SSL Handshake issue in ios
SSL Handshake passed through ipad safari browser but fails via app. Any suggestion would be great?
I don't see how answering the 'why?' question will solve your problem, but in any case you're asking in the wrong place. You would have to ask the developers, if you can find them. You could try one of the Java Security mailing lists.
NB this issue discussed extensively at Stack Overflow: jsse - SSL handshake issue while java client talking to SSLv3 ONLY server - Stack Overflow.
Similar Messages
-
I'm running a web app in Tomcat that does an HTTPS connection to a server. The application will work fine for a time and then will suddenly stop working because of a handshake error. I've run SSL debugging but it's not apparent to me what the problem is. I'm looking for some suggestions.
4/1/08 2:58 PM: %% No cached client session
4/1/08 2:58 PM: *** ClientHello, TLSv1
RandomCookie: GMT: 1190233283 bytes = { 58, 242, 225, 57, 171, 194, 80, 90, 139, 96, 196, 251, 211, 129, 179, 202, 7, 232, 52, 68, 206, 146, 156, 48, 115, 22, 49, 134/1/08 2:58 PM: }
Session ID: {}
4/1/08 2:58 PM: Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 04/1/08 2:58 PM: }
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 79
4/1/08 2:58 PM: TP-Processor10, WRITE: SSLv2 client hello message, length = 107
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 42
4/1/08 2:58 PM: *** ServerHello, TLSv1
RandomCookie: GMT: 1190233283 bytes = { 141, 189, 206, 207, 250, 67, 40, 152, 186, 234, 234, 101, 166, 234, 247, 8, 11, 237, 223, 124, 72, 94, 232, 60, 199, 94, 121, 1214/1/08 2:58 PM: }
Session ID: {}
4/1/08 2:58 PM: Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
4/1/08 2:58 PM: Compression Method: 0
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: %% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
4/1/08 2:58 PM: ** SSL_RSA_WITH_RC4_128_MD5
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 1032
4/1/08 2:58 PM: *** Certificate chain
4/1/08 2:58 PM: chain [0] = [
Version: V3
Subject: CN=vui.intrado.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Operations B2B03, O=Intrado, L=Longmont, ST=Colorado, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 123095664288727041032981792382713558924388820769033568750837609874847919816986574572326945022043788299975362758450430393268875591860173731899392101803427012444800895939587473517523357557784121771690988156414678400971980713801386242045333122455367857077525864235945214278003628280016127022895491321514431881967
public exponent: 65537
Validity: [From: Sun May 14 20:00:00 EDT 2006,
To: Wed May 14 19:59:59 EDT 2008]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 7bfce8d2 6dfe312b d05b12e7 2ae6b3fe]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
0060: 67 69 66 gif
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRSecure-crl.verisign.com/SVRSecure.crl]
[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.verisign.com]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 16 7C 21 67 0E 0C 9D 2C E3 5B 13 54 D9 2C DC 6E ..!g...,.[.T.,.n
0010: 49 E7 24 21 75 DD F3 C2 51 D4 99 43 84 BD 47 9C I.$!u...Q..C..G.
0020: 9A 5F E1 1E 6B 79 4F D1 51 B7 42 F6 33 DE A0 0F ._..kyO.Q.B.3...
0030: 61 7E F3 A5 C8 43 FC 42 A0 2D 74 D1 2E AB BE 96 a....C.B.-t.....
0040: DF FA DD B3 54 29 2F 53 B7 26 C2 AE 31 CC BB 6D ....T)/S.&..1..m
0050: 35 0C C5 BD 96 7F 94 3E 55 95 F3 DD 8A E9 E5 6D 5......>U......m
0060: 8C F0 5E B1 4C 8B A0 AA 80 60 DA 9E D8 0D 11 FE ..^.L....`......
0070: CF BC 9D 86 5E FD 08 B0 C6 FF CE 7A 45 ....^......zE
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: Found trusted certificate:
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: Sun RSA public key, 1000 bits
modulus: 6144706769222379850430183405655235862870193813433361902309516534729547168229223442088128897090426025874990958624426272027915771330043379079076269082776443120496525109458437435793974957144923190172655546279112796066635455545786300647745888353781002359412766112775410851780140804282673804950495744761467
public exponent: 65537
Validity: [From: Tue Nov 08 19:00:00 EST 1994,
To: Thu Jan 07 18:59:59 EST 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 119
4/1/08 2:58 PM: *** CertificateRequest
Cert Types: RSA, DSS
4/1/08 2:58 PM: Cert Authorities:
4/1/08 2:58 PM: <C=US, L=Boulder, ST=CO, O=Intrado, OU=Intrado, CN=Intrado Inc>
4/1/08 2:58 PM: *** ServerHelloDone
4/1/08 2:58 PM: *** Certificate chain
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 141
4/1/08 2:58 PM: SESSION KEYGEN:
4/1/08 2:58 PM: PreMaster Secret:
0000: 03 01 77 B0 D4 B2 A6 6B 5A 54 F3 B7 B3 C7 93 6B ..w....kZT.....k
0010: 55 09 96 E1 E6 48 A0 7C D0 58 60 5E 48 D1 C9 AE U....H...X`^H...
0020: 93 DE 95 06 D6 E7 F5 BB 1D 41 A2 CE DF F8 57 C7 .........A....W.
4/1/08 2:58 PM: CONNECTION KEYGEN:
4/1/08 2:58 PM: Client Nonce:
0000: 47 F2 85 C3 3A F2 E1 39 AB C2 50 5A 8B 60 C4 FB G...:..9..PZ.`..
0010: D3 81 B3 CA 07 E8 34 44 CE 92 9C 30 73 16 31 0D ......4D...0s.1.
4/1/08 2:58 PM: Server Nonce:
0000: 47 F2 85 C3 8D BD CE CF FA 43 28 98 BA EA EA 65 G........C(....e
0010: A6 EA F7 08 0B ED DF 7C 48 5E E8 3C C7 5E 79 79 ........H^.<.^yy
4/1/08 2:58 PM: Master Secret:
0000: C5 14 7F 52 BF 83 1E BA 6D 55 00 56 4E 48 9B A6 ...R....mU.VNH..
0010: 27 FC 75 BD AC 4D 85 FA B9 05 8E 5A F2 12 1A B2 '.u..M.....Z....
0020: 07 5B F2 BF 6B 13 D6 64 0D DD C8 1C 05 ED 49 0A .[..k..d......I.
4/1/08 2:58 PM: Client MAC write Secret:
0000: D6 02 93 3D 70 2E F3 B4 7E F2 34 82 2F 1E 28 36 ...=p.....4./.(6
4/1/08 2:58 PM: Server MAC write Secret:
0000: A5 33 17 04 CA 4F BC 6D 03 95 09 4F CD 24 82 2B .3...O.m...O.$.+
4/1/08 2:58 PM: Client write key:
0000: 48 9A BD 05 DB 35 59 8F 94 5B F5 84 8D DE E2 C1 H....5Y..[......
4/1/08 2:58 PM: Server write key:
0000: 37 5C 66 DF F3 02 E7 B7 74 50 07 FE 71 73 7A 6E 7\f.....tP..qszn
4/1/08 2:58 PM: ... no IV used for this cipher
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Change Cipher Spec, length = 1
4/1/08 2:58 PM: *** Finished
verify_data: { 238, 215, 175, 86, 1, 3, 125, 177, 105, 85, 182, 1194/1/08 2:58 PM: }
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 32
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Alert, length = 2
TP-Processor10, RECV TLSv1 ALERT: fatal, 4/1/08 2:58 PM: handshake_failure
4/1/08 2:58 PM: TP-Processor10, called closeSocket()
4/1/08 2:58 PM: TP-Processor10, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
4/1/08 2:58 PM: LOADING STATIC======================
4/1/08 2:58 PM: %% No cached client session
4/1/08 2:58 PM: *** ClientHello, TLSv1
RandomCookie: GMT: 1190233284 bytes = { 65, 153, 203, 177, 240, 215, 243, 44, 119, 245, 122, 207, 103, 144, 180, 159, 210, 245, 33, 103, 15, 226, 127, 93, 67, 150, 205, 1884/1/08 2:58 PM: }
Session ID: {}
4/1/08 2:58 PM: Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 04/1/08 2:58 PM: }
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 79
4/1/08 2:58 PM: TP-Processor10, WRITE: SSLv2 client hello message, length = 107
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 42
4/1/08 2:58 PM: *** ServerHello, TLSv1
RandomCookie: GMT: 1190233284 bytes = { 9, 32, 248, 7, 14, 138, 237, 198, 81, 132, 124, 47, 82, 168, 174, 192, 186, 67, 208, 40, 49, 94, 200, 30, 15, 23, 235, 374/1/08 2:58 PM: }
Session ID: {}
4/1/08 2:58 PM: Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
4/1/08 2:58 PM: Compression Method: 0
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: %% Created: [Session-3, SSL_RSA_WITH_RC4_128_MD5]
4/1/08 2:58 PM: ** SSL_RSA_WITH_RC4_128_MD5
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 1032
4/1/08 2:58 PM: *** Certificate chain
4/1/08 2:58 PM: chain [0] = [
Version: V3
Subject: CN=vui.intrado.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Operations B2B03, O=Intrado, L=Longmont, ST=Colorado, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 123095664288727041032981792382713558924388820769033568750837609874847919816986574572326945022043788299975362758450430393268875591860173731899392101803427012444800895939587473517523357557784121771690988156414678400971980713801386242045333122455367857077525864235945214278003628280016127022895491321514431881967
public exponent: 65537
Validity: [From: Sun May 14 20:00:00 EDT 2006,
To: Wed May 14 19:59:59 EDT 2008]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 7bfce8d2 6dfe312b d05b12e7 2ae6b3fe]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
0060: 67 69 66 gif
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRSecure-crl.verisign.com/SVRSecure.crl]
[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.verisign.com]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 16 7C 21 67 0E 0C 9D 2C E3 5B 13 54 D9 2C DC 6E ..!g...,.[.T.,.n
0010: 49 E7 24 21 75 DD F3 C2 51 D4 99 43 84 BD 47 9C I.$!u...Q..C..G.
0020: 9A 5F E1 1E 6B 79 4F D1 51 B7 42 F6 33 DE A0 0F ._..kyO.Q.B.3...
0030: 61 7E F3 A5 C8 43 FC 42 A0 2D 74 D1 2E AB BE 96 a....C.B.-t.....
0040: DF FA DD B3 54 29 2F 53 B7 26 C2 AE 31 CC BB 6D ....T)/S.&..1..m
0050: 35 0C C5 BD 96 7F 94 3E 55 95 F3 DD 8A E9 E5 6D 5......>U......m
0060: 8C F0 5E B1 4C 8B A0 AA 80 60 DA 9E D8 0D 11 FE ..^.L....`......
0070: CF BC 9D 86 5E FD 08 B0 C6 FF CE 7A 45 ....^......zE
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: Found trusted certificate:
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: Sun RSA public key, 1000 bits
modulus: 6144706769222379850430183405655235862870193813433361902309516534729547168229223442088128897090426025874990958624426272027915771330043379079076269082776443120496525109458437435793974957144923190172655546279112796066635455545786300647745888353781002359412766112775410851780140804282673804950495744761467
public exponent: 65537
Validity: [From: Tue Nov 08 19:00:00 EST 1994,
To: Thu Jan 07 18:59:59 EST 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 119
4/1/08 2:58 PM: *** CertificateRequest
Cert Types: RSA, DSS
4/1/08 2:58 PM: Cert Authorities:
4/1/08 2:58 PM: <C=US, L=Boulder, ST=CO, O=Intrado, OU=Intrado, CN=Intrado Inc>
4/1/08 2:58 PM: *** ServerHelloDone
4/1/08 2:58 PM: *** Certificate chain
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 141
4/1/08 2:58 PM: SESSION KEYGEN:
4/1/08 2:58 PM: PreMaster Secret:
0000: 03 01 B4 97 6F 97 A2 3F 49 3A 6D 33 AA 00 0B 4F ....o..?I:m3...O
0010: 31 31 DB E2 99 58 19 41 78 B2 F9 AC 05 6C F0 4F 11...X.Ax....l.O
0020: BB 55 BE 41 70 AA 76 58 1E AB 6F 08 2B 49 C3 F4 .U.Ap.vX..o.+I..
4/1/08 2:58 PM: CONNECTION KEYGEN:
4/1/08 2:58 PM: Client Nonce:
0000: 47 F2 85 C4 41 99 CB B1 F0 D7 F3 2C 77 F5 7A CF G...A......,w.z.
0010: 67 90 B4 9F D2 F5 21 67 0F E2 7F 5D 43 96 CD BC g.....!g...]C...
4/1/08 2:58 PM: Server Nonce:
0000: 47 F2 85 C4 09 20 F8 07 0E 8A ED C6 51 84 7C 2F G.... ......Q../
0010: 52 A8 AE C0 BA 43 D0 28 31 5E C8 1E 0F 17 EB 25 R....C.(1^.....%
4/1/08 2:58 PM: Master Secret:
0000: 23 BD B9 EC C1 C7 44 46 77 D9 5D 71 B8 D0 73 44 #.....DFw.]q..sD
0010: 9E C6 E3 CB 2B 28 97 74 0F F9 36 01 28 07 99 C6 ....+(.t..6.(...
0020: 6C 19 93 CC 0C BC FD 06 37 2D AE 1B 70 5E F2 68 l.......7-..p^.h
4/1/08 2:58 PM: Client MAC write Secret:
0000: 95 53 86 89 4D 91 E9 13 EF D6 B0 DA A1 8B 14 5B .S..M..........[
4/1/08 2:58 PM: Server MAC write Secret:
0000: CA 3E 7E 09 AF 37 A0 20 D0 9A 09 58 F1 C7 9F 29 .>...7. ...X...)
4/1/08 2:58 PM: Client write key:
0000: DB 2C 8E 50 F6 52 35 BD 2A 93 9A 74 24 E0 98 91 .,.P.R5.*..t$...
4/1/08 2:58 PM: Server write key:
0000: 60 15 83 88 28 2B 0B 55 71 62 2E 34 82 00 C8 B3 `...(+.Uqb.4....
4/1/08 2:58 PM: ... no IV used for this cipher
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Change Cipher Spec, length = 1
4/1/08 2:58 PM: *** Finished
verify_data: { 108, 130, 148, 248, 86, 192, 183, 217, 87, 4, 181, 834/1/08 2:58 PM: }
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 32
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Alert, length = 2
TP-Processor10, RECV TLSv1 ALERT: fatal, 4/1/08 2:58 PM: handshake_failure
4/1/08 2:58 PM: TP-Processor10, called closeSocket()
4/1/08 2:58 PM: TP-Processor10, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
4/1/08 2:58 PM: Finalizer, called close()
4/1/08 2:58 PM: Finalizer, called closeInternal(true)4/1/08 2:58 PM: *** CertificateRequest
Cert Types: RSA, DSS
4/1/08 2:58 PM: Cert Authorities:
4/1/08 2:58 PM: <C=US, L=Boulder, ST=CO, O=Intrado, OU=Intrado, CN=Intrado Inc>Here the server has asked for client authentication. The later traces show that the client hasn't provided any. So the server has taken the option of aborting the connection. This action corresponds to SSLSocket.setNeedClientAuth(true) at the server.
Do you have the javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword system properties set? or a custom KeyManager installed? or whatever all that corresponds to in Tomcat? -
How to Ignore SSL handshake warning in Flash Builder 4?
Is it possible to configure Flash Builder to ignore SSL handshake issues when attempting to configure a Flex client to communicate with a PHP backend? I'm attempting to connect to my PHP backend server running with a shared SSL certificate so the domain name doesn't match the certificate.
Here's the error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ...You understood correctly:
- I removed all Build Path > Source Paths
- I moved those paths over to Library Paths > Source attachment
I took inspiration by how the Flex SDK is added to the project. Flex and flex related frameworks (e.g. datavisualization lib) also specify a Source Attachment under Lib Path. If I remove the source attachment I am not able to drill down into Flex code when I want to by Command-clicking on a class name (or hitting F3).
All my SWC are open source. BTW some of the source paths I was using were the path to the Flex code and to datavisualtization lib, which I think are the biggest library I am linking against. So maybe to recreate, just add those 2 libraries and make sure to add the source path AND source attachment.
I am using RSLs for every library if that matters.
I don't understand why specifying a Source Attachment would cause any issues... the swc is in sync with the source specified in its source attachment. -
I have the original iPad. There have been no recent ios updates for it. Is the SSL security issue a problem? Is my iPad safe to use?
You are OK. The fix is not necessary in iOS 5.1.1.
-
SSL Handshake Error in Android (ADF Mobile)
Hi Guys,
Now I am tried to using "https" Web service with my application, but seems show SSL handshake error specially in Android only, iOS is totally working.
Log from Android is
09-27 18:09:03.252: I/System.out(30444): [SEVERE - oracle.adfmf.framework - adf.mf.internal - logError] Request: {classname: oracle.adfmf.framework.api.Model; method: processBatchRequests; params: [0: false][1: [0: {classname: oracle.adfmf.framework.api.Model; method: evaluateMethodExpression; params: [0: #{bindings.AgentAuthenCDKey.execute}][1: [0: {.type: oracle.adfmf.amx.event.ActionEvent; }]][2: void][3: [0: oracle.adfmf.amx.event.ActionEvent]]; }]]; } exception: {message: SSL handshake failure; errorCode: 409; .type: oracle.adfmf.framework.exception.AdfInvocationRuntimeException; .exception: true; severity: ERROR; errorCategory: WEBSERVICE; }
How to solved this one ?
** If my android didn't connect to internet, it still show "SSL handshake error" too, that so weird !Hi,
Sorry to bump this, but I have the exact same problem. "SSL Handshake Error" when calling SSL enabled web services - works fine on iOS, but not on Android, which implies to me a problem with the framework rather than my certificate?
: D/CVM(985): [SEVERE - oracle.adfmf.framework - Utility - invoke] InvocationTargetException Error: ERROR [oracle.adfmf.framework.exception.AdfInvocationRuntimeException] - SSL handshake failure
I'm on JDeveloper 11.1.2.4, ADF Mobile Framework 11.1.2.4.39.64.51.
Are there any known issues with ADF Mobile/SSL on Android?
Any help is much appreciated.
Rich. -
Write Channel Closed, possible SSL handshaking or trust failure
Hi,
I Have a problem while working with Two-way SSL. I get Write Channel Closed, possible
SSL handshaking or trust failure error while contacting the server for invoking
a webservice secured by SSL.
I could figure out that the error is happening on client side while validating
the server certificate.
One more observation that i was able to find is, it works fine if the Server certificate
and the client certificate are signed by the same (root) CA.
I tried various options but couldn't find my luck. The BEA documentation in this
regards is not at all sufficient.
If i give strict checking false on my client end, the application works fine.
But for my scenario i want strict checking to be happend (otherwise there is no
point in going for SSL itself).
I am using WLSSLAdapter on my client side. The client application is a standalone
java class running out of weblogic (ideally running on JRun).
The way i have coded in my java class is:
String certificatePath = "C:/Cerificates/cert.pem";
String caCertificatePath = "C:/Cerificates/clientca.pem";
String targetURL = "https://localhost:443/feedservice/FeedService";
//set weblogic ServiceFactory
System.setProperty( "javax.xml.rpc.ServiceFactory",
"weblogic.webservice.core.rpc.ServiceFactoryImpl" );
System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
adapter.setProtocolVersion("SSL3");
adapter.setStrictChecking(true);
adapter.setVerbose(true);
FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
String pwd = "password";
System.out.println("Loding Certificate from ........"+certificatePath);
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
System.out.println("Loding CA Certificate from ........"+caCertificatePath);
adapter.setTrustedCertificatesFile(caCertificatePath);
// optionally set the Adapter factory to use this instance always.
sslFactory.setDefaultAdapter(adapter);
sslFactory.setUseDefaultAdapter(true);
// Webservice invocation code..
call.setTargetEndpointAddress(targetURL);
call.setProperty("weblogic.webservice.client.ssladapter",adapter);
Object result = call.invoke(new Object[]{"test.xml"});
The error that i get :
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Exception in handler's handleRequest().
Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write Channel
Closed, possible SSL handshaking or trust fail
ure
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...The signature validation failure means your trusted CA certificate is not the issuer
of the identity certificate. The identity certificate issuer name can match to
the trusted CA certificate name, but the signature check really determines whether
it is the issuer.
Pavel.
"Chandra Sekhar Rao" <[email protected]> wrote:
>
Hi payal,
I have the issuer of the server identity certificate in the trust file
on client
side. The problem is with signature validation
"Pavel" <[email protected]> wrote:
It looks like your client does not trust the server certificate. Make
sure the
certificate you pass in adapter.setTrustedCertificatesFile(caCertificatePath);
is the issuer of the server's identity certificate.
Pavel.
"Chandra Sekhar Rao" <[email protected]> wrote:
Hi,
I Have a problem while working with Two-way SSL. I get Write Channel
Closed, possible
SSL handshaking or trust failure error while contacting the server
for
invoking
a webservice secured by SSL.
I could figure out that the error is happening on client side whilevalidating
the server certificate.
One more observation that i was able to find is, it works fine if the
Server certificate
and the client certificate are signed by the same (root) CA.
I tried various options but couldn't find my luck. The BEA documentation
in this
regards is not at all sufficient.
If i give strict checking false on my client end, the application works
fine.
But for my scenario i want strict checking to be happend (otherwisethere
is no
point in going for SSL itself).
I am using WLSSLAdapter on my client side. The client application is
a standalone
java class running out of weblogic (ideally running on JRun).
The way i have coded in my java class is:
String certificatePath = "C:/Cerificates/cert.pem";
String caCertificatePath = "C:/Cerificates/clientca.pem";
String targetURL = "https://localhost:443/feedservice/FeedService";
//set weblogic ServiceFactory
System.setProperty( "javax.xml.rpc.ServiceFactory",
"weblogic.webservice.core.rpc.ServiceFactoryImpl" );
System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
adapter.setProtocolVersion("SSL3");
adapter.setStrictChecking(true);
adapter.setVerbose(true);
FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
String pwd = "password";
System.out.println("Loding Certificate from ........"+certificatePath);
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
System.out.println("Loding CA Certificate from ........"+caCertificatePath);
adapter.setTrustedCertificatesFile(caCertificatePath);
// optionally set the Adapter factory to use this instance always.
sslFactory.setDefaultAdapter(adapter);
sslFactory.setUseDefaultAdapter(true);
// Webservice invocation code..
call.setTargetEndpointAddress(targetURL);
call.setProperty("weblogic.webservice.client.ssladapter",adapter);
Object result = call.invoke(new Object[]{"test.xml"});
The error that i get :
java.io.IOException: Write Channel Closed, possible SSL handshakingor
trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Exception in handler's handleRequest().
Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write
Channel
Closed, possible SSL handshaking or trust fail
ure
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Can someone give the working phone number of ....BEA CUSTOMER SUPPORT... -
Weblogic server 10.3.5 error during SSL handshake
Please some one help to figure the issue with following logs.
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33095418>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33092490 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33095215 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33095418>
I just created domain with http and https ports. I installed an web app. When I am trying to access the app from browser through https the above error is occurring.
Please somebody help me.
Thanks in advance.
SKThis message indicates that the SSL connection is closed successfully. It is a warning message and normal to see in the logs when you enable the SSL debug flags. This is an expected behavior. If you see alerts when SSL debug is NOT ENABLED then it is a real alert and we need to take care of those issues. Also, it is not a real alert, it is a caught and handled exception from the certicom code which is not harmful and should be ignored, just because you have enabled the SSL debug flag. Once you turn it off, you won't see it in the logs.
Edited by: sharmela on Jan 22, 2013 4:55 AM -
In SSL Handshake : failed extension check error
Hi all,
Could anyone help in this?
Im facing a problem in SSL handshaking using JSSE, J2SDK1.4.
The CertificateException message is :
Invalid Netscape CertType extension for SSL client
And the source of error is : failed extension check
The following is the trace SSL Server.
D:\users\Jp\java\jssesamples\sockets\server\class>java -Djavax.net.debug=SSL,handshake,data,trustmanager ClassFileServer 1089
. TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
found key for : serverkey
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
adding private entry as trusted cert: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
adding as trusted cert: [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
trigger seeding of SecureRandom
done seeding SecureRandom
matching alias: serverkey
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 74
0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
0020: 12 00 00 03 02 00 80 00 00 11 3D 94 3D E6 6A 85 ..........=.=.j.
0030: 4E 4B 5F DC 11 A2 3C F3 59 F7 1E 96 93 87 31 6A NK_...<.Y.....1j
0040: CD 2B 58 8A A1 7E A4 7D C5 C7 .+X.......
Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
*** ClientHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 106, 133, 78, 75, 95, 220, 17, 162, 60, 243, 89, 247, 30, 150, 147, 135, 49, 106, 20
5, 43, 88, 138, 161, 126, 164, 125, 197, 199 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_
CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES4
0_CBC_SHA]
Compression Methods: { 0 }
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 163, 141, 218, 216, 192, 179, 129, 194, 37, 124, 119, 173, 229, 90, 173, 39, 166, 16
6, 58, 146, 118, 120, 174, 234, 161, 101, 91, 104 }
Session ID: {61, 148, 61, 230, 252, 82, 216, 137, 71, 131, 250, 161, 21, 201, 221, 98, 131, 132, 212, 15, 253, 235, 102, 35,
90, 154, 189, 159, 119, 125, 204, 167}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN>
<CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In>
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 1970
0000: 02 00 00 46 03 01 3D 94 3D E6 A3 8D DA D8 C0 B3 ...F..=.=.......
0010: 81 C2 25 7C 77 AD E5 5A AD 27 A6 A6 3A 92 76 78 ..%.w..Z.'..:.vx
0020: AE EA A1 65 5B 68 20 3D 94 3D E6 FC 52 D8 89 47 ...e[h =.=..R..G
0030: 83 FA A1 15 C9 DD 62 83 84 D4 0F FD EB 66 23 5A ......b......f#Z
0040: 9A BD 9F 77 7D CC A7 00 04 00 0B 00 06 35 00 06 ...w.........5..
0050: 32 00 03 0A 30 82 03 06 30 82 02 6F A0 03 02 01 2...0...0..o....
0060: 02 02 01 11 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 98 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0090: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
00A0: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
00B0: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
00C0: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
00D0: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
00E0: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
00F0: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
0100: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 30 1E ficate Manager0.
0110: 17 0D 30 32 30 39 32 37 30 37 30 36 34 34 5A 17 ..020927070644Z.
0120: 0D 30 33 30 39 32 37 30 37 30 36 34 34 5A 30 81 .030927070644Z0.
0130: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
0140: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
0150: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
0160: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
0170: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
0180: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
0190: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
01A0: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
01B0: 41 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 A0..0...*.H.....
01C0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 A5 66 .......0.......f
01D0: A2 53 DE A9 94 5F 48 C1 4B 67 E2 A8 AE EB 86 40 .S..._H.Kg.....@
01E0: F0 BD 58 94 1E 25 7F B3 AA A5 FB 9D B7 33 DB 6C ..X..%.......3.l
01F0: 5A 21 2D 95 44 5E 5A 28 AB 59 40 0C C2 D2 CC EE Z!-.D^Z(.Y@.....
0200: C8 74 DD 62 25 43 5C CE 79 FF 6D 9B 04 25 8E BD .t.b%C\.y.m..%..
0210: 05 9C 9C D6 55 DC 13 23 98 C5 5D 5C 01 5F D6 54 ....U..#..]\._.T
0220: 34 22 20 CE A1 AE C8 0C B4 FC 03 4D 2B C8 2B 54 4" ........M+.+T
0230: 3A 98 50 33 11 2F 27 C2 60 9E F9 40 52 26 05 A9 :.P3./'.`..@R&..
0240: B6 E8 F4 73 1A B0 E9 11 EF C3 23 D9 1D FB 02 03 ...s......#.....
0250: 01 00 01 A3 76 30 74 30 11 06 09 60 86 48 01 86 ....v0t0...`.H..
0260: F8 42 01 01 04 04 03 02 06 40 30 0E 06 03 55 1D [email protected].
0270: 0F 01 01 FF 04 04 03 02 04 F0 30 1F 06 03 55 1D ..........0...U.
0280: 23 04 18 30 16 80 14 61 03 42 D0 1B 10 56 EE 2E #..0...a.B...V..
0290: F1 24 61 D5 25 B3 31 03 27 85 AA 30 2E 06 03 55 .$a.%.1.'..0...U
02A0: 1D 11 04 27 30 25 81 23 63 6F 73 6C 74 65 6D 70 ...'0%.#cosltemp
02B0: 2E 6A 61 79 61 70 72 61 6B 61 73 68 40 6F 72 62 .jayaprakash@orb
02C0: 69 74 65 63 68 2E 63 6F 2E 69 6E 30 0D 06 09 2A itech.co.in0...*
02D0: 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 39 C0 .H............9.
02E0: C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 51 AF .94*RlGH......Q.
02F0: DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 E9 94 .CT.4...bp.%....
0300: EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 32 28 .....(..b.4..d2(
0310: 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 94 6D Z.N......$-(...m
0320: F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 9F F1 ...4.cp.M8y.....
0330: C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A 7C EE .h........0.....
0340: 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D D9 B2 .2.^.Y.<....5...
0350: F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F 00 03 ........`.".._..
0360: 22 30 82 03 1E 30 82 02 87 A0 03 02 01 02 02 01 "0...0..........
0370: 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 .0...*.H........
0380: 30 81 98 31 0B 30 09 06 03 55 04 06 13 02 49 6E 0..1.0...U....In
0390: 31 14 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 1.0...U....Mahar
03A0: 61 73 68 74 72 61 31 18 30 16 06 03 55 04 07 13 ashtra1.0...U...
03B0: 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 45 50 5A .Andheri / SEEPZ
03C0: 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 62 69 74 1#0!..U....Orbit
03D0: 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 20 4C 69 ech Solutions Li
03E0: 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 0B 13 04 mited1.0...U....
03F0: 51 50 45 47 31 25 30 23 06 03 55 04 03 13 1C 4F QPEG1%0#..U....O
0400: 72 62 69 74 65 63 68 20 43 65 72 74 69 66 69 63 rbitech Certific
0410: 61 74 65 20 4D 61 6E 61 67 65 72 30 1E 17 0D 30 ate Manager0...0
0420: 32 30 37 31 38 31 39 30 30 30 30 5A 17 0D 32 38 20718190000Z..28
0430: 30 37 31 38 31 39 30 30 30 30 5A 30 81 98 31 0B 0718190000Z0..1.
0440: 30 09 06 03 55 04 06 13 02 49 6E 31 14 30 12 06 0...U....In1.0..
0450: 03 55 04 08 13 0B 4D 61 68 61 72 61 73 68 74 72 .U....Maharashtr
0460: 61 31 18 30 16 06 03 55 04 07 13 0F 41 6E 64 68 a1.0...U....Andh
0470: 65 72 69 20 2F 20 53 45 45 50 5A 31 23 30 21 06 eri / SEEPZ1#0!.
0480: 03 55 04 0A 13 1A 4F 72 62 69 74 65 63 68 20 53 .U....Orbitech S
0490: 6F 6C 75 74 69 6F 6E 73 20 4C 69 6D 69 74 65 64 olutions Limited
04A0: 31 0D 30 0B 06 03 55 04 0B 13 04 51 50 45 47 31 1.0...U....QPEG1
04B0: 25 30 23 06 03 55 04 03 13 1C 4F 72 62 69 74 65 %0#..U....Orbite
04C0: 63 68 20 43 65 72 74 69 66 69 63 61 74 65 20 4D ch Certificate M
04D0: 61 6E 61 67 65 72 30 81 9F 30 0D 06 09 2A 86 48 anager0..0...*.H
04E0: 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 ............0...
04F0: 81 81 00 DC 3A 63 36 00 7B F1 7C C4 C0 6B 52 1F ....:c6......kR.
0500: 4B 71 46 28 3E C0 C3 B9 0B E9 FB 2D CA 7F E3 90 KqF(>......-....
0510: 84 60 60 C3 3B C3 B1 0F 9F CF 5C 3B 6E 3C C4 6D .``.;.....\;n<.m
0520: BD 11 12 9F A5 A7 FE EE 1A 4C 67 9E D7 BE 1B 1E .........Lg.....
0530: 1C C5 5A 0F 42 B1 4A 88 CA 49 13 02 0F 3F 79 EE ..Z.B.J..I...?y.
0540: A2 86 4D 88 3D 98 48 30 2E AB A4 D1 6B 9B 95 39 ..M.=.H0....k..9
0550: 81 03 CA 1C 7D 14 8E EB 9D CB 09 C5 BD 50 58 A0 .............PX.
0560: 52 81 5C DD E9 09 EC BD 83 05 24 10 73 68 A5 5A R.\.......$.sh.Z
0570: 44 4B 09 02 03 01 00 01 A3 76 30 74 30 11 06 09 DK.......v0t0...
0580: 60 86 48 01 86 F8 42 01 01 04 04 03 02 00 D7 30 `.H...B........0
0590: 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF ...U.......0....
05A0: 30 1D 06 03 55 1D 0E 04 16 04 14 61 03 42 D0 1B 0...U......a.B..
05B0: 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA 30 .V...$a.%.1.'..0
05C0: 1F 06 03 55 1D 23 04 18 30 16 80 14 61 03 42 D0 ...U.#..0...a.B.
05D0: 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA ..V...$a.%.1.'..
05E0: 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 86 0...U...........
05F0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0600: 81 81 00 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 ..........EL....
0610: 86 B9 37 BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D ..7.;O..].;p5...
0620: 54 B7 89 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B T..[J2..aZ...$..
0630: F4 23 40 D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 .#@.M.Sz.NN...:W
0640: EF 43 02 C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 .C..........t%S.
0650: 7B 38 2F 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D .8/\..p..._..<U-
0660: FF 2A FB 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA .*....*....]_6..
0670: 57 EF 74 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 W.t...R...h..N..
0680: A2 0C 7F 0D 00 01 27 02 01 02 01 22 00 83 30 81 ......'...."..0.
0690: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
06A0: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
06B0: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
06C0: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
06D0: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
06E0: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
06F0: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
0700: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
0710: 41 00 9B 30 81 98 31 0B 30 09 06 03 55 04 06 13 A..0..1.0...U...
0720: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0730: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
0740: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
0750: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
0760: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
0770: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
0780: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
0790: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
07A0: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 0E 00 ficate Manager..
07B0: 00 00 ..
Thread-1, WRITE: TLSv1 Handshake, length = 1970
Thread-1, READ: TLSv1 Handshake, length = 1727
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
failed extension check: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
ext exception was: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
Thread-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-1, WRITE: TLSv1 Alert, length = 2
Thread-1, called closeSocket()
Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape
CertType extension for SSL client
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL cli
ent
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)I'm having a related problem. It only occurs on the 1.4.1 version of the JRE. The 1.4.0 works fine. I've created my own custom socket for an RMI server that uses SSL to encrypt any data being sent. I have a valid certificate that works fine to encrypt data from my web server. The client gets the same exception that was posted above. Here is the stack trace on the client's machine if they are running the 1.4.1 JRE:
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
at com.msfw.imageserver.RMIServer_Stub.processRequest(Unknown Source)
at com.msfw.business.Server.rmiQuery(Server.java:389)
at com.msfw.business.Server.callServer(Server.java:540)
at com.msfw.business.Server.callServer(Server.java:523)
at com.msfw.business.Server.callServer(Server.java:518)
at com.msfw.business.Server.callServer(Server.java:572)
at com.msfw.business.Server.callServer(Server.java:578)
at com.msfw.idwebview.IdViewApplet.callServer(IdViewApplet.java:6058)
at com.msfw.idwebview.IdViewApplet.appletRun(IdViewApplet.java:889)
at com.msfw.idwebview.IdViewApplet.start(IdViewApplet.java:1177)
at com.msfw.splash.SplashApplet.init(SplashApplet.java:101)
at sun.applet.AppletPanel.run(AppletPanel.java:347)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
... 15 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
... 26 more
I also created my own homemade certificate and get the same results. Like I said before, the 1.4.0 JRE doesn't do this so it seems to be a new bug in the 1.4.1. Does anyone know how to get around this or what is causing this problem? Thanks. -
Ssl-handshake fails with scandinavian chars in client certificate
Hello,
We've run into a problem with 2-way-ssl and certificates that have scandinavian
characters in the subject. The problem cert is used as client-certificate for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link that will immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they cause it,
but the certs ought to be according to specs: name-fields encoding is UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
java.lang.NullPointerException: Could not set value for ASN.1 string object..
java.lang.NullPointerException: Could not set value for ASN.1 string object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE-----BMPString is another asn1 type that can be used for certificate attributes with
non-ascii characters. The workaround is simply to use the BMPString instead of
UTF8String for that subject name attribute in the certificate request. This off-course
assumes that you can replace the certificate, and have control over what asn1
type is used for the subject name attributes in the certificate request (via a
tool options, or by generating the request yourself), so it is probably not applicable.
Pavel.
"Ari Räisänen" <[email protected]> wrote:
>
Thanks again, Pavel!
I'm filing a support case about this. You talked about a workaround (BMPString).
Could you be more spesific? I haven't talked about this issue with Igor
yet.
Regards,
Ari
"Pavel" <[email protected]> wrote:
Sounds like a bug in certicom code. It should support UTF8String.
I'd file a support case.
You might be able to use BMPString instead as a workaround.
Pavel.
"Igor Styrman" <[email protected]> wrote:
Hello,
We've run into a problem with 2-way-ssl and certificates that have
scandinavian
characters in the subject. The problem cert is used as client-certificate
for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link thatwill
immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing
will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they
cause it,
but the certs ought to be according to specs: name-fields encoding
is
UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
(and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte
Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape
Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte
Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Premium
Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA
Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
failed
java.lang.NullPointerException: Could not set value for ASN.1 string
object..
java.lang.NullPointerException: Could not set value for ASN.1 string
object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE----- -
EAP-TLS or PEAP authentication failed during SSL handshake
Hi Pros,
I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
When I check my log in the failed attemps, there is what I found:
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
Network Access Profile Name
Authen-Failure-Code
Author-Failure-Code
Author-Data
NAS-Port
NAS-IP-Address
Filter Information
PEAP/EAP-FAST-Clear-Name
EAP Type
EAP Type Name
Reason
Access Device
Network Device Group
06/23/2010
17:39:51
Authen failed
000e.9b6e.e834
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1101
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Networ
06/23/2010
17:39:50
Authen failed
[email protected]
Default Group
000e.9b6e.e834
(Default)
EAP-TLS or PEAP authentication failed during SSL handshake
1098
10.111.22.24
25
MS-PEAP
wbr-1121-zozo-test
Office Network
[email protected] = my windows active directory name
1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
2. Why sometimes it just shows the MAC of the client for username?
3. Why it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
2. Secondly, When I check in pass authentications... there is what i saw
Date
Time
Message-Type
User-Name
Group-Name
Caller-ID
NAS-Port
NAS-IP-Address
Network Access Profile Name
Shared RAC
Downloadable ACL
System-Posture-Token
Application-Posture-Token
Reason
EAP Type
EAP Type Name
PEAP/EAP-FAST-Clear-Name
Access Device
Network Device Group
06/23/2010
17:30:49
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
06/23/2010
17:29:27
Authen OK
groszozo
NOC Tier 2
10.11.10.105
1
10.111.22.24
(Default)
wbr-1121-zozo-test
Office Network
In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did check ENABLE EAP-TLS machine authentication.
Thanks in advance for your help,
Crazy---Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
Let's brain storm together to figure out this guys.
Thanks in advance,
----Paul -
EAP-TLS or PEAP authentication failed during SSL handshake to the ACS serve
We are running the LWAPP (2006 wlc's and 1242 AP's) and using the ACS 4.0 for authentication. Our users are
experiencing an issue, where they are successfully authenticated the first time, however as the number of them is increasing, they're starting to drop the connections and being prompted to re-authenticate. At this point, they are not being able to authenticate again.
We're using PEAP for the authentication and Win XP SP2 clients as the supplicants. The error message that we are seeing on the ACS for that controller is "EAP-TLS or PEAP authentication failed during SSL handshake to the ACS server"...Not sure if this error msg is relevant since we have other WLC's that are working OK and still generating the same error msg on the ACS...
Thanks..Here are some configs you can try:
config advanced eap identity-request-timeout 120
config advanced eap identity-request-retries 20
config advanced eap request-timeout 120
config advanced eap request-retries 20
save config -
EAP-TLS or PEAP authentication failed during SSL handshake error
I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.
The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:
Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?
Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?
Thanks for the helpMy experience suggests that the problem is the certificate.
I'm running ACS 3.3.
I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.
Correctly following the instructions led to a successful connection and no more error message. -
SSL Handshake Delay for 4 seconds
Hi,
SSL Handshake is taking 4 seconds for some transaction. We can see the delay of 4 seconds in NetMon tool has given below description:
TLS:TLS Rec Layer-1 HandShake: Certificate.
TLS:TLS Rec Layer-1 Cipher Change Spec
Please assist us how to fix this issue.
Thanks,
SenthilHi,
You've mentioned as some transaction, are you clear of what transactions it's happening and where there is huge difference in payload/ different subnet/ passing through different set of firewalls.
Also, ensure you're systems are in time-sync with your NTP.
Is it just delay or it's breaking some functionality? -
Flash plugin on windows 7 teardown the TCP session immediately after successful SSL handshake
I have a RHEL platform in which tomcat is listening on 443 port.
Scope of Problem:
With the latest flash plugin, i am experiencing issue with Firefox on SSL port on Windows platform.
i.e.
Everythig works fine on non-SSL mode on Firefox, Chrome, IE on Windows 7.
Everythig works fine on SSL mode on Chrome, IE on Windows 7.
Analysis from Wireshark Captures:
I could see successful SSL handshake between firefox and my tomcat server.
Immediately after the handshake, the client teared down the session by sending a FIN/ACK packet.
Workaround:
Install older version of the flash plugin on Firefox.
Is there a non issue in SSL mode which is causing this issue?
Wireshark Trace:
Further observations:
===================
We observed this problem on Flash 13.0.0.182 build.
To debug this issue, we tried using the Flash debug image (13.0.0.182) and observed that the functionality is working.
In the Flash debug image, Firefox started showing us a popup indicating untrusted certificate "This page requires a secure connection which includes server authentication. The Certificate Issuer for this site is untrusted or unknown. Do you wish to proceed ? "
If we click "yes", then the complete functionality works fine.
Any clues/pointers, why the above popup is not coming in non-debug Flash image?I've had a similar problem since upgrading to Firefox 22 on Windows 7 x64. After resuming from hibernation, Firefox appears unresponsive; however, I believe it is a problem with redrawing the window. If I click to a different tab, nothing happens, but if I minimize Firefox and restore it, it now shows the new tab I switched to. If I have a video open and I click play, there is no visual change, but I hear the sound start. The normal functionality is resumed when closing Firefox and re-opening it.
-
Ssl handshake error when activating changes in admin console
An error occurred during activation of changes, please see the log for details.
[Deployer:149150]An IOException occurred while reading input.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
[Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
WLS 10.3 on Windows 2008: I configured one of my managed servers for SSL and I'm able to reach deployments via browser and the keystore/certificate chain I have setup. However, I'm getting the above error in Admin Console all over the place. I am unable to commit configuration changes without deleting the SSL managed server. The admin server is still HTTP via 7001. I'm not sure where to look to resolve this issue. Any ideas appreciated.It seems like you did not update the trust store of your AdminServer. It acts as a ssl client of your managed server and cannot verify its identity certificate.
Maybe you are looking for
-
How to re-rip CDs without losing tags and playlists?
Hi. Years ago I ripped all my CD collection into iTunes at a rather low bit rate (128kbps). Since then, most of my tracks have been included in several playlists and have been star rated, they now have lyrics, covers and in many cases have tag inform
-
Impossible migration to action script 3
I have my entire history of Flash files that open in the new version of Flash with all the old scripts erased. How do I even identify which scripts have been erased in this new version? I have games and a VJ system that i built and still regularly us
-
Disjointed rollover and jQuery (CS4)
Hi there, I made a simple page that starts with a gif animation, when the animation is done, a div fades up and quickly after that another div fades up, both using jQuery. This last div holds just an image. Now I have to change that image for a simpl
-
Printing via a Print Sever from MAC OSX 10.5.2
Hello all, I recently purchased a powerbook, (i'm loving it!), and have got a D-Link wired print server that is connected into my network, (DP-301U). I have a pc with xp pro and a laptop with Vista on -both of which i can print successfully from via
-
WWhy don't my photos in photo stream synch between my iPad 2 and iPhone 6 Plus and vice versa?