the issuer of the server identity certificate in the trust file
on client
side. The problem is with signature validation
"Pavel" <[email protected]> wrote:
It looks like your client does not trust the server certificate. Make
sure the
certificate you pass in adapter.setTrustedCertificatesFile(caCertificatePath);
is the issuer of the server's identity certificate.
Pavel.
"Chandra Sekhar Rao" <[email protected]> wrote:
Hi,
I Have a problem while working with Two-way SSL. I get Write Channel
Closed, possible
SSL handshaking or trust failure error while contacting the server
for
invoking
a webservice secured by SSL.
I could figure out that the error is happening on client side whilevalidating
the server certificate.
One more observation that i was able to find is, it works fine if the
Server certificate
and the client certificate are signed by the same (root) CA.
I tried various options but couldn't find my luck. The BEA documentation
in this
regards is not at all sufficient.
If i give strict checking false on my client end, the application works
fine.
But for my scenario i want strict checking to be happend (otherwisethere
is no
point in going for SSL itself).
I am using WLSSLAdapter on my client side. The client application is
a standalone
java class running out of weblogic (ideally running on JRun).
The way i have coded in my java class is:
String certificatePath = "C:/Cerificates/cert.pem";
String caCertificatePath = "C:/Cerificates/clientca.pem";
String targetURL = "https://localhost:443/feedservice/FeedService";
//set weblogic ServiceFactory
System.setProperty( "javax.xml.rpc.ServiceFactory",
"weblogic.webservice.core.rpc.ServiceFactoryImpl" );
System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
adapter.setProtocolVersion("SSL3");
adapter.setStrictChecking(true);
adapter.setVerbose(true);
FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
String pwd = "password";
System.out.println("Loding Certificate from ........"+certificatePath);
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
System.out.println("Loding CA Certificate from ........"+caCertificatePath);
adapter.setTrustedCertificatesFile(caCertificatePath);
// optionally set the Adapter factory to use this instance always.
sslFactory.setDefaultAdapter(adapter);
sslFactory.setUseDefaultAdapter(true);
// Webservice invocation code..
call.setTargetEndpointAddress(targetURL);
call.setProperty("weblogic.webservice.client.ssladapter",adapter);
Object result = call.invoke(new Object[]{"test.xml"});
The error that i get :
java.io.IOException: Write Channel Closed, possible SSL handshakingor
trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Exception in handler's handleRequest().
Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write
Channel
Closed, possible SSL handshaking or trust fail
ure
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Can someone give the working phone number of ....BEA CUSTOMER SUPPORT... -
Weblogic server 10.3.5 error during SSL handshake
Please some one help to figure the issue with following logs.
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33095418>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33092490 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33095215 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33095418>
I just created domain with http and https ports. I installed an web app. When I am trying to access the app from browser through https the above error is occurring.
Please somebody help me.
Thanks in advance.
SKThis message indicates that the SSL connection is closed successfully. It is a warning message and normal to see in the logs when you enable the SSL debug flags. This is an expected behavior. If you see alerts when SSL debug is NOT ENABLED then it is a real alert and we need to take care of those issues. Also, it is not a real alert, it is a caught and handled exception from the certicom code which is not harmful and should be ignored, just because you have enabled the SSL debug flag. Once you turn it off, you won't see it in the logs.
Edited by: sharmela on Jan 22, 2013 4:55 AM -
In SSL Handshake : failed extension check error
Hi all,
Could anyone help in this?
Im facing a problem in SSL handshaking using JSSE, J2SDK1.4.
The CertificateException message is :
Invalid Netscape CertType extension for SSL client
And the source of error is : failed extension check
The following is the trace SSL Server.
D:\users\Jp\java\jssesamples\sockets\server\class>java -Djavax.net.debug=SSL,handshake,data,trustmanager ClassFileServer 1089
. TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
found key for : serverkey
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
adding private entry as trusted cert: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
adding as trusted cert: [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
trigger seeding of SecureRandom
done seeding SecureRandom
matching alias: serverkey
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 74
0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
0020: 12 00 00 03 02 00 80 00 00 11 3D 94 3D E6 6A 85 ..........=.=.j.
0030: 4E 4B 5F DC 11 A2 3C F3 59 F7 1E 96 93 87 31 6A NK_...<.Y.....1j
0040: CD 2B 58 8A A1 7E A4 7D C5 C7 .+X.......
Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
*** ClientHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 106, 133, 78, 75, 95, 220, 17, 162, 60, 243, 89, 247, 30, 150, 147, 135, 49, 106, 20
5, 43, 88, 138, 161, 126, 164, 125, 197, 199 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_
CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES4
0_CBC_SHA]
Compression Methods: { 0 }
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 163, 141, 218, 216, 192, 179, 129, 194, 37, 124, 119, 173, 229, 90, 173, 39, 166, 16
6, 58, 146, 118, 120, 174, 234, 161, 101, 91, 104 }
Session ID: {61, 148, 61, 230, 252, 82, 216, 137, 71, 131, 250, 161, 21, 201, 221, 98, 131, 132, 212, 15, 253, 235, 102, 35,
90, 154, 189, 159, 119, 125, 204, 167}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN>
<CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In>
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 1970
0000: 02 00 00 46 03 01 3D 94 3D E6 A3 8D DA D8 C0 B3 ...F..=.=.......
0010: 81 C2 25 7C 77 AD E5 5A AD 27 A6 A6 3A 92 76 78 ..%.w..Z.'..:.vx
0020: AE EA A1 65 5B 68 20 3D 94 3D E6 FC 52 D8 89 47 ...e[h =.=..R..G
0030: 83 FA A1 15 C9 DD 62 83 84 D4 0F FD EB 66 23 5A ......b......f#Z
0040: 9A BD 9F 77 7D CC A7 00 04 00 0B 00 06 35 00 06 ...w.........5..
0050: 32 00 03 0A 30 82 03 06 30 82 02 6F A0 03 02 01 2...0...0..o....
0060: 02 02 01 11 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 98 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0090: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
00A0: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
00B0: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
00C0: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
00D0: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
00E0: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
00F0: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
0100: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 30 1E ficate Manager0.
0110: 17 0D 30 32 30 39 32 37 30 37 30 36 34 34 5A 17 ..020927070644Z.
0120: 0D 30 33 30 39 32 37 30 37 30 36 34 34 5A 30 81 .030927070644Z0.
0130: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
0140: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
0150: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
0160: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
0170: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
0180: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
0190: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
01A0: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
01B0: 41 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 A0..0...*.H.....
01C0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 A5 66 .......0.......f
01D0: A2 53 DE A9 94 5F 48 C1 4B 67 E2 A8 AE EB 86 40 .S..._H.Kg.....@
01E0: F0 BD 58 94 1E 25 7F B3 AA A5 FB 9D B7 33 DB 6C ..X..%.......3.l
01F0: 5A 21 2D 95 44 5E 5A 28 AB 59 40 0C C2 D2 CC EE Z!-.D^Z(.Y@.....
0200: C8 74 DD 62 25 43 5C CE 79 FF 6D 9B 04 25 8E BD .t.b%C\.y.m..%..
0210: 05 9C 9C D6 55 DC 13 23 98 C5 5D 5C 01 5F D6 54 ....U..#..]\._.T
0220: 34 22 20 CE A1 AE C8 0C B4 FC 03 4D 2B C8 2B 54 4" ........M+.+T
0230: 3A 98 50 33 11 2F 27 C2 60 9E F9 40 52 26 05 A9 :.P3./'.`..@R&..
0240: B6 E8 F4 73 1A B0 E9 11 EF C3 23 D9 1D FB 02 03 ...s......#.....
0250: 01 00 01 A3 76 30 74 30 11 06 09 60 86 48 01 86 ....v0t0...`.H..
0260: F8 42 01 01 04 04 03 02 06 40 30 0E 06 03 55 1D [email protected].
0270: 0F 01 01 FF 04 04 03 02 04 F0 30 1F 06 03 55 1D ..........0...U.
0280: 23 04 18 30 16 80 14 61 03 42 D0 1B 10 56 EE 2E #..0...a.B...V..
0290: F1 24 61 D5 25 B3 31 03 27 85 AA 30 2E 06 03 55 .$a.%.1.'..0...U
02A0: 1D 11 04 27 30 25 81 23 63 6F 73 6C 74 65 6D 70 ...'0%.#cosltemp
02B0: 2E 6A 61 79 61 70 72 61 6B 61 73 68 40 6F 72 62 .jayaprakash@orb
02C0: 69 74 65 63 68 2E 63 6F 2E 69 6E 30 0D 06 09 2A itech.co.in0...*
02D0: 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 39 C0 .H............9.
02E0: C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 51 AF .94*RlGH......Q.
02F0: DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 E9 94 .CT.4...bp.%....
0300: EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 32 28 .....(..b.4..d2(
0310: 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 94 6D Z.N......$-(...m
0320: F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 9F F1 ...4.cp.M8y.....
0330: C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A 7C EE .h........0.....
0340: 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D D9 B2 .2.^.Y.<....5...
0350: F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F 00 03 ........`.".._..
0360: 22 30 82 03 1E 30 82 02 87 A0 03 02 01 02 02 01 "0...0..........
0370: 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 .0...*.H........
0380: 30 81 98 31 0B 30 09 06 03 55 04 06 13 02 49 6E 0..1.0...U....In
0390: 31 14 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 1.0...U....Mahar
03A0: 61 73 68 74 72 61 31 18 30 16 06 03 55 04 07 13 ashtra1.0...U...
03B0: 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 45 50 5A .Andheri / SEEPZ
03C0: 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 62 69 74 1#0!..U....Orbit
03D0: 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 20 4C 69 ech Solutions Li
03E0: 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 0B 13 04 mited1.0...U....
03F0: 51 50 45 47 31 25 30 23 06 03 55 04 03 13 1C 4F QPEG1%0#..U....O
0400: 72 62 69 74 65 63 68 20 43 65 72 74 69 66 69 63 rbitech Certific
0410: 61 74 65 20 4D 61 6E 61 67 65 72 30 1E 17 0D 30 ate Manager0...0
0420: 32 30 37 31 38 31 39 30 30 30 30 5A 17 0D 32 38 20718190000Z..28
0430: 30 37 31 38 31 39 30 30 30 30 5A 30 81 98 31 0B 0718190000Z0..1.
0440: 30 09 06 03 55 04 06 13 02 49 6E 31 14 30 12 06 0...U....In1.0..
0450: 03 55 04 08 13 0B 4D 61 68 61 72 61 73 68 74 72 .U....Maharashtr
0460: 61 31 18 30 16 06 03 55 04 07 13 0F 41 6E 64 68 a1.0...U....Andh
0470: 65 72 69 20 2F 20 53 45 45 50 5A 31 23 30 21 06 eri / SEEPZ1#0!.
0480: 03 55 04 0A 13 1A 4F 72 62 69 74 65 63 68 20 53 .U....Orbitech S
0490: 6F 6C 75 74 69 6F 6E 73 20 4C 69 6D 69 74 65 64 olutions Limited
04A0: 31 0D 30 0B 06 03 55 04 0B 13 04 51 50 45 47 31 1.0...U....QPEG1
04B0: 25 30 23 06 03 55 04 03 13 1C 4F 72 62 69 74 65 %0#..U....Orbite
04C0: 63 68 20 43 65 72 74 69 66 69 63 61 74 65 20 4D ch Certificate M
04D0: 61 6E 61 67 65 72 30 81 9F 30 0D 06 09 2A 86 48 anager0..0...*.H
04E0: 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 ............0...
04F0: 81 81 00 DC 3A 63 36 00 7B F1 7C C4 C0 6B 52 1F ....:c6......kR.
0500: 4B 71 46 28 3E C0 C3 B9 0B E9 FB 2D CA 7F E3 90 KqF(>......-....
0510: 84 60 60 C3 3B C3 B1 0F 9F CF 5C 3B 6E 3C C4 6D .``.;.....\;n<.m
0520: BD 11 12 9F A5 A7 FE EE 1A 4C 67 9E D7 BE 1B 1E .........Lg.....
0530: 1C C5 5A 0F 42 B1 4A 88 CA 49 13 02 0F 3F 79 EE ..Z.B.J..I...?y.
0540: A2 86 4D 88 3D 98 48 30 2E AB A4 D1 6B 9B 95 39 ..M.=.H0....k..9
0550: 81 03 CA 1C 7D 14 8E EB 9D CB 09 C5 BD 50 58 A0 .............PX.
0560: 52 81 5C DD E9 09 EC BD 83 05 24 10 73 68 A5 5A R.\.......$.sh.Z
0570: 44 4B 09 02 03 01 00 01 A3 76 30 74 30 11 06 09 DK.......v0t0...
0580: 60 86 48 01 86 F8 42 01 01 04 04 03 02 00 D7 30 `.H...B........0
0590: 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF ...U.......0....
05A0: 30 1D 06 03 55 1D 0E 04 16 04 14 61 03 42 D0 1B 0...U......a.B..
05B0: 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA 30 .V...$a.%.1.'..0
05C0: 1F 06 03 55 1D 23 04 18 30 16 80 14 61 03 42 D0 ...U.#..0...a.B.
05D0: 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA ..V...$a.%.1.'..
05E0: 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 86 0...U...........
05F0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0600: 81 81 00 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 ..........EL....
0610: 86 B9 37 BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D ..7.;O..].;p5...
0620: 54 B7 89 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B T..[J2..aZ...$..
0630: F4 23 40 D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 .#@.M.Sz.NN...:W
0640: EF 43 02 C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 .C..........t%S.
0650: 7B 38 2F 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D .8/\..p..._..<U-
0660: FF 2A FB 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA .*....*....]_6..
0670: 57 EF 74 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 W.t...R...h..N..
0680: A2 0C 7F 0D 00 01 27 02 01 02 01 22 00 83 30 81 ......'...."..0.
0690: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
06A0: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
06B0: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
06C0: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
06D0: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
06E0: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
06F0: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
0700: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
0710: 41 00 9B 30 81 98 31 0B 30 09 06 03 55 04 06 13 A..0..1.0...U...
0720: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0730: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
0740: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
0750: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
0760: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
0770: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
0780: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
0790: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
07A0: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 0E 00 ficate Manager..
07B0: 00 00 ..
Thread-1, WRITE: TLSv1 Handshake, length = 1970
Thread-1, READ: TLSv1 Handshake, length = 1727
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
failed extension check: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
ext exception was: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
Thread-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-1, WRITE: TLSv1 Alert, length = 2
Thread-1, called closeSocket()
Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape
CertType extension for SSL client
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL cli
ent
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)I'm having a related problem. It only occurs on the 1.4.1 version of the JRE. The 1.4.0 works fine. I've created my own custom socket for an RMI server that uses SSL to encrypt any data being sent. I have a valid certificate that works fine to encrypt data from my web server. The client gets the same exception that was posted above. Here is the stack trace on the client's machine if they are running the 1.4.1 JRE:
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
at com.msfw.imageserver.RMIServer_Stub.processRequest(Unknown Source)
at com.msfw.business.Server.rmiQuery(Server.java:389)
at com.msfw.business.Server.callServer(Server.java:540)
at com.msfw.business.Server.callServer(Server.java:523)
at com.msfw.business.Server.callServer(Server.java:518)
at com.msfw.business.Server.callServer(Server.java:572)
at com.msfw.business.Server.callServer(Server.java:578)
at com.msfw.idwebview.IdViewApplet.callServer(IdViewApplet.java:6058)
at com.msfw.idwebview.IdViewApplet.appletRun(IdViewApplet.java:889)
at com.msfw.idwebview.IdViewApplet.start(IdViewApplet.java:1177)
at com.msfw.splash.SplashApplet.init(SplashApplet.java:101)
at sun.applet.AppletPanel.run(AppletPanel.java:347)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
... 15 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
... 26 more
I also created my own homemade certificate and get the same results. Like I said before, the 1.4.0 JRE doesn't do this so it seems to be a new bug in the 1.4.1. Does anyone know how to get around this or what is causing this problem? Thanks. -
Possible SSL handshaking or trust failure in WLS 7.0
hi,
i have set Server Certificate File Name to democert.pem, Server Key File Name
to demokey.pem, and Server Certificate Chain File Name to ca.pem, using the demo
certificate. when running the client, i use -Dweblogic.webservice.client.ssl.strictcertchecking=false
from the cmd. still getting exception:
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source) ...
i believe it no longer can be the wrong server name in the certificate, so it
must be the trusted CA's list. i cannot find any corresponding file though. what
should i be using for the Trusted CA File Name? i can access the webservices home
page by browser as well as the wsdl file, but once i try using the web service
methods, i get the same error through browser and with a soap client.
any ides?Taime
add this setting also to start you Weblogic - Server - Instance include the strictcert
- setting. Then you can use your webservice from a http - client. I do it the
same way.
Regards
"taime giamzone" <[email protected]> wrote:
>
thanks markus,
now i can use the service through a java client! weird enough, by browser,
i still
get the same exception. has somebody succeeded in using a secure web
service by
browser?
"Markus Gasser" <[email protected]> wrote:
Hi Claudia , Hi Taime
I had the same problem. It was a hard way to find out. Here's the solution
Add -Dtrustedfile=<your path>\trusted.crt
to the vm parameters starting your wls - server or client.
The problem is, that WLS 7 expects a trusted ceritficate and the demo
certificate
isn't trusted.
You will find the trusted.crt normally in the domain directory
Markus
"Claudia" <[email protected]> wrote:
Hi,
I have the same problem. I followed the instructions from the Configuring
Security
side, but it doesn't work.
I tried to test the WebService with the default web page generated
from
weblogic
and there I figured out, that I have to enter the default realm password.
I supposed
that would be the password I use to start the server, but it wasn't.
Still I haven't
guessed the password.
The security works too goog ;-)
Please help.
Claudia -
Node Manager unable to start managed Server. SSL Handshake problem
I am getting the following Error:
weblogic.nodemanager.NodeManagerException: [Could not execute command start for server wecarebeadev via the Node Manager - reason: [CommandInvoker: Failed to send command: 'online to server 'wecarebeadev' to NodeManager at host: 'localhost:5555' with exception Write Channel Closed, possible SSL handshaking or trust failure. Please ensure that the NodeManager is active on the target machine].]
I have Weblogic Server 7.0 SP1 with Admin and Managed Server running on the same physical machine as Windows Services.
SSL port has been setup properly for Managed Server. Host Name Verification Ignored is checked for MS.Hi Ajay,
This happens when the SSL communication between the admin and the node
manager fails. The SSL configuration of the admin server or the node
manager is the problem.
cheers,
gaurav.
On 30 Jun 2003 12:19:49 -0700, Ajay Kulkarni <[email protected]> wrote:
I am getting the following Error:
weblogic.nodemanager.NodeManagerException: [Could not execute command
start for server wecarebeadev via the Node Manager - reason:
[CommandInvoker: Failed to send command: 'online to server 'wecarebeadev'
to NodeManager at host: 'localhost:5555' with exception Write Channel
Closed, possible SSL handshaking or trust failure. Please ensure that the
NodeManager is active on the target machine].]
I have Weblogic Server 7.0 SP1 with Admin and Managed Server running on
the same physical machine as Windows Services.
SSL port has been setup properly for Managed Server. Host Name
Verification Ignored is checked for MS.
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ -
SSL handshake failed: X509CertChainIncompleteErr
I am trying to send name-value pairs using https and JSSE. I am using JDev 9i, and first I create a war file and bundle JSSE with it, then deploy it to an ear file, and use Enterprise Manager of 9iAS Rel2 to deploy the ear file to the server (on Windows 2000).
I get the following error (please excuse the test output lines):
Response: xxx test000+ test0+ test1+ test2+ test3+ test4+ test4a+
javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
Here's my code:
import java.net.*;
import java.io.*;
import com.sun.net.ssl.*;
public class testsend {
public testsend()
public String myTest () throws Exception {
String endresult = "xxx ";
String url = "https://www.mysite.com/myfile.php?" ;
endresult = endresult + "test000+ ";
// actual name-value pairs are sent out, this is just an example
String data = "name1=value1&name2=value2";
URL server = null;
try {
server = new URL(url);
endresult = endresult + "test0+ ";
catch(MalformedURLException e) {
endresult = endresult + e.getMessage();
ObjectInputStream myresponse = null;
Object result = null;
try {
URLConnection con = server.openConnection();
endresult = endresult + "test1+ ";
con.setDoOutput(true);
con.setUseCaches(false);
con.setRequestProperty("Content-Type", "application/octet-stream");
endresult = endresult + "test2+ ";
ObjectOutputStream request = new ObjectOutputStream(new BufferedOutputStream(con.getOutputStream()));
endresult = endresult + "test3+ ";
request.writeObject(data);
endresult = endresult + "test4+ ";
request.flush();
endresult = endresult + "test4a+ ";
request.close();
endresult = endresult + "test4b+ ";
// get the result input stream
myresponse = new ObjectInputStream(new BufferedInputStream(con.getInputStream()));
endresult = endresult + "test6+ ";
// read response back from the server
result = myresponse.readObject();
endresult = endresult + result.toString();
catch(Exception e) {
endresult = endresult + e.getMessage();
return endresult;
I've searched for the error message on the web but did not have much luck finding a solution. It obviously won't open a input stream.
Any one have any thoughts? Thanks.
jvHi Francisco,
I am(Oracle 9iAS) sending SOAP messages over SSL to a remote server(Microsoft IIS) hosting the web services. The remote HTTPS site is up and I can view the certificate. It has a 3 level chain. user certificate, intermediate and a root CA.
Through my application when I try to establish handshake, I have some code to display the certificate chain of the remote server. Here I see only the user and the intermediate certificate. I donot see the root CA. I understand that this is the reason for the Incomplete cert chain error. Is this something the remote server hosting the web services should do with their configuration?? Or can I do something at my end??
Please let me know,
Thank you -
SSL Handshake Error in Android (ADF Mobile)
Hi Guys,
Now I am tried to using "https" Web service with my application, but seems show SSL handshake error specially in Android only, iOS is totally working.
Log from Android is
09-27 18:09:03.252: I/System.out(30444): [SEVERE - oracle.adfmf.framework - adf.mf.internal - logError] Request: {classname: oracle.adfmf.framework.api.Model; method: processBatchRequests; params: [0: false][1: [0: {classname: oracle.adfmf.framework.api.Model; method: evaluateMethodExpression; params: [0: #{bindings.AgentAuthenCDKey.execute}][1: [0: {.type: oracle.adfmf.amx.event.ActionEvent; }]][2: void][3: [0: oracle.adfmf.amx.event.ActionEvent]]; }]]; } exception: {message: SSL handshake failure; errorCode: 409; .type: oracle.adfmf.framework.exception.AdfInvocationRuntimeException; .exception: true; severity: ERROR; errorCategory: WEBSERVICE; }
How to solved this one ?
** If my android didn't connect to internet, it still show "SSL handshake error" too, that so weird !Hi,
Sorry to bump this, but I have the exact same problem. "SSL Handshake Error" when calling SSL enabled web services - works fine on iOS, but not on Android, which implies to me a problem with the framework rather than my certificate?
: D/CVM(985): [SEVERE - oracle.adfmf.framework - Utility - invoke] InvocationTargetException Error: ERROR [oracle.adfmf.framework.exception.AdfInvocationRuntimeException] - SSL handshake failure
I'm on JDeveloper 11.1.2.4, ADF Mobile Framework 11.1.2.4.39.64.51.
Are there any known issues with ADF Mobile/SSL on Android?
Any help is much appreciated.
Rich. -
Ssl-handshake fails with scandinavian chars in client certificate
Hello,
We've run into a problem with 2-way-ssl and certificates that have scandinavian
characters in the subject. The problem cert is used as client-certificate for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link that will immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they cause it,
but the certs ought to be according to specs: name-fields encoding is UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
java.lang.NullPointerException: Could not set value for ASN.1 string object..
java.lang.NullPointerException: Could not set value for ASN.1 string object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE-----BMPString is another asn1 type that can be used for certificate attributes with
non-ascii characters. The workaround is simply to use the BMPString instead of
UTF8String for that subject name attribute in the certificate request. This off-course
assumes that you can replace the certificate, and have control over what asn1
type is used for the subject name attributes in the certificate request (via a
tool options, or by generating the request yourself), so it is probably not applicable.
Pavel.
"Ari Räisänen" <[email protected]> wrote:
>
Thanks again, Pavel!
I'm filing a support case about this. You talked about a workaround (BMPString).
Could you be more spesific? I haven't talked about this issue with Igor
yet.
Regards,
Ari
"Pavel" <[email protected]> wrote:
Sounds like a bug in certicom code. It should support UTF8String.
I'd file a support case.
You might be able to use BMPString instead as a workaround.
Pavel.
"Igor Styrman" <[email protected]> wrote:
Hello,
We've run into a problem with 2-way-ssl and certificates that have
scandinavian
characters in the subject. The problem cert is used as client-certificate
for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link thatwill
immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing
will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they
cause it,
but the certs ought to be according to specs: name-fields encoding
is
UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
(and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte
Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape
Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte
Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Premium
Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA
Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
failed
java.lang.NullPointerException: Could not set value for ASN.1 string
object..
java.lang.NullPointerException: Could not set value for ASN.1 string
object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE----- -
Is it possible to take control over ssl handshake process?
Hi,
I'd like to write an application that will show whole ssl handshake process step by step. So I was wondering if it is possible to do something like that:
when user connects his ssl client to ssl server he can push eg."Next" button moving to the next handshake step. But to do that i must have control on that handshake process:).
Thanx.Yeah I forgot about read and write. Forgive me please my questions, but I am just beginning programmer. Anyway I still get this exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Ofcourse I screwed something again, can you tell me what?
Here is client part:
while(myAppData.hasRemaining()){
SSLEngineResult result = engine.wrap(myAppData, myNetData);
// System.out.println(result.getStatus()); //here i get BUFFER_OVERFLOW why?
if(result.getStatus() == SSLEngineResult.Status.OK){
myAppData.compact();
while(myNetData.hasRemaining()){
int num = socketChannel.write(myNetData);
System.out.println(num);
if(num == -1){
System.out.println("close channel");
}else if(num == 0){
System.out.println("no write");
System.out.println(result.getStatus());
int bytesConsumed = result.bytesConsumed();
System.out.println("Bytes consumed: "+bytesConsumed);
int bytesProduced = result.bytesProduced();
System.out.println("Bytes produced: "+bytesProduced);
handStatus = result.getHandshakeStatus();
System.out.println(handStatus); //NEED-UNWRAP
}else if(result.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW){
// System.out.println(result.getStatus());
}else if(result.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW){
// System.out.println(result.getStatus()); }
and server part:
int num = sc.read(peerNetData);
System.out.println(num);
if(num == -1){
//closed channel
System.out.println("num=-1");
}else if(num == 0){
//no bytes read
System.out.println("num=0");
}else{
peerNetData.flip();
//here I get this exception
result = engine.unwrap(peerNetData, peerAppData);
if(result.getStatus() == SSLEngineResult.Status.OK){
peerNetData.compact();
int bytesConsumed = result.bytesConsumed();
int bytesProduced = result.bytesProduced();
hStat = result.getHandshakeStatus();
SSLEngineResult.Status status = result.getStatus();
System.out.println(status);
System.out.println(hStat);
if(peerAppData.hasRemaining()){
//use peerAppData
} -
SSL handshake error when calling Web Service
Hi Grant,
I am using your example here:
http://groundside.com/blog/GrantRonald.php?title=calling_a_web_service_from_oracle_forms__2&more=1&c=1&tb=1&pb=1
to call a web service from forms 10g on a machine with no proxies set up.
I get to the point where I click the button that calls this code:
DECLARE
jo ora_java.jobject;
xo ora_java.jobject;
rv varchar2(100);
--rv number;
ex ora_java.jobject;
BEGIN
jo := SendServiceSoapClient.new;
rv := SendServiceSoapClient.sendMessage(jo,'07000000000', 'Test text message from Forms', xo, xo);
-- rv := SendServiceSoapClient.sendMessage(jo,:block6.number_to_text, :block6.text_msg, xo, xo);
EXCEPTION
WHEN ORA_JAVA.JAVA_ERROR then
message('Unable to call out to Java, ' ||ORA_JAVA.LAST_ERROR);
WHEN ORA_JAVA.EXCEPTION_THROWN then
ex := ORA_JAVA.LAST_EXCEPTION;
-- message(Exception_.toString(ex));
-- message(Exception_.toString(ex));
:block6.item11 := Exception_.toString(ex);
END;
I then get the message:
java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
My Jinitiator box says:
Loading http://xpjdev11g.uk.conde-nast.biz:8889/forms/java/frmall_jinit.jar from JAR cache
Loading http://xpjdev11g.uk.conde-nast.biz:8889/forms/java/wsarchive3.jar from JAR cache
proxyHost=null
proxyPort=0
connectMode=HTTP, native.
Forms Applet version is : 10.1.2.0
Please note additional steps:
I have tried to sign my JAR file (called wsarchive3.jar) - not sure if I have it done it correctly??
I have added the JAR file in the system CLASSPATH
I have added the JAR file to formsweb.cfg
If you could help with the SSL error, I'd greatly appreciate it. Thanks.Let me check - have you got the "HOW TO" I created working when you use the following WSDL
http://www.esendex.com/secure/messenger/soap/SendService.asmx?wsdl
Does this work ok from Forms?
The reason I ask is there is an HTTP web service (which is what the how to documents) but there is also and HTTPS versions - if you are getting errors about SSL it might be you are using the HTTPS version
I just want to make sure I understand what you have and have not working so far.
Grant -
EAP-TLS or PEAP authentication failed during SSL handshake
Hi Pros,
I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
When I check my log in the failed attemps, there is what I found:
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
Network Access Profile Name
Authen-Failure-Code
Author-Failure-Code
Author-Data
NAS-Port
NAS-IP-Address
Filter Information
PEAP/EAP-FAST-Clear-Name
EAP Type
EAP Type Name
Reason
Access Device
Network Device Group
06/23/2010
17:39:51
Authen failed
000e.9b6e.e834
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1101
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Networ
06/23/2010
17:39:50
Authen failed
[email protected]
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1098
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Network
[email protected] = my windows active directory name
1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
2. Why sometimes it just shows the MAC of the client for username?
3. Why it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
2. Secondly, When I check in pass authentications... there is what i saw
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
NAS-Port
NAS-IP-Address
Network Access Profile Name
Shared RAC
Downloadable ACL
System-Posture-Token
Application-Posture-Token
Reason
EAP Type
EAP Type Name
PEAP/EAP-FAST-Clear-Name
Access Device
Network Device Group
06/23/2010
17:30:49
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
06/23/2010
17:29:27
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did check ENABLE EAP-TLS machine authentication.
Thanks in advance for your help,
Crazy---Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
Let's brain storm together to figure out this guys.
Thanks in advance,
----Paul
Maybe you are looking for
-
Dump error while creating Invoicing document
Moderator note - this is the same problem as identified in thread Error is generated in Print workbench function ISU_INV_BILL_PREPARE. Thread locked and poster notified of rules violation. Hi Experts, I am new to ISU application.Please provide solut
-
Hi, after I shared a file that contains the forms, the receipients are able to download and fill the form and click "submit form" at the top of the file. I shared it through acrobat.com, where can I view their submited form for responses? Or how ca
-
Dreamweaver Crash Using Color Pallete
Hi, Getting an annoying problem where dreamweaver crashes everytime I use the dropper tool in the color pallete e.g. in the css menu. Using Dreamweaver 5.5, up to date on Mac Lion. I'm listing the error log below - please help. Process: Dream
-
How to sync my iphone w itunes in a new PC without losing my file in iphone???
as titled
-
Help with erasing and syncing please - what will be erased?
I have somehow created a 2nd itunes account and my iphone won't sync with the first one. It is syncing with the 2nd one however I cannot add new music - if I try on the 2nd one I get a message asking if I want to erase this iphone and sync with this