SSL Handshake issue

Similar Messages

• SSL Handshake issue in ios

  SSL Handshake passed through ipad safari browser but fails via app. Any suggestion would be great?

  I don't see how answering the 'why?' question will solve your problem, but in any case you're asking in the wrong place. You would have to ask the developers, if you can find them. You could try one of the Java Security mailing lists.
  NB this issue discussed extensively at Stack Overflow: jsse - SSL handshake issue while java client talking to SSLv3 ONLY server - Stack Overflow.

• How to Ignore SSL handshake warning in Flash Builder 4?

  Is it possible to configure Flash Builder to ignore SSL handshake issues when attempting to configure a Flex client to communicate with a PHP backend?  I'm attempting to connect to my PHP backend server running with a shared SSL certificate so the domain name doesn't match the certificate.
  Here's the error:
  javax.net.ssl.SSLHandshakeException:  java.security.cert.CertificateException: No name matching ...

  You understood correctly:
  - I removed all Build Path > Source Paths
  - I moved those paths over to Library Paths > Source attachment
  I took inspiration by how the Flex SDK is added to the project. Flex and flex related frameworks (e.g. datavisualization lib)  also specify a Source Attachment under Lib Path. If I remove the source attachment I am not able to drill down into Flex code when I want to by Command-clicking on a class name (or hitting F3).
  All my SWC are open source. BTW some of the source paths I was using were the path to the Flex code and to datavisualtization lib, which I think are the biggest library I am linking against. So maybe to recreate, just add those 2 libraries and make sure to add the source path AND source attachment.
  I am using RSLs for every library if that matters.
  I don't understand why specifying a Source Attachment would cause any issues...  the swc is in sync with the source specified in its source attachment.

• Write Channel Closed, possible SSL handshaking or trust failure

  Hi,
  I Have a problem while working with Two-way SSL. I get Write Channel Closed, possible
  SSL handshaking or trust failure error while contacting the server for invoking
  a webservice secured by SSL.
  I could figure out that the error is happening on client side while validating
  the server certificate.
  One more observation that i was able to find is, it works fine if the Server certificate
  and the client certificate are signed by the same (root) CA.
  I tried various options but couldn't find my luck. The BEA documentation in this
  regards is not at all sufficient.
  If i give strict checking false on my client end, the application works fine.
  But for my scenario i want strict checking to be happend (otherwise there is no
  point in going for SSL itself).
  I am using WLSSLAdapter on my client side. The client application is a standalone
  java class running out of weblogic (ideally running on JRun).
  The way i have coded in my java class is:
  String certificatePath = "C:/Cerificates/cert.pem";
            String caCertificatePath = "C:/Cerificates/clientca.pem";
            String targetURL = "https://localhost:443/feedservice/FeedService";
            //set weblogic ServiceFactory
            System.setProperty( "javax.xml.rpc.ServiceFactory",
            "weblogic.webservice.core.rpc.ServiceFactoryImpl" );
            System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
            System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
            SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
            WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
            adapter.setProtocolVersion("SSL3");
            adapter.setStrictChecking(true);
            adapter.setVerbose(true);
            FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
            String pwd = "password";
            System.out.println("Loding Certificate from ........"+certificatePath);
            adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
            System.out.println("Loding CA Certificate from ........"+caCertificatePath);
            adapter.setTrustedCertificatesFile(caCertificatePath);
            // optionally set the Adapter factory to use this instance always.
            sslFactory.setDefaultAdapter(adapter);
            sslFactory.setUseDefaultAdapter(true);               
            // Webservice invocation code..
            call.setTargetEndpointAddress(targetURL);
            call.setProperty("weblogic.webservice.client.ssladapter",adapter);               
            Object result = call.invoke(new Object[]{"test.xml"});
  The error that i get :
  java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
  at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
  Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
  at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
  at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
  at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
  at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
  at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
  at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
  at com.chase.userspace.aceclient.Client.main(Client.java:253)
  Exception in handler's handleRequest().
  Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write Channel
  Closed, possible SSL handshaking or trust fail
  ure
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
  at com.chase.userspace.aceclient.Client.main(Client.java:253)
  Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...

  The signature validation failure means your trusted CA certificate is not the issuer
  of the identity certificate. The identity certificate issuer name can match to
  the trusted CA certificate name, but the signature check really determines whether
  it is the issuer.
  Pavel.
  "Chandra Sekhar Rao" <[email protected]> wrote:
  >
  Hi payal,
  I have the issuer of the server identity certificate in the trust file
  on client
  side. The problem is with signature validation
  "Pavel" <[email protected]> wrote:
  It looks like your client does not trust the server certificate. Make
  sure the
  certificate you pass in adapter.setTrustedCertificatesFile(caCertificatePath);
  is the issuer of the server's identity certificate.
  Pavel.
  "Chandra Sekhar Rao" <[email protected]> wrote:
  Hi,
  I Have a problem while working with Two-way SSL. I get Write Channel
  Closed, possible
  SSL handshaking or trust failure error while contacting the server
  for
  invoking
  a webservice secured by SSL.
  I could figure out that the error is happening on client side whilevalidating
  the server certificate.
  One more observation that i was able to find is, it works fine if the
  Server certificate
  and the client certificate are signed by the same (root) CA.
  I tried various options but couldn't find my luck. The BEA documentation
  in this
  regards is not at all sufficient.
  If i give strict checking false on my client end, the application works
  fine.
  But for my scenario i want strict checking to be happend (otherwisethere
  is no
  point in going for SSL itself).
  I am using WLSSLAdapter on my client side. The client application is
  a standalone
  java class running out of weblogic (ideally running on JRun).
  The way i have coded in my java class is:
  String certificatePath = "C:/Cerificates/cert.pem";
            String caCertificatePath = "C:/Cerificates/clientca.pem";
            String targetURL = "https://localhost:443/feedservice/FeedService";
            //set weblogic ServiceFactory
            System.setProperty( "javax.xml.rpc.ServiceFactory",
            "weblogic.webservice.core.rpc.ServiceFactoryImpl" );
            System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
            System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
            SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
            WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
            adapter.setProtocolVersion("SSL3");
            adapter.setStrictChecking(true);
            adapter.setVerbose(true);
            FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
            String pwd = "password";
            System.out.println("Loding Certificate from ........"+certificatePath);
            adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
            System.out.println("Loding CA Certificate from ........"+caCertificatePath);
            adapter.setTrustedCertificatesFile(caCertificatePath);
            // optionally set the Adapter factory to use this instance always.
            sslFactory.setDefaultAdapter(adapter);
            sslFactory.setUseDefaultAdapter(true);               
            // Webservice invocation code..
            call.setTargetEndpointAddress(targetURL);
            call.setProperty("weblogic.webservice.client.ssladapter",adapter);
            Object result = call.invoke(new Object[]{"test.xml"});
  The error that i get :
  java.io.IOException: Write Channel Closed, possible SSL handshakingor
  trust failure
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
  Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
  at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
  Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
  Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
  at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
  at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
  at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
  at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
  at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
  at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
  at com.chase.userspace.aceclient.Client.main(Client.java:253)
  Exception in handler's handleRequest().
  Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write
  Channel
  Closed, possible SSL handshaking or trust fail
  ure
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
  at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
  at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
  at com.chase.userspace.aceclient.Client.main(Client.java:253)
  Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...

• Weblogic server 10.3.5 error during SSL handshake

  Please some one help to figure the issue with following logs.
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33092690>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33095418>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33092490 SSL Version data invalid>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
  <16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
       at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  >
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33092690>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33095215 SSL Version data invalid>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
  <16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
       at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  >
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
  <16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33095418>
  I just created domain with http and https ports. I installed an web app. When I am trying to access the app from browser through https the above error is occurring.
  Please somebody help me.
  Thanks in advance.
  SK

  This message indicates that the SSL connection is closed successfully. It is a warning message and normal to see in the logs when you enable the SSL debug flags. This is an expected behavior. If you see alerts when SSL debug is NOT ENABLED then it is a real alert and we need to take care of those issues. Also, it is not a real alert, it is a caught and handled exception from the certicom code which is not harmful and should be ignored, just because you have enabled the SSL debug flag. Once you turn it off, you won't see it in the logs.
  Edited by: sharmela on Jan 22, 2013 4:55 AM

• In SSL Handshake : failed extension check error

  Hi all,
  Could anyone help in this?
  Im facing a problem in SSL handshaking using JSSE, J2SDK1.4.
  The CertificateException message is :
  Invalid Netscape CertType extension for SSL client
  And the source of error is : failed extension check
  The following is the trace SSL Server.
  D:\users\Jp\java\jssesamples\sockets\server\class>java -Djavax.net.debug=SSL,handshake,data,trustmanager ClassFileServer 1089
  . TLS true
  USAGE: java ClassFileServer port docroot [TLS [true]]
  If the third argument is TLS, it will start as
  a TLS/SSL file server, otherwise, it will be
  an ordinary file server.
  If the fourth argument is true,it will require
  client authentication as well.
  found key for : serverkey
  chain [0] = [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
  Validity: [From: Fri Sep 27 12:36:44 IST 2002,
                 To: Sat Sep 27 12:36:44 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    11]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
  0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
  0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
  0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
  0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
  0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
  0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
  0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
  chain [1] = [
  Version: V3
  Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
  Validity: [From: Fri Jul 19 00:30:00 IST 2002,
                 To: Wed Jul 19 00:30:00 IST 2028]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    01]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL client
  SSL server
  Object Signing
  SSL CA
  S/MIME CA
  Object Signing CA]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  [5]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
  0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
  0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
  0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
  0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
  0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
  0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
  0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
  adding private entry as trusted cert: [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
  Validity: [From: Fri Sep 27 12:36:44 IST 2002,
                 To: Sat Sep 27 12:36:44 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    11]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
  0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
  0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
  0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
  0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
  0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
  0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
  0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
  adding as trusted cert: [
  Version: V3
  Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
  Validity: [From: Fri Jul 19 00:30:00 IST 2002,
                 To: Wed Jul 19 00:30:00 IST 2028]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    01]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL client
  SSL server
  Object Signing
  SSL CA
  S/MIME CA
  Object Signing CA]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  [5]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
  0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
  0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
  0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
  0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
  0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
  0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
  0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
  trigger seeding of SecureRandom
  done seeding SecureRandom
  matching alias: serverkey
  [read] MD5 and SHA1 hashes: len = 3
  0000: 01 03 01 ...
  [read] MD5 and SHA1 hashes: len = 74
  0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
  0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
  0020: 12 00 00 03 02 00 80 00 00 11 3D 94 3D E6 6A 85 ..........=.=.j.
  0030: 4E 4B 5F DC 11 A2 3C F3 59 F7 1E 96 93 87 31 6A NK_...<.Y.....1j
  0040: CD 2B 58 8A A1 7E A4 7D C5 C7 .+X.......
  Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1016347878 bytes = { 106, 133, 78, 75, 95, 220, 17, 162, 60, 243, 89, 247, 30, 150, 147, 135, 49, 106, 20
  5, 43, 88, 138, 161, 126, 164, 125, 197, 199 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_
  CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES4
  0_CBC_SHA]
  Compression Methods: { 0 }
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1016347878 bytes = { 163, 141, 218, 216, 192, 179, 129, 194, 37, 124, 119, 173, 229, 90, 173, 39, 166, 16
  6, 58, 146, 118, 120, 174, 234, 161, 101, 91, 104 }
  Session ID: {61, 148, 61, 230, 252, 82, 216, 137, 71, 131, 250, 161, 21, 201, 221, 98, 131, 132, 212, 15, 253, 235, 102, 35,
  90, 154, 189, 159, 119, 125, 204, 167}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  Cipher suite: SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  Finalizer, called close()
  Finalizer, called closeInternal(true)
  Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
  Finalizer, WRITE: TLSv1 Alert, length = 2
  chain [0] = [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
  Validity: [From: Fri Sep 27 12:36:44 IST 2002,
                 To: Sat Sep 27 12:36:44 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    11]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
  0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
  0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
  0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
  0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
  0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
  0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
  0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
  chain [1] = [
  Version: V3
  Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
  Validity: [From: Fri Jul 19 00:30:00 IST 2002,
                 To: Wed Jul 19 00:30:00 IST 2028]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    01]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL client
  SSL server
  Object Signing
  SSL CA
  S/MIME CA
  Object Signing CA]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  [5]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
  0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
  0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
  0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
  0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
  0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
  0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
  0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
  *** CertificateRequest
  Cert Types: RSA, DSS,
  Cert Authorities:
  <CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN>
  <CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In>
  *** ServerHelloDone
  [write] MD5 and SHA1 hashes: len = 1970
  0000: 02 00 00 46 03 01 3D 94 3D E6 A3 8D DA D8 C0 B3 ...F..=.=.......
  0010: 81 C2 25 7C 77 AD E5 5A AD 27 A6 A6 3A 92 76 78 ..%.w..Z.'..:.vx
  0020: AE EA A1 65 5B 68 20 3D 94 3D E6 FC 52 D8 89 47 ...e[h =.=..R..G
  0030: 83 FA A1 15 C9 DD 62 83   84 D4 0F FD EB 66 23 5A  ......b......f#Z
  0040: 9A BD 9F 77 7D CC A7 00   04 00 0B 00 06 35 00 06  ...w.........5..
  0050: 32 00 03 0A 30 82 03 06   30 82 02 6F A0 03 02 01  2...0...0..o....
  0060: 02 02 01 11 30 0D 06 09   2A 86 48 86 F7 0D 01 01  ....0...*.H.....
  0070: 04 05 00 30 81 98 31 0B   30 09 06 03 55 04 06 13  ...0..1.0...U...
  0080: 02 49 6E 31 14 30 12 06   03 55 04 08 13 0B 4D 61  .In1.0...U....Ma
  0090: 68 61 72 61 73 68 74 72   61 31 18 30 16 06 03 55  harashtra1.0...U
  00A0: 04 07 13 0F 41 6E 64 68   65 72 69 20 2F 20 53 45  ....Andheri / SE
  00B0: 45 50 5A 31 23 30 21 06   03 55 04 0A 13 1A 4F 72  EPZ1#0!..U....Or
  00C0: 62 69 74 65 63 68 20 53   6F 6C 75 74 69 6F 6E 73  bitech Solutions
  00D0: 20 4C 69 6D 69 74 65 64   31 0D 30 0B 06 03 55 04   Limited1.0...U.
  00E0: 0B 13 04 51 50 45 47 31   25 30 23 06 03 55 04 03  ...QPEG1%0#..U..
  00F0: 13 1C 4F 72 62 69 74 65   63 68 20 43 65 72 74 69  ..Orbitech Certi
  0100: 66 69 63 61 74 65 20 4D   61 6E 61 67 65 72 30 1E  ficate Manager0.
  0110: 17 0D 30 32 30 39 32 37   30 37 30 36 34 34 5A 17  ..020927070644Z.
  0120: 0D 30 33 30 39 32 37 30   37 30 36 34 34 5A 30 81  .030927070644Z0.
  0130: 80 31 0B 30 09 06 03 55   04 06 13 02 49 4E 31 14  .1.0...U....IN1.
  0140: 30 12 06 03 55 04 08 13   0B 4D 61 68 61 72 61 73  0...U....Maharas
  0150: 68 74 72 61 31 0F 30 0D   06 03 55 04 07 13 06 4D  htra1.0...U....M
  0160: 75 6D 62 61 69 31 1A 30   18 06 03 55 04 0A 13 11  umbai1.0...U....
  0170: 53 61 6D 70 6C 65 20 53   65 72 76 65 72 20 4F 72  Sample Server Or
  0180: 67 31 16 30 14 06 03 55   04 0B 13 0D 53 61 6D 70  g1.0...U....Samp
  0190: 6C 65 20 53 65 72 76 65   72 31 16 30 14 06 03 55  le Server1.0...U
  01A0: 04 03 13 0D 4A 61 79 61   70 72 61 6B 61 73 68 20  ....Jayaprakash
  01B0: 41 30 81 9F 30 0D 06 09   2A 86 48 86 F7 0D 01 01  A0..0...*.H.....
  01C0: 01 05 00 03 81 8D 00 30   81 89 02 81 81 00 A5 66  .......0.......f
  01D0: A2 53 DE A9 94 5F 48 C1   4B 67 E2 A8 AE EB 86 40  .S..._H.Kg.....@
  01E0: F0 BD 58 94 1E 25 7F B3   AA A5 FB 9D B7 33 DB 6C  ..X..%.......3.l
  01F0: 5A 21 2D 95 44 5E 5A 28   AB 59 40 0C C2 D2 CC EE  Z!-.D^Z(.Y@.....
  0200: C8 74 DD 62 25 43 5C CE   79 FF 6D 9B 04 25 8E BD  .t.b%C\.y.m..%..
  0210: 05 9C 9C D6 55 DC 13 23   98 C5 5D 5C 01 5F D6 54  ....U..#..]\._.T
  0220: 34 22 20 CE A1 AE C8 0C B4 FC 03 4D 2B C8 2B 54 4" ........M+.+T
  0230: 3A 98 50 33 11 2F 27 C2 60 9E F9 40 52 26 05 A9 :.P3./'.`..@R&..
  0240: B6 E8 F4 73 1A B0 E9 11 EF C3 23 D9 1D FB 02 03 ...s......#.....
  0250: 01 00 01 A3 76 30 74 30 11 06 09 60 86 48 01 86 ....v0t0...`.H..
  0260: F8 42 01 01 04 04 03 02 06 40 30 0E 06 03 55 1D [email protected].
  0270: 0F 01 01 FF 04 04 03 02 04 F0 30 1F 06 03 55 1D ..........0...U.
  0280: 23 04 18 30 16 80 14 61 03 42 D0 1B 10 56 EE 2E #..0...a.B...V..
  0290: F1 24 61 D5 25 B3 31 03 27 85 AA 30 2E 06 03 55 .$a.%.1.'..0...U
  02A0: 1D 11 04 27 30 25 81 23 63 6F 73 6C 74 65 6D 70 ...'0%.#cosltemp
  02B0: 2E 6A 61 79 61 70 72 61 6B 61 73 68 40 6F 72 62 .jayaprakash@orb
  02C0: 69 74 65 63 68 2E 63 6F 2E 69 6E 30 0D 06 09 2A itech.co.in0...*
  02D0: 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 39 C0 .H............9.
  02E0: C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 51 AF .94*RlGH......Q.
  02F0: DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 E9 94 .CT.4...bp.%....
  0300: EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 32 28 .....(..b.4..d2(
  0310: 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 94 6D Z.N......$-(...m
  0320: F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 9F F1 ...4.cp.M8y.....
  0330: C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A 7C EE .h........0.....
  0340: 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D D9 B2 .2.^.Y.<....5...
  0350: F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F 00 03 ........`.".._..
  0360: 22 30 82 03 1E 30 82 02 87 A0 03 02 01 02 02 01 "0...0..........
  0370: 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 .0...*.H........
  0380: 30 81 98 31 0B 30 09 06 03 55 04 06 13 02 49 6E 0..1.0...U....In
  0390: 31 14 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 1.0...U....Mahar
  03A0: 61 73 68 74 72 61 31 18 30 16 06 03 55 04 07 13 ashtra1.0...U...
  03B0: 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 45 50 5A .Andheri / SEEPZ
  03C0: 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 62 69 74 1#0!..U....Orbit
  03D0: 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 20 4C 69 ech Solutions Li
  03E0: 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 0B 13 04 mited1.0...U....
  03F0: 51 50 45 47 31 25 30 23 06 03 55 04 03 13 1C 4F QPEG1%0#..U....O
  0400: 72 62 69 74 65 63 68 20 43 65 72 74 69 66 69 63 rbitech Certific
  0410: 61 74 65 20 4D 61 6E 61 67 65 72 30 1E 17 0D 30 ate Manager0...0
  0420: 32 30 37 31 38 31 39 30 30 30 30 5A 17 0D 32 38 20718190000Z..28
  0430: 30 37 31 38 31 39 30 30 30 30 5A 30 81 98 31 0B 0718190000Z0..1.
  0440: 30 09 06 03 55 04 06 13 02 49 6E 31 14 30 12 06 0...U....In1.0..
  0450: 03 55 04 08 13 0B 4D 61 68 61 72 61 73 68 74 72 .U....Maharashtr
  0460: 61 31 18 30 16 06 03 55 04 07 13 0F 41 6E 64 68 a1.0...U....Andh
  0470: 65 72 69 20 2F 20 53 45 45 50 5A 31 23 30 21 06 eri / SEEPZ1#0!.
  0480: 03 55 04 0A 13 1A 4F 72 62 69 74 65 63 68 20 53 .U....Orbitech S
  0490: 6F 6C 75 74 69 6F 6E 73 20 4C 69 6D 69 74 65 64 olutions Limited
  04A0: 31 0D 30 0B 06 03 55 04 0B 13 04 51 50 45 47 31 1.0...U....QPEG1
  04B0: 25 30 23 06 03 55 04 03 13 1C 4F 72 62 69 74 65 %0#..U....Orbite
  04C0: 63 68 20 43 65 72 74 69 66 69 63 61 74 65 20 4D ch Certificate M
  04D0: 61 6E 61 67 65 72 30 81 9F 30 0D 06 09 2A 86 48 anager0..0...*.H
  04E0: 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 ............0...
  04F0: 81 81 00 DC 3A 63 36 00 7B F1 7C C4 C0 6B 52 1F ....:c6......kR.
  0500: 4B 71 46 28 3E C0 C3 B9 0B E9 FB 2D CA 7F E3 90 KqF(>......-....
  0510: 84 60 60 C3 3B C3 B1 0F 9F CF 5C 3B 6E 3C C4 6D .``.;.....\;n<.m
  0520: BD 11 12 9F A5 A7 FE EE 1A 4C 67 9E D7 BE 1B 1E .........Lg.....
  0530: 1C C5 5A 0F 42 B1 4A 88 CA 49 13 02 0F 3F 79 EE ..Z.B.J..I...?y.
  0540: A2 86 4D 88 3D 98 48 30 2E AB A4 D1 6B 9B 95 39 ..M.=.H0....k..9
  0550: 81 03 CA 1C 7D 14 8E EB 9D CB 09 C5 BD 50 58 A0 .............PX.
  0560: 52 81 5C DD E9 09 EC BD 83 05 24 10 73 68 A5 5A R.\.......$.sh.Z
  0570: 44 4B 09 02 03 01 00 01 A3 76 30 74 30 11 06 09 DK.......v0t0...
  0580: 60 86 48 01 86 F8 42 01 01 04 04 03 02 00 D7 30 `.H...B........0
  0590: 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF ...U.......0....
  05A0: 30 1D 06 03 55 1D 0E 04 16 04 14 61 03 42 D0 1B 0...U......a.B..
  05B0: 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA 30 .V...$a.%.1.'..0
  05C0: 1F 06 03 55 1D 23 04 18 30 16 80 14 61 03 42 D0 ...U.#..0...a.B.
  05D0: 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA ..V...$a.%.1.'..
  05E0: 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 86 0...U...........
  05F0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
  0600: 81 81 00 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 ..........EL....
  0610: 86 B9 37 BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D ..7.;O..].;p5...
  0620: 54 B7 89 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B T..[J2..aZ...$..
  0630: F4 23 40 D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 .#@.M.Sz.NN...:W
  0640: EF 43 02 C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 .C..........t%S.
  0650: 7B 38 2F 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D .8/\..p..._..<U-
  0660: FF 2A FB 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA .*....*....]_6..
  0670: 57 EF 74 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 W.t...R...h..N..
  0680: A2 0C 7F 0D 00 01 27 02 01 02 01 22 00 83 30 81 ......'...."..0.
  0690: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
  06A0: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
  06B0: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
  06C0: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
  06D0: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
  06E0: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
  06F0: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
  0700: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
  0710: 41 00 9B 30 81 98 31 0B 30 09 06 03 55 04 06 13 A..0..1.0...U...
  0720: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
  0730: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
  0740: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
  0750: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
  0760: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
  0770: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
  0780: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
  0790: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
  07A0: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 0E 00 ficate Manager..
  07B0: 00 00 ..
  Thread-1, WRITE: TLSv1 Handshake, length = 1970
  Thread-1, READ: TLSv1 Handshake, length = 1727
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
  Validity: [From: Fri Sep 27 12:36:25 IST 2002,
                 To: Sat Sep 27 12:36:25 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    10]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
  0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
  0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
  0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
  0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
  0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
  0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
  0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
  chain [1] = [
  Version: V3
  Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
  Validity: [From: Fri Jul 19 00:30:00 IST 2002,
                 To: Wed Jul 19 00:30:00 IST 2028]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    01]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL client
  SSL server
  Object Signing
  SSL CA
  S/MIME CA
  Object Signing CA]
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
  [5]: ObjectId: 2.5.29.19 Criticality=true
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
  0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
  0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
  0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
  0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
  0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
  0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
  0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
  failed extension check: [
  Version: V3
  Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
  Validity: [From: Fri Sep 27 12:36:25 IST 2002,
                 To: Sat Sep 27 12:36:25 IST 2003]
  Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
  SerialNumber: [    10]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
  NetscapeCertType [
  SSL server
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
  0010: 03 27 85 AA .'..
  [3]: ObjectId: 2.5.29.17 Criticality=false
  SubjectAlternativeName [
  [RFC822Name: [email protected]]]
  [4]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [MD5withRSA]
  Signature:
  0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
  0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
  0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
  0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
  0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
  0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
  0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
  0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
  ext exception was: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
  Thread-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown
  Thread-1, WRITE: TLSv1 Alert, length = 2
  Thread-1, called closeSocket()
  Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape
  CertType extension for SSL client
  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL cli
  ent
  at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

  I'm having a related problem. It only occurs on the 1.4.1 version of the JRE. The 1.4.0 works fine. I've created my own custom socket for an RMI server that uses SSL to encrypt any data being sent. I have a valid certificate that works fine to encrypt data from my web server. The client gets the same exception that was posted above. Here is the stack trace on the client's machine if they are running the 1.4.1 JRE:
  java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
       javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
       at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
       at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
       at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
       at com.msfw.imageserver.RMIServer_Stub.processRequest(Unknown Source)
       at com.msfw.business.Server.rmiQuery(Server.java:389)
       at com.msfw.business.Server.callServer(Server.java:540)
       at com.msfw.business.Server.callServer(Server.java:523)
       at com.msfw.business.Server.callServer(Server.java:518)
       at com.msfw.business.Server.callServer(Server.java:572)
       at com.msfw.business.Server.callServer(Server.java:578)
       at com.msfw.idwebview.IdViewApplet.callServer(IdViewApplet.java:6058)
       at com.msfw.idwebview.IdViewApplet.appletRun(IdViewApplet.java:889)
       at com.msfw.idwebview.IdViewApplet.start(IdViewApplet.java:1177)
       at com.msfw.splash.SplashApplet.init(SplashApplet.java:101)
       at sun.applet.AppletPanel.run(AppletPanel.java:347)
       at java.lang.Thread.run(Thread.java:536)
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
       at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
       at java.io.DataOutputStream.flush(DataOutputStream.java:101)
       at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
       ... 15 more
  Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
       at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
       ... 26 more
  I also created my own homemade certificate and get the same results. Like I said before, the 1.4.0 JRE doesn't do this so it seems to be a new bug in the 1.4.1. Does anyone know how to get around this or what is causing this problem? Thanks.

• SSL Handshake Error in Android (ADF Mobile)

  Hi Guys,
  Now I am tried to using "https" Web service with my application, but seems show SSL handshake error specially in Android only, iOS is totally working.
  Log from Android is
  09-27 18:09:03.252: I/System.out(30444): [SEVERE - oracle.adfmf.framework - adf.mf.internal - logError] Request:  {classname: oracle.adfmf.framework.api.Model; method: processBatchRequests; params: [0: false][1: [0: {classname: oracle.adfmf.framework.api.Model; method: evaluateMethodExpression; params: [0: #{bindings.AgentAuthenCDKey.execute}][1: [0: {.type: oracle.adfmf.amx.event.ActionEvent; }]][2: void][3: [0: oracle.adfmf.amx.event.ActionEvent]]; }]]; } exception:  {message: SSL handshake failure; errorCode: 409; .type: oracle.adfmf.framework.exception.AdfInvocationRuntimeException; .exception: true; severity: ERROR; errorCategory: WEBSERVICE; }
  How to solved this one ?
  ** If my android didn't connect to internet, it still show "SSL handshake error" too, that so weird !

  Hi,
  Sorry to bump this, but I have the exact same problem. "SSL Handshake Error" when calling SSL enabled web services - works fine on iOS, but not on Android, which implies to me a problem with the framework rather than my certificate?
  : D/CVM(985): [SEVERE - oracle.adfmf.framework - Utility - invoke] InvocationTargetException Error: ERROR [oracle.adfmf.framework.exception.AdfInvocationRuntimeException] - SSL handshake failure
  I'm on JDeveloper 11.1.2.4, ADF Mobile Framework 11.1.2.4.39.64.51.
  Are there any known issues with ADF Mobile/SSL on Android?
  Any help is much appreciated.
  Rich.

• Ssl-handshake fails with scandinavian chars in client certificate

  Hello,
  We've run into a problem with 2-way-ssl and certificates that have scandinavian
  characters in the subject. The problem cert is used as client-certificate for
  authentication and it goes like this:
  1. Client surfs with http in our site, until clicks https-link that will immediately
  start the ssl-handshake
  2. Server presents it's trusted cert-list fine
  3. PIN is being asked fine
  4. Next the request processing stops on the exception below and nothing will happen
  on the client side.
  Certs without these äöå -chars work fine, so our guess is that they cause it,
  but the certs ought to be according to specs: name-fields encoding is UTF-8 according
  to RFC 2459 from year 1999. A failing example-cert is also below.
  Would this be a problem with the certificate rather than BEA-implementation?
  Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
  sp2 + CASE_ID_NUM: 501454 hotfix).
  Best Regards,
  Igor Styrman
  <avalable(): 20303264 : 0 + 0 = 0>
  <write ALERT offset = 0 length = 2>
  <SSLIOContextTable.removeContext(ctx): 1765100>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
  SSLSocket>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
  6487148>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
  be Muxing>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
  11153746>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL Version 2 with no padding>
  <21647856 SSL3/TLS MAC>
  <21647856 received SSL_20_RECORD>
  <HANDSHAKEMESSAGE: ClientHelloV2>
  <write HANDSHAKE offset = 0 length = 58>
  <write HANDSHAKE offset = 0 length = 1789>
  <Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
  <Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
  <Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <Converting principal: [email protected], CN=Thawte Personal
  Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte Personal
  Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
  <Converting principal: [email protected], CN=Thawte Server
  CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
  Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte Personal
  Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte Premium
  Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
  Town, ST=Western Cape, C=ZA>
  <Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
  Inc.", C=US>
  <Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
  C=IE>
  <Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
  <Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
  O=Baltimore, C=IE>
  <Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
  Inc.", C=US>
  <write HANDSHAKE offset = 0 length = 2409>
  <write HANDSHAKE offset = 0 length = 4>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL3/TLS MAC>
  <21647856 received HANDSHAKE>
  <HANDSHAKEMESSAGE: Certificate>
  PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
  'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
  java.lang.NullPointerException: Could not set value for ASN.1 string object..
  java.lang.NullPointerException: Could not set value for ASN.1 string object.
       at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
       at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
       at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
       at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
       at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
       at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
       at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
       at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
       at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
  Source)
       at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  -----BEGIN CERTIFICATE-----
  MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
  MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
  IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
  VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
  ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
  ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
  Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
  C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
  YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
  HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
  IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
  A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
  bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
  MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
  cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
  VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
  KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
  3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
  JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
  0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
  SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
  tvrGCMOrvrb5QTxVtLNr
  -----END CERTIFICATE-----

  BMPString is another asn1 type that can be used for certificate attributes with
  non-ascii characters. The workaround is simply to use the BMPString instead of
  UTF8String for that subject name attribute in the certificate request. This off-course
  assumes that you can replace the certificate, and have control over what asn1
  type is used for the subject name attributes in the certificate request (via a
  tool options, or by generating the request yourself), so it is probably not applicable.
  Pavel.
  "Ari Räisänen" <[email protected]> wrote:
  >
  Thanks again, Pavel!
  I'm filing a support case about this. You talked about a workaround (BMPString).
  Could you be more spesific? I haven't talked about this issue with Igor
  yet.
  Regards,
  Ari
  "Pavel" <[email protected]> wrote:
  Sounds like a bug in certicom code. It should support UTF8String.
  I'd file a support case.
  You might be able to use BMPString instead as a workaround.
  Pavel.
  "Igor Styrman" <[email protected]> wrote:
  Hello,
  We've run into a problem with 2-way-ssl and certificates that have
  scandinavian
  characters in the subject. The problem cert is used as client-certificate
  for
  authentication and it goes like this:
  1. Client surfs with http in our site, until clicks https-link thatwill
  immediately
  start the ssl-handshake
  2. Server presents it's trusted cert-list fine
  3. PIN is being asked fine
  4. Next the request processing stops on the exception below and nothing
  will happen
  on the client side.
  Certs without these äöå -chars work fine, so our guess is that they
  cause it,
  but the certs ought to be according to specs: name-fields encoding
  is
  UTF-8 according
  to RFC 2459 from year 1999. A failing example-cert is also below.
  Would this be a problem with the certificate rather than BEA-implementation?
  Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
  (and with
  sp2 + CASE_ID_NUM: 501454 hotfix).
  Best Regards,
  Igor Styrman
  <avalable(): 20303264 : 0 + 0 = 0>
  <write ALERT offset = 0 length = 2>
  <SSLIOContextTable.removeContext(ctx): 1765100>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
  JSSE
  SSLSocket>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
  6487148>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
  will
  be Muxing>
  PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
  11153746>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL Version 2 with no padding>
  <21647856 SSL3/TLS MAC>
  <21647856 received SSL_20_RECORD>
  <HANDSHAKEMESSAGE: ClientHelloV2>
  <write HANDSHAKE offset = 0 length = 58>
  <write HANDSHAKE offset = 0 length = 1789>
  <Converting principal: OU=Class 4 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
  <Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
  Solutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
  C=FI>
  <Converting principal: OU=Class 1 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <Converting principal: [email protected], CN=Thawte
  Personal
  Basic CA, OU=Certification Services Division, O=Thawte Consulting,
  L=Cape
  Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte
  Personal
  Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
  L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: OU=Class 3 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
  <Converting principal: [email protected], CN=Thawte
  Server
  CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
  Town, ST=Western
  Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte
  Personal
  Premium CA, OU=Certification Services Division, O=Thawte Consulting,
  L=Cape Town,
  ST=Western Cape, C=ZA>
  <Converting principal: [email protected], CN=Thawte
  Premium
  Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
  L=Cape
  Town, ST=Western Cape, C=ZA>
  <Converting principal: OU=Secure Server Certification Authority, O="RSA
  Data Security,
  Inc.", C=US>
  <Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
  C=IE>
  <Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
  <Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
  Inc.", O=GTE Corporation, C=US>
  <Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
  C=FI>
  <Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
  O=Baltimore, C=IE>
  <Converting principal: OU=Class 2 Public Primary Certification Authority,
  O="VeriSign,
  Inc.", C=US>
  <write HANDSHAKE offset = 0 length = 2409>
  <write HANDSHAKE offset = 0 length = 4>
  <SSLFilter.isActivated: false>
  <isMuxerActivated: false>
  <SSLFilter.isActivated: false>
  <21647856 readRecord()>
  <21647856 SSL3/TLS MAC>
  <21647856 received HANDSHAKE>
  <HANDSHAKEMESSAGE: Certificate>
  PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
  for queue:
  'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
  failed
  java.lang.NullPointerException: Could not set value for ASN.1 string
  object..
  java.lang.NullPointerException: Could not set value for ASN.1 string
  object.
       at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
       at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
       at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
       at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
       at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
       at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
       at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
       at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
  Source)
       at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
  Source)
       at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
       at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
       at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
  Source)
       at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
       at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
  Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
       at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
  Source)
       at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  -----BEGIN CERTIFICATE-----
  MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
  MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
  IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
  VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
  ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
  ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
  Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
  C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
  YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
  HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
  IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
  A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
  bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
  MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
  cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
  VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
  KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
  3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
  JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
  0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
  SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
  tvrGCMOrvrb5QTxVtLNr
  -----END CERTIFICATE-----

• EAP-TLS or PEAP authentication failed during SSL handshake

  Hi Pros,
                 I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
  When I check my log in the failed attemps, there is what I found:
  Date
  Time
  Message-Type
  User-Name
  Group-Name
  Caller-ID
  Network Access Profile Name
  Authen-Failure-Code
  Author-Failure-Code
  Author-Data
  NAS-Port
  NAS-IP-Address
  Filter Information
  PEAP/EAP-FAST-Clear-Name
  EAP Type
  EAP Type Name
  Reason
  Access Device
  Network Device Group
  06/23/2010
  17:39:51
  Authen failed
  000e.9b6e.e834
  Default Group
  000e.9b6e.e834
  (Default)
  EAP-TLS or PEAP authentication failed during SSL handshake
  1101
  10.111.22.24
  25
  MS-PEAP
  wbr-1121-zozo-test
  Office Networ
  06/23/2010
  17:39:50
  Authen failed
  [email protected]
  Default Group
  000e.9b6e.e834
  (Default)
  EAP-TLS or PEAP authentication failed during SSL handshake
  1098
  10.111.22.24
  25
  MS-PEAP
  wbr-1121-zozo-test
  Office Network
  [email protected] = my windows active directory name
  1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
  2. Why sometimes it just shows the MAC of the client for username?
  3. Why  it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
  2. Secondly, When I check in pass authentications... there is what i saw
  Date
  Time
  Message-Type
  User-Name
  Group-Name
  Caller-ID
  NAS-Port
  NAS-IP-Address
  Network Access Profile Name
  Shared RAC
  Downloadable ACL
  System-Posture-Token
  Application-Posture-Token
  Reason
  EAP Type
  EAP Type Name
  PEAP/EAP-FAST-Clear-Name
  Access Device
  Network Device Group
  06/23/2010
  17:30:49
  Authen OK
  groszozo
  NOC Tier 2
  10.11.10.105
  1
  10.111.22.24
  (Default)
  wbr-1121-zozo-test
  Office Network
  06/23/2010
  17:29:27
  Authen OK
  groszozo
  NOC Tier 2
  10.11.10.105
  1
  10.111.22.24
  (Default)
  wbr-1121-zozo-test
  Office Network
  In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
  Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did  check ENABLE EAP-TLS machine authentication.
  Thanks in advance for your help,
  Crazy---

  Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my  attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
  My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
  Let's brain storm together to figure out this guys.
  Thanks in advance,
  ----Paul

• EAP-TLS or PEAP authentication failed during SSL handshake to the ACS serve

  We are running the LWAPP (2006 wlc's and 1242 AP's) and using the ACS 4.0 for authentication. Our users are
  experiencing an issue, where they are successfully authenticated the first time, however as the number of them is increasing, they're starting to drop the connections and being prompted to re-authenticate. At this point, they are not being able to authenticate again.
  We're using PEAP for the authentication and Win XP SP2 clients as the supplicants. The error message that we are seeing on the ACS for that controller is "EAP-TLS or PEAP authentication failed during SSL handshake to the ACS server"...Not sure if this error msg is relevant since we have other WLC's that are working OK and still generating the same error msg on the ACS...
  Thanks..

  Here are some configs you can try:
  config advanced eap identity-request-timeout 120
  config advanced eap identity-request-retries 20
  config advanced eap request-timeout 120
  config advanced eap request-retries 20
  save config

• EAP-TLS or PEAP authentication failed during SSL handshake error

  I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.
  The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:
  Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?
  Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?
  Thanks for the help

  My experience suggests that the problem is the certificate.
  I'm running ACS 3.3.
  I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.
  Correctly following the instructions led to a successful connection and no more error message.

• SSL Handshake Delay for 4 seconds

  Hi,
  SSL Handshake is taking 4 seconds for some transaction. We can see the delay of 4 seconds in NetMon tool has given below description:
  TLS:TLS Rec Layer-1 HandShake: Certificate.
  TLS:TLS Rec Layer-1 Cipher Change Spec
  Please assist us how to fix this issue.
  Thanks,
  Senthil

  Hi,
  You've mentioned as some transaction, are you clear of what transactions it's happening and where there is huge difference in payload/ different subnet/ passing through different set of firewalls.
  Also, ensure you're systems are in time-sync with your NTP.
  Is it just  delay or it's breaking some functionality?

• Flash plugin on windows 7 teardown the TCP session immediately after successful SSL handshake

  I have a RHEL platform in which tomcat is listening on 443 port.
  Scope of Problem:
  With the latest flash plugin, i am experiencing issue with Firefox on SSL port on Windows platform.
  i.e.
  Everythig works fine on non-SSL mode on Firefox, Chrome, IE on Windows 7.
  Everythig works fine on SSL mode on Chrome, IE on Windows 7.
  Analysis from Wireshark Captures:
  I could see successful SSL handshake between firefox and my tomcat server.
  Immediately after the handshake, the client teared down the session by sending a FIN/ACK packet.
  Workaround:
  Install older version of the flash plugin on Firefox.
  Is there a non issue in SSL mode which is causing this issue?
  Wireshark Trace:
  Further observations:
  ===================
  We observed this problem on Flash 13.0.0.182 build.
  To debug this issue, we tried using the Flash debug image (13.0.0.182) and observed that the functionality is working.
  In the Flash debug image, Firefox started showing us a popup indicating untrusted certificate  "This page requires a secure connection which includes server authentication. The Certificate Issuer for this site is untrusted or unknown. Do you wish to proceed ? "
  If we click "yes", then the complete functionality works fine.
  Any clues/pointers, why the above popup is not coming in non-debug Flash image?

  I've had a similar problem since upgrading to Firefox 22 on Windows 7 x64. After resuming from hibernation, Firefox appears unresponsive; however, I believe it is a problem with redrawing the window. If I click to a different tab, nothing happens, but if I minimize Firefox and restore it, it now shows the new tab I switched to. If I have a video open and I click play, there is no visual change, but I hear the sound start. The normal functionality is resumed when closing Firefox and re-opening it.

• Ssl handshake error when activating changes in admin console

  An error occurred during activation of changes, please see the log for details.
  [Deployer:149150]An IOException occurred while reading input.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.; nested exception is: javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
  [Security:090477]Certificate chain received from 10.26.176.83 - 10.26.176.83 was not trusted causing SSL handshake failure.
  WLS 10.3 on Windows 2008: I configured one of my managed servers for SSL and I'm able to reach deployments via browser and the keystore/certificate chain I have setup. However, I'm getting the above error in Admin Console all over the place. I am unable to commit configuration changes without deleting the SSL managed server. The admin server is still HTTP via 7001. I'm not sure where to look to resolve this issue. Any ideas appreciated.

  It seems like you did not update the trust store of your AdminServer. It acts as a ssl client of your managed server and cannot verify its identity certificate.

• SSL communication issue with JDK 1.6.0_19

  Hi,
  I am facing issue with JDK 1.6.0_19. I have a Java client which communicate with the Server in SSL communication.so, It is able to communicate properly with the JDK <=1.6.0_18 version.But I got handling exception: javax.net.ssl.SSLException: HelloRequest followed by an unexpected  handshake message exception when the client is trying to communicate with the server in JDK 1.6.0_19.
  We are using mutual authentication.The client and the server both have the signed certificate.The client certificate has to be validated by the server to establish the connection.
  I have seen in forum that it is a renegotiation issue.So, if I enable the renegotiation flag by -Dsun.security.ssl.allowUnsafeRenegotiation=true it's working fine.But enabling renegotiation itself is a vulnerability.So, I can't enable renegotiation.
  I am using httpclient 4.0 and JSSE in client side and IIS in the server side for this SSL connection.
  I am not sure which side client or server initiating the renegotiation?
  Please help me out.
  I have tried Openssl command from console.
  The command is : openssl s_client -connect X.X.X:443 -CAfile "xxxxx" -cert "xxxxxxxx" -key "xxxxxxxxxx" -state -verify 20 here is the output:
  Loading 'screen' into random state - done
  CONNECTED(00000748)
  SSL_connect:before/connect initialization
  SSL_connect:SSLv2/v3 write client hello A
  SSL_connect:SSLv3 read server hello A
  xxxxxxxxxxx.................
  verify return:1
  xxxxxxxxxxx.................
  verify return:1
  SSL_connect:SSLv3 read server certificate A
  SSL_connect:SSLv3 read server done A
  SSL_connect:SSLv3 write client key exchange A
  SSL_connect:SSLv3 write change cipher spec A
  SSL_connect:SSLv3 write finished A
  SSL_connect:SSLv3 flush data
  SSL_connect:SSLv3 read finished A
  Certificate chain
  xxxxxxxxxxx.................
  Server certificate
  -----BEGIN CERTIFICATE-----
  xxxxxxxxxxx.................
  -----END CERTIFICATE-----
  xxxxxxxxxxx.................
  No client certificate CA names sent
  SSL handshake has read 1839 bytes and written 392 bytes
  New, TLSv1/SSLv3, Cipher is RC4-MD5
  Server public key is 1024 bit
  Secure Renegotiation IS NOT supported
  Compression: NONE
  Expansion: NONE
  SSL-Session:
      Protocol  : TLSv1
      Cipher    : RC4-MD5
      Session-ID: xxxxxxxxxxx
      Session-ID-ctx:
      Master-Key: xxxxxxxxxxx
      Key-Arg   : None
      PSK identity: None
      PSK identity hint: None
      Start Time: 1275564626
      Timeout   : 300 (sec)
      Verify return code: 0 (ok)
  read:errno=10054If you see the console output you can see that two statement is missing those are :
  SSL_connect:SSLv3 read server certificate request A
  SSL_connect:SSLv3 write client certificate ASo, I like to know if this is any clue which is asking for renegotiation.

  Thank you for your response.
  Yes I have set the particular proerty SSLAlwaysNegoClientCert to True and it is able to establish the ssl conneciton without initiating renegotiation from IIS server side.The property has to be set the metabase.xml file.
  Thank you very much once again.
  Edited by: arpitak on Jun 23, 2010 2:10 AM