Ssl-handshake fails with scandinavian chars in client certificate

Similar Messages

• SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr

  Getting following error while invoking webservice over ssl.
  "SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr"
  We generated webservice java stub using JDeveloper based on wsdl provided to us from 3rd party. We are able to test this webservice successfully without ssl . Once ssl is enabled by the 3rd party webservice provider we faced
  "java.lang.UnsatisfiedLinkError: no njssl9 in java.library.path" error in JDeveloper.
  In JDeveloper we were able to resolve this by following details provided at
  Lehmann's web log on "Securing a Web Service - Client SSL" (http://radio.weblogs.com/0132036/2004/02/13.html ).
  We then run the same java stub from oracle application server 9iAS 1.0.2.2.2. This is when we get error
  "SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr"
  Debugging further we see that in 9iAS we have following in our class path.
  ..iAS/jlib/jssl-1_1.jar:..iAS/jlib/javax-ssl-1_1.jar:..iAS/soap/webapps/soap/WEB-INF/lib/soap.jar
  we took the same files and added to libraries in JDeveloper and are able to reproduce the same error in JDeveloper. We turned on Debug on oracle.jssl.debug and with that we see following details
  instantiate the hashtable
  SocketTable write Enter fdin 1
  SocketTable write offset 0 length 72
  SocketTable write: 72 bytes
  SocketTable read Enter
  SocketTable read: 1 bytes
  SocketTable read Enter
  SocketTable read: 2 bytes
  SSLSocketImpl close Thread:main
  In close removing fd 1Thread main
  [SOAPException: faultCode=SOAP-ENV:IOException; msg=SSL handshake failed: SSLProtocolErr...
  Any suggestions on how to resolve this error in oracle application server 9iAS ?
  Note: We run Oracle E-Business Suite on this same 9iAS so any change we make should not impact the oracle applications running on this server.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  hi,
  thi sis very simple soloution for this. open the wsdl into the internet explorer. when wsdl file open save this wsdl with the .xml extension. when u want to make dat contorl or web sekelton or proxy dont use the hhtps:// ????????/ url give the path there for the .xml file which u save for this. i am sure u will invoke all the services which is provoider by the web service.
  have nice day
  best regards

• SSL handshake failed: X509CertChainIncompleteErr - How to call secure WS?

  Hi all, I'm trying to use a third party web service over SSL. I'm using jdk 1.5.0_11 and jDev 10.1.3.0.4.
  Here is what I've done so far:
  1 - I generated a web service proxy using jDev's wizard.
  2 - I created a simple keystore with keytool with the following cmd:
  keytool -genkey -keystore techdspc.keystore -storepass ****** . I copied the .keystore file in my project under the src directory.
  3 - I used the wizard "Secure Proxy" on my web service with the following options:
  - "Use x509 to authenticate"
  - I specified my newly created keystore file as the keystore path as well as the password.
  - I left the default choice to all the other options.
  Once the files were all created by the wizard, I tried out the proxy and got the following error:
  ATTENTION: Unable to connect to URL: https://test.eai.adpclaims.com/WSProxy/WS_Proxy.asmx due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
  java.rmi.RemoteException: ; nested exception is:
       HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
       at audatex3.runtime.WSProxySoap_Stub.transmit(WSProxySoap_Stub.java:679)
       at audatex3.WSProxySoapClient.transmit(WSProxySoapClient.java:83)
       at audatex3.WSProxySoapClient.main(WSProxySoapClient.java:43)
  The owner of the Web Service told me that the error is without a doubt on the proxy side. Si my question is: What am I doing wrong?
  Your help will be greatly appreciated.
  thanks!

  I tried generating an other keystore with a slightly different cmd and I still get the same error so this does not seem to be the problem...
  Any ideas?¸
  Thanks

• SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has be

  Hello, I have a sql 2005 server, and I am a developer, with the database on my own machine.  It alwayws works for me but after some minutes the other developer cant work in the application
  He got this error
  Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: 192.168.1.140]
  and When I see the log event after that error, it comes with another error.
  SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: 192.168.1.140]
  He has IIS5 and me too.
  I created a user on the domain called ASPSYS with password, then in the IIS on anonymous authentication I put that user with that password, and it works, on both machines.
  and in the connection string I have.
  <add key="sqlconn" value="Data Source=ESTACION15;Initial Catalog=GescomDefinitiva;Integrated Security=SSPI; Trusted_Connection=true"/>
  I go to the profiler, and I see that when he browses a page, the database is accesed with user ASPSYS, but when I browse a page, the database is accesed with user SE\levalencia.
  Thats strange.
  The only way that the other developer can work again on the project is to restart the whole machine. He has windows xp profession, I have windows 2000.
  If you want me to send logs please tellme

  Well here's my problem, maybe you can help. Intermittenly I get a login failed when connecting to a db engine through Server Management Studio using Windows authentication. When this happens the following entries are generated on the server's application event log:
  Event Type:        Error
  Event Source:    MSSQLSERVER
  Event Category:                (4)
  Event ID:              17806
  Date:                     1/14/2009
  Time:                     10:41:31 AM
  User:                     N/A
  Computer:          <server name>
  Description:
  SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: <ip address>]
  Event Type:        Failure Audit
  Event Source:    MSSQLSERVER
  Event Category:                (4)
  Event ID:              18452
  Date:                     1/14/2009
  Time:                     10:41:31 AM
  User:                     N/A
  Computer:          <server name>
  Description:
  Login failed for user ''. The user is not associated with a trusted SQL Server connection. [CLIENT: <ip address>]
  I've already ensured that the server is set to mixed authentication mode. Oddly enough, the workaround that I've found is that if I remote desktop into the server, log in and then log back out, Management Studio is suddenly able to connect again. No idea why it works. 
  As I said before, it is intermitten. Some days it errors on login, other days it doesn't and there are no configuration changes between them. Also, both client and server are in the same domain and same site so there is no VPN or anything in between. I'm really quite stumped. Any help would be great, or if you can point me in the right direction of where to look. Thank you in advance!

• SSL handshake failed: X509CertChainIncompleteErr

  I am trying to send name-value pairs using https and JSSE. I am using JDev 9i, and first I create a war file and bundle JSSE with it, then deploy it to an ear file, and use Enterprise Manager of 9iAS Rel2 to deploy the ear file to the server (on Windows 2000).
  I get the following error (please excuse the test output lines):
  Response: xxx test000+ test0+ test1+ test2+ test3+ test4+ test4a+
  javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
  Here's my code:
  import java.net.*;
  import java.io.*;
  import com.sun.net.ssl.*;
  public class testsend {
  public testsend()
  public String myTest () throws Exception {
  String endresult = "xxx ";
  String url = "https://www.mysite.com/myfile.php?" ;
  endresult = endresult + "test000+ ";
  // actual name-value pairs are sent out, this is just an example
  String data = "name1=value1&name2=value2";
  URL server = null;
  try {
  server = new URL(url);
  endresult = endresult + "test0+ ";
  catch(MalformedURLException e) {
  endresult = endresult + e.getMessage();
  ObjectInputStream myresponse = null;
  Object result = null;
  try {
  URLConnection con = server.openConnection();
  endresult = endresult + "test1+ ";
  con.setDoOutput(true);
  con.setUseCaches(false);
  con.setRequestProperty("Content-Type", "application/octet-stream");
  endresult = endresult + "test2+ ";
  ObjectOutputStream request = new ObjectOutputStream(new BufferedOutputStream(con.getOutputStream()));
  endresult = endresult + "test3+ ";
  request.writeObject(data);
  endresult = endresult + "test4+ ";
  request.flush();
  endresult = endresult + "test4a+ ";
  request.close();
  endresult = endresult + "test4b+ ";
  // get the result input stream
  myresponse = new ObjectInputStream(new BufferedInputStream(con.getInputStream()));
  endresult = endresult + "test6+ ";
  // read response back from the server
  result = myresponse.readObject();
  endresult = endresult + result.toString();
  catch(Exception e) {
  endresult = endresult + e.getMessage();
  return endresult;
  I've searched for the error message on the web but did not have much luck finding a solution. It obviously won't open a input stream.
  Any one have any thoughts? Thanks.
  jv

  Hi Francisco,
  I am(Oracle 9iAS) sending SOAP messages over SSL to a remote server(Microsoft IIS) hosting the web services. The remote HTTPS site is up and I can view the certificate. It has a 3 level chain. user certificate, intermediate and a root CA.
  Through my application when I try to establish handshake, I have some code to display the certificate chain of the remote server. Here I see only the user and the intermediate certificate. I donot see the root CA. I understand that this is the reason for the Incomplete cert chain error. Is this something the remote server hosting the web services should do with their configuration?? Or can I do something at my end??
  Please let me know,
  Thank you

• [ForumFAQ]How to troubleshoot error "SSPI handshake failed with error code 0x80090324"

  Understanding the problem:
  When connect to SQL Server with Windows authentication, you may receive the following message in the SQL Server error log:
  SSPI handshake failed with error code 0x80090324, state 14 while establishing a connection with integrated security; the connection has been closed.
  Security Support Provider Interface (SSPI) is a set of Windows APIs that allows for delegation and mutual authentication over any generic data transport layer, such as TCP/IP sockets. SQL Server supports Kerberos indirectly through the Windows Security Support
  Provider Interface (SSPI) when SQL Server is using Windows Authentication.
  "SSPI Handshake Failed" error happens usually when connection failed between the server and domain controllers or failed Kerberos Authentication. There are many reason for SSPI Handshake error to appear in SQL Server error log.
  Troubleshot the problem:
  Download and install the Windows error code lookup tool Err.exe to view error descriptions for Windows Error Codes.
  The error code 0x80090324 (SEC_E_TIME_SKEW) means "clock on client and server machines are skewed". In most case, this is a Kerberos issue. Kerberos is using a timestamp to protect against replay attacks. The maximum time skew that can be tolerated
  between a ticket's timestamp and the current time at the KDC is 5 minutes by default.
  Also check the Windows Event Log of client machine, domain controller and the SQL Server machine for existence of W32time error messages.
  The solution:
  Make sure the clock of client server, domain controller and the server running SQL Server are within five minutes of each other. Or Resynchronize the clock by run w32tm /resync on client machine and SQL Server machine.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  This error can happen due to Active Directory configuration issue or Network related issues. Assuming they are fine,
  another reason could be related to fail Kerberos Authentication to connect to SQL Server.
  In Windows 2003 and above, the default method of establishing a connection is Kerberos but if it fails, then connection may be established using NTLM. An error may be registered on SQL Server error log due to Kerberos failure.
  To confirm if you have any database connection using Kerberos authentication, run this on your SQL Server
  SELECT distinct auth_scheme FROM sys.dm_exec_connections
  If you only see NTLM and SQL then, there is no Kerberos connection.
  To use Kerberos, the client and SQL Server must be in the same domain or trusted domains and a Service Principal Name (SPN) must be registered with Active Directory for SQL Server service account.
  You can check if the service account already has SPN, by running this on the SQL Server
  setspn -l <domain\sqlserviceaccount>
  If you don't see anything starting with MSSQLSvc\ then the account is not setup with SPN.
  You can manually register SPN as a Domain Administrator using these commands.
  To      create an SPN for the NetBIOS name of the SQL Server use the following      command:
  setspn –A MSSQLSvc/<SQL Server computer name>:1433      <Domain\Account>
  To      create an SPN for the FQDN of the SQL Server use the following command:
  setspn      -A MSSQLSvc/<SQL Server FQDN>:1433 <Domain\Account>
  If SQL Server service account is granted "Validated write to service principal name" privilege in Active Directory, SQL Server database engine will register itself when it starts and unregisters at shutdown. If you Domain Administrators do not permit this setting
  then you should manually register the SPN and the SSPI error will go away.
  Also the SQL Server service account must be granted "Account is trusted for delegation" privilege in Active Directory. If your SQL Server connects to other SQL Server using Linked Server then the server must also be granted "Trust this computer for delegation
  to any service" privilege.
  For a named instance, you can use the FQDN of the named instance instead of SQL Server FQDN and use the port number.
  For a clustered server, you should use the FQDN of the SQL Server virtual name. In this case you will need two entries, one with port name and one without such as
  setspn -A MSSQLSvc/<Virtual SQL Server FQDN> <Domain\Account>
  setspn -A MSSQLSvc/<Virtual SQL Server FQDN>:1433 <Domain\Account>
  Kerberos authentication works when SQL Server, Service Account and Windows account accessing the SQL Server are in same windows domain. If anyone these are in different domain, there must be bidirectional trust established between the domains, otherwise it
  does not work.

• SSPI handshake failed with error code 0x8009030c and Login failed for user''

  I got the following error when tried to connect to local machine in the
  non-domain environment with Windows Authentication by SSMS.
  "SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security."
  "Login failed for user''. the user is nothing associated with a trusted SQL server connection."
  questions
  1,if I saw the "SSPI handshake failed ", does it means it must used Kerberos but failed? or it is also possible used the NTLM but failed?
  2,Any ideas for this issue?
  Please click the Mark as Answer button if a post solves your problem!

  Hi Michael,
  Firstly, "SSPI Handshake Failed" error happens usually when connection failed between the server and domain controllers or failed Kerberos authentication. For more details about "SSPI Handshake Failed" error, please review this
  FAQ.
  Secondly, regarding to your error message, it could be caused by loopback check. To resolve the issue, please set the DisableLoopbackCheck registry entry to 1 by performing the following steps.
  1.Click Start, click Run, type regedit, and then click OK.
  2.Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3.Right-click Lsa, point to New, and then click DWORD Value.
  4.Type DisableLoopbackCheck, and then press ENTER.
  5.Right-click DisableLoopbackCheck, and then click Modify.
  6.In the Value data box, type 1, and then click OK.
  7.Exit Registry Editor.
  8.Restart the computer.
  There is a similar blog about your scenario for your reference.
  http://www.bhcblog.com/2009/10/08/fix-for-login-failed-for-user-the-user-is-not-associated-with-a-trusted-sql-server-connection/
  Thanks,
  Lydia Zhang
  If you have any feedback on our support, please click
  here.
  Lydia Zhang
  TechNet Community Support

• No way to publish a workflow, I get this error: System.InvalidOperationException: Operation failed with error Microsoft.Workflow.Client.ScopeInactiveException: Scope ... is not in an active state. Its current state is 'Unregistering'

  Hi,
  I'm using Project Server 2013 and I'm not able to publish a workflow in SharePoint Designer 2013, I get this error:
  System.InvalidOperationException: Operation failed with error Microsoft.Workflow.Client.ScopeInactiveException: Scope '/SharePoint/default/d7feb9ea-ccb2-4ec3-8f89-2a45b6cf3777' is not in an active state. Its current
  state is 'Unregistering'. HTTP headers received from the server - ActivityId: c47ef567-8c54-4ae0-9a1a-1e4fb51320d8. NodeId: TestServer. Scope: /SharePoint/default/d7feb9ea-ccb2-4ec3-8f89-2a45b6cf3777. Client ActivityId : c6e5979c-20f8-e042-1f9d-2cb2a25d7f9e.
  ---> System.Net.WebExceptio
  The thing is that I transferred the databases from a Prod.Env. to the Test Env. and from that moment on the Test Env. stopped working (only workflows), then I
  was thinking that maybe the workflow is not working in the Test Environment because when I transferred the databases from Prod Env to Test Env I didn’t transfer the databases related to workflow, I only transferred:
  WSS_Content
  PWA_ServiceDB
  But I didn’t transfer:
  SBGatewayDatabase
  SBManagementDB
  SBMessageContainer01
  WFInstanceManagementDB
  WFManagementDB
  WFResourceManagementDB
  I didn’t transfer them because, before, when I transferred DB’s in version 2010, these DB’s were not needed, as the workflows were done using another method.
  So, I tried to create a new workflow in the Test Env. but there is no way, I always get that error.
  I've tried to Register again the workflow, and the result looks ok, but it doesn't solve the problem:
  Register-SPWorkflowService
  –SPSite "http://whatever/PWA"
  –WorkflowHostUri "http://TestServer:12291"
  –AllowOAuthHttp -Force
  Do you know how to solve this issue or have an idea to give me some light?
  Thank you for your help and regards,
  José Espases

  Looks like you haven't defined the WF scope or the site where you are trying to deploy the workflow to isn't included in the scope
  Check this article
  http://fangdahai.blogspot.in/2013/04/on-premise-windows-workflow-server.html
  Thanks | epmXperts | http://epmxperts.wordpress.com

• SSPI handshake failed with error code 0x80090311

  Hi guys,
  I get this error and i know it comes from my Linux server in an IPA domain.
  Error: SSPI handshake failed with error code 0x80090311
  But i want to trust this connection. How do i do this?
  Kind regards,
  André

  Hi,
  0x80090311 error refers to "No authority could be contacted for authentication" which means the user cannot contact AD to get a ticket. I suggest turning on Kerberos logging  and using Netmon to trace the authentication routes. You can find detailed
  info on how to troubleshoot Kerberos here.
  http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx
  There are probably some network issue on your system and you lost the connectivity to AD from time to time. Please let your network administror investigate any possible network issue.
  Hope the below threads could be helpful for you:
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/308f0f2b-2500-481d-aef3-6eb262e15783/sspi-handshake-failed-with-error-code-0x80090311?forum=sqldatabaseengine
  http://social.technet.microsoft.com/Forums/sqlserver/en-US/74db708b-dcdf-4c0e-819b-861e8a22fa6b/sspi-handshake-failed-with-error-code-0x80090311?forum=sqldatabaseengine
  Regards,
  Yan Li 
  Regards, Yan Li

• "SSPI handshake failed with error code 0x8009030c ..."

  Hi All,
  Below are the farm configuration.
  1 SQL server with SQL 2005 STD edition in windows 2003 server Std 64 bit.
  1 Application server and 1 WFE server with SharePoint 2007 Std edition in windows 2003 server STD 64 bit.
  Configured with AD account and it has local admin rights on 3 servers.
  Issue:
  Daily morning SQL server is reporting Event ID 17806 error. SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed.
  [ IP of Application and WFE servers].
  During same time SQL server is logging 5788 and 5789 errors. 
  5788 error: Attempt to update HOST Service Principal Names (SPNs) of the computer object in Active Directory failed. The updated values were 'HOST/FQDN name of SQL Server' and 'HOST/SQL Server Name'. The following error occurred:
  There are no more endpoints available from the endpoint mapper. 
  5789 error: Attempt to update DNS Host Name of the computer object in Active Directory failed. The updated value was 'FQDN Name of SQL server'. The following error occurred:
  There are no more endpoints available from the endpoint mapper. 
  At the same point Application and WFE servers are getting 27745 error for thousands of time in 2 minutes. As it is early morning we don't know how the sharepoint application is behaving (accessible are not).  From past 2days we are getting these errors.
  It is happening only for 2 min in the morning.
  27745 error : The description for Event ID ( 27745 ) in Source ( Windows SharePoint Services 3 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote
  computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: #50071: Unable to connect to the database WSS_Content_DB on SQL server.  Check the database
  connection information and make sure that the database server is running..
  To resolve this found few SPN queries, but didnt tried as it is production environment. Is this issue with SPN name of SQL server?
  how to stop this errors?
  Thanks & regards
  V235

  Hi,
  Thanks to share your post in this forum.
  For the issue that you have encountered, if your local asp.net site is running under iis, then you need to set to
  run under a domain account with access the SQL server.
  1) If you only hit the website locally just set impersonate=true in the
  web config and require authentication to ntlm in iis.
  2) If your local box is vista or server2003 set the app pool for the
  asp.net site to the desired domain account.
  3) If none of above, in web.config set impersonate with a username and
  password.
  And some other useful references:
  http://www.associatedcontent.com/article/5725578/techtips_how_to_fix_the_error_sspi.html.
  http://msdn.microsoft.com/en-us/library/ms998320.aspx.
  http://www.bigresource.com/Tracker/Track-ms_sql-HDpysQ7v/.
  Hope this could help you!
  Leo

• In SSL Handshake : failed extension check error

  Hi all,
  Could anyone help in this?
  Im facing a problem in SSL handshaking using JSSE, J2SDK1.4.
  The CertificateException message is :
  Invalid Netscape CertType extension for SSL client
  And the source of error is : failed extension check
  The following is the trace SSL Server.
  D:\users\Jp\java\jssesamples\sockets\server\class>java -Djavax.net.debug=SSL,handshake,data,trustmanager ClassFileServer 1089
  . TLS true
  USAGE: java ClassFileServer port docroot [TLS [true]]
  If the third argument is TLS, it will start as
  a TLS/SSL file server, otherwise, it will be
  an ordinary file server.
  If the fourth argument is true,it will require
  client authentication as well.
  found key for : serverkey
  chain [0] = [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
  Validity: [From: Fri Sep 27 12:36:44 IST 2002,
                 To: Sat Sep 27 12:36:44 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    11]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
  0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
  0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
  0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
  0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
  0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
  0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
  0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
  chain [1] = [
  Version: V3
  Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
  Validity: [From: Fri Jul 19 00:30:00 IST 2002,
                 To: Wed Jul 19 00:30:00 IST 2028]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    01]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL client
  SSL server
  Object Signing
  SSL CA
  S/MIME CA
  Object Signing CA]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  [5]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
  0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
  0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
  0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
  0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
  0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
  0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
  0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
  adding private entry as trusted cert: [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
  Validity: [From: Fri Sep 27 12:36:44 IST 2002,
                 To: Sat Sep 27 12:36:44 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    11]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
  0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
  0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
  0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
  0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
  0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
  0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
  0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
  adding as trusted cert: [
  Version: V3
  Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
  Validity: [From: Fri Jul 19 00:30:00 IST 2002,
                 To: Wed Jul 19 00:30:00 IST 2028]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    01]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL client
  SSL server
  Object Signing
  SSL CA
  S/MIME CA
  Object Signing CA]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  [5]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
  0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
  0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
  0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
  0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
  0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
  0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
  0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
  trigger seeding of SecureRandom
  done seeding SecureRandom
  matching alias: serverkey
  [read] MD5 and SHA1 hashes: len = 3
  0000: 01 03 01 ...
  [read] MD5 and SHA1 hashes: len = 74
  0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
  0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
  0020: 12 00 00 03 02 00 80 00 00 11 3D 94 3D E6 6A 85 ..........=.=.j.
  0030: 4E 4B 5F DC 11 A2 3C F3 59 F7 1E 96 93 87 31 6A NK_...<.Y.....1j
  0040: CD 2B 58 8A A1 7E A4 7D C5 C7 .+X.......
  Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1016347878 bytes = { 106, 133, 78, 75, 95, 220, 17, 162, 60, 243, 89, 247, 30, 150, 147, 135, 49, 106, 20
  5, 43, 88, 138, 161, 126, 164, 125, 197, 199 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_
  CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES4
  0_CBC_SHA]
  Compression Methods: { 0 }
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1016347878 bytes = { 163, 141, 218, 216, 192, 179, 129, 194, 37, 124, 119, 173, 229, 90, 173, 39, 166, 16
  6, 58, 146, 118, 120, 174, 234, 161, 101, 91, 104 }
  Session ID: {61, 148, 61, 230, 252, 82, 216, 137, 71, 131, 250, 161, 21, 201, 221, 98, 131, 132, 212, 15, 253, 235, 102, 35,
  90, 154, 189, 159, 119, 125, 204, 167}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  Cipher suite: SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  Finalizer, called close()
  Finalizer, called closeInternal(true)
  Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
  Finalizer, WRITE: TLSv1 Alert, length = 2
  chain [0] = [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
  Validity: [From: Fri Sep 27 12:36:44 IST 2002,
                 To: Sat Sep 27 12:36:44 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    11]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
  0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
  0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
  0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
  0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
  0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
  0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
  0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
  chain [1] = [
  Version: V3
  Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
  Validity: [From: Fri Jul 19 00:30:00 IST 2002,
                 To: Wed Jul 19 00:30:00 IST 2028]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    01]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL client
  SSL server
  Object Signing
  SSL CA
  S/MIME CA
  Object Signing CA]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  [5]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
  0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
  0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
  0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
  0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
  0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
  0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
  0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
  *** CertificateRequest
  Cert Types: RSA, DSS,
  Cert Authorities:
  <CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN>
  <CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In>
  *** ServerHelloDone
  [write] MD5 and SHA1 hashes: len = 1970
  0000: 02 00 00 46 03 01 3D 94 3D E6 A3 8D DA D8 C0 B3 ...F..=.=.......
  0010: 81 C2 25 7C 77 AD E5 5A AD 27 A6 A6 3A 92 76 78 ..%.w..Z.'..:.vx
  0020: AE EA A1 65 5B 68 20 3D 94 3D E6 FC 52 D8 89 47 ...e[h =.=..R..G
  0030: 83 FA A1 15 C9 DD 62 83   84 D4 0F FD EB 66 23 5A  ......b......f#Z
  0040: 9A BD 9F 77 7D CC A7 00   04 00 0B 00 06 35 00 06  ...w.........5..
  0050: 32 00 03 0A 30 82 03 06   30 82 02 6F A0 03 02 01  2...0...0..o....
  0060: 02 02 01 11 30 0D 06 09   2A 86 48 86 F7 0D 01 01  ....0...*.H.....
  0070: 04 05 00 30 81 98 31 0B   30 09 06 03 55 04 06 13  ...0..1.0...U...
  0080: 02 49 6E 31 14 30 12 06   03 55 04 08 13 0B 4D 61  .In1.0...U....Ma
  0090: 68 61 72 61 73 68 74 72   61 31 18 30 16 06 03 55  harashtra1.0...U
  00A0: 04 07 13 0F 41 6E 64 68   65 72 69 20 2F 20 53 45  ....Andheri / SE
  00B0: 45 50 5A 31 23 30 21 06   03 55 04 0A 13 1A 4F 72  EPZ1#0!..U....Or
  00C0: 62 69 74 65 63 68 20 53   6F 6C 75 74 69 6F 6E 73  bitech Solutions
  00D0: 20 4C 69 6D 69 74 65 64   31 0D 30 0B 06 03 55 04   Limited1.0...U.
  00E0: 0B 13 04 51 50 45 47 31   25 30 23 06 03 55 04 03  ...QPEG1%0#..U..
  00F0: 13 1C 4F 72 62 69 74 65   63 68 20 43 65 72 74 69  ..Orbitech Certi
  0100: 66 69 63 61 74 65 20 4D   61 6E 61 67 65 72 30 1E  ficate Manager0.
  0110: 17 0D 30 32 30 39 32 37   30 37 30 36 34 34 5A 17  ..020927070644Z.
  0120: 0D 30 33 30 39 32 37 30   37 30 36 34 34 5A 30 81  .030927070644Z0.
  0130: 80 31 0B 30 09 06 03 55   04 06 13 02 49 4E 31 14  .1.0...U....IN1.
  0140: 30 12 06 03 55 04 08 13   0B 4D 61 68 61 72 61 73  0...U....Maharas
  0150: 68 74 72 61 31 0F 30 0D   06 03 55 04 07 13 06 4D  htra1.0...U....M
  0160: 75 6D 62 61 69 31 1A 30   18 06 03 55 04 0A 13 11  umbai1.0...U....
  0170: 53 61 6D 70 6C 65 20 53   65 72 76 65 72 20 4F 72  Sample Server Or
  0180: 67 31 16 30 14 06 03 55   04 0B 13 0D 53 61 6D 70  g1.0...U....Samp
  0190: 6C 65 20 53 65 72 76 65   72 31 16 30 14 06 03 55  le Server1.0...U
  01A0: 04 03 13 0D 4A 61 79 61   70 72 61 6B 61 73 68 20  ....Jayaprakash
  01B0: 41 30 81 9F 30 0D 06 09   2A 86 48 86 F7 0D 01 01  A0..0...*.H.....
  01C0: 01 05 00 03 81 8D 00 30   81 89 02 81 81 00 A5 66  .......0.......f
  01D0: A2 53 DE A9 94 5F 48 C1   4B 67 E2 A8 AE EB 86 40  .S..._H.Kg.....@
  01E0: F0 BD 58 94 1E 25 7F B3   AA A5 FB 9D B7 33 DB 6C  ..X..%.......3.l
  01F0: 5A 21 2D 95 44 5E 5A 28   AB 59 40 0C C2 D2 CC EE  Z!-.D^Z(.Y@.....
  0200: C8 74 DD 62 25 43 5C CE   79 FF 6D 9B 04 25 8E BD  .t.b%C\.y.m..%..
  0210: 05 9C 9C D6 55 DC 13 23   98 C5 5D 5C 01 5F D6 54  ....U..#..]\._.T
  0220: 34 22 20 CE A1 AE C8 0C B4 FC 03 4D 2B C8 2B 54 4" ........M+.+T
  0230: 3A 98 50 33 11 2F 27 C2 60 9E F9 40 52 26 05 A9 :.P3./'.`..@R&..
  0240: B6 E8 F4 73 1A B0 E9 11 EF C3 23 D9 1D FB 02 03 ...s......#.....
  0250: 01 00 01 A3 76 30 74 30 11 06 09 60 86 48 01 86 ....v0t0...`.H..
  0260: F8 42 01 01 04 04 03 02 06 40 30 0E 06 03 55 1D [email protected].
  0270: 0F 01 01 FF 04 04 03 02 04 F0 30 1F 06 03 55 1D ..........0...U.
  0280: 23 04 18 30 16 80 14 61 03 42 D0 1B 10 56 EE 2E #..0...a.B...V..
  0290: F1 24 61 D5 25 B3 31 03 27 85 AA 30 2E 06 03 55 .$a.%.1.'..0...U
  02A0: 1D 11 04 27 30 25 81 23 63 6F 73 6C 74 65 6D 70 ...'0%.#cosltemp
  02B0: 2E 6A 61 79 61 70 72 61 6B 61 73 68 40 6F 72 62 .jayaprakash@orb
  02C0: 69 74 65 63 68 2E 63 6F 2E 69 6E 30 0D 06 09 2A itech.co.in0...*
  02D0: 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 39 C0 .H............9.
  02E0: C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 51 AF .94*RlGH......Q.
  02F0: DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 E9 94 .CT.4...bp.%....
  0300: EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 32 28 .....(..b.4..d2(
  0310: 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 94 6D Z.N......$-(...m
  0320: F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 9F F1 ...4.cp.M8y.....
  0330: C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A 7C EE .h........0.....
  0340: 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D D9 B2 .2.^.Y.<....5...
  0350: F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F 00 03 ........`.".._..
  0360: 22 30 82 03 1E 30 82 02 87 A0 03 02 01 02 02 01 "0...0..........
  0370: 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 .0...*.H........
  0380: 30 81 98 31 0B 30 09 06 03 55 04 06 13 02 49 6E 0..1.0...U....In
  0390: 31 14 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 1.0...U....Mahar
  03A0: 61 73 68 74 72 61 31 18 30 16 06 03 55 04 07 13 ashtra1.0...U...
  03B0: 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 45 50 5A .Andheri / SEEPZ
  03C0: 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 62 69 74 1#0!..U....Orbit
  03D0: 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 20 4C 69 ech Solutions Li
  03E0: 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 0B 13 04 mited1.0...U....
  03F0: 51 50 45 47 31 25 30 23 06 03 55 04 03 13 1C 4F QPEG1%0#..U....O
  0400: 72 62 69 74 65 63 68 20 43 65 72 74 69 66 69 63 rbitech Certific
  0410: 61 74 65 20 4D 61 6E 61 67 65 72 30 1E 17 0D 30 ate Manager0...0
  0420: 32 30 37 31 38 31 39 30 30 30 30 5A 17 0D 32 38 20718190000Z..28
  0430: 30 37 31 38 31 39 30 30 30 30 5A 30 81 98 31 0B 0718190000Z0..1.
  0440: 30 09 06 03 55 04 06 13 02 49 6E 31 14 30 12 06 0...U....In1.0..
  0450: 03 55 04 08 13 0B 4D 61 68 61 72 61 73 68 74 72 .U....Maharashtr
  0460: 61 31 18 30 16 06 03 55 04 07 13 0F 41 6E 64 68 a1.0...U....Andh
  0470: 65 72 69 20 2F 20 53 45 45 50 5A 31 23 30 21 06 eri / SEEPZ1#0!.
  0480: 03 55 04 0A 13 1A 4F 72 62 69 74 65 63 68 20 53 .U....Orbitech S
  0490: 6F 6C 75 74 69 6F 6E 73 20 4C 69 6D 69 74 65 64 olutions Limited
  04A0: 31 0D 30 0B 06 03 55 04 0B 13 04 51 50 45 47 31 1.0...U....QPEG1
  04B0: 25 30 23 06 03 55 04 03 13 1C 4F 72 62 69 74 65 %0#..U....Orbite
  04C0: 63 68 20 43 65 72 74 69 66 69 63 61 74 65 20 4D ch Certificate M
  04D0: 61 6E 61 67 65 72 30 81 9F 30 0D 06 09 2A 86 48 anager0..0...*.H
  04E0: 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 ............0...
  04F0: 81 81 00 DC 3A 63 36 00 7B F1 7C C4 C0 6B 52 1F ....:c6......kR.
  0500: 4B 71 46 28 3E C0 C3 B9 0B E9 FB 2D CA 7F E3 90 KqF(>......-....
  0510: 84 60 60 C3 3B C3 B1 0F 9F CF 5C 3B 6E 3C C4 6D .``.;.....\;n<.m
  0520: BD 11 12 9F A5 A7 FE EE 1A 4C 67 9E D7 BE 1B 1E .........Lg.....
  0530: 1C C5 5A 0F 42 B1 4A 88 CA 49 13 02 0F 3F 79 EE ..Z.B.J..I...?y.
  0540: A2 86 4D 88 3D 98 48 30 2E AB A4 D1 6B 9B 95 39 ..M.=.H0....k..9
  0550: 81 03 CA 1C 7D 14 8E EB 9D CB 09 C5 BD 50 58 A0 .............PX.
  0560: 52 81 5C DD E9 09 EC BD 83 05 24 10 73 68 A5 5A R.\.......$.sh.Z
  0570: 44 4B 09 02 03 01 00 01 A3 76 30 74 30 11 06 09 DK.......v0t0...
  0580: 60 86 48 01 86 F8 42 01 01 04 04 03 02 00 D7 30 `.H...B........0
  0590: 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF ...U.......0....
  05A0: 30 1D 06 03 55 1D 0E 04 16 04 14 61 03 42 D0 1B 0...U......a.B..
  05B0: 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA 30 .V...$a.%.1.'..0
  05C0: 1F 06 03 55 1D 23 04 18 30 16 80 14 61 03 42 D0 ...U.#..0...a.B.
  05D0: 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA ..V...$a.%.1.'..
  05E0: 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 86 0...U...........
  05F0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
  0600: 81 81 00 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 ..........EL....
  0610: 86 B9 37 BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D ..7.;O..].;p5...
  0620: 54 B7 89 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B T..[J2..aZ...$..
  0630: F4 23 40 D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 .#@.M.Sz.NN...:W
  0640: EF 43 02 C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 .C..........t%S.
  0650: 7B 38 2F 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D .8/\..p..._..<U-
  0660: FF 2A FB 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA .*....*....]_6..
  0670: 57 EF 74 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 W.t...R...h..N..
  0680: A2 0C 7F 0D 00 01 27 02 01 02 01 22 00 83 30 81 ......'...."..0.
  0690: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
  06A0: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
  06B0: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
  06C0: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
  06D0: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
  06E0: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
  06F0: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
  0700: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
  0710: 41 00 9B 30 81 98 31 0B 30 09 06 03 55 04 06 13 A..0..1.0...U...
  0720: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
  0730: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
  0740: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
  0750: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
  0760: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
  0770: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
  0780: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
  0790: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
  07A0: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 0E 00 ficate Manager..
  07B0: 00 00 ..
  Thread-1, WRITE: TLSv1 Handshake, length = 1970
  Thread-1, READ: TLSv1 Handshake, length = 1727
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
  Validity: [From: Fri Sep 27 12:36:25 IST 2002,
                 To: Sat Sep 27 12:36:25 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    10]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
  0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
  0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
  0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
  0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
  0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
  0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
  0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
  chain [1] = [
  Version: V3
  Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
  Validity: [From: Fri Jul 19 00:30:00 IST 2002,
                 To: Wed Jul 19 00:30:00 IST 2028]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    01]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL client
  SSL server
  Object Signing
  SSL CA
  S/MIME CA
  Object Signing CA]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  [5]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
  0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
  0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
  0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
  0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
  0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
  0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
  0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
  failed extension check: [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
  Validity: [From: Fri Sep 27 12:36:25 IST 2002,
                 To: Sat Sep 27 12:36:25 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    10]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
  0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
  0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
  0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
  0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
  0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
  0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
  0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
  ext exception was: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
  Thread-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown
  Thread-1, WRITE: TLSv1 Alert, length = 2
  Thread-1, called closeSocket()
  Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape
  CertType extension for SSL client
  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL cli
  ent
  at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

  I'm having a related problem. It only occurs on the 1.4.1 version of the JRE. The 1.4.0 works fine. I've created my own custom socket for an RMI server that uses SSL to encrypt any data being sent. I have a valid certificate that works fine to encrypt data from my web server. The client gets the same exception that was posted above. Here is the stack trace on the client's machine if they are running the 1.4.1 JRE:
  java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
       javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
       at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
       at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
       at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
       at com.msfw.imageserver.RMIServer_Stub.processRequest(Unknown Source)
       at com.msfw.business.Server.rmiQuery(Server.java:389)
       at com.msfw.business.Server.callServer(Server.java:540)
       at com.msfw.business.Server.callServer(Server.java:523)
       at com.msfw.business.Server.callServer(Server.java:518)
       at com.msfw.business.Server.callServer(Server.java:572)
       at com.msfw.business.Server.callServer(Server.java:578)
       at com.msfw.idwebview.IdViewApplet.callServer(IdViewApplet.java:6058)
       at com.msfw.idwebview.IdViewApplet.appletRun(IdViewApplet.java:889)
       at com.msfw.idwebview.IdViewApplet.start(IdViewApplet.java:1177)
       at com.msfw.splash.SplashApplet.init(SplashApplet.java:101)
       at sun.applet.AppletPanel.run(AppletPanel.java:347)
       at java.lang.Thread.run(Thread.java:536)
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
       at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
       at java.io.DataOutputStream.flush(DataOutputStream.java:101)
       at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
       ... 15 more
  Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
       at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
       ... 26 more
  I also created my own homemade certificate and get the same results. Like I said before, the 1.4.0 JRE doesn't do this so it seems to be a new bug in the 1.4.1. Does anyone know how to get around this or what is causing this problem? Thanks.

• Need help with Apache self signed client certificates.

  At work we use PHPmyadmin to administer our central MySQL database.
  In order to access PHPmyadmin we use self signed ssl client certificates, for our developers, so that you can only access phpmyadmin if you have a valid client certificate installed in your browser.
  The ssl certificate on the webserver hosting phpmyadmin has expired now and I would like to extend it, preferrably without having to re-genereate client certificates for all users.
  I'm a bit confused to the approach. Most howtos I've found deal with extending a webserver certificate. but it really just looks like they generate a new one.
  Can anyone help me out with how best to approach this.
  Do I simply generate a new Apache Server certificate and then use this to re-sign the existing client certificates?

  As the SOAP servlet says: "Sorry, I don't speak via HTTP GET- you have to use HTTP POST to talk to me.", you must use the HTTP POST method and not the GET method to use SOAP.
  Use setRequestMethod("POST") of class HttpURLConnection to make your HTTP connection use the POST method.
  (I didn't look at all your code).
  Jesper

• Help required with ADFS 3.0 client certificate authentication

  Hi,
  I am currently working on integrating ADFS 3.o for Single Sign On to some 3rd party services along with PKI solution. The basic requirement is that I should be able to choose client authentication certificate as an authentication method in ADFS and then
  federate user credentials to 3rd party trust for single-sign-on.
  I had done this successfully with ADFS 2.0 and that setup is working fine. I have the setup as ADFS 3.0 client authentication method enabled. When I open browser to logon, the ADFS 3.0 page displays a message as "Select a certificate that you want to
  use for authentication. If you cancel the operation, please close your browser and try again." but the certificates are not displayed for selection.
  The certificates are valid and have valid chaining to CA. Could someone help me resolve this issue?
  Thanks!
  -Chinmaya Karve

  Hi Yan,
  Thanks for your response. I have gone through the posts that you have suggested, and my setup looks pretty much as expected.
  So, as I mentioned earlier, I have 2 parallel setups with 3rd party service(SalesForce). Once of them is running ADFS 2.0 and another one has ADFS 3.0. I can logon to the third-party services, from both the setups using username/format. I can logon to SF
  using client authentication certificate from ADFS 2.0 setup, but from the same client machine, when I try to logon SF via ADFS 3.0, the browser just does not pick up any certificate. The page just shows message of "Select a certificate that you want to use
  for authentication. If you cancel the operation, please close your browser and try again.".
  I have checked the browser, and it has the right certificates. Also, the same browser/machine is used to logon to SF through ADFS 2.0 via client certificate, which works just fine !
  I am really confused now, as to whose issue this really is...
  Just to confirm, I am using Certificate Authentication from ADFS 3.0 Authentication Methods for both Intranet and Extranet.
  Any suggestion or inputs where I could have gone wrong in the setup?
  Thanks!

• Can't connect to OID using SSL (handshake failed NZerr 29039)

  Hi!
  I'm trying to set up OID running on Windows Server 2003 for testing purposes.
  I have downloaded the files as_windows_x86_oim_oif_101401_disk(1/2) and installed Oracle Internet Directory only.
  I'm able to connect using standard clear text and using Oracle Directory Manager.
  I have followed the instructions on this page (chapter 17):
  [http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/ssl.htm]
  Using Oracle Wallet Manager I have generated a certificate request with the key size of 2048.
  I'm unsure what I was supposed to enter into the subject name of the request so I entered just "oid_idm", it looks like this now: "CN=oid_idm,C=US".
  I then used my Novell eDirectory CA to sign the request and to generate the certificate. I exported the CA certificate from eDirectory and imported it into the wallet, it's listed under Trusted Certificates as "META-TREE", I then imported my signed certificate into the wallet and it says Certificate:Ready now.
  The wallet is saved into C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETS.
  Auto Login is enabled.
  Using Directory Manager I right-clicked Configuration Set1 and selected "Create Like"
  I configured the new set to listen on non-SSL port 1389 and SSL port 1636,
  SSL Authentication: No SSL Authentication
  SSL Enable: SSL only
  SSL Wallet URL: file:C:\Documents and Settings\Administrator.DC-1\ORACLE\WALLETSSSL Port: 1636
  Then I changed the OracleServiceORCL
  to run as Administrator. Restarted the server, started the new instance (2).
  Using this command on the OID server I can connect:
  ldapsearch -D cn=orcladmin -w secret -U 1 -h 192.168.0.101 -p 1636 -b dc=lab -s base "objectclass=*"
  Trying to connect from my Linux server using it's own ldapsearch it doesn't work, I get the error: ldap_bind: Can't contact LDAP server
  Trying to connect using Apache Directory Studio or LDAP Browser\Editor also doesn't work (SSL connection).
  I can see the following in the log no matter which of the tree tools above I try to use:
  2008/10/12:13:01:09 * SSLthread:19 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed Source address: 192.168.0.15(WINDESK)
  * (NZerr 29039)
  Any ideas what I can do to solve this issue?
  Thanks!

  If you are using openldap commands in your linux machine, you can get some issues with OID. Try with oracle ldap client command if you have it installed in your linux machine. Also try to use a ldapbrowser java client to confirm that your installation is fine it is the better choice to test your environment from remote machines.

• Simple SSL test: failing with "The certificate is not trusted ..."

  WebLogic 10.3.4 on Win7.
  I created a new domain and enabled SSL,with listen ports 7001 and 7002 for http and https respectively.
  I deployed a trivial webapp whose main page runs in http, but it opens an iframe with https for a different page in the app.
  I loaded the main page, but the iframe fails to load, giving the following error:
  The certificate is not trusted because no issuer chain was provided.
  (Error code: sec_error_unknown_issuer)
  What is the easiest path to get this working?

  Hi David,
  I dont think that the Demo Certificate shall cause the issue.You can enable the SSL debug in weblogic and check what exactly is wrong,while loading the iframe window.
  Error code: sec_error_unknown_issuer
  Moreover,you can try to add the root certificate to your IE browser and check it
  Tools -> Internet options -> content ->Certificates ->
  After your import,You can verify the same by checking it from the list and then verify by accessing it again