SSL handshake failure
Hi,
I have to establish the connection from SAP WebAS to an Apache server via HTTPS. The Apache authentication is based on client certificates. But I'm still unable to establish a connection. Everything runs fine via HTTPS if client certificate authentication is disabled on Apache (anonymous access). But as soon as client authentication is enabled, the icm log displays the following failure:
[Thr 1800] *** ERROR during SecudeSSL_Read() from SSL_read()==SSL_ERROR_SSL
[Thr 1800] session uses PSE file "/usr/sap/E3T/DVEBMGS00/sec/SAPSSLC.pse";;
[Thr 1800] SecudeSSL_Read: SSL_read() failed --
secude_error 536872195 (0x20000503) = "handshake failure"
[Thr 1800] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 1800] ERROR in ssl3_read_bytes: (536872195/0x20000503) handshake failure
WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSLv3 handshake failure alert message from the peer
[Thr 1800] << ---------- End of Secude-SSL Errorstack ----------
[Thr 1800] <<- ERROR: SapSSLRead(sssl_hdl=0x115f8a310)==SSSLERR_SSL_READ
[Thr 1800] ->> SapSSLErrorName(rc=-58)
[Thr 1800] <<- SapSSLErrorName()==SSSLERR_SSL_READ
[Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): SapSSLRead returned (-58): SSSLERR_SSL_READ [icxxthrio_mt 2539]
[Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): read failed (rc = -1) [icxxthrio_mt 2611]
[Thr 1800] *** ERROR => IcmHandleNetRead(id=3/1967): IcmReadFromConn failed (rc = -1) [icxxthrio_mt 1304]
In the Apache logs, it seems that SAP is not sending a client certificate. So Apache closes the connection. Do you have an idea how I can make SAP WebAS send the certificate ?
Thanks in advance
Christan
Hi,
>Because the third line in your log says that no PSE could be found?
I'm not sure of that.
Here is an extract of the log of an ICM starting without a client certificate in STRUST
[Thr 4392] = secudessl_Create_SSL_CTX(): PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLC.pse" not found,
[Thr 4392] = using PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLS.pse" as fallback
[Thr 4392] ******** Warning ********
[Thr 4392] *** No SSL-client PSE "SAPSSLC.pse" available
[Thr 4392] *** this will probably limit SSL-client side connectivity
[Thr 4392] ********
[Thr 4392] = Success SapCryptoLib SSL ready!
Here is an extract of the log of an ICM starting with a client certificate in STRUST.
[Thr 9208] =================================================
[Thr 9208] = SSL Initialization on PC with Windows NT
[Thr 9208] = (700_REL,Mar 19 2007,mt,ascii,SAP_UC/size_t/void* = 16/64/64)
[Thr 9208] SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
resulting Filename = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
[Thr 9208] = found SAPCRYPTOLIB 5.5.5C pl17 (Aug 18 2005) MT-safe
[Thr 9208] = current UserID: BT0D0000\SAPServiceDXI
[Thr 9208] = found SECUDIR environment variable
[Thr 9208] = using SECUDIR=I:\usr\sap\DXI\DVEBMGS68\sec
[Thr 9208] = Success SapCryptoLib SSL ready!
Christian,
Could you restart the ICM and check the trace file to find out if you get the message about a missing SAPSSLC.pse ?
Regards,
Olivier
[Thr 9208] =================================================
Similar Messages
-
SSL Handshake Error in Android (ADF Mobile)
Hi Guys,
Now I am tried to using "https" Web service with my application, but seems show SSL handshake error specially in Android only, iOS is totally working.
Log from Android is
09-27 18:09:03.252: I/System.out(30444): [SEVERE - oracle.adfmf.framework - adf.mf.internal - logError] Request: {classname: oracle.adfmf.framework.api.Model; method: processBatchRequests; params: [0: false][1: [0: {classname: oracle.adfmf.framework.api.Model; method: evaluateMethodExpression; params: [0: #{bindings.AgentAuthenCDKey.execute}][1: [0: {.type: oracle.adfmf.amx.event.ActionEvent; }]][2: void][3: [0: oracle.adfmf.amx.event.ActionEvent]]; }]]; } exception: {message: SSL handshake failure; errorCode: 409; .type: oracle.adfmf.framework.exception.AdfInvocationRuntimeException; .exception: true; severity: ERROR; errorCategory: WEBSERVICE; }
How to solved this one ?
** If my android didn't connect to internet, it still show "SSL handshake error" too, that so weird !Hi,
Sorry to bump this, but I have the exact same problem. "SSL Handshake Error" when calling SSL enabled web services - works fine on iOS, but not on Android, which implies to me a problem with the framework rather than my certificate?
: D/CVM(985): [SEVERE - oracle.adfmf.framework - Utility - invoke] InvocationTargetException Error: ERROR [oracle.adfmf.framework.exception.AdfInvocationRuntimeException] - SSL handshake failure
I'm on JDeveloper 11.1.2.4, ADF Mobile Framework 11.1.2.4.39.64.51.
Are there any known issues with ADF Mobile/SSL on Android?
Any help is much appreciated.
Rich. -
Ssl handshake error when activating changes in admin console
An error occurred during activation of changes, please see the log for details.
[Deployer:149150]An IOException occurred while reading input.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
[Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
WLS 10.3 on Windows 2008: I configured one of my managed servers for SSL and I'm able to reach deployments via browser and the keystore/certificate chain I have setup. However, I'm getting the above error in Admin Console all over the place. I am unable to commit configuration changes without deleting the SSL managed server. The admin server is still HTTP via 7001. I'm not sure where to look to resolve this issue. Any ideas appreciated.It seems like you did not update the trust store of your AdminServer. It acts as a ssl client of your managed server and cannot verify its identity certificate.
-
IPlanet 6.0 - Enabling HTTP logging to debug SSL Handshake
Hello all,
We have a IPlanet 6.0 web server instance which receives secure HTTP requests from client systems. We are experiencing a SSL handshake failure. We have ensured that the correct certificates are installed at both ends.
A wireshark trace at the web server shows that the Client Hello was received successfully and a Server Hello was never sent. Our conjecture is that this could be because the cipher suites do not match. It could be extremely useful to us if we could enable appropriate levels of logging and/or add JVM options to log the HTTP/SSL handshake transactions.
Can someone help us with the additional logging? If there are questions that I can answer, please let me know.
Thanks,
Sourabh6.0 is EOL (dead). Please upgrade to 7.0.
I can answer SSL protocol questions as far as they apply to 7.0, but don't have any information about 6.0 specifically.
The JVM is not involved in SSL protocol handling. In general for diagnostics, always set the Web Server error log to verbose. That said in this case it probably won't help much, but can't hurt.
If the client hello is being silently ignored there is some higher level problem going on. Either the server has crashed or is hung or maybe it never received the client request or maybe its response was lost (a misbehaving firewall dropping packets, for example). This is not a case of merely having no common ciphersuite, the server would still have sent a failure response if it was able to do so.
It might not reveal much more than wireshark did, but first thing I'd try (after upgrading to 7.0 ;-), is run the connection attempt through ssltap and see what it reports. -
Write Channel Closed, possible SSL handshaking or trust failure
Hi,
I Have a problem while working with Two-way SSL. I get Write Channel Closed, possible
SSL handshaking or trust failure error while contacting the server for invoking
a webservice secured by SSL.
I could figure out that the error is happening on client side while validating
the server certificate.
One more observation that i was able to find is, it works fine if the Server certificate
and the client certificate are signed by the same (root) CA.
I tried various options but couldn't find my luck. The BEA documentation in this
regards is not at all sufficient.
If i give strict checking false on my client end, the application works fine.
But for my scenario i want strict checking to be happend (otherwise there is no
point in going for SSL itself).
I am using WLSSLAdapter on my client side. The client application is a standalone
java class running out of weblogic (ideally running on JRun).
The way i have coded in my java class is:
String certificatePath = "C:/Cerificates/cert.pem";
String caCertificatePath = "C:/Cerificates/clientca.pem";
String targetURL = "https://localhost:443/feedservice/FeedService";
//set weblogic ServiceFactory
System.setProperty( "javax.xml.rpc.ServiceFactory",
"weblogic.webservice.core.rpc.ServiceFactoryImpl" );
System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
adapter.setProtocolVersion("SSL3");
adapter.setStrictChecking(true);
adapter.setVerbose(true);
FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
String pwd = "password";
System.out.println("Loding Certificate from ........"+certificatePath);
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
System.out.println("Loding CA Certificate from ........"+caCertificatePath);
adapter.setTrustedCertificatesFile(caCertificatePath);
// optionally set the Adapter factory to use this instance always.
sslFactory.setDefaultAdapter(adapter);
sslFactory.setUseDefaultAdapter(true);
// Webservice invocation code..
call.setTargetEndpointAddress(targetURL);
call.setProperty("weblogic.webservice.client.ssladapter",adapter);
Object result = call.invoke(new Object[]{"test.xml"});
The error that i get :
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Exception in handler's handleRequest().
Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write Channel
Closed, possible SSL handshaking or trust fail
ure
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...The signature validation failure means your trusted CA certificate is not the issuer
of the identity certificate. The identity certificate issuer name can match to
the trusted CA certificate name, but the signature check really determines whether
it is the issuer.
Pavel.
"Chandra Sekhar Rao" <[email protected]> wrote:
>
Hi payal,
I have the issuer of the server identity certificate in the trust file
on client
side. The problem is with signature validation
"Pavel" <[email protected]> wrote:
It looks like your client does not trust the server certificate. Make
sure the
certificate you pass in adapter.setTrustedCertificatesFile(caCertificatePath);
is the issuer of the server's identity certificate.
Pavel.
"Chandra Sekhar Rao" <[email protected]> wrote:
Hi,
I Have a problem while working with Two-way SSL. I get Write Channel
Closed, possible
SSL handshaking or trust failure error while contacting the server
for
invoking
a webservice secured by SSL.
I could figure out that the error is happening on client side whilevalidating
the server certificate.
One more observation that i was able to find is, it works fine if the
Server certificate
and the client certificate are signed by the same (root) CA.
I tried various options but couldn't find my luck. The BEA documentation
in this
regards is not at all sufficient.
If i give strict checking false on my client end, the application works
fine.
But for my scenario i want strict checking to be happend (otherwisethere
is no
point in going for SSL itself).
I am using WLSSLAdapter on my client side. The client application is
a standalone
java class running out of weblogic (ideally running on JRun).
The way i have coded in my java class is:
String certificatePath = "C:/Cerificates/cert.pem";
String caCertificatePath = "C:/Cerificates/clientca.pem";
String targetURL = "https://localhost:443/feedservice/FeedService";
//set weblogic ServiceFactory
System.setProperty( "javax.xml.rpc.ServiceFactory",
"weblogic.webservice.core.rpc.ServiceFactoryImpl" );
System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
adapter.setProtocolVersion("SSL3");
adapter.setStrictChecking(true);
adapter.setVerbose(true);
FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
String pwd = "password";
System.out.println("Loding Certificate from ........"+certificatePath);
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
System.out.println("Loding CA Certificate from ........"+caCertificatePath);
adapter.setTrustedCertificatesFile(caCertificatePath);
// optionally set the Adapter factory to use this instance always.
sslFactory.setDefaultAdapter(adapter);
sslFactory.setUseDefaultAdapter(true);
// Webservice invocation code..
call.setTargetEndpointAddress(targetURL);
call.setProperty("weblogic.webservice.client.ssladapter",adapter);
Object result = call.invoke(new Object[]{"test.xml"});
The error that i get :
java.io.IOException: Write Channel Closed, possible SSL handshakingor
trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Exception in handler's handleRequest().
Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write
Channel
Closed, possible SSL handshaking or trust fail
ure
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Can someone give the working phone number of ....BEA CUSTOMER SUPPORT... -
Possible SSL handshaking or trust failure in WLS 7.0
hi,
i have set Server Certificate File Name to democert.pem, Server Key File Name
to demokey.pem, and Server Certificate Chain File Name to ca.pem, using the demo
certificate. when running the client, i use -Dweblogic.webservice.client.ssl.strictcertchecking=false
from the cmd. still getting exception:
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source) ...
i believe it no longer can be the wrong server name in the certificate, so it
must be the trusted CA's list. i cannot find any corresponding file though. what
should i be using for the Trusted CA File Name? i can access the webservices home
page by browser as well as the wsdl file, but once i try using the web service
methods, i get the same error through browser and with a soap client.
any ides?Taime
add this setting also to start you Weblogic - Server - Instance include the strictcert
- setting. Then you can use your webservice from a http - client. I do it the
same way.
Regards
"taime giamzone" <[email protected]> wrote:
>
thanks markus,
now i can use the service through a java client! weird enough, by browser,
i still
get the same exception. has somebody succeeded in using a secure web
service by
browser?
"Markus Gasser" <[email protected]> wrote:
Hi Claudia , Hi Taime
I had the same problem. It was a hard way to find out. Here's the solution
Add -Dtrustedfile=<your path>\trusted.crt
to the vm parameters starting your wls - server or client.
The problem is, that WLS 7 expects a trusted ceritficate and the demo
certificate
isn't trusted.
You will find the trusted.crt normally in the domain directory
Markus
"Claudia" <[email protected]> wrote:
Hi,
I have the same problem. I followed the instructions from the Configuring
Security
side, but it doesn't work.
I tried to test the WebService with the default web page generated
from
weblogic
and there I figured out, that I have to enter the default realm password.
I supposed
that would be the password I use to start the server, but it wasn't.
Still I haven't
guessed the password.
The security works too goog ;-)
Please help.
Claudia -
AS2 using HTTPS - Handshake failure # null
Hello,
I have scenario IDoc - PI - AS2 using HTTPS.
when i am trying to send data it is giving me "Handshake Failure" error.
I have check certificate and configuration properly.
Parnter is saying "your client doesnu2019t sent the requested client certificate"
following are traces:
20120102 061927 011 SECS I SES_INIT (83903899) Netprof : NP_AS2_CERT_Sender_TEST selected [src_addr="---Hostname/port"] [dest_addr="hostname/port"]
20120102 061927 013 SECS I SES_INIT (83903899) Server TLS Security Profile : TLS_AS2_SRV_CERT_Port selected
20120102 061927 103 NET I CONN_RESP (17809) incoming connection response [resp_add=""]
20120102 061929 030 SECS I C_BUILD (83903899) Server Certificate sent: Receiver_Partner
20120102 061929 030 SECS I C_BUILD (83903899) Server Certificate sent: VeriSign Class 3 International
20120102 061929 030 SECS I C_BUILD (83903899) Server Certificate sent: VeriSign Class 3 Public Primary
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KRAFT Root Prod CA
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KRAFT Root Test CA
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KnorrPrandel (SIGN) New
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KnorrPrandel (SSL) New
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 MarkantSyntradeRoot
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 ProcterGambleProd
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: D-TRUST Root Class 2 CA 2007
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: Entrust.net CA
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: EquifaxSecure(4Bacardi)
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: Sender RootCA (Sender)
20120102 061929 053 NET W TLSALSND (17809) alert 40 sent (handshake failure)
20120102 061929 105 NET I DISC_REQ (17809) disconnection request [reason="0"]
Please suggest.
//ManishaHello,
have u downloaded the certificate from the vendor url and uploaded in STRUST.
have u restarted ICM through SMICM. did connection test in SM 59 ? what is the response ???
Regards,
Phani -
Node Manager unable to start managed Server. SSL Handshake problem
I am getting the following Error:
weblogic.nodemanager.NodeManagerException: [Could not execute command start for server wecarebeadev via the Node Manager - reason: [CommandInvoker: Failed to send command: 'online to server 'wecarebeadev' to NodeManager at host: 'localhost:5555' with exception Write Channel Closed, possible SSL handshaking or trust failure. Please ensure that the NodeManager is active on the target machine].]
I have Weblogic Server 7.0 SP1 with Admin and Managed Server running on the same physical machine as Windows Services.
SSL port has been setup properly for Managed Server. Host Name Verification Ignored is checked for MS.Hi Ajay,
This happens when the SSL communication between the admin and the node
manager fails. The SSL configuration of the admin server or the node
manager is the problem.
cheers,
gaurav.
On 30 Jun 2003 12:19:49 -0700, Ajay Kulkarni <[email protected]> wrote:
I am getting the following Error:
weblogic.nodemanager.NodeManagerException: [Could not execute command
start for server wecarebeadev via the Node Manager - reason:
[CommandInvoker: Failed to send command: 'online to server 'wecarebeadev'
to NodeManager at host: 'localhost:5555' with exception Write Channel
Closed, possible SSL handshaking or trust failure. Please ensure that the
NodeManager is active on the target machine].]
I have Weblogic Server 7.0 SP1 with Admin and Managed Server running on
the same physical machine as Windows Services.
SSL port has been setup properly for Managed Server. Host Name
Verification Ignored is checked for MS.
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ -
Erro SOAP Receiver: handshake failure
Pessoal, boa tarde.
Tenho um Canal de Comunicação SOAP Receiver, com autenticação por usuário e senha.
Ao enviar a requisição para o Channel, é gerado o seguinte erro:
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Category>XIAdapterFramework</SAP:Category>
<SAP:Code area="MESSAGE">GENERAL</SAP:Code>
<SAP:P1 />
<SAP:P2 />
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.RecoverableException: Peer sent alert: Alert Fatal: handshake failure: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure</SAP:AdditionalText>
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack />
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
mencionando problema de handshake.
No log Java, encontrei as seguintes mensagens:
p.aii.af.soapadapter#co
ssl_debug(6603): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(6603): Received v3 server_hello handshake message.
ssl_debug(6603): Server selected SSL version 3.1.
ssl_debug(6603): Server created new session CA:23:B4:0E:C7:16:0A:8F...
ssl_debug(6603): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(6603): CompressionMethod selected by server: NULL
ssl_debug(6603): Received certificate handshake message with server certificate.
ssl_debug(6603): Server sent a 1024 bit RSA certificate, chain has 1 elements.
ssl_debug(6603): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(6603): Received server_hello_done handshake message.
ssl_debug(6603): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(6603): Sending change_cipher_spec message...
ssl_debug(6603): Sending finished message...
ssl_debug(6603): Received alert message: Alert Fatal: handshake failure
ssl_debug(6603): SSLException while handshaking: Peer sent alert: Alert Fatal: handshake failure
ssl_debug(6603): Shutting down SSL layer...
Alguém já viu este erro e teria alguma informação a respeito?
Desde já agradeço.
Pedro BaroniCarlos,
Em nosso cenário não utilizamos Certificado, porém em contato com o Fornecedor dos WebServices, identificamos o problema na aplicação dele, pois haviam configurado para somente aceitar conexões com Certificado. Porém o problema já foi corrigido na aplicação dele e a Interface voltou a funcionar.
Obrigado. -
Hello everyone
here iam struggling with a problem, of handshake failure. the synoptical story is
1. I am developing a java client to connect a payware merchant server at a port 3443 through SSL, with package JSSE from JDK1.4.1 on windows 2000 using socket API.
2. I got the two server certificates namely ca.pem and client.pem. I feel these are server's public key and CA key. Is it right? I have to keep these certificates in the client's keystore. Here itself, i feel the problem is. How to create a keystore for adding these certificates at client's machine using keytool.
a) If i create using "keytool -genkey" and there after, i try
to add above certificates, i am getting the exceptions,
and not adding these certificates.
3. here i don't want to have client side certificates, i.e one way handshaking, or in otherwards, it is server authentication only.
4. after this process i am using below code and trying to contact, iam getting the handshake failure exception, why I unable to resolve this.
the code i am using:
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.net.ssl.*;
import java.security.cert.X509Certificate;
import java.security.cert.*;
import java.security.KeyStore;
* This example demostrates how to use a SSLSocket as client to
* send a request through SSL socket and get response from a server developed
* in C++. Communication through the SSL layers.
* It assumes that the client is not behind a firewall
public class TestSocketClient {
public static void main(String[] args) throws Exception {
try {
// System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
// java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.debug","SSL");
System.setProperty("javax.net.ssl.TrustStore","testkeys");
System.setProperty("javax.net.ssl.TrustStorePassword","passphrase");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
KeyStore ks = KeyStore.getInstance("JKS");
char[] pass = "passphrase".toCharArray();
ks.load(new FileInputStream("testkeys"),pass);
kmf.init(ks,pass);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
X509TrustManager xtm =new MyX509TrustManager();
TrustManager[] tm = {xtm};
tmf.init(ks);
SSLContext context = SSLContext.getInstance("SSL");
java.security.SecureRandom sr = new java.security.SecureRandom();
context.init(kmf.getKeyManagers(),tm,sr);
SSLSocketFactory sslfactory = context.getSocketFactory();
/* SSLSocketFactory factory =
(SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket =
(SSLSocket)sslfactory.createSocket("10.0.0.20",3443);
// socket.setNeedClientAuth(true);
String[] protocols = {"SSLv3","TLSv1"};
socket.setEnabledProtocols(protocols);
// socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
OutputStream os;
System.out.println("socket is created.");
* send http request
* Before any application data is sent or received, the
* SSL socket will do SSL handshaking first to set up
* the security attributes.
* SSL handshaking can be initiated by either flushing data
* down the pipe, or by starting the handshaking by hand.
* Handshaking is started manually in this example because
* PrintWriter catches all IOExceptions (including
* SSLExceptions), sets an internal error flag, and then
* returns without rethrowing the exception.
* Unfortunately, this means any error messages are lost,
* which caused lots of confusion for others using this
* code. The only way to tell there was an error is to call
* PrintWriter.checkError().
System.out.println(" just before handshake ");
// socket.setNeedClientAuth(false);
// socket.startHandshake();
// System.out.println(" Hand shake is completed ");
PrintWriter out = new PrintWriter(
socket.getOutputStream());
System.out.println(" print writer object is created ");
String s="GET http://www.verisign.com/index.html HTTP/1.1";
byte[] b1=s.getBytes("ISO-8859-1");
// out.println("GET http://www.verisign.com/index.html HTTP/1.1");
// os.write(b1);
out.print(b1);
System.out.println(" print is created ");
out.flush();
BufferedReader in = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));
String inputLine=null;
System.out.println("The input line is: "+inputLine);
while ((inputLine = in.readLine()) != null) {
System.out.println("Received messages from here.");
System.out.println(inputLine);
// out.close();
System.out.println(" output is trying to flushing the data ");
* Make sure there were no surprises
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");
/* read response */
in.close();
out.close();
socket.close();
} catch (Exception e) {
System.out.println(" the exception is "+e);
e.printStackTrace();
System.exit(0);
debugging information:
---------- Run the application ----------
found key for : duke
chain [0] = [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [ 3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V1
Subject: ST=Dublin, L=Leopardstown, OU=Banking Support, O=Trintech Technologies, CN=trintech.com, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@749757
Validity: [From: Fri Aug 23 13:05:43 GMT+03:00 2002,
To: Sun Sep 22 13:05:43 GMT+03:00 2002]
Issuer: CN=TEST RSA CERTIFICATION AUTHORITY - FOR INTERNAL TESTING PURPOSES ONLY - NO LIABILITY, OU=Banking Division, O=Trintech Technologies Ltd, L=Dublin, ST=County Dublin, C=IE
SerialNumber: [ f0]
Algorithm: [MD5withRSA]
Signature:
0000: 7F 7A 9C F6 9D 6D AF AF 2D D4 4F 92 39 4E 95 9B .z...m..-.O.9N..
0010: 2C 50 76 59 BB E1 27 02 86 DC DB 72 99 7C 97 11 ,PvY..'....r....
0020: 11 36 97 F3 53 E0 68 DB A9 98 B7 94 EF 17 6D 91 .6..S.h.......m.
0030: 81 14 FE B6 33 7C 60 CA 13 12 13 EB 75 E7 23 0C ....3.`.....u.#.
0040: A5 AB 6D F5 0B A2 DA B6 12 DD 48 43 4C AC 80 79 ..m.......HCL..y
0050: 7F EF 98 E7 5A 67 D5 20 C8 91 C2 32 10 F4 F8 02 ....Zg. ...2....
0060: B8 44 45 AC 45 24 57 12 60 12 03 6F 9C 50 CB D4 .DE.E$W.`..o.P..
0070: 8F C5 E5 FB AE 44 0B BC D1 F3 A8 EE 78 64 C0 CF .....D......xd..
adding private entry as trusted cert: [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [ 3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@dfafd1
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
adding as trusted cert: [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a8c488
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
trigger seeding of SecureRandom
done seeding SecureRandom
socket is created.
just before handshake
print writer object is created
print is created
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 987413342 bytes = { 254, 80, 236, 112, 44, 177, 113, 24, 240, 17, 19, 124, 170, 193, 156, 242, 6, 94, 107, 49, 236, 18, 211, 50, 196, 36, 58, 91 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 3B DB BB 5E FE 50 EC 70 2C B1 ...7..;..^.P.p,.
0010: 71 18 F0 11 13 7C AA C1 9C F2 06 5E 6B 31 EC 12 q..........^k1..
0020: D3 32 C4 24 3A 5B 00 00 10 00 05 00 04 00 09 00 .2.$:[..........
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
main, READ: SSL v3.0 Handshake, length = 74
*** ServerHello, v3.0
RandomCookie: GMT: 1019049914 bytes = { 146, 60, 74, 221, 254, 223, 224, 218, 86, 64, 214, 127, 32, 0, 235, 238, 181, 210, 212, 218, 141, 38, 198, 142, 110, 175, 146, 113 }
Session ID: {1, 241, 227, 143, 175, 90, 192, 25, 155, 216, 173, 103, 159, 41, 90, 222, 86, 8, 76, 153, 122, 138, 88, 120, 112, 104, 65, 202, 147, 134, 163, 143}
Cipher Suite: { 0, 10 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
** SSL_RSA_WITH_3DES_EDE_CBC_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 00 3D BD 78 BA 92 3C 4A DD FE DF ...F..=.x..<J...
0010: E0 DA 56 40 D6 7F 20 00 EB EE B5 D2 D4 DA 8D 26 ..V@.. ........&
0020: C6 8E 6E AF 92 71 20 01 F1 E3 8F AF 5A C0 19 9B ..n..q .....Z...
0030: D8 AD 67 9F 29 5A DE 56 08 4C 99 7A 8A 58 78 70 ..g.)Z.V.L.z.Xxp
0040: 68 41 CA 93 86 A3 8F 00 0A 00 hA........
main, READ: SSL v3.0 Handshake, length = 1561
*** Certificate chain
chain [0] = [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d251a3
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
chain [1] = [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@edc073
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
[read] MD5 and SHA1 hashes: len = 1561
0000: 0B 00 06 15 00 06 12 00 02 F5 30 82 02 F1 30 82 ..........0...0.
0010: 02 5A A0 03 02 01 02 02 03 08 B1 FA 30 0D 06 09 .Z..........0...
0020: 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 C4 31 0B *.H........0..1.
0030: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0040: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0050: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0060: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0070: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0080: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0090: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
00A0: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
00B0: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00C0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00D0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00E0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00F0: 6F 6D 30 1E 17 0D 30 32 30 31 30 38 31 34 34 38 om0...0201081448
0100: 30 31 5A 17 0D 30 33 30 31 30 38 31 34 34 38 30 01Z..03010814480
0110: 31 5A 30 81 8E 31 0B 30 09 06 03 55 04 06 13 02 1Z0..1.0...U....
0120: 4B 57 31 17 30 15 06 03 55 04 03 13 0E 51 75 61 KW1.0...U....Qua
0130: 6C 69 74 79 6E 65 74 2E 6E 65 74 31 37 30 35 06 litynet.net1705.
0140: 03 55 04 0A 13 2E 51 75 61 6C 69 74 79 6E 65 74 .U....Qualitynet
0150: 20 47 65 6E 65 72 61 6C 20 54 72 61 64 69 6E 67 General Trading
0160: 20 61 6E 64 20 43 6F 6E 74 72 61 63 74 69 6E 67 and Contracting
0170: 20 43 6F 2E 31 0C 30 0A 06 03 55 04 0B 13 03 49 Co.1.0...U....I
0180: 53 50 31 0F 30 0D 06 03 55 04 07 13 06 4B 75 77 SP1.0...U....Kuw
0190: 61 69 74 31 0E 30 0C 06 03 55 04 08 13 05 53 61 ait1.0...U....Sa
01A0: 66 61 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D fat0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: B3 22 23 70 88 16 D8 60 DA A4 CF FF 87 57 54 69 ."#p...`.....WTi
01D0: 53 66 7F 92 A5 38 80 EB E4 AB 12 68 72 AF 91 28 Sf...8.....hr..(
01E0: 26 34 D6 E3 D4 F5 6C C2 69 A3 FF E6 DC 5F C9 A1 &4....l.i...._..
01F0: D9 57 22 45 DB 7F 48 6B 6A 10 8C 85 0D 73 C4 0D .W"E..Hkj....s..
0200: B8 18 5D 89 09 D6 D1 83 B6 1A CF 90 12 80 8B F0 ..].............
0210: 0D 9D CD CC C0 7A 92 86 22 AD A6 EC 4A 57 D5 A2 .....z.."...JW..
0220: 0C 27 C6 3D BC AC 34 6A 3F E6 EC 06 8C 59 8D 1A .'.=..4j?....Y..
0230: 5E 55 9C 28 9B D9 EA 33 B0 D2 82 3B C8 83 02 B5 ^U.(...3...;....
0240: 02 03 01 00 01 A3 25 30 23 30 13 06 03 55 1D 25 ......%0#0...U.%
0250: 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0C ..0...+.......0.
0260: 06 03 55 1D 13 01 01 FF 04 02 30 00 30 0D 06 09 ..U.......0.0...
0270: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 01 *.H.............
0280: 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE 0D &....ih1.Dl.$^..
0290: AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 74 ..'....P."..).0t
02A0: 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 63 8..$5....P..^..c
02B0: B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 F0 ...[..y(+.SJ].0.
02C0: 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 DC rS]=.1u.o...A...
02D0: 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 E6 ,d..ey..M.s.a>..
02E0: 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 56 N *.h...wR...N.V
02F0: 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D 00 ...._. .........
0300: 03 17 30 82 03 13 30 82 02 7C A0 03 02 01 02 02 ..0...0.........
0310: 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
0320: 00 30 81 C4 31 0B 30 09 06 03 55 04 06 13 02 5A .0..1.0...U....Z
0330: 41 31 15 30 13 06 03 55 04 08 13 0C 57 65 73 74 A1.0...U....West
0340: 65 72 6E 20 43 61 70 65 31 12 30 10 06 03 55 04 ern Cape1.0...U.
0350: 07 13 09 43 61 70 65 20 54 6F 77 6E 31 1D 30 1B ...Cape Town1.0.
0360: 06 03 55 04 0A 13 14 54 68 61 77 74 65 20 43 6F ..U....Thawte Co
0370: 6E 73 75 6C 74 69 6E 67 20 63 63 31 28 30 26 06 nsulting cc1(0&.
0380: 03 55 04 0B 13 1F 43 65 72 74 69 66 69 63 61 74 .U....Certificat
0390: 69 6F 6E 20 53 65 72 76 69 63 65 73 20 44 69 76 ion Services Div
03A0: 69 73 69 6F 6E 31 19 30 17 06 03 55 04 03 13 10 ision1.0...U....
03B0: 54 68 61 77 74 65 20 53 65 72 76 65 72 20 43 41 Thawte Server CA
03C0: 31 26 30 24 06 09 2A 86 48 86 F7 0D 01 09 01 16 1&0$..*.H.......
03D0: 17 73 65 72 76 65 72 2D 63 65 72 74 73 40 74 68 .server-certs@th
03E0: 61 77 74 65 2E 63 6F 6D 30 1E 17 0D 39 36 30 38 awte.com0...9608
03F0: 30 31 30 30 30 30 30 30 5A 17 0D 32 30 31 32 33 01000000Z..20123
0400: 31 32 33 35 39 35 39 5A 30 81 C4 31 0B 30 09 06 1235959Z0..1.0..
0410: 03 55 04 06 13 02 5A 41 31 15 30 13 06 03 55 04 .U....ZA1.0...U.
0420: 08 13 0C 57 65 73 74 65 72 6E 20 43 61 70 65 31 ...Western Cape1
0430: 12 30 10 06 03 55 04 07 13 09 43 61 70 65 20 54 .0...U....Cape T
0440: 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 14 54 68 own1.0...U....Th
0450: 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 6E 67 20 awte Consulting
0460: 63 63 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 cc1(0&..U....Cer
0470: 74 69 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 tification Servi
0480: 63 65 73 20 44 69 76 69 73 69 6F 6E 31 19 30 17 ces Division1.0.
0490: 06 03 55 04 03 13 10 54 68 61 77 74 65 20 53 65 ..U....Thawte Se
04A0: 72 76 65 72 20 43 41 31 26 30 24 06 09 2A 86 48 rver CA1&0$..*.H
04B0: 86 F7 0D 01 09 01 16 17 73 65 72 76 65 72 2D 63 ........server-c
04C0: 65 72 74 73 40 74 68 61 77 74 65 2E 63 6F 6D 30 [email protected]
04D0: 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 ..0...*.H.......
04E0: 00 03 81 8D 00 30 81 89 02 81 81 00 D3 A4 50 6E .....0........Pn
04F0: C8 FF 56 6B E6 CF 5D B6 EA 0C 68 75 47 A2 AA C2 ..Vk..]...huG...
0500: DA 84 25 FC A8 F4 47 51 DA 85 B5 20 74 94 86 1E ..%...GQ... t...
0510: 0F 75 C9 E9 08 61 F5 06 6D 30 6E 15 19 02 E9 52 .u...a..m0n....R
0520: C0 62 DB 4D 99 9E E2 6A 0C 44 38 CD FE BE E3 64 .b.M...j.D8....d
0530: 09 70 C5 FE B1 6B 29 B6 2F 49 C8 3B D4 27 04 25 .p...k)./I.;.'.%
0540: 10 97 2F E7 90 6D C0 28 42 99 D7 4C 43 DE C3 F5 ../..m.(B..LC...
0550: 21 6D 54 9F 5D C3 58 E1 C0 E4 D9 5B B0 B8 DC B4 !mT.].X....[....
0560: 7B DF 36 3A C2 B5 66 22 12 D6 87 0D 02 03 01 00 ..6:..f"........
0570: 01 A3 13 30 11 30 0F 06 03 55 1D 13 01 01 FF 04 ...0.0...U......
0580: 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D .0....0...*.H...
0590: 01 01 04 05 00 03 81 81 00 07 FA 4C 69 5C FB 95 ...........Li\..
05A0: CC 46 EE 85 83 4D 21 30 8E CA D9 A8 6F 49 1A E6 .F...M!0....oI..
05B0: DA 51 E3 60 70 6C 84 61 11 A1 1A C8 48 3E 59 43 .Q.`pl.a....H>YC
05C0: 7D 4F 95 3D A1 8B B7 0B 62 98 7A 75 8A DD 88 4E .O.=....b.zu...N
05D0: 4E 9E 40 DB A8 CC 32 74 B9 6F 0D C6 E3 B3 44 0B [email protected].
05E0: D9 8A 6F 9A 29 9B 99 18 28 3B D1 E3 40 28 9A 5A ..o.)...(;..@(.Z
05F0: 3C D5 B5 E7 20 1B 8B CA A4 AB 8D E9 51 D9 E2 4C <... .......Q..L
0600: 2C 59 A9 DA B9 B2 75 1B F6 42 F2 EF C7 F2 18 F9 ,Y....u..B......
0610: 89 BC A3 FF 8A 23 2E 70 47 .....#.pG
main, READ: SSL v3.0 Handshake, length = 210
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
[read] MD5 and SHA1 hashes: len = 210
0000: 0D 00 00 CE 02 01 02 00 C9 00 C7 30 81 C4 31 0B ...........0..1.
0010: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0020: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0030: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0040: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0050: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0060: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0070: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
0080: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
0090: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00A0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00B0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00C0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00D0: 6F 6D om
main, READ: SSL v3.0 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
main, SEND SSL v3.0 ALERT: warning, description = no_certificate
main, WRITE: SSL v3.0 Alert, length = 2
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.0
Random Secret: { 3, 0, 57, 228, 245, 13, 91, 181, 92, 129, 234, 123, 199, 2, 84, 156, 170, 175, 48, 221, 204, 142, 18, 177, 69, 95, 165, 11, 196, 105, 168, 66, 230, 117, 243, 61, 22, 60, 41, 203, 229, 232, 240, 78, 200, 114, 53, 56 }
[write] MD5 and SHA1 hashes: len = 132
0000: 10 00 00 80 78 F9 25 03 98 3E C5 F7 8D 63 17 F2 ....x.%..>...c..
0010: 5A 0F 3D 7C D1 DB 3C 88 69 A1 1F 0F A0 E0 54 AC Z.=...<.i.....T.
0020: 99 8D 4F EC C7 74 F2 BA 8E AD C3 A0 B4 91 E9 1C ..O..t..........
0030: 74 75 2F 89 26 7C 82 6A 70 1F 72 50 F0 07 41 38 tu/.&..jp.rP..A8
0040: 4B 5A 8A F2 DE 61 1A 9D 34 2A 1D 0C C1 9D EC CA KZ...a..4*......
0050: 27 D7 93 3E B1 17 4A 48 62 5E 47 DA 70 6B 10 A2 '..>..JHb^G.pk..
0060: 29 99 3D 17 93 0D B2 FB DF EB 5C 13 91 72 FB 6C ).=.......\..r.l
0070: AD 6D 4D 46 F7 B3 AB 02 76 61 F8 0E 03 7D 32 AF .mMF....va....2.
0080: 3A 53 64 B0 :Sd.
main, WRITE: SSL v3.0 Handshake, length = 132
SESSION KEYGEN:
PreMaster Secret:
0000: 03 00 39 E4 F5 0D 5B B5 5C 81 EA 7B C7 02 54 9C ..9...[.\.....T.
0010: AA AF 30 DD CC 8E 12 B1 45 5F A5 0B C4 69 A8 42 ..0.....E_...i.B
0020: E6 75 F3 3D 16 3C 29 CB E5 E8 F0 4E C8 72 35 38 .u.=.<)....N.r58
CONNECTION KEYGEN:
Client Nonce:
0000: 3B DB BB 5E FE 50 EC 70 2C B1 71 18 F0 11 13 7C ;..^.P.p,.q.....
0010: AA C1 9C F2 06 5E 6B 31 EC 12 D3 32 C4 24 3A 5B .....^k1...2.$:[
Server Nonce:
0000: 3D BD 78 BA 92 3C 4A DD FE DF E0 DA 56 40 D6 7F =.x..<J.....V@..
0010: 20 00 EB EE B5 D2 D4 DA 8D 26 C6 8E 6E AF 92 71 ........&..n..q
Master Secret:
0000: 85 D3 60 38 ED 28 6E 78 A3 1E 6D 6D AB 16 28 00 ..`8.(nx..mm..(.
0010: 43 13 02 A9 27 41 29 52 31 2E E8 4F AD C9 18 2B C...'A)R1..O...+
0020: 32 CE 4F 54 C5 82 24 4D E5 F2 6F 4D 28 E3 F6 BB 2.OT..$M..oM(...
Client MAC write Secret:
0000: CD A6 10 71 07 C6 D4 DE 67 17 3B E1 FD ED D3 1A ...q....g.;.....
0010: 1F C2 0A F0 ....
Server MAC write Secret:
0000: 4D 72 94 AD 25 0C 13 8A 8C 38 99 D7 A7 5C 9C EA Mr..%....8...\..
0010: BC 6D 05 D3 .m..
Client write key:
0000: AF 2E A1 B1 F5 65 C0 DC 06 A9 0B 2F 6D 50 9D AD .....e...../mP..
0010: 9C 54 81 C0 C2 CA 00 1F .T......
Server write key:
0000: C8 D1 05 53 51 AC 90 ED A4 E2 4B ED 9E 51 21 DC ...SQ.....K..Q!.
0010: B6 5C EC 2A AA F9 8F 78 .\.*...x
Client write IV:
0000: 2F 8F 34 8F 63 A6 35 28 /.4.c.5(
Server write IV:
0000: 8F FF D3 C1 AC 32 3D 96 .....2=.
main, WRITE: SSL v3.0 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
*** Finished, v3.0
MD5 Hash: { 210, 197, 57, 55, 38, 216, 173, 32, 214, 81, 225, 100, 54, 5, 93, 247 }
SHA1 Hash: { 183, 114, 192, 183, 141, 75, 236, 153, 35, 197, 117, 135, 145, 199, 218, 137, 187, 186, 216, 148 }
[write] MD5 and SHA1 hashes: len = 40
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 ........
Padded plaintext before ENCRYPTION: len = 64
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 D9 CB BD E2 60 63 C1 09 ............`c..
0030: 3D CD A5 EF 06 89 80 FA 47 D8 4A 9A 03 03 03 03 =.......G.J.....
main, WRITE: SSL v3.0 Handshake, length = 64
main, READ: SSL v3.0 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
the exception is java.net.SocketException: Socket is closed
java.net.SocketException: Socket is closed
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getInputStream(DashoA6275)
at TestSocketClient.main(TestSocketClient.java:108)
Normal Termination
Output completed (9 sec consumed).
Hope somebody came across this situation....... waiting for your appreciate response.
thanksHi,
This might not solve all your problems, but it should allow you to load the certificates into a keystore programmatically in Java.
2. I got the two server certificates namely ca.pem and
client.pem. I feel these are server's public key and
CA key. Is it right?You should proabably find out what they are, and make sure they
are certificates.
How to create a keystore for adding these
certificates at client's machine using keytool. Here is how you can create a keystore (in memory) and load the
certificates (if that's what they are) into the keystore:
// assuming you are using X.509 certificates
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream certFile = new FileInputStream("pathToCert");
Certificate cert = cf.generateCertificate( certFile );
KeyStore trustedks = KeyStore.getInstance("JKS");
// this essentially initializes a keystor in memeory
trustedks.load(null,null);
// substitute "alias" with "server" and "ca" respectively for your case
// though I find it doesn't matter what their alias is.
trustedks.setCertificateEntry( "alias", certificate );
// continue as you did in your example and use this new trusted keystore
Cheers,
Jason -
EAP-TLS or PEAP authentication failed during SSL handshake
Hi Pros,
I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
When I check my log in the failed attemps, there is what I found:
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
Network Access Profile Name
Authen-Failure-Code
Author-Failure-Code
Author-Data
NAS-Port
NAS-IP-Address
Filter Information
PEAP/EAP-FAST-Clear-Name
EAP Type
EAP Type Name
Reason
Access Device
Network Device Group
06/23/2010
17:39:51
Authen failed
000e.9b6e.e834
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1101
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Networ
06/23/2010
17:39:50
Authen failed
[email protected]
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1098
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Network
[email protected] = my windows active directory name
1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
2. Why sometimes it just shows the MAC of the client for username?
3. Why it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
2. Secondly, When I check in pass authentications... there is what i saw
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
NAS-Port
NAS-IP-Address
Network Access Profile Name
Shared RAC
Downloadable ACL
System-Posture-Token
Application-Posture-Token
Reason
EAP Type
EAP Type Name
PEAP/EAP-FAST-Clear-Name
Access Device
Network Device Group
06/23/2010
17:30:49
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
06/23/2010
17:29:27
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did check ENABLE EAP-TLS machine authentication.
Thanks in advance for your help,
Crazy---Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
Let's brain storm together to figure out this guys.
Thanks in advance,
----Paul -
SSL connection failures.
Hi,
I'm getting some SSL connection failures on our SSL modules, we've reset the stats and noticed we are getting rsa pkcs pad errors when we do a sh ssl-proxy stats ssl. What causes these errors ?
SSL error statistics:
session alloc fails : 0 session limit exceed: 0
handshake init fails: 0 renegotiation fails : 0
no-cipher alerts : 0 ver mismatch alerts : 0
no-compress alerts : 0 multi buf rec errors: 0
ssl peer closes : 0 non-ssl peer closes : 0
unexpected record : 0 rec formatting error: 0
rsa pkcs pad errors : 2 premaster errors : 0
failed rsa reqs : 0 failed random reqs : 0
failed key-material : 0 failed master-secret: 0
failed update hash : 0 failed finish hash : 0
failed encrypts : 0 failed decrypts : 0
bad record version : 0 bad record size : 0
cert verify errors : 0 unsupported certs : 0
conn aborted : 0
overload drops : 0 hs limit exceeded : 0
hs handle mem fails : 0 conn reuse error : 0
dev invalid params : 0 dev failed requests : 0
dev timeout : 0 dev busy : 0
dev cancelled : 0 no dev fails : 0
dev resource fails : 0 dev unknown errors : 0
dev conn ctx fails : 0 dev cmd ctx fails : 0
mem alloc fails : 0 buf alloc fails : 0
invalid cipher algo : 0 invalid hash algo : 0
unaligned buf addr : 0 unaligned buf len : 0
internal error : 0 unknown ipcs : 0
double free attempts: 0 alert-send fails : 0installed openssl-0.9.8k-3 and the world resumed orbiting the sun
-
SSL handshake failed: X509CertChainIncompleteErr - How to call secure WS?
Hi all, I'm trying to use a third party web service over SSL. I'm using jdk 1.5.0_11 and jDev 10.1.3.0.4.
Here is what I've done so far:
1 - I generated a web service proxy using jDev's wizard.
2 - I created a simple keystore with keytool with the following cmd:
keytool -genkey -keystore techdspc.keystore -storepass ****** . I copied the .keystore file in my project under the src directory.
3 - I used the wizard "Secure Proxy" on my web service with the following options:
- "Use x509 to authenticate"
- I specified my newly created keystore file as the keystore path as well as the password.
- I left the default choice to all the other options.
Once the files were all created by the wizard, I tried out the proxy and got the following error:
ATTENTION: Unable to connect to URL: https://test.eai.adpclaims.com/WSProxy/WS_Proxy.asmx due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
java.rmi.RemoteException: ; nested exception is:
HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
at audatex3.runtime.WSProxySoap_Stub.transmit(WSProxySoap_Stub.java:679)
at audatex3.WSProxySoapClient.transmit(WSProxySoapClient.java:83)
at audatex3.WSProxySoapClient.main(WSProxySoapClient.java:43)
The owner of the Web Service told me that the error is without a doubt on the proxy side. Si my question is: What am I doing wrong?
Your help will be greatly appreciated.
thanks!I tried generating an other keystore with a slightly different cmd and I still get the same error so this does not seem to be the problem...
Any ideas?¸
Thanks -
Weblogic server 10.3.5 error during SSL handshake
Please some one help to figure the issue with following logs.
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33095418>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33092490 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33095215 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33095418>
I just created domain with http and https ports. I installed an web app. When I am trying to access the app from browser through https the above error is occurring.
Please somebody help me.
Thanks in advance.
SKThis message indicates that the SSL connection is closed successfully. It is a warning message and normal to see in the logs when you enable the SSL debug flags. This is an expected behavior. If you see alerts when SSL debug is NOT ENABLED then it is a real alert and we need to take care of those issues. Also, it is not a real alert, it is a caught and handled exception from the certicom code which is not harmful and should be ignored, just because you have enabled the SSL debug flag. Once you turn it off, you won't see it in the logs.
Edited by: sharmela on Jan 22, 2013 4:55 AM -
In SSL Handshake : failed extension check error
Hi all,
Could anyone help in this?
Im facing a problem in SSL handshaking using JSSE, J2SDK1.4.
The CertificateException message is :
Invalid Netscape CertType extension for SSL client
And the source of error is : failed extension check
The following is the trace SSL Server.
D:\users\Jp\java\jssesamples\sockets\server\class>java -Djavax.net.debug=SSL,handshake,data,trustmanager ClassFileServer 1089
. TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
found key for : serverkey
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
adding private entry as trusted cert: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
adding as trusted cert: [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
trigger seeding of SecureRandom
done seeding SecureRandom
matching alias: serverkey
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 74
0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
0020: 12 00 00 03 02 00 80 00 00 11 3D 94 3D E6 6A 85 ..........=.=.j.
0030: 4E 4B 5F DC 11 A2 3C F3 59 F7 1E 96 93 87 31 6A NK_...<.Y.....1j
0040: CD 2B 58 8A A1 7E A4 7D C5 C7 .+X.......
Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
*** ClientHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 106, 133, 78, 75, 95, 220, 17, 162, 60, 243, 89, 247, 30, 150, 147, 135, 49, 106, 20
5, 43, 88, 138, 161, 126, 164, 125, 197, 199 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_
CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES4
0_CBC_SHA]
Compression Methods: { 0 }
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 163, 141, 218, 216, 192, 179, 129, 194, 37, 124, 119, 173, 229, 90, 173, 39, 166, 16
6, 58, 146, 118, 120, 174, 234, 161, 101, 91, 104 }
Session ID: {61, 148, 61, 230, 252, 82, 216, 137, 71, 131, 250, 161, 21, 201, 221, 98, 131, 132, 212, 15, 253, 235, 102, 35,
90, 154, 189, 159, 119, 125, 204, 167}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN>
<CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In>
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 1970
0000: 02 00 00 46 03 01 3D 94 3D E6 A3 8D DA D8 C0 B3 ...F..=.=.......
0010: 81 C2 25 7C 77 AD E5 5A AD 27 A6 A6 3A 92 76 78 ..%.w..Z.'..:.vx
0020: AE EA A1 65 5B 68 20 3D 94 3D E6 FC 52 D8 89 47 ...e[h =.=..R..G
0030: 83 FA A1 15 C9 DD 62 83 84 D4 0F FD EB 66 23 5A ......b......f#Z
0040: 9A BD 9F 77 7D CC A7 00 04 00 0B 00 06 35 00 06 ...w.........5..
0050: 32 00 03 0A 30 82 03 06 30 82 02 6F A0 03 02 01 2...0...0..o....
0060: 02 02 01 11 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 98 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0090: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
00A0: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
00B0: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
00C0: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
00D0: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
00E0: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
00F0: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
0100: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 30 1E ficate Manager0.
0110: 17 0D 30 32 30 39 32 37 30 37 30 36 34 34 5A 17 ..020927070644Z.
0120: 0D 30 33 30 39 32 37 30 37 30 36 34 34 5A 30 81 .030927070644Z0.
0130: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
0140: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
0150: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
0160: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
0170: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
0180: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
0190: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
01A0: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
01B0: 41 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 A0..0...*.H.....
01C0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 A5 66 .......0.......f
01D0: A2 53 DE A9 94 5F 48 C1 4B 67 E2 A8 AE EB 86 40 .S..._H.Kg.....@
01E0: F0 BD 58 94 1E 25 7F B3 AA A5 FB 9D B7 33 DB 6C ..X..%.......3.l
01F0: 5A 21 2D 95 44 5E 5A 28 AB 59 40 0C C2 D2 CC EE Z!-.D^Z(.Y@.....
0200: C8 74 DD 62 25 43 5C CE 79 FF 6D 9B 04 25 8E BD .t.b%C\.y.m..%..
0210: 05 9C 9C D6 55 DC 13 23 98 C5 5D 5C 01 5F D6 54 ....U..#..]\._.T
0220: 34 22 20 CE A1 AE C8 0C B4 FC 03 4D 2B C8 2B 54 4" ........M+.+T
0230: 3A 98 50 33 11 2F 27 C2 60 9E F9 40 52 26 05 A9 :.P3./'.`..@R&..
0240: B6 E8 F4 73 1A B0 E9 11 EF C3 23 D9 1D FB 02 03 ...s......#.....
0250: 01 00 01 A3 76 30 74 30 11 06 09 60 86 48 01 86 ....v0t0...`.H..
0260: F8 42 01 01 04 04 03 02 06 40 30 0E 06 03 55 1D [email protected].
0270: 0F 01 01 FF 04 04 03 02 04 F0 30 1F 06 03 55 1D ..........0...U.
0280: 23 04 18 30 16 80 14 61 03 42 D0 1B 10 56 EE 2E #..0...a.B...V..
0290: F1 24 61 D5 25 B3 31 03 27 85 AA 30 2E 06 03 55 .$a.%.1.'..0...U
02A0: 1D 11 04 27 30 25 81 23 63 6F 73 6C 74 65 6D 70 ...'0%.#cosltemp
02B0: 2E 6A 61 79 61 70 72 61 6B 61 73 68 40 6F 72 62 .jayaprakash@orb
02C0: 69 74 65 63 68 2E 63 6F 2E 69 6E 30 0D 06 09 2A itech.co.in0...*
02D0: 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 39 C0 .H............9.
02E0: C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 51 AF .94*RlGH......Q.
02F0: DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 E9 94 .CT.4...bp.%....
0300: EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 32 28 .....(..b.4..d2(
0310: 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 94 6D Z.N......$-(...m
0320: F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 9F F1 ...4.cp.M8y.....
0330: C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A 7C EE .h........0.....
0340: 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D D9 B2 .2.^.Y.<....5...
0350: F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F 00 03 ........`.".._..
0360: 22 30 82 03 1E 30 82 02 87 A0 03 02 01 02 02 01 "0...0..........
0370: 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 .0...*.H........
0380: 30 81 98 31 0B 30 09 06 03 55 04 06 13 02 49 6E 0..1.0...U....In
0390: 31 14 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 1.0...U....Mahar
03A0: 61 73 68 74 72 61 31 18 30 16 06 03 55 04 07 13 ashtra1.0...U...
03B0: 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 45 50 5A .Andheri / SEEPZ
03C0: 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 62 69 74 1#0!..U....Orbit
03D0: 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 20 4C 69 ech Solutions Li
03E0: 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 0B 13 04 mited1.0...U....
03F0: 51 50 45 47 31 25 30 23 06 03 55 04 03 13 1C 4F QPEG1%0#..U....O
0400: 72 62 69 74 65 63 68 20 43 65 72 74 69 66 69 63 rbitech Certific
0410: 61 74 65 20 4D 61 6E 61 67 65 72 30 1E 17 0D 30 ate Manager0...0
0420: 32 30 37 31 38 31 39 30 30 30 30 5A 17 0D 32 38 20718190000Z..28
0430: 30 37 31 38 31 39 30 30 30 30 5A 30 81 98 31 0B 0718190000Z0..1.
0440: 30 09 06 03 55 04 06 13 02 49 6E 31 14 30 12 06 0...U....In1.0..
0450: 03 55 04 08 13 0B 4D 61 68 61 72 61 73 68 74 72 .U....Maharashtr
0460: 61 31 18 30 16 06 03 55 04 07 13 0F 41 6E 64 68 a1.0...U....Andh
0470: 65 72 69 20 2F 20 53 45 45 50 5A 31 23 30 21 06 eri / SEEPZ1#0!.
0480: 03 55 04 0A 13 1A 4F 72 62 69 74 65 63 68 20 53 .U....Orbitech S
0490: 6F 6C 75 74 69 6F 6E 73 20 4C 69 6D 69 74 65 64 olutions Limited
04A0: 31 0D 30 0B 06 03 55 04 0B 13 04 51 50 45 47 31 1.0...U....QPEG1
04B0: 25 30 23 06 03 55 04 03 13 1C 4F 72 62 69 74 65 %0#..U....Orbite
04C0: 63 68 20 43 65 72 74 69 66 69 63 61 74 65 20 4D ch Certificate M
04D0: 61 6E 61 67 65 72 30 81 9F 30 0D 06 09 2A 86 48 anager0..0...*.H
04E0: 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 ............0...
04F0: 81 81 00 DC 3A 63 36 00 7B F1 7C C4 C0 6B 52 1F ....:c6......kR.
0500: 4B 71 46 28 3E C0 C3 B9 0B E9 FB 2D CA 7F E3 90 KqF(>......-....
0510: 84 60 60 C3 3B C3 B1 0F 9F CF 5C 3B 6E 3C C4 6D .``.;.....\;n<.m
0520: BD 11 12 9F A5 A7 FE EE 1A 4C 67 9E D7 BE 1B 1E .........Lg.....
0530: 1C C5 5A 0F 42 B1 4A 88 CA 49 13 02 0F 3F 79 EE ..Z.B.J..I...?y.
0540: A2 86 4D 88 3D 98 48 30 2E AB A4 D1 6B 9B 95 39 ..M.=.H0....k..9
0550: 81 03 CA 1C 7D 14 8E EB 9D CB 09 C5 BD 50 58 A0 .............PX.
0560: 52 81 5C DD E9 09 EC BD 83 05 24 10 73 68 A5 5A R.\.......$.sh.Z
0570: 44 4B 09 02 03 01 00 01 A3 76 30 74 30 11 06 09 DK.......v0t0...
0580: 60 86 48 01 86 F8 42 01 01 04 04 03 02 00 D7 30 `.H...B........0
0590: 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF ...U.......0....
05A0: 30 1D 06 03 55 1D 0E 04 16 04 14 61 03 42 D0 1B 0...U......a.B..
05B0: 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA 30 .V...$a.%.1.'..0
05C0: 1F 06 03 55 1D 23 04 18 30 16 80 14 61 03 42 D0 ...U.#..0...a.B.
05D0: 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA ..V...$a.%.1.'..
05E0: 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 86 0...U...........
05F0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0600: 81 81 00 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 ..........EL....
0610: 86 B9 37 BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D ..7.;O..].;p5...
0620: 54 B7 89 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B T..[J2..aZ...$..
0630: F4 23 40 D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 .#@.M.Sz.NN...:W
0640: EF 43 02 C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 .C..........t%S.
0650: 7B 38 2F 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D .8/\..p..._..<U-
0660: FF 2A FB 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA .*....*....]_6..
0670: 57 EF 74 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 W.t...R...h..N..
0680: A2 0C 7F 0D 00 01 27 02 01 02 01 22 00 83 30 81 ......'...."..0.
0690: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
06A0: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
06B0: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
06C0: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
06D0: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
06E0: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
06F0: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
0700: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
0710: 41 00 9B 30 81 98 31 0B 30 09 06 03 55 04 06 13 A..0..1.0...U...
0720: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0730: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
0740: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
0750: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
0760: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
0770: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
0780: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
0790: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
07A0: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 0E 00 ficate Manager..
07B0: 00 00 ..
Thread-1, WRITE: TLSv1 Handshake, length = 1970
Thread-1, READ: TLSv1 Handshake, length = 1727
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
failed extension check: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
ext exception was: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
Thread-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-1, WRITE: TLSv1 Alert, length = 2
Thread-1, called closeSocket()
Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape
CertType extension for SSL client
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL cli
ent
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)I'm having a related problem. It only occurs on the 1.4.1 version of the JRE. The 1.4.0 works fine. I've created my own custom socket for an RMI server that uses SSL to encrypt any data being sent. I have a valid certificate that works fine to encrypt data from my web server. The client gets the same exception that was posted above. Here is the stack trace on the client's machine if they are running the 1.4.1 JRE:
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
at com.msfw.imageserver.RMIServer_Stub.processRequest(Unknown Source)
at com.msfw.business.Server.rmiQuery(Server.java:389)
at com.msfw.business.Server.callServer(Server.java:540)
at com.msfw.business.Server.callServer(Server.java:523)
at com.msfw.business.Server.callServer(Server.java:518)
at com.msfw.business.Server.callServer(Server.java:572)
at com.msfw.business.Server.callServer(Server.java:578)
at com.msfw.idwebview.IdViewApplet.callServer(IdViewApplet.java:6058)
at com.msfw.idwebview.IdViewApplet.appletRun(IdViewApplet.java:889)
at com.msfw.idwebview.IdViewApplet.start(IdViewApplet.java:1177)
at com.msfw.splash.SplashApplet.init(SplashApplet.java:101)
at sun.applet.AppletPanel.run(AppletPanel.java:347)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
... 15 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
... 26 more
I also created my own homemade certificate and get the same results. Like I said before, the 1.4.0 JRE doesn't do this so it seems to be a new bug in the 1.4.1. Does anyone know how to get around this or what is causing this problem? Thanks.
Maybe you are looking for
-
1:N SLT replication configuration
Hello Experts, I am doing a configuration for 1:N SAP HANA replication to setup high available HANA in our environment. My plan is to replication the tables from the same source ERP into 2 different HANA installations. I have done the setup using the
-
IPhone 3G Universal Dock Adapter + dual dock(bt)?????
has anyone tried this? I had iphone and apple bt(which *****), dualdock was good as it could hold both of them and keep them pair. Now things got ugly, 3g iphone doesn't come with dock, and they sell 3g dock but not 3g dual dock, so I have to either
-
Show pop up Window...
Hi Experts, My Requirement is that..i have some input fields, when the user fill the input fields and press SAVE button, a pop up window should appear saying "ARE YOU SURE", just like in windows, please tell me how can i do this in Web dynpro java. T
-
Ok so I've been wrestling with the issue of CLASSPATH and packages for the last week or so, and I'm truely, completely fed up. Maybe there's a kind soul to show me my mistake? Here's the code import java.io.*; import com.Ostermiller.util.*; public cl
-
SeamlessTabbing broken in IE7 and IE8
I have a Flash movie in an html page and need seamless tabbing to work as the page has to be 508 compliant (so you need to be able to use the tab key to navigate)...In IE7 and IE8 you can tab through fine once, but if you continue the tab the second