SSL MailServer Certificate
I'm trying to install a SSL Certificate on a mailserver under 10.6 server. I dont know what to do by intermediate certificate and choosing type on certificate assistant. Is there any good tutorial that I can follow?
This is from Go-Daddy.com's support site, but I think it's relevant still. It worked for me when installing their certificate.
HTH
To Install the Intermediate Chain
Copy the certificate files to your server.
Launch the Keychain Access application (/Applications/Utilities/Keychain Access).
If the button at the lower left of the Keychain Access window is labeled "Show Keychains" then click the button to show the Keychain list.
Select the System keychain.
Click the padlock icon at the top left to unlock the System keychain. Authenticate as a user with administrative privileges, if prompted.
Select File->Import. Navigate to and select the gd_intermediate.crt that you copied to your server.
Verify that the "Go Daddy Secure Certification Authority" appears in the list.
Close the Keychain Access application.
To Install Your Certificate
Launch the Server Admin tool and connect to the server where you want to install the certificate.
In the Servers pane, select the server on which you want to install the SSL certificate.
Select Certificates from the toolbar at the top of the right pane.
Select the item representing the certificate you have requested. Click the "Gear" button and then select Add Signed or Renewed Certificate from Certificate Authority....
Drag the file containing your server certificate to the blue certificate icon that displays after the previous step.
Similar Messages
-
Error 403.7 - Forbidden: SSL client certificate is required
Hi people!
I�m developing a java client to a WebService (developed in .NET). The communication protocol is HTTPS to the URL where the Web Service is located (something like https://10.200.140.117/dirNotes/serviceName.asmx.). I�ve been reading many posts but I could'nt find the solution to the problem wich has the following message: Error 403.7 - Forbidden: SSL client certificate is required".
I�m using JDK 1.5 and developing and testing on Windows Plataform. I'm able to access the URL specified above directly from the browser, I installed the client certificate (the same that �ve put into the ,jks keystore. I�ve also imported the whole certificate chain of the server to the cacerts.
I�ll paste the code and the console trace below. I�d be very grateful if you can help me. Thanks a lot.
_THE CODE_
package principal;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Security;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import entidade.Certificado;
public class SSLClient {
private static final int PORT_NUMBER = 443;
private static final String HTTPS_ADDRESS = "10.200.140.117";
private static String strCabecalhoMsg = "";
private static String strDadosMsg = "";
public static void main(String[] args) throws Exception {
System.setProperty("javax.net.ssl.keyStore", Certificado.getStrNomeArquivoJKSServidor());
System.setProperty("javax.net.ssl.keyStorePassword", "senha");
System.setProperty("javax.net.ssl.trustStore", "Certificados/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.debug","ssl,handshake,record");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(Certificado.getStrNomeArquivoJKSServidor()),
Certificado.getArranjoCharSenhaCertificadoServidor());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, Certificado.getArranjoCharSenhaCertificadoServidor());
KeyStore ksT = KeyStore.getInstance(KeyStore.getDefaultType());
ksT.load(new FileInputStream("C:/Arquivos de programas/Java/jre1.5.0_05/lib/security/cacerts"), "changeit".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ksT);
SSLContext sc = SSLContext.getInstance("SSLv3");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
try{
// method to load the values of the strings strCabecalhoMsg and strDadosMsg
carregarXMLCabecalhoDados();
SSLSocket socket =(SSLSocket)factory.createSocket(HTTPS_ADDRESS, PORT_NUMBER);
socket.startHandshake();
String [] arr = socket.getEnabledProtocols();
URL url = new URL("https://10.200.140.117/dirNotes");
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
urlc.setDoInput(true);
urlc.setUseCaches(false);
Object[] params = {strCabecalhoMsg, strDadosMsg};
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(url);
call.setOperationName("serviceName");
String ret = (String) call.invoke(params);
System.out.println("Result: " + ret);
catch (UnknownHostException uhe) {
uhe.printStackTrace();
System.err.println(uhe);
catch (Exception uhe) {
uhe.printStackTrace();
System.err.println(uhe);
private static void carregarXMLCabecalhoDados()
try
BufferedReader input = new BufferedReader( new FileReader("notas/cabecalho.xml"));
String str;
while((str=input.readLine()) != null)
strCabecalhoMsg += str ;
System.out.println("Cabe�a: " + strCabecalhoMsg);
input = new BufferedReader( new FileReader("notas/nota.xml"));
while((str=input.readLine()) != null)
strDadosMsg += str ;
System.out.println("Nota: " + strDadosMsg);
catch (FileNotFoundException e)
// TODO Auto-generated catch block
e.printStackTrace();
catch (IOException e)
// TODO Auto-generated catch block
e.printStackTrace();
_THE TRACE_
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
*others trusted certs*
trigger seeding of SecureRandom
done seeding SecureRandom
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158630 bytes = { 48, 135, 53, 24, 112, 72, 104, 220, 27, 114, 37, 42, 25, 77, 224, 32, 12, 58, 90, 217, 232, 3, 104, 251, 93, 82, 40, 91 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158523 bytes = { 56, 166, 181, 215, 86, 245, 8, 55, 214, 108, 128, 50, 8, 11, 0, 209, 38, 62, 187, 185, 240, 231, 56, 161, 212, 111, 194, 79 }
Session ID: {222, 2, 0, 0, 147, 179, 182, 212, 18, 34, 199, 100, 168, 167, 48, 116, 140, 186, 151, 153, 226, 168, 163, 174, 24, 83, 208, 73, 179, 57, 86, 137}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
*many chains and related data*
Found trusted certificate:
Version: V3
Subject:
*many trusted certificates and related data*
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 117, 112, 233, 166, 240, 9, 226, 67, 53, 111, 194, 84, 124, 103, 197, 28, 17, 36, 32, 48, 145, 166, 161, 61, 30, 63, 153, 214, 137, 113, 222, 204, 138, 77, 212, 75, 65, 192, 159, 215, 69, 156, 47, 188, 179, 219 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 75 70 E9 A6 F0 09 E2 43 35 6F C2 54 7C 67 ..up.....C5o.T.g
0010: C5 1C 11 24 20 30 91 A6 A1 3D 1E 3F 99 D6 89 71 ...$ 0...=.?...q
0020: DE CC 8A 4D D4 4B 41 C0 9F D7 45 9C 2F BC B3 DB ...M.KA...E./...
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 26 30 87 35 18 70 48 68 DC 1B 72 25 2A Gjs&0.5.pHh..r%*
0010: 19 4D E0 20 0C 3A 5A D9 E8 03 68 FB 5D 52 28 5B .M. .:Z...h.]R([
Server Nonce:
0000: 47 6A 73 BB 38 A6 B5 D7 56 F5 08 37 D6 6C 80 32 Gjs.8...V..7.l.2
0010: 08 0B 00 D1 26 3E BB B9 F0 E7 38 A1 D4 6F C2 4F ....&>....8..o.O
Master Secret:
0000: 0B 3A 71 F8 BB 79 5E 07 78 C2 5F 13 4F 92 9D 87 .:q..y^.x._.O...
0010: CF 69 0D 07 78 D2 59 46 1E C3 C1 5B A2 DB 04 B9 .i..x.YF...[....
0020: 42 60 92 48 59 8E FD FD C3 5B BD 00 9C 54 7A 7E B`.HY....[...Tz.
Client MAC write Secret:
0000: 33 7C 19 C4 75 D2 CE 82 39 98 37 E5 7D 20 CB B1 3...u...9.7.. ..
Server MAC write Secret:
0000: 1E 1E 48 C7 D4 77 23 E4 22 26 8B 98 2E 92 5C 95 ..H..w#."&....\.
Client write key:
0000: EE 05 39 76 B2 85 63 6C F7 70 30 CB 6D 08 07 54 ..9v..cl.p0.m..T
Server write key:
0000: 5C 2E 3B 5E DC D9 EC C5 04 C4 D5 B5 12 11 B9 08 \.;^............
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 143, 115, 243, 131, 242, 244, 12, 44, 191, 172, 205, 122 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 231, 215, 37, 250, 177, 121, 111, 192, 11, 41, 1, 165 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : Certificados/certificadoSondaMonitor.jks
keyStore type is : JKS
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: Certificados\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
adding as trusted cert:
* many certificates*
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
export control - checking the cipher suites
export control - found legal entry in cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158632 bytes = { 93, 1, 41, 236, 165, 146, 251, 117, 129, 195, 129, 72, 245, 181, 43, 48, 80, 251, 244, 198, 223, 85, 82, 101, 20, 159, 17, 26 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158525 bytes = { 109, 114, 234, 1, 130, 97, 251, 9, 61, 105, 56, 246, 239, 222, 97, 143, 22, 254, 65, 213, 10, 204, 153, 67, 237, 133, 223, 48 }
Session ID: {23, 30, 0, 0, 26, 129, 168, 21, 252, 107, 124, 183, 171, 228, 138, 227, 94, 17, 195, 213, 216, 233, 205, 2, 117, 16, 21, 65, 123, 119, 171, 109}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
many chains again
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 116, 247, 155, 227, 25, 25, 231, 129, 199, 76, 134, 222, 98, 69, 149, 224, 75, 6, 60, 121, 115, 216, 244, 246, 102, 92, 188, 64, 113, 56, 190, 43, 32, 51, 90, 254, 141, 184, 71, 48, 41, 29, 173, 180, 46, 116 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 74 F7 9B E3 19 19 E7 81 C7 4C 86 DE 62 45 ..t........L..bE
0010: 95 E0 4B 06 3C 79 73 D8 F4 F6 66 5C BC 40 71 38 ..K.<ys...f\.@q8
0020: BE 2B 20 33 5A FE 8D B8 47 30 29 1D AD B4 2E 74 .+ 3Z...G0)....t
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 28 5D 01 29 EC A5 92 FB 75 81 C3 81 48 Gjs(].)....u...H
0010: F5 B5 2B 30 50 FB F4 C6 DF 55 52 65 14 9F 11 1A ..+0P....URe....
Server Nonce:
0000: 47 6A 73 BD 6D 72 EA 01 82 61 FB 09 3D 69 38 F6 Gjs.mr...a..=i8.
0010: EF DE 61 8F 16 FE 41 D5 0A CC 99 43 ED 85 DF 30 ..a...A....C...0
Master Secret:
0000: FC C9 75 A4 2B F1 8A D8 AD 16 27 70 B7 E4 64 6C ..u.+.....'p..dl
0010: 05 D7 33 4A 53 91 2F 51 1E 32 D3 3B 2E 18 2E BC ..3JS./Q.2.;....
0020: E4 16 EE 2F 01 A1 08 48 19 09 32 68 CE 69 8F B1 .../...H..2h.i..
Client MAC write Secret:
0000: F1 95 3B CE 06 5B 8A 9B EC DE 1C 8F B4 AB D9 36 ..;..[.........6
Server MAC write Secret:
0000: BF 52 36 48 63 24 FE 74 22 BE 00 99 BE F0 6E E5 .R6Hc$.t".....n.
Client write key:
0000: 9F 08 0A 6E 8F 54 A3 66 1C BC C7 6B AE 88 67 E0 ...n.T.f...k..g.
Server write key:
0000: 06 A1 0B 4F 69 DE 5F AF 0E 6B B5 04 ED E8 EA F5 ...Oi._..k......
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 148, 93, 105, 42, 110, 212, 55, 2, 150, 191, 13, 111 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 171, 150, 45, 10, 99, 35, 67, 174, 35, 52, 23, 192 }
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(600000) called
main, WRITE: TLSv1 Application Data, length = 282
main, WRITE: TLSv1 Application Data, length = 8208
main, WRITE: TLSv1 Application Data, length = 1102
main, READ: TLSv1 Application Data, length = 1830
main, received EOFException: ignored
main, called closeInternal(false)
main, SEND TLSv1 ALERT: warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
main, called close()
main, called closeInternal(true)
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (404)Not Found
faultActor:
faultNode:
faultDetail:
{}:return code: 404
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
</TD></TR></TABLE></BODY></HTML>
{http://xml.apache.org/axis/}HttpErrorCode:404
(404)Not Found
at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at principal.SSLClient.main(SSLClient.java:86)
(404)Not Found
-----I'm having the same problem with the same URL. I try many configuration and nothing works. My code is:
public class NFeClient {
static{
Security.addProvider(new BouncyCastleProvider());
public static void main(final String[] args) throws Exception {
final String path = "https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx";
final String keyStoreProvider = "BC";
final String keyStoreType = "PKCS12";
final String keyStore = "/home/mendes/certificados/cert.p12";
final String keyStorePassword = "xxxx";
System.setProperty("javax.net.ssl.keyStoreProvider",keyStoreProvider);
System.setProperty("javax.net.ssl.keyStoreType",keyStoreType);
System.setProperty("javax.net.ssl.keyStore",keyStore);
System.setProperty("javax.net.ssl.keyStorePassword",keyStorePassword);
System.setProperty("javax.net.ssl.trustStore","/home/mendes/workspace/NFE/jssecacerts");
final SSLContext context = SSLContext.getInstance("TLS");
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
final KeyStore ks = KeyStore.getInstance(keyStoreType);
ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
kmf.init(ks, keyStorePassword.toCharArray());
context.init(kmf.getKeyManagers(), null, null);
final URL url = new URL(path);
final HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
httpsConnection.setDoInput(true);
httpsConnection.setRequestMethod("GET");
httpsConnection.setRequestProperty("Host", "iis-server");
httpsConnection.setRequestProperty("UserAgent", "Mozilla/4.0");
httpsConnection.setSSLSocketFactory(context.getSocketFactory());
try{
final InputStream is = httpsConnection.getInputStream();
final byte[] buff = new byte[1024];
int readed;
while((readed = is.read(buff)) > 0)
System.out.write(buff,0,readed);
}catch(final IOException ioe){
ioe.printStackTrace();
}and the response of the server is always the same:
java.io.IOException: Server returned HTTP response code: 403 for URL: https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1241)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at br.com.esales.nfe.signer.client.NFeClient.main(NFeClient.java:60)Edited by: mendes on Apr 25, 2008 9:56 AM -
Step by Step : How to Create an SSL Server Certificate (Part 3)
How to Create an SSL Server Certificate (Part 3)
In the previous part you have completed step 10, now you are almost there.
Step 11:
This is another very important step.
Leave the settings as is or tick more options if you know what you do.
Step 12:
Again leave as it is.
Step 13:
Another important step !
In the DNS Name field enter the host name(s) separated by spaces (or commas), e.g.
myserver.name.private myserver.dyndns.org
You can enter your local IP if you wish.
Step 14:
Certificate Assistant now procedes to create your certificate. Within a few seconds you should see the new certificate in your Keychain.
Switch to Server App (if at this stage Server App has crashed, don't worry , re-open Server App and proceed.
Repeat step 2 described in Part 1 and select the new certificate from the drop-down menu of available certificates.
You may want to use this certificate for all services (iChat, iCal, Mail, Web) or create different ones.
If you use the same certificate for all services the name of the certificate is diplayed next to "SSL Certificate", if you don't you will see "Custom" instead.
Addendum:
1. Do not forget to open port 443 in your router to enable https connections.
2. Enable SSL in your iCal account settings if you wish.
Enjoy your server !Hi,
Are you talking about the Mercedes leaderboard ad? Because that look a lot more complicated than "fade in - fade out" images?
Anyway... I am looking at the easiest way to create a banner ad with fade in - fade out images that I have created in illustrator.
This tutorial helped me alot.
http://www.youtube.com/watch?v=gFw-1D8yaMs&NR=1
cheers -
Weblogic server 9.2 and SSL server certificate for the wrong site
I turned on SSL service for a weblogic 9.2 server and later on changed the hostname of the machine that weblogic was running on. So the hostname that my SSL server certificate was issued to has now became an invalid hostname. But my weblogic server continues to run SSL service without any exception. I can still access my web applications thru the SSL port (except of course I get a warning for the server certificate every time that it is for the "wrong site"). My question is this: should weblogic 9.2 verify the hostname in the server certificate and stop SSL service if the certificate is for the wrong site? Or is verifying the certificate strictly the job of the browser? Just want to make sure there is nothing wrong with my SSL configuration. Thanks.
So you are saying that something is wrong with my weblogic 9.2 ssl configuration? And that given a server certificate issued to a different hostname, my weblogic server should NOT be servicing ssl request and/or it should throw some sort of exception during startup? Thanks for clarifying.
-
Webservice call failed during execution (SSL and certificates) on NetWeaver 7.30
Hey experts,
i need your help!
We make webservice calls to sap me with our own software.
We connect to our software via SSL and certificates e.g. https://host:50001/XMII/CM/POD/MEDialogsWeb.irpt
At the beginning the software runs without any problems and than we become the following message on all our webservice:
thats the webservice configurations
(configuration - connectivity - single service administration):
(configuration - security - authentication and single sign-on)
if we restart the software after the error display, the webservice call runs successfully again.
is it a timeout?
can anybody help us?
Thanks,
Markus
our system info:
NetWeaver 7.30 Java
SAP ME 6.0
software runs log looks as following
software doesn't runs log looks as following
security Log Entry
more info from security_00.0.log
#2.0 #2014 06 06 14:51:17:136#+0200#Warning#/System/Security/WS#
com.sap.ASJ.wssec.020142#BC-ESI-WS-JAV-RT#tc~sec~wssec~service#C0000A650AD826FF0000000100000BEC#3855850000000005#sap.com/me~ws#com.sap.engine.services.wssec.authentication#Guest#0##207092CAED7111E3A01A0000003AD5EA#23386e31ed7911e39d560000003ad5ea#23386e31ed7911e39d560000003ad5ea#0#Thread[HTTP Worker [@648881277],5,Dedicated_Application_Thread]#Plain##
Received unsupported callback: com.sap.engine.interfaces.security.auth.SetLogonTicketCallback
Received unsupported callback: com.sap.engine.lib.security.http.HttpSetterCallback
Read data of type username and value MEFLEX from wsse:Security header and set on module javax.security.auth.callback.NameCallback
Read data of type username and value from HTTP header and set on module javax.security.auth.callback.NameCallback
Read data of type password and value xxx from wsse:Security header and set on module javax.security.auth.callback.PasswordCallback
Read data of type password and value xxx from HTTP header and set on module javax.security.auth.callback.PasswordCallback
Authentication for web service ShopOrderService, configuration ShopOrderService using security policy BASIC*SSO2*_*_*ws failed: Cannot authenticate the user.. (See SAP Note 880896 for further info).Hi,
the authentication for the second call is failing. Have you tried suggest log level from note 880896 - Web Service authentication failure? I would also try to use something like SoapUI to test if the issue is caused by your application or something wrong on SAP side. Also coparing messages for the first and second calls might give you answer.
Cheers -
How can you configure an Exchange Account in Mac OS X to use a SSL client certificate?
I'm trying to connect the Mail App of Mac OS X to my company's Exchange server. For security reasons you have provide a SSL client certificate to the server. You can convince Safari to use a client certificate by putting it into your keychain and configuring a suitable "identity preference" for the URL of the related site. But the Mail App seems not to use the keychain for this part of the SSL negotiations.
Since you can configure the client certificate usage for an Exchange Account for the iPhone with the Configuration Utility there should be a way for the desktop App, too. Has someone sorted this issue out already or does the Mail App actually lack of client certificate support?I had a nice chat with the Apple end user support which revealed that this feature falls in the responsibility of the business support group. Since I have no appropriate support contract I could ask for help for about 480€ per issue -- nice try
After more research I found the Configuration Profile Reference, where you get information about Exchange accounts too. Starting with a working iOS-Profile I changed the Exchange account part according to this documentation for OS X. All you have to do is to replace PayloadType com.apple.eas.account by com.apple.ews.account.
After importing this profile I found the expected Exchange account within the Contacts.app. But the SSL client certificate was still not used and therefore my account not usable.
You could enable Mail, Calendar & Reminders and Notes within the System Preferences, but neither of these would work due to the missing client certificate support.
I came to the conclusion that the relevant applications in OS X have no proper SSL Client support build in. Since the underlying libraries and frameworks have everything in place that is really a shame.
Would be nice, if someone would enforce the developers to do their homework there. -
Hi All,
I am configuring Maintenance Optimizer in SAP Solution Manager 7.1 SP3.
Is it mandatory to have SSL Server Certificate ?
And if yes why SSL Server Certificate is needed?
And if no can i proceed with the Configuration of Maintenance Optimizer?
Kindly Suggest.
Thanks
IshanHi ishansangai1
i) Is it mandatory to have SSL Server Certificate ?
No, you dont required SSL for MOPZ ,
SSL is different and MOPZ is different
SSL - is for trusted certificate
MOPZ- is used to approve support packages to download
ii) And if no can i proceed with the Configuration of Maintenance Optimizer?
yes proceed to configuration of MOPZ , find docs in service market place or SDN -
Portal, SSL, mapping certificate to user id
Hello,
We're trying to configure our EP 7.0 SP15 to use SSL/client certificates. SAP Web Disp is not used.
Valid client certificate has been issued and installed on PC and CA has been created on server. Certificate is required for SSL usage.
When accessing the portal using https://servername.xxx.com:500001/irj/portal on the log in screen for the portal a message is shown : "Your certificate will be mapped to your user id". There are also prompts for user id and password.
The next time I try to log on this message is shown again and I am prompted for user id and password again. I had hoped that the user id and certificate was mapped and the prompt for user id/pw was skipped and I was logged on directly. Not so...
I have also tried to manually assign the certificate to my user id - no luck...
The description for using client certificates for user authentication on help.sap.com has (to my knowledge) been followed.
Hints and help will be greatly appreciated.
Thanks.
/Christian
Edited by: Christian Holm on Aug 25, 2008 2:52 PM... or try this here: Maintaining Certificate Mappings Automatically
http://help.sap.com/saphelp_nw70/helpdata/de/44/200cb204a75cfbe10000000a155369/content.htm
Regards,
Volker -
Adding an SSL digial certificate ".cer" file using STRUST
Dears,
Could someome please guide to the steps of adding an SSL digital certificate (a file with extension ".cer") using transaction STRUST
Thanks
RedaDear Agasthuri,
Thank you for your reply.
The point is : whenever the https is installed on a SAP system, after issuing transaction STRUST, we find in the left pane three main nodes / folders : System PSE, SSL server Standard, SSL client SSL Client (Standar.
We also find a cuboid shaped icon named : File.
Whenever we right click on any of the three mentioned nodes / folders we get a pull down menu containing either two or three options : Replace, Delete or Change, Replace , Delete.
Whenever we right click on the cuboid shaped icon named : File, we get a pull down menu containing only one option : Create.
None of the above - mentioned options lead to creating a new main node / folder in the left pane.
Kindly advise.
Thanks.
Reda -
Change SSL self-certificate email contact and default apple ID on mac mini server
Hello,
I just received my mac mini server and started to set it up.
I bought this computer with my regular apple id account that I use with my 2 MBPs.
When installing the mac mini computer I connected my Mac Mini Server to my regular apple ID account.
The issue is that I don't want to share my MBP account details on this Mini Server computer (software update, server notification push, SSL certificate contact e-mail...) not to mess things up between all my macs.
My question is :
I created a new apple ID for this computer with a different contact email etc.
How do I change the default ID for the whole mac mini settings ?
I already changed the user settings in the OSX user pref pane, the new mail is updated.
I already changed the icloud apple ID with the new one it's updated.
I already changed the alert notification push recipient e-mail in server.app it's updated.
BUT still, if I want to change the "self-SSL certificate" for a new one with my new apple ID account, the e-mail contact is still my old one which I bought the computer with.
How do I change that ?
Also I want to be able to update my apps on this computer without using the apple ID account I bought the mac mini with (and my 2 MBP, iphone etc), but with the new dedicated apple ID for this McMini.
Is there a software transfer trick to separate computers softwares from a mac to another?
thanks for your precious help.
DamianHello,
I just received my mac mini server and started to set it up.
I bought this computer with my regular apple id account that I use with my 2 MBPs.
When installing the mac mini computer I connected my Mac Mini Server to my regular apple ID account.
The issue is that I don't want to share my MBP account details on this Mini Server computer (software update, server notification push, SSL certificate contact e-mail...) not to mess things up between all my macs.
My question is :
I created a new apple ID for this computer with a different contact email etc.
How do I change the default ID for the whole mac mini settings ?
I already changed the user settings in the OSX user pref pane, the new mail is updated.
I already changed the icloud apple ID with the new one it's updated.
I already changed the alert notification push recipient e-mail in server.app it's updated.
BUT still, if I want to change the "self-SSL certificate" for a new one with my new apple ID account, the e-mail contact is still my old one which I bought the computer with.
How do I change that ?
Also I want to be able to update my apps on this computer without using the apple ID account I bought the mac mini with (and my 2 MBP, iphone etc), but with the new dedicated apple ID for this McMini.
Is there a software transfer trick to separate computers softwares from a mac to another?
thanks for your precious help.
Damian -
SOAP Receiver over SSL - server certificate troubles
Hello all,
I have a scenario with SOAP receiver communication channel with comunnication over SSL. In the URL there is a IP address for a reason I will not mention ... simply there must be IP address in URL and not a host name.
When I access the SOAP server with internet browser it gives me a server certificate with HOST NAME in CN. I placed this certificate to the "trusted container" in J2EEVisAdmin - Key Storage.
Now you might already suspect the trouble: the certificate CN doesn't match with URL. This is obvios error we got many times on the internet (even in e-banking sector .. but we are able to skip it with our internet browsers' possibilities.
Could I set up something in J2EE server as same as in internet browser ???
Thank you in advance.
Rgds
TomGot it,
SAP Note : 791655
HTTPS/SSL Properties
Property Name = [default]
messaging.ssl.httpsHandler=iaik.protocol.https.Handler
messaging.ssl.securityProvider=iaik.security.provider.IAIK
messaging.ssl.trustedCACerts.viewName=TrustedCAs
messaging.ssl.serverNameCheck=false
Description:
The properties "httpsHandler" and "securityProvider" specify the class names of the HTTPS handler and Security provider used. The AF only supports IAIK. Never change these values! To activate HTTP/SSL, you must install the IAIK libraries on your J2EE Engine as described in the Installation Guide.
The property "trustedCACerts.viewName" defines which J2EE keystore is used during the SSL Handshake for trusted CA certificates. You should never change this value either. With "serverNameCheck" you can specify whether the host name in outbound HTTPS requests should be checked against the host name in the certificate of the server.
Regards,
Bhavesh -
Ssl empty certificate chain? (correct message format)
I am having Problems with client certificate/setup.
I have a client behind proxy that connect to Web Services.
I have only a client certificate that I import (use keytool) in my keystore.
I have this setting in my program:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", keystorePass);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePass);
[proxy setting is ok]
But when I invoke a service I have a empty certificate chain.
I use jdk1.3.1_08 and jsse-1_0_3_03
Please Help me. I have read hundred pages.
Many thanks in advance for any help.
My client log:
adding as trusted cert: [
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@10c424
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
To: Sat Jan 01 00:59:59 CET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 02a60000 01]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@238bd2
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
adding as trusted cert: [
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@198891
Validity: [From: Wed Nov 09 01:00:00 CET 1994,
To: Fri Jan 08 00:59:59 CET 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0 ]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
trigger seeding of SecureRandom
done seeding SecureRandom
Providers com.sun.net.ssl.internal.www.protocol
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1127228533 bytes = { 44, 211, 84, 116, 141, 40, 133, 180, 48, 96, 213, 147, 123, 141, 244, 71, 107, 242, 94, 105, 247, 101, 92, 8, 78, 176, 226, 133 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 30 24 75 2C D3 54 74 8D 28 ...7..C0$u,.Tt.(
0010: 85 B4 30 60 D5 93 7B 8D F4 47 6B F2 5E 69 F7 65 ..0`.....Gk.^i.e
0020: 5C 08 4E B0 E2 85 00 00 10 00 05 00 04 00 09 00 \.N.............
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 30 24 .............C0$
0030: 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 7B 8D F4 u,.Tt.(..0`.....
0040: 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 Gk.^i.e\.N...
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 944
*** ServerHello, v3.1
RandomCookie: GMT: 1127228167 bytes = { 57, 3, 100, 77, 244, 140, 105, 242, 70, 226, 115, 205, 144, 85, 197, 193, 174, 24, 87, 199, 88, 124, 184, 79, 20, 170, 150, 186 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suite: { 0, 4 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 43 30 23 07 39 03 64 4D F4 8C ...F..C0#.9.dM..
0010: 69 F2 46 E2 73 CD 90 55 C5 C1 AE 18 57 C7 58 7C i.F.s..U....W.X.
0020: B8 4F 14 AA 96 BA 20 26 02 00 00 87 7D 0D FE D1 .O.... &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 04 00 .v..7.....
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
updated/found trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
[read] MD5 and SHA1 hashes: len = 866
0000: 0B 00 03 5E 00 03 5B 00 03 58 30 82 03 54 30 82 ...^..[..X0..T0.
0010: 02 FE A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 04 05 00 30 81 85 31 0B 30 09 H........0..1.0.
0030: 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 03 55 ..U....IT1.0...U
0040: 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D 06 03 ....Teramo1.0...
0050: 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 0C 06 U....Teramo1.0..
0060: 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 0A 06 .U....IZSAM1.0..
0070: 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 03 55 .U....CED1.0...U
0080: 04 03 13 0E 64 6E 73 2E 74 65 78 2E 69 7A 73 2E ....dns.tex.izs.
0090: 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D 01 09 it1.0...*.H.....
00A0: 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 [email protected]
00B0: 74 30 1E 17 0D 30 35 30 34 30 35 31 34 30 35 34 t0...05040514054
00C0: 31 5A 17 0D 30 36 30 34 30 35 31 34 30 35 34 31 1Z..060405140541
00D0: 5A 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 Z0..1.0...U....I
00E0: 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 T1.0...U....Tera
00F0: 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 mo1.0...U....Ter
0100: 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A amo1.0...U....IZ
0110: 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 SAM1.0...U....CE
0120: 44 31 17 30 15 06 03 55 04 03 13 0E 62 64 72 74 D1.0...U....bdrt
0130: 65 73 74 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 est.izs.it1.0...
0140: 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 *.H........d.zip
0150: 70 6F 40 69 7A 73 2E 69 74 30 81 9F 30 0D 06 09 [email protected]...
0160: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0
0170: 81 89 02 81 81 00 F6 E3 70 EC 18 8B B7 1D D6 11 ........p.......
0180: 11 59 3E 43 09 2D AE F1 06 A3 0C 21 F7 00 09 C2 .Y>C.-.....!....
0190: 07 52 0B 29 35 CF 65 38 2C 6C 0A 61 06 50 B9 20 .R.)5.e8,l.a.P.
01A0: 8C 5F A0 B9 B7 E2 8B 2B 10 89 B9 7F 40 0F 49 A1 [email protected].
01B0: D8 9E A2 C8 BE 4E 63 20 F2 49 35 25 F1 5D 64 00 .....Nc .I5%.]d.
01C0: ED 02 FD D7 96 51 73 C7 E9 DA 61 AA 88 FB 5D 0A .....Qs...a...].
01D0: 41 56 EC 36 4F 85 B2 A1 8F E6 DE DC E2 2D B2 DF AV.6O........-..
01E0: AA 3D 99 51 23 14 19 02 8A 2C D4 F0 4C 83 39 1C .=.Q#....,..L.9.
01F0: 1B E5 8F 65 06 05 02 03 01 00 01 A3 82 01 11 30 ...e...........0
0200: 82 01 0D 30 09 06 03 55 1D 13 04 02 30 00 30 2C ...0...U....0.0,
0210: 06 09 60 86 48 01 86 F8 42 01 0D 04 1F 16 1D 4F ..`.H...B......O
0220: 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 74 65 64 penSSL Generated
0230: 20 43 65 72 74 69 66 69 63 61 74 65 30 1D 06 03 Certificate0...
0240: 55 1D 0E 04 16 04 14 4D 11 53 D1 7A 92 69 3B 36 U......M.S.z.i;6
0250: F7 D6 BA 53 6A 81 4A D5 38 98 59 30 81 B2 06 03 ...Sj.J.8.Y0....
0260: 55 1D 23 04 81 AA 30 81 A7 80 14 2D F5 B5 55 88 U.#...0....-..U.
0270: 86 E9 14 60 F1 E6 1C AD E2 71 79 29 A0 F1 8F A1 ...`.....qy)....
0280: 81 8B A4 81 88 30 81 85 31 0B 30 09 06 03 55 04 .....0..1.0...U.
0290: 06 13 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 ...IT1.0...U....
02A0: 54 65 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 Teramo1.0...U...
02B0: 06 54 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A .Teramo1.0...U..
02C0: 13 05 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B ..IZSAM1.0...U..
02D0: 13 03 43 45 44 31 17 30 15 06 03 55 04 03 13 0E ..CED1.0...U....
02E0: 64 6E 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D dns.tex.izs.it1.
02F0: 30 1B 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 0...*.H........d
0300: 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 74 82 01 00 [email protected]...
0310: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 0...*.H.........
0320: 41 00 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 A.s...o..D.<...D
0330: 4A C4 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 J..q_f.........r
0340: C6 FD B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 ...<..8r.....^[.
0350: 09 4E CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 .N..).z..u.#<...
0360: 35 E0 5.
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 60, 231, 207, 10, 49, 242, 250, 171, 53, 8, 41, 187, 100, 227, 91, 207, 240, 75, 233, 38, 44, 239, 48, 98, 118, 122, 4, 85, 50, 152, 59, 82, 172, 186, 169, 235, 87, 214, 155, 243, 41, 52, 92, 5, 252, 141 }
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 86 7D 83 84 8C 38 3A 3A C3 37 ...........8::.7
0010: D1 4E 69 55 77 6D 14 C8 04 F4 AB 62 3D 71 32 6F .NiUwm.....b=q2o
0020: A4 0D 16 F6 99 0C FD FD 39 08 C3 B2 B8 BF 93 BA ........9.......
0030: 23 CE 3E 8D 91 75 EC 29 D0 30 72 00 1B 00 F2 71 #.>..u.).0r....q
0040: 8D C2 FF 78 16 89 C5 8B 99 4A 1E 17 8F 86 A9 F9 ...x.....J......
0050: B3 46 04 B5 5C 0B 27 84 22 E4 0A 7D 0E 9E 8A CC .F..\.'.".......
0060: 5D 52 FB 63 77 11 FF 54 FB FC 96 89 F6 15 BC 0F ]R.cw..T........
0070: 6C EE C9 43 1D 51 97 D0 4B 48 31 FA D5 0B 63 6A l..C.Q..KH1...cj
0080: B2 9B 99 2C 99 CA ...,..
main, WRITE: SSL v3.1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 3C E7 CF 0A 31 F2 FA AB 35 08 29 BB 64 E3 ..<...1...5.).d.
0010: 5B CF F0 4B E9 26 2C EF 30 62 76 7A 04 55 32 98 [..K.&,.0bvz.U2.
0020: 3B 52 AC BA A9 EB 57 D6 9B F3 29 34 5C 05 FC 8D ;R....W...)4\...
CONNECTION KEYGEN:
Client Nonce:
0000: 43 30 24 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 C0$u,.Tt.(..0`..
0010: 7B 8D F4 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 ...Gk.^i.e\.N...
Server Nonce:
0000: 43 30 23 07 39 03 64 4D F4 8C 69 F2 46 E2 73 CD C0#.9.dM..i.F.s.
0010: 90 55 C5 C1 AE 18 57 C7 58 7C B8 4F 14 AA 96 BA .U....W.X..O....
Master Secret:
0000: 6E 47 12 2F BD 40 E5 30 E2 0E 0C 24 23 DD FC 53 nG./[email protected]...$#..S
0010: DD 7C A8 6C 9F 36 48 82 03 B1 63 21 64 73 A6 E3 ...l.6H...c!ds..
0020: 4D E6 6B 06 77 7D A6 38 4A EB 76 C1 34 85 75 31 M.k.w..8J.v.4.u1
Client MAC write Secret:
0000: 95 7D A9 28 CA 82 E9 69 3E DC 79 8D C0 36 70 30 ...(...i>.y..6p0
Server MAC write Secret:
0000: 7D 10 E4 35 B4 D9 62 BA 83 1D F3 16 B0 D1 14 AC ...5..b.........
Client write key:
0000: 44 0E 25 5D AC 78 51 19 21 66 06 CF 3D 8C 98 98 D.%].xQ.!f..=...
Server write key:
0000: 3D C2 21 97 4C E3 D3 69 9E D9 8A CC 63 E0 0C 8E =.!.L..i....c...
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
*** Finished, v3.1
verify_data: { 65, 234, 65, 174, 47, 136, 37, 130, 121, 68, 222, 210 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
0010: E8 81 F0 28 5A 40 91 C8 BA 85 76 8F 34 EB 95 C7 ...([email protected]...
main, WRITE: SSL v3.1 Handshake, length = 32
main, READ: SSL v3.1 Change Cipher Spec, length = 1
main, READ: SSL v3.1 Handshake, length = 32
Plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
0010: 61 F9 5F E0 B3 90 BA B2 63 8A 45 8F 61 84 40 39 a._.....c.E.a.@9
*** Finished, v3.1
verify_data: { 23, 71, 110, 41, 17, 6, 160, 65, 160, 12, 157, 65 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
Plaintext before ENCRYPTION: len = 63
0000: 50 4F 53 54 20 2F 77 73 73 75 69 6E 69 41 75 74 POST /wssuiniAut
0010: 43 65 72 74 2F 77 73 53 75 69 6E 69 55 70 64 2E Cert/wsSuiniUpd.
0020: 61 73 6D 78 20 48 54 54 50 2F 31 2E 31 0D 0A 2F asmx HTTP/1.1../
0030: 83 FA 4C 02 2F 83 20 D3 49 7C CD 39 A2 95 53 ..L./. .I..9..S
main, WRITE: SSL v3.1 Application Data, length = 63
Plaintext before ENCRYPTION: len = 57
0000: 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 Content-Type: te
0010: 78 74 2F 78 6D 6C 3B 20 63 68 61 72 73 65 74 3D xt/xml; charset=
0020: 22 75 74 66 2D 38 22 0D 0A 54 E1 A0 DE 70 E4 92 "utf-8"..T...p..
0030: 12 58 C1 C6 58 9A 44 39 E2 .X..X.D9.
main, WRITE: SSL v3.1 Application Data, length = 57
Plaintext before ENCRYPTION: len = 37
0000: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
0010: 38 34 38 0D 0A 86 C7 70 1C 67 47 DC 1C D4 E7 67 848....p.gG....g
0020: CB 64 69 5A 44 .diZD
main, WRITE: SSL v3.1 Application Data, length = 37
Plaintext before ENCRYPTION: len = 69
0000: 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74 Proxy-Authorizat
0010: 69 6F 6E 3A 20 42 61 73 69 63 20 5A 47 35 68 64 ion: Basic ZG5hd
0020: 47 56 73 62 47 45 36 59 7A 46 7A 61 57 52 70 4D GVsbGE6YzFzaWRpM
0030: 44 45 3D 0D 0A C1 74 CC F1 05 89 84 2C B1 69 45 DE=...t.....,.iE
0040: 2A 6F B3 7A 23 *o.z#
main, WRITE: SSL v3.1 Application Data, length = 69
Plaintext before ENCRYPTION: len = 71
0000: 53 4F 41 50 41 63 74 69 6F 6E 3A 20 68 74 74 70 SOAPAction: http
0010: 3A 2F 2F 62 64 72 2E 69 7A 73 2E 69 74 2F 77 65 ://bdr.izs.it/we
0020: 62 73 65 72 76 69 63 65 73 2F 49 6E 73 65 72 74 bservices/Insert
0030: 5F 4E 6F 74 65 0D 0A 4B 7C 0F A5 D6 00 58 78 BC _Note..K.....Xx.
0040: 0B 59 52 E1 FC 70 86 .YR..p.
main, WRITE: SSL v3.1 Application Data, length = 71
Plaintext before ENCRYPTION: len = 42
0000: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0010: 31 2E 33 2E 31 5F 30 38 0D 0A 61 25 77 68 A0 C2 1.3.1_08..a%wh..
0020: AC 52 CA F3 A3 F7 75 8A B0 FE .R....u...
main, WRITE: SSL v3.1 Application Data, length = 42
Plaintext before ENCRYPTION: len = 38
0000: 48 6F 73 74 3A 20 62 64 72 74 65 73 74 2E 69 7A Host: bdrtest.iz
0010: 73 2E 69 74 0D 0A D3 39 F0 0E C3 28 D0 12 1A 58 s.it...9...(...X
0020: 83 A4 BB 23 11 48 ...#.H
main, WRITE: SSL v3.1 Application Data, length = 38
Plaintext before ENCRYPTION: len = 78
0000: 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D Accept: text/htm
0010: 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D l, image/gif, im
0020: 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 3D 2E age/jpeg, *; q=.
0030: 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 89 64 2, */*; q=.2...d
0040: F7 A9 7F 6C 29 07 22 6F AC F3 B4 D4 7F C1 ...l)."o......
main, WRITE: SSL v3.1 Application Data, length = 78
Plaintext before ENCRYPTION: len = 40
0000: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0010: 2D 61 6C 69 76 65 0D 0A 1E D0 BD FD 9C 84 0A E0 -alive..........
0020: 9D 3D 26 26 99 09 BB FB .=&&....
main, WRITE: SSL v3.1 Application Data, length = 40
Plaintext before ENCRYPTION: len = 18
0000: 0D 0A C9 79 35 92 83 D8 A1 BF 46 B9 3E FC B9 78 ...y5.....F.>..x
0010: 07 89 ..
main, WRITE: SSL v3.1 Application Data, length = 18
Plaintext before ENCRYPTION: len = 864
0000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
0010: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 .0" encoding="UT
0020: 46 2D 38 22 3F 3E 0A 3C 73 6F 61 70 2D 65 6E 76 F-8"?>.<soap-env
0030: 3A 45 6E 76 65 6C 6F 70 65 20 78 6D 6C 6E 73 3A :Envelope xmlns:
0040: 73 6F 61 70 2D 65 6E 76 3D 22 68 74 74 70 3A 2F soap-env="http:/
0050: 2F 73 63 68 65 6D 61 73 2E 78 6D 6C 73 6F 61 70 /schemas.xmlsoap
0060: 2E 6F 72 67 2F 73 6F 61 70 2F 65 6E 76 65 6C 6F .org/soap/envelo
0070: 70 65 2F 22 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 pe/" xmlns:xsi="
main, WRITE: SSL v3.1 Application Data, length = 864
main, READ: SSL v3.1 Handshake, length = 20
Plaintext after DECRYPTION: len = 20
0000: 00 00 00 00 AC FA A9 49 7D 8A 0B A9 50 2F 74 A3 .......I....P/t.
0010: D2 BA 7A 39 ..z9
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 4625
*** ClientHello, v3.1
RandomCookie: GMT: 1127228534 bytes = { 18, 49, 204, 75, 133, 78, 163, 164, 250, 200, 97, 100, 19, 143, 176, 205, 50, 166, 159, 21, 80, 181, 243, 41, 64, 166, 190, 104 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 91
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
Plaintext before ENCRYPTION: len = 107
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 06 4B 44 B4 6C ............KD.l
0060: 9E B4 85 36 A4 D9 93 23 DB 49 0C ...6...#.I.
main, WRITE: SSL v3.1 Handshake, length = 107
main, READ: SSL v3.1 Handshake, length = 4076
Plaintext after DECRYPTION: len = 4076
0000: 02 00 00 46 03 01 43 30 23 09 DD 0A F6 93 D0 16 ...F..C0#.......
0010: CE 00 CC 72 55 92 92 12 4A B3 B7 92 8F 94 02 CA ...rU...J.......
0020: FE 25 A6 65 88 CF 20 2D 10 00 00 0F 1A 6E 56 46 .%.e.. -.....nVF
0030: 1B AD 9F E9 00 B2 DD 00 07 60 94 08 43 9E AC 9B .........`..C...
0040: 89 EA 73 79 EA 00 D1 00 04 00 0B 00 03 5E 00 03 ..sy.........^..
0050: 5B 00 03 58 30 82 03 54 30 82 02 FE A0 03 02 01 [..X0..T0.......
0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 85 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 .IT1.0...U....Te
0090: 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 ramo1.0...U....T
00A0: 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 eramo1.0...U....
00B0: 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 IZSAM1.0...U....
00C0: 43 45 44 31 17 30 15 06 03 55 04 03 13 0E 64 6E CED1.0...U....dn
00D0: 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D 30 1B s.tex.izs.it1.0.
00E0: 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A ..*.H........d.z
00F0: 69 70 70 6F 40 69 7A 73 2E 69 74 30 1E 17 0D 30 [email protected]
0100: 35 30 34 30 35 31 34 30 35 34 31 5A 17 0D 30 36 50405140541Z..06
0110: 30 34 30 35 31 34 30 35 34 31 5A 30 81 85 31 0B 0405140541Z0..1.
0120: 30 09 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 0...U....IT1.0..
0130: 03 55 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D .U....Teramo1.0.
0140: 06 03 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 ..U....Teramo1.0
0150: 0C 06 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 ...U....IZSAM1.0
0160: 0A 06 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 ...U....CED1.0..
0170: 03 55 04 03 13 0E 62 64 72 74 65 73 74 2E 69 7A .U....bdrtest.iz
0180: 73 2E 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D s.it1.0...*.H...
0190: 01 09 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 .....d.zippo@izs
01A0: 2E 69 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D .it0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: F6 E3 70 EC 18 8B B7 1D D6 11 11 59 3E 43 09 2D ..p........Y>C.-
01D0: AE F1 06 A3 0C 21 F7 00 09 C2 07 52 0B 29 35 CF .....!.....R.)5.
01E0: 65 38 2C 6C 0A 61 06 50 B9 20 8C 5F A0 B9 B7 E2 e8,l.a.P. ._....
01F0: 8B 2B 10 89 B9 7F 40 0F 49 A1 D8 9E A2 C8 BE 4E [email protected]
0200: 63 20 F2 49 35 25 F1 5D 64 00 ED 02 FD D7 96 51 c .I5%.]d......Q
0210: 73 C7 E9 DA 61 AA 88 FB 5D 0A 41 56 EC 36 4F 85 s...a...].AV.6O.
0220: B2 A1 8F E6 DE DC E2 2D B2 DF AA 3D 99 51 23 14 .......-...=.Q#.
0230: 19 02 8A 2C D4 F0 4C 83 39 1C 1B E5 8F 65 06 05 ...,..L.9....e..
0240: 02 03 01 00 01 A3 82 01 11 30 82 01 0D 30 09 06 .........0...0..
0250: 03 55 1D 13 04 02 30 00 30 2C 06 09 60 86 48 01 .U....0.0,..`.H.
0260: 86 F8 42 01 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C ..B......OpenSSL
0270: 20 47 65 6E 65 72 61 74 65 64 20 43 65 72 74 69 Generated Certi
0280: 66 69 63 61 74 65 30 1D 06 03 55 1D 0E 04 16 04 ficate0...U.....
0290: 14 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 .M.S.z.i;6...Sj.
02A0: 4A D5 38 98 59 30 81 B2 06 03 55 1D 23 04 81 AA J.8.Y0....U.#...
02B0: 30 81 A7 80 14 2D F5 B5 55 88 86 E9 14 60 F1 E6 0....-..U....`..
02C0: 1C AD E2 71 79 29 A0 F1 8F A1 81 8B A4 81 88 30 ...qy).........0
02D0: 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 54 31 ..1.0...U....IT1
02E0: 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 6D 6F .0...U....Teramo
02F0: 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 61 6D 1.0...U....Teram
0300: 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A 53 41 o1.0...U....IZSA
0310: 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 44 31 M1.0...U....CED1
0320: 17 30 15 06 03 55 04 03 13 0E 64 6E 73 2E 74 65 .0...U....dns.te
0330: 78 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 2A 86 x.izs.it1.0...*.
0340: 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 70 6F H........d.zippo
0350: 40 69 7A 73 2E 69 74 82 01 00 30 0D 06 09 2A 86 @izs.it...0...*.
0360: 48 86 F7 0D 01 01 04 05 00 03 41 00 73 D0 96 DD H.........A.s...
0370: 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 11 71 5F 66 o..D.<...DJ..q_f
0380: 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD B6 3C 90 1F .........r...<..
0390: 38 72 E3 A9 13 84 97 5E 5B 95 09 4E CB 86 29 7D 8r.....^[..N..).
03A0: 7A BB 07 75 97 23 3C D5 B1 16 35 E0 0D 00 0C 28 z..u.#<...5....(
03B0: 01 01 0C 24 00 C4 30 81 C1 31 0B 30 09 06 03 55 ...$..0..1.0...U
03C0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
03D0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
*** ServerHello, v3.1
RandomCookie: GMT: 1127228169 bytes = { 221, 10, 246, 147, 208, 22, 206, 0, 204, 114, 85, 146, 146, 18, 74, 179, 183, 146, 143, 148, 2, 202, 254, 37, 166, 101, 136, 207 }
Session ID: {45, 16, 0, 0, 15, 26,Thanks very much for reply.
I'm sorry, I missed a piece in previous post.
This is Server response:
Plaintext after DECRYPTION: len = 4316
0000: 48 54 54 50 2F 31 2E 31 20 34 30 33 20 41 63 63 HTTP/1.1 403 Acc
0010: 65 73 73 20 46 6F 72 62 69 64 64 65 6E 0D 0A 53 ess Forbidden..S
0020: 65 72 76 65 72 3A 20 4D 69 63 72 6F 73 6F 66 74 erver: Microsoft
0030: 2D 49 49 53 2F 35 2E 30 0D 0A 44 61 74 65 3A 20 -IIS/5.0..Date:
0040: 57 65 64 2C 20 32 31 20 53 65 70 20 32 30 30 35 Wed, 21 Sep 2005
0050: 20 30 37 3A 32 34 3A 33 39 20 47 4D 54 0D 0A 43 07:24:39 GMT..C
0060: 6F 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 onnection: close
0070: 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 ..Content-Length
0080: 3A 20 34 32 33 37 0D 0A 43 6F 6E 74 65 6E 74 2D : 4237..Content-
0090: 54 79 70 65 3A 20 74 65 78 74 2F 68 74 6D 6C 0D Type: text/html.
00A0: 0A 0D 0A 3C 21 44 4F 43 54 59 50 45 20 48 54 4D ...<!DOCTYPE HTM
00B0: 4C 20 50 55 42 4C 49 43 20 22 2D 2F 2F 57 33 43 L PUBLIC "-//W3C
00C0: 2F 2F 44 54 44 20 48 54 4D 4C 20 33 2E 32 20 46 //DTD HTML 3.2 F
00D0: 69 6E 61 6C 2F 2F 45 4E 22 3E 0D 0A 3C 68 74 6D inal//EN">..<htm
00E0: 6C 20 64 69 72 3D 6C 74 72 3E 0D 0A 0D 0A 3C 68 l dir=ltr>....<h
00F0: 65 61 64 3E 0D 0A 3C 73 74 79 6C 65 3E 0D 0A 61 ead>..<style>..a
0100: 3A 6C 69 6E 6B 09 09 09 7B 66 6F 6E 74 3A 38 70 :link....font:8p
0110: 74 2F 31 31 70 74 20 76 65 72 64 61 6E 61 3B 20 t/11pt verdana;
0120: 63 6F 6C 6F 72 3A 46 46 30 30 30 30 7D 0D 0A 61 color:FF0000...a
0130: 3A 76 69 73 69 74 65 64 09 09 7B 66 6F 6E 74 3A :visited...font:
0140: 38 70 74 2F 31 31 70 74 20 76 65 72 64 61 6E 61 8pt/11pt verdana
0150: 3B 20 63 6F 6C 6F 72 3A 23 34 65 34 65 34 65 7D ; color:#4e4e4e.
0160: 0D 0A 3C 2F 73 74 79 6C 65 3E 0D 0A 0D 0A 3C 4D ..</style>....<M
0170: 45 54 41 20 4E 41 4D 45 3D 22 52 4F 42 4F 54 53 ETA NAME="ROBOTS
0180: 22 20 43 4F 4E 54 45 4E 54 3D 22 4E 4F 49 4E 44 " CONTENT="NOIND
0190: 45 58 22 3E 0D 0A 0D 0A 3C 74 69 74 6C 65 3E 54 EX">....<title>T
01A0: 68 65 20 70 61 67 65 20 72 65 71 75 69 72 65 73 he page requires
01B0: 20 61 20 63 6C 69 65 6E 74 20 63 65 72 74 69 66 a client certif
01C0: 69 63 61 74 65 3C 2F 74 69 74 6C 65 3E 0D 0A 0D icate</title>...
Please Help me.
Regards. -
I am having Problems with client certificate/setup.
I have a client behind proxy that connect to Web Services.
I have only a client certificate that I import (use keytool) in my keystore.
I have this setting in my program:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", keystorePass);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePass);
[proxy setting is ok]
But when I invoke a service I have a empty certificate chain.
I use jdk1.3.1_08 and jsse-1_0_3_03
Please Help me. I have read hundred pages.
Many thanks in advance for any help.
My client log:
adding as trusted cert: [
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@10c424
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
To: Sat Jan 01 00:59:59 CET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 02a60000 01]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@238bd2
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
adding as trusted cert: [
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@198891
Validity: [From: Wed Nov 09 01:00:00 CET 1994,
To: Fri Jan 08 00:59:59 CET 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0 ]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
trigger seeding of SecureRandom
done seeding SecureRandom
Providers com.sun.net.ssl.internal.www.protocol
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1127228533 bytes = { 44, 211, 84, 116, 141, 40, 133, 180, 48, 96, 213, 147, 123, 141, 244, 71, 107, 242, 94, 105, 247, 101, 92, 8, 78, 176, 226, 133 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 30 24 75 2C D3 54 74 8D 28 ...7..C0$u,.Tt.(
0010: 85 B4 30 60 D5 93 7B 8D F4 47 6B F2 5E 69 F7 65 ..0`.....Gk.^i.e
0020: 5C 08 4E B0 E2 85 00 00 10 00 05 00 04 00 09 00 \.N.............
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 30 24 .............C0$
0030: 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 7B 8D F4 u,.Tt.(..0`.....
0040: 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 Gk.^i.e\.N...
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 944
*** ServerHello, v3.1
RandomCookie: GMT: 1127228167 bytes = { 57, 3, 100, 77, 244, 140, 105, 242, 70, 226, 115, 205, 144, 85, 197, 193, 174, 24, 87, 199, 88, 124, 184, 79, 20, 170, 150, 186 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suite: { 0, 4 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 43 30 23 07 39 03 64 4D F4 8C ...F..C0#.9.dM..
0010: 69 F2 46 E2 73 CD 90 55 C5 C1 AE 18 57 C7 58 7C i.F.s..U....W.X.
0020: B8 4F 14 AA 96 BA 20 26 02 00 00 87 7D 0D FE D1 .O.... &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 04 00 .v..7.....
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
updated/found trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
[read] MD5 and SHA1 hashes: len = 866
0000: 0B 00 03 5E 00 03 5B 00 03 58 30 82 03 54 30 82 ...^..[..X0..T0.
0010: 02 FE A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 04 05 00 30 81 85 31 0B 30 09 H........0..1.0.
0030: 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 03 55 ..U....IT1.0...U
0040: 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D 06 03 ....Teramo1.0...
0050: 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 0C 06 U....Teramo1.0..
0060: 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 0A 06 .U....IZSAM1.0..
0070: 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 03 55 .U....CED1.0...U
0080: 04 03 13 0E 64 6E 73 2E 74 65 78 2E 69 7A 73 2E ....dns.tex.izs.
0090: 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D 01 09 it1.0...*.H.....
00A0: 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 [email protected]
00B0: 74 30 1E 17 0D 30 35 30 34 30 35 31 34 30 35 34 t0...05040514054
00C0: 31 5A 17 0D 30 36 30 34 30 35 31 34 30 35 34 31 1Z..060405140541
00D0: 5A 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 Z0..1.0...U....I
00E0: 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 T1.0...U....Tera
00F0: 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 mo1.0...U....Ter
0100: 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A amo1.0...U....IZ
0110: 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 SAM1.0...U....CE
0120: 44 31 17 30 15 06 03 55 04 03 13 0E 62 64 72 74 D1.0...U....bdrt
0130: 65 73 74 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 est.izs.it1.0...
0140: 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 *.H........d.zip
0150: 70 6F 40 69 7A 73 2E 69 74 30 81 9F 30 0D 06 09 [email protected]...
0160: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0
0170: 81 89 02 81 81 00 F6 E3 70 EC 18 8B B7 1D D6 11 ........p.......
0180: 11 59 3E 43 09 2D AE F1 06 A3 0C 21 F7 00 09 C2 .Y>C.-.....!....
0190: 07 52 0B 29 35 CF 65 38 2C 6C 0A 61 06 50 B9 20 .R.)5.e8,l.a.P.
01A0: 8C 5F A0 B9 B7 E2 8B 2B 10 89 B9 7F 40 0F 49 A1 [email protected].
01B0: D8 9E A2 C8 BE 4E 63 20 F2 49 35 25 F1 5D 64 00 .....Nc .I5%.]d.
01C0: ED 02 FD D7 96 51 73 C7 E9 DA 61 AA 88 FB 5D 0A .....Qs...a...].
01D0: 41 56 EC 36 4F 85 B2 A1 8F E6 DE DC E2 2D B2 DF AV.6O........-..
01E0: AA 3D 99 51 23 14 19 02 8A 2C D4 F0 4C 83 39 1C .=.Q#....,..L.9.
01F0: 1B E5 8F 65 06 05 02 03 01 00 01 A3 82 01 11 30 ...e...........0
0200: 82 01 0D 30 09 06 03 55 1D 13 04 02 30 00 30 2C ...0...U....0.0,
0210: 06 09 60 86 48 01 86 F8 42 01 0D 04 1F 16 1D 4F ..`.H...B......O
0220: 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 74 65 64 penSSL Generated
0230: 20 43 65 72 74 69 66 69 63 61 74 65 30 1D 06 03 Certificate0...
0240: 55 1D 0E 04 16 04 14 4D 11 53 D1 7A 92 69 3B 36 U......M.S.z.i;6
0250: F7 D6 BA 53 6A 81 4A D5 38 98 59 30 81 B2 06 03 ...Sj.J.8.Y0....
0260: 55 1D 23 04 81 AA 30 81 A7 80 14 2D F5 B5 55 88 U.#...0....-..U.
0270: 86 E9 14 60 F1 E6 1C AD E2 71 79 29 A0 F1 8F A1 ...`.....qy)....
0280: 81 8B A4 81 88 30 81 85 31 0B 30 09 06 03 55 04 .....0..1.0...U.
0290: 06 13 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 ...IT1.0...U....
02A0: 54 65 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 Teramo1.0...U...
02B0: 06 54 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A .Teramo1.0...U..
02C0: 13 05 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B ..IZSAM1.0...U..
02D0: 13 03 43 45 44 31 17 30 15 06 03 55 04 03 13 0E ..CED1.0...U....
02E0: 64 6E 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D dns.tex.izs.it1.
02F0: 30 1B 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 0...*.H........d
0300: 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 74 82 01 00 [email protected]...
0310: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 0...*.H.........
0320: 41 00 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 A.s...o..D.<...D
0330: 4A C4 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 J..q_f.........r
0340: C6 FD B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 ...<..8r.....^[.
0350: 09 4E CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 .N..).z..u.#<...
0360: 35 E0 5.
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 60, 231, 207, 10, 49, 242, 250, 171, 53, 8, 41, 187, 100, 227, 91, 207, 240, 75, 233, 38, 44, 239, 48, 98, 118, 122, 4, 85, 50, 152, 59, 82, 172, 186, 169, 235, 87, 214, 155, 243, 41, 52, 92, 5, 252, 141 }
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 86 7D 83 84 8C 38 3A 3A C3 37 ...........8::.7
0010: D1 4E 69 55 77 6D 14 C8 04 F4 AB 62 3D 71 32 6F .NiUwm.....b=q2o
0020: A4 0D 16 F6 99 0C FD FD 39 08 C3 B2 B8 BF 93 BA ........9.......
0030: 23 CE 3E 8D 91 75 EC 29 D0 30 72 00 1B 00 F2 71 #.>..u.).0r....q
0040: 8D C2 FF 78 16 89 C5 8B 99 4A 1E 17 8F 86 A9 F9 ...x.....J......
0050: B3 46 04 B5 5C 0B 27 84 22 E4 0A 7D 0E 9E 8A CC .F..\.'.".......
0060: 5D 52 FB 63 77 11 FF 54 FB FC 96 89 F6 15 BC 0F ]R.cw..T........
0070: 6C EE C9 43 1D 51 97 D0 4B 48 31 FA D5 0B 63 6A l..C.Q..KH1...cj
0080: B2 9B 99 2C 99 CA ...,..
main, WRITE: SSL v3.1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 3C E7 CF 0A 31 F2 FA AB 35 08 29 BB 64 E3 ..<...1...5.).d.
0010: 5B CF F0 4B E9 26 2C EF 30 62 76 7A 04 55 32 98 [..K.&,.0bvz.U2.
0020: 3B 52 AC BA A9 EB 57 D6 9B F3 29 34 5C 05 FC 8D ;R....W...)4\...
CONNECTION KEYGEN:
Client Nonce:
0000: 43 30 24 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 C0$u,.Tt.(..0`..
0010: 7B 8D F4 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 ...Gk.^i.e\.N...
Server Nonce:
0000: 43 30 23 07 39 03 64 4D F4 8C 69 F2 46 E2 73 CD C0#.9.dM..i.F.s.
0010: 90 55 C5 C1 AE 18 57 C7 58 7C B8 4F 14 AA 96 BA .U....W.X..O....
Master Secret:
0000: 6E 47 12 2F BD 40 E5 30 E2 0E 0C 24 23 DD FC 53 nG./[email protected]...$#..S
0010: DD 7C A8 6C 9F 36 48 82 03 B1 63 21 64 73 A6 E3 ...l.6H...c!ds..
0020: 4D E6 6B 06 77 7D A6 38 4A EB 76 C1 34 85 75 31 M.k.w..8J.v.4.u1
Client MAC write Secret:
0000: 95 7D A9 28 CA 82 E9 69 3E DC 79 8D C0 36 70 30 ...(...i>.y..6p0
Server MAC write Secret:
0000: 7D 10 E4 35 B4 D9 62 BA 83 1D F3 16 B0 D1 14 AC ...5..b.........
Client write key:
0000: 44 0E 25 5D AC 78 51 19 21 66 06 CF 3D 8C 98 98 D.%].xQ.!f..=...
Server write key:
0000: 3D C2 21 97 4C E3 D3 69 9E D9 8A CC 63 E0 0C 8E =.!.L..i....c...
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
*** Finished, v3.1
verify_data: { 65, 234, 65, 174, 47, 136, 37, 130, 121, 68, 222, 210 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
0010: E8 81 F0 28 5A 40 91 C8 BA 85 76 8F 34 EB 95 C7 ...([email protected]...
main, WRITE: SSL v3.1 Handshake, length = 32
main, READ: SSL v3.1 Change Cipher Spec, length = 1
main, READ: SSL v3.1 Handshake, length = 32
Plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
0010: 61 F9 5F E0 B3 90 BA B2 63 8A 45 8F 61 84 40 39 a._.....c.E.a.@9
*** Finished, v3.1
verify_data: { 23, 71, 110, 41, 17, 6, 160, 65, 160, 12, 157, 65 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
Plaintext before ENCRYPTION: len = 63
0000: 50 4F 53 54 20 2F 77 73 73 75 69 6E 69 41 75 74 POST /wssuiniAut
0010: 43 65 72 74 2F 77 73 53 75 69 6E 69 55 70 64 2E Cert/wsSuiniUpd.
0020: 61 73 6D 78 20 48 54 54 50 2F 31 2E 31 0D 0A 2F asmx HTTP/1.1../
0030: 83 FA 4C 02 2F 83 20 D3 49 7C CD 39 A2 95 53 ..L./. .I..9..S
main, WRITE: SSL v3.1 Application Data, length = 63
Plaintext before ENCRYPTION: len = 57
0000: 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 Content-Type: te
0010: 78 74 2F 78 6D 6C 3B 20 63 68 61 72 73 65 74 3D xt/xml; charset=
0020: 22 75 74 66 2D 38 22 0D 0A 54 E1 A0 DE 70 E4 92 "utf-8"..T...p..
0030: 12 58 C1 C6 58 9A 44 39 E2 .X..X.D9.
main, WRITE: SSL v3.1 Application Data, length = 57
Plaintext before ENCRYPTION: len = 37
0000: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
0010: 38 34 38 0D 0A 86 C7 70 1C 67 47 DC 1C D4 E7 67 848....p.gG....g
0020: CB 64 69 5A 44 .diZD
main, WRITE: SSL v3.1 Application Data, length = 37
Plaintext before ENCRYPTION: len = 69
0000: 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74 Proxy-Authorizat
0010: 69 6F 6E 3A 20 42 61 73 69 63 20 5A 47 35 68 64 ion: Basic ZG5hd
0020: 47 56 73 62 47 45 36 59 7A 46 7A 61 57 52 70 4D GVsbGE6YzFzaWRpM
0030: 44 45 3D 0D 0A C1 74 CC F1 05 89 84 2C B1 69 45 DE=...t.....,.iE
0040: 2A 6F B3 7A 23 *o.z#
main, WRITE: SSL v3.1 Application Data, length = 69
Plaintext before ENCRYPTION: len = 71
0000: 53 4F 41 50 41 63 74 69 6F 6E 3A 20 68 74 74 70 SOAPAction: http
0010: 3A 2F 2F 62 64 72 2E 69 7A 73 2E 69 74 2F 77 65 ://bdr.izs.it/we
0020: 62 73 65 72 76 69 63 65 73 2F 49 6E 73 65 72 74 bservices/Insert
0030: 5F 4E 6F 74 65 0D 0A 4B 7C 0F A5 D6 00 58 78 BC _Note..K.....Xx.
0040: 0B 59 52 E1 FC 70 86 .YR..p.
main, WRITE: SSL v3.1 Application Data, length = 71
Plaintext before ENCRYPTION: len = 42
0000: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0010: 31 2E 33 2E 31 5F 30 38 0D 0A 61 25 77 68 A0 C2 1.3.1_08..a%wh..
0020: AC 52 CA F3 A3 F7 75 8A B0 FE .R....u...
main, WRITE: SSL v3.1 Application Data, length = 42
Plaintext before ENCRYPTION: len = 38
0000: 48 6F 73 74 3A 20 62 64 72 74 65 73 74 2E 69 7A Host: bdrtest.iz
0010: 73 2E 69 74 0D 0A D3 39 F0 0E C3 28 D0 12 1A 58 s.it...9...(...X
0020: 83 A4 BB 23 11 48 ...#.H
main, WRITE: SSL v3.1 Application Data, length = 38
Plaintext before ENCRYPTION: len = 78
0000: 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D Accept: text/htm
0010: 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D l, image/gif, im
0020: 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 3D 2E age/jpeg, *; q=.
0030: 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 89 64 2, */*; q=.2...d
0040: F7 A9 7F 6C 29 07 22 6F AC F3 B4 D4 7F C1 ...l)."o......
main, WRITE: SSL v3.1 Application Data, length = 78
Plaintext before ENCRYPTION: len = 40
0000: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0010: 2D 61 6C 69 76 65 0D 0A 1E D0 BD FD 9C 84 0A E0 -alive..........
0020: 9D 3D 26 26 99 09 BB FB .=&&....
main, WRITE: SSL v3.1 Application Data, length = 40
Plaintext before ENCRYPTION: len = 18
0000: 0D 0A C9 79 35 92 83 D8 A1 BF 46 B9 3E FC B9 78 ...y5.....F.>..x
0010: 07 89 ..
main, WRITE: SSL v3.1 Application Data, length = 18
Plaintext before ENCRYPTION: len = 864
0000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
0010: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 .0" encoding="UT
0020: 46 2D 38 22 3F 3E 0A 3C 73 6F 61 70 2D 65 6E 76 F-8"?>.<soap-env
0030: 3A 45 6E 76 65 6C 6F 70 65 20 78 6D 6C 6E 73 3A :Envelope xmlns:
0040: 73 6F 61 70 2D 65 6E 76 3D 22 68 74 74 70 3A 2F soap-env="http:/
0050: 2F 73 63 68 65 6D 61 73 2E 78 6D 6C 73 6F 61 70 /schemas.xmlsoap
0060: 2E 6F 72 67 2F 73 6F 61 70 2F 65 6E 76 65 6C 6F .org/soap/envelo
0070: 70 65 2F 22 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 pe/" xmlns:xsi="
main, WRITE: SSL v3.1 Application Data, length = 864
main, READ: SSL v3.1 Handshake, length = 20
Plaintext after DECRYPTION: len = 20
0000: 00 00 00 00 AC FA A9 49 7D 8A 0B A9 50 2F 74 A3 .......I....P/t.
0010: D2 BA 7A 39 ..z9
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 4625
*** ClientHello, v3.1
RandomCookie: GMT: 1127228534 bytes = { 18, 49, 204, 75, 133, 78, 163, 164, 250, 200, 97, 100, 19, 143, 176, 205, 50, 166, 159, 21, 80, 181, 243, 41, 64, 166, 190, 104 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 91
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
Plaintext before ENCRYPTION: len = 107
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 06 4B 44 B4 6C ............KD.l
0060: 9E B4 85 36 A4 D9 93 23 DB 49 0C ...6...#.I.
main, WRITE: SSL v3.1 Handshake, length = 107
main, READ: SSL v3.1 Handshake, length = 4076
Plaintext after DECRYPTION: len = 4076
0000: 02 00 00 46 03 01 43 30 23 09 DD 0A F6 93 D0 16 ...F..C0#.......
0010: CE 00 CC 72 55 92 92 12 4A B3 B7 92 8F 94 02 CA ...rU...J.......
0020: FE 25 A6 65 88 CF 20 2D 10 00 00 0F 1A 6E 56 46 .%.e.. -.....nVF
0030: 1B AD 9F E9 00 B2 DD 00 07 60 94 08 43 9E AC 9B .........`..C...
0040: 89 EA 73 79 EA 00 D1 00 04 00 0B 00 03 5E 00 03 ..sy.........^..
0050: 5B 00 03 58 30 82 03 54 30 82 02 FE A0 03 02 01 [..X0..T0.......
0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 85 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 .IT1.0...U....Te
0090: 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 ramo1.0...U....T
00A0: 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 eramo1.0...U....
00B0: 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 IZSAM1.0...U....
00C0: 43 45 44 31 17 30 15 06 03 55 04 03 13 0E 64 6E CED1.0...U....dn
00D0: 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D 30 1B s.tex.izs.it1.0.
00E0: 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A ..*.H........d.z
00F0: 69 70 70 6F 40 69 7A 73 2E 69 74 30 1E 17 0D 30 [email protected]
0100: 35 30 34 30 35 31 34 30 35 34 31 5A 17 0D 30 36 50405140541Z..06
0110: 30 34 30 35 31 34 30 35 34 31 5A 30 81 85 31 0B 0405140541Z0..1.
0120: 30 09 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 0...U....IT1.0..
0130: 03 55 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D .U....Teramo1.0.
0140: 06 03 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 ..U....Teramo1.0
0150: 0C 06 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 ...U....IZSAM1.0
0160: 0A 06 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 ...U....CED1.0..
0170: 03 55 04 03 13 0E 62 64 72 74 65 73 74 2E 69 7A .U....bdrtest.iz
0180: 73 2E 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D s.it1.0...*.H...
0190: 01 09 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 .....d.zippo@izs
01A0: 2E 69 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D .it0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: F6 E3 70 EC 18 8B B7 1D D6 11 11 59 3E 43 09 2D ..p........Y>C.-
01D0: AE F1 06 A3 0C 21 F7 00 09 C2 07 52 0B 29 35 CF .....!.....R.)5.
01E0: 65 38 2C 6C 0A 61 06 50 B9 20 8C 5F A0 B9 B7 E2 e8,l.a.P. ._....
01F0: 8B 2B 10 89 B9 7F 40 0F 49 A1 D8 9E A2 C8 BE 4E [email protected]
0200: 63 20 F2 49 35 25 F1 5D 64 00 ED 02 FD D7 96 51 c .I5%.]d......Q
0210: 73 C7 E9 DA 61 AA 88 FB 5D 0A 41 56 EC 36 4F 85 s...a...].AV.6O.
0220: B2 A1 8F E6 DE DC E2 2D B2 DF AA 3D 99 51 23 14 .......-...=.Q#.
0230: 19 02 8A 2C D4 F0 4C 83 39 1C 1B E5 8F 65 06 05 ...,..L.9....e..
0240: 02 03 01 00 01 A3 82 01 11 30 82 01 0D 30 09 06 .........0...0..
0250: 03 55 1D 13 04 02 30 00 30 2C 06 09 60 86 48 01 .U....0.0,..`.H.
0260: 86 F8 42 01 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C ..B......OpenSSL
0270: 20 47 65 6E 65 72 61 74 65 64 20 43 65 72 74 69 Generated Certi
0280: 66 69 63 61 74 65 30 1D 06 03 55 1D 0E 04 16 04 ficate0...U.....
0290: 14 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 .M.S.z.i;6...Sj.
02A0: 4A D5 38 98 59 30 81 B2 06 03 55 1D 23 04 81 AA J.8.Y0....U.#...
02B0: 30 81 A7 80 14 2D F5 B5 55 88 86 E9 14 60 F1 E6 0....-..U....`..
02C0: 1C AD E2 71 79 29 A0 F1 8F A1 81 8B A4 81 88 30 ...qy).........0
02D0: 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 54 31 ..1.0...U....IT1
02E0: 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 6D 6F .0...U....Teramo
02F0: 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 61 6D 1.0...U....Teram
0300: 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A 53 41 o1.0...U....IZSA
0310: 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 44 31 M1.0...U....CED1
0320: 17 30 15 06 03 55 04 03 13 0E 64 6E 73 2E 74 65 .0...U....dns.te
0330: 78 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 2A 86 x.izs.it1.0...*.
0340: 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 70 6F H........d.zippo
0350: 40 69 7A 73 2E 69 74 82 01 00 30 0D 06 09 2A 86 @izs.it...0...*.
0360: 48 86 F7 0D 01 01 04 05 00 03 41 00 73 D0 96 DD H.........A.s...
0370: 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 11 71 5F 66 o..D.<...DJ..q_f
0380: 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD B6 3C 90 1F .........r...<..
0390: 38 72 E3 A9 13 84 97 5E 5B 95 09 4E CB 86 29 7D 8r.....^[..N..).
03A0: 7A BB 07 75 97 23 3C D5 B1 16 35 E0 0D 00 0C 28 z..u.#<...5....(
03B0: 01 01 0C 24 00 C4 30 81 C1 31 0B 30 09 06 03 55 ...$..0..1.0...U
03C0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
03D0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
*** ServerHello, v3.1
RandomCookie: GMT: 1127228169 bytes = { 221, 10, 246, 147, 208, 22, 206, 0, 204, 114, 85, 146, 146, 18, 74, 179, 183, 146, 143, 148, 2, 202, 254, 37, 166, 101, 136, 207 }
Session ID: {45, 16, 0, 0, 15,I am having Problems with client certificate/setup.
I have a client behind proxy that connect to Web Services.
I have only a client certificate that I import (use keytool) in my keystore.
I have this setting in my program:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", keystorePass);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePass);
[proxy setting is ok]
But when I invoke a service I have a empty certificate chain.
I use jdk1.3.1_08 and jsse-1_0_3_03
Please Help me. I have read hundred pages.
Many thanks in advance for any help.
My client log:
adding as trusted cert: [
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@10c424
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
To: Sat Jan 01 00:59:59 CET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 02a60000 01]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@238bd2
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
adding as trusted cert: [
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.rsajca.JSA_RSAPublicKey@198891
Validity: [From: Wed Nov 09 01:00:00 CET 1994,
To: Fri Jan 08 00:59:59 CET 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0 ]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
trigger seeding of SecureRandom
done seeding SecureRandom
Providers com.sun.net.ssl.internal.www.protocol
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1127228533 bytes = { 44, 211, 84, 116, 141, 40, 133, 180, 48, 96, 213, 147, 123, 141, 244, 71, 107, 242, 94, 105, 247, 101, 92, 8, 78, 176, 226, 133 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 43 30 24 75 2C D3 54 74 8D 28 ...7..C0$u,.Tt.(
0010: 85 B4 30 60 D5 93 7B 8D F4 47 6B F2 5E 69 F7 65 ..0`.....Gk.^i.e
0020: 5C 08 4E B0 E2 85 00 00 10 00 05 00 04 00 09 00 \.N.............
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 30 24 .............C0$
0030: 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 7B 8D F4 u,.Tt.(..0`.....
0040: 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 Gk.^i.e\.N...
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 944
*** ServerHello, v3.1
RandomCookie: GMT: 1127228167 bytes = { 57, 3, 100, 77, 244, 140, 105, 242, 70, 226, 115, 205, 144, 85, 197, 193, 174, 24, 87, 199, 88, 124, 184, 79, 20, 170, 150, 186 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suite: { 0, 4 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 43 30 23 07 39 03 64 4D F4 8C ...F..C0#.9.dM..
0010: 69 F2 46 E2 73 CD 90 55 C5 C1 AE 18 57 C7 58 7C i.F.s..U....W.X.
0020: B8 4F 14 AA 96 BA 20 26 02 00 00 87 7D 0D FE D1 .O.... &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 04 00 .v..7.....
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
updated/found trusted cert: [
Version: V3
Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@313906
Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
To: Wed Apr 05 16:05:41 CEST 2006]
Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
0010: D5 38 98 59 .8.Y
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
0010: 29 A0 F1 8F )...
[[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
SerialNumber: [ 0 ]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
[read] MD5 and SHA1 hashes: len = 866
0000: 0B 00 03 5E 00 03 5B 00 03 58 30 82 03 54 30 82 ...^..[..X0..T0.
0010: 02 FE A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 04 05 00 30 81 85 31 0B 30 09 H........0..1.0.
0030: 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 03 55 ..U....IT1.0...U
0040: 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D 06 03 ....Teramo1.0...
0050: 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 0C 06 U....Teramo1.0..
0060: 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 0A 06 .U....IZSAM1.0..
0070: 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 03 55 .U....CED1.0...U
0080: 04 03 13 0E 64 6E 73 2E 74 65 78 2E 69 7A 73 2E ....dns.tex.izs.
0090: 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D 01 09 it1.0...*.H.....
00A0: 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 [email protected]
00B0: 74 30 1E 17 0D 30 35 30 34 30 35 31 34 30 35 34 t0...05040514054
00C0: 31 5A 17 0D 30 36 30 34 30 35 31 34 30 35 34 31 1Z..060405140541
00D0: 5A 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 Z0..1.0...U....I
00E0: 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 T1.0...U....Tera
00F0: 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 mo1.0...U....Ter
0100: 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A amo1.0...U....IZ
0110: 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 SAM1.0...U....CE
0120: 44 31 17 30 15 06 03 55 04 03 13 0E 62 64 72 74 D1.0...U....bdrt
0130: 65 73 74 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 est.izs.it1.0...
0140: 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 *.H........d.zip
0150: 70 6F 40 69 7A 73 2E 69 74 30 81 9F 30 0D 06 09 [email protected]...
0160: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0
0170: 81 89 02 81 81 00 F6 E3 70 EC 18 8B B7 1D D6 11 ........p.......
0180: 11 59 3E 43 09 2D AE F1 06 A3 0C 21 F7 00 09 C2 .Y>C.-.....!....
0190: 07 52 0B 29 35 CF 65 38 2C 6C 0A 61 06 50 B9 20 .R.)5.e8,l.a.P.
01A0: 8C 5F A0 B9 B7 E2 8B 2B 10 89 B9 7F 40 0F 49 A1 [email protected].
01B0: D8 9E A2 C8 BE 4E 63 20 F2 49 35 25 F1 5D 64 00 .....Nc .I5%.]d.
01C0: ED 02 FD D7 96 51 73 C7 E9 DA 61 AA 88 FB 5D 0A .....Qs...a...].
01D0: 41 56 EC 36 4F 85 B2 A1 8F E6 DE DC E2 2D B2 DF AV.6O........-..
01E0: AA 3D 99 51 23 14 19 02 8A 2C D4 F0 4C 83 39 1C .=.Q#....,..L.9.
01F0: 1B E5 8F 65 06 05 02 03 01 00 01 A3 82 01 11 30 ...e...........0
0200: 82 01 0D 30 09 06 03 55 1D 13 04 02 30 00 30 2C ...0...U....0.0,
0210: 06 09 60 86 48 01 86 F8 42 01 0D 04 1F 16 1D 4F ..`.H...B......O
0220: 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 74 65 64 penSSL Generated
0230: 20 43 65 72 74 69 66 69 63 61 74 65 30 1D 06 03 Certificate0...
0240: 55 1D 0E 04 16 04 14 4D 11 53 D1 7A 92 69 3B 36 U......M.S.z.i;6
0250: F7 D6 BA 53 6A 81 4A D5 38 98 59 30 81 B2 06 03 ...Sj.J.8.Y0....
0260: 55 1D 23 04 81 AA 30 81 A7 80 14 2D F5 B5 55 88 U.#...0....-..U.
0270: 86 E9 14 60 F1 E6 1C AD E2 71 79 29 A0 F1 8F A1 ...`.....qy)....
0280: 81 8B A4 81 88 30 81 85 31 0B 30 09 06 03 55 04 .....0..1.0...U.
0290: 06 13 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 ...IT1.0...U....
02A0: 54 65 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 Teramo1.0...U...
02B0: 06 54 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A .Teramo1.0...U..
02C0: 13 05 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B ..IZSAM1.0...U..
02D0: 13 03 43 45 44 31 17 30 15 06 03 55 04 03 13 0E ..CED1.0...U....
02E0: 64 6E 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D dns.tex.izs.it1.
02F0: 30 1B 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 0...*.H........d
0300: 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 74 82 01 00 [email protected]...
0310: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 0...*.H.........
0320: 41 00 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 A.s...o..D.<...D
0330: 4A C4 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 J..q_f.........r
0340: C6 FD B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 ...<..8r.....^[.
0350: 09 4E CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 .N..).z..u.#<...
0360: 35 E0 5.
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 60, 231, 207, 10, 49, 242, 250, 171, 53, 8, 41, 187, 100, 227, 91, 207, 240, 75, 233, 38, 44, 239, 48, 98, 118, 122, 4, 85, 50, 152, 59, 82, 172, 186, 169, 235, 87, 214, 155, 243, 41, 52, 92, 5, 252, 141 }
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 86 7D 83 84 8C 38 3A 3A C3 37 ...........8::.7
0010: D1 4E 69 55 77 6D 14 C8 04 F4 AB 62 3D 71 32 6F .NiUwm.....b=q2o
0020: A4 0D 16 F6 99 0C FD FD 39 08 C3 B2 B8 BF 93 BA ........9.......
0030: 23 CE 3E 8D 91 75 EC 29 D0 30 72 00 1B 00 F2 71 #.>..u.).0r....q
0040: 8D C2 FF 78 16 89 C5 8B 99 4A 1E 17 8F 86 A9 F9 ...x.....J......
0050: B3 46 04 B5 5C 0B 27 84 22 E4 0A 7D 0E 9E 8A CC .F..\.'.".......
0060: 5D 52 FB 63 77 11 FF 54 FB FC 96 89 F6 15 BC 0F ]R.cw..T........
0070: 6C EE C9 43 1D 51 97 D0 4B 48 31 FA D5 0B 63 6A l..C.Q..KH1...cj
0080: B2 9B 99 2C 99 CA ...,..
main, WRITE: SSL v3.1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 3C E7 CF 0A 31 F2 FA AB 35 08 29 BB 64 E3 ..<...1...5.).d.
0010: 5B CF F0 4B E9 26 2C EF 30 62 76 7A 04 55 32 98 [..K.&,.0bvz.U2.
0020: 3B 52 AC BA A9 EB 57 D6 9B F3 29 34 5C 05 FC 8D ;R....W...)4\...
CONNECTION KEYGEN:
Client Nonce:
0000: 43 30 24 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 C0$u,.Tt.(..0`..
0010: 7B 8D F4 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 ...Gk.^i.e\.N...
Server Nonce:
0000: 43 30 23 07 39 03 64 4D F4 8C 69 F2 46 E2 73 CD C0#.9.dM..i.F.s.
0010: 90 55 C5 C1 AE 18 57 C7 58 7C B8 4F 14 AA 96 BA .U....W.X..O....
Master Secret:
0000: 6E 47 12 2F BD 40 E5 30 E2 0E 0C 24 23 DD FC 53 nG./[email protected]...$#..S
0010: DD 7C A8 6C 9F 36 48 82 03 B1 63 21 64 73 A6 E3 ...l.6H...c!ds..
0020: 4D E6 6B 06 77 7D A6 38 4A EB 76 C1 34 85 75 31 M.k.w..8J.v.4.u1
Client MAC write Secret:
0000: 95 7D A9 28 CA 82 E9 69 3E DC 79 8D C0 36 70 30 ...(...i>.y..6p0
Server MAC write Secret:
0000: 7D 10 E4 35 B4 D9 62 BA 83 1D F3 16 B0 D1 14 AC ...5..b.........
Client write key:
0000: 44 0E 25 5D AC 78 51 19 21 66 06 CF 3D 8C 98 98 D.%].xQ.!f..=...
Server write key:
0000: 3D C2 21 97 4C E3 D3 69 9E D9 8A CC 63 E0 0C 8E =.!.L..i....c...
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
*** Finished, v3.1
verify_data: { 65, 234, 65, 174, 47, 136, 37, 130, 121, 68, 222, 210 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
0010: E8 81 F0 28 5A 40 91 C8 BA 85 76 8F 34 EB 95 C7 ...([email protected]...
main, WRITE: SSL v3.1 Handshake, length = 32
main, READ: SSL v3.1 Change Cipher Spec, length = 1
main, READ: SSL v3.1 Handshake, length = 32
Plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
0010: 61 F9 5F E0 B3 90 BA B2 63 8A 45 8F 61 84 40 39 a._.....c.E.a.@9
*** Finished, v3.1
verify_data: { 23, 71, 110, 41, 17, 6, 160, 65, 160, 12, 157, 65 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
Plaintext before ENCRYPTION: len = 63
0000: 50 4F 53 54 20 2F 77 73 73 75 69 6E 69 41 75 74 POST /wssuiniAut
0010: 43 65 72 74 2F 77 73 53 75 69 6E 69 55 70 64 2E Cert/wsSuiniUpd.
0020: 61 73 6D 78 20 48 54 54 50 2F 31 2E 31 0D 0A 2F asmx HTTP/1.1../
0030: 83 FA 4C 02 2F 83 20 D3 49 7C CD 39 A2 95 53 ..L./. .I..9..S
main, WRITE: SSL v3.1 Application Data, length = 63
Plaintext before ENCRYPTION: len = 57
0000: 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 Content-Type: te
0010: 78 74 2F 78 6D 6C 3B 20 63 68 61 72 73 65 74 3D xt/xml; charset=
0020: 22 75 74 66 2D 38 22 0D 0A 54 E1 A0 DE 70 E4 92 "utf-8"..T...p..
0030: 12 58 C1 C6 58 9A 44 39 E2 .X..X.D9.
main, WRITE: SSL v3.1 Application Data, length = 57
Plaintext before ENCRYPTION: len = 37
0000: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
0010: 38 34 38 0D 0A 86 C7 70 1C 67 47 DC 1C D4 E7 67 848....p.gG....g
0020: CB 64 69 5A 44 .diZD
main, WRITE: SSL v3.1 Application Data, length = 37
Plaintext before ENCRYPTION: len = 69
0000: 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74 Proxy-Authorizat
0010: 69 6F 6E 3A 20 42 61 73 69 63 20 5A 47 35 68 64 ion: Basic ZG5hd
0020: 47 56 73 62 47 45 36 59 7A 46 7A 61 57 52 70 4D GVsbGE6YzFzaWRpM
0030: 44 45 3D 0D 0A C1 74 CC F1 05 89 84 2C B1 69 45 DE=...t.....,.iE
0040: 2A 6F B3 7A 23 *o.z#
main, WRITE: SSL v3.1 Application Data, length = 69
Plaintext before ENCRYPTION: len = 71
0000: 53 4F 41 50 41 63 74 69 6F 6E 3A 20 68 74 74 70 SOAPAction: http
0010: 3A 2F 2F 62 64 72 2E 69 7A 73 2E 69 74 2F 77 65 ://bdr.izs.it/we
0020: 62 73 65 72 76 69 63 65 73 2F 49 6E 73 65 72 74 bservices/Insert
0030: 5F 4E 6F 74 65 0D 0A 4B 7C 0F A5 D6 00 58 78 BC _Note..K.....Xx.
0040: 0B 59 52 E1 FC 70 86 .YR..p.
main, WRITE: SSL v3.1 Application Data, length = 71
Plaintext before ENCRYPTION: len = 42
0000: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
0010: 31 2E 33 2E 31 5F 30 38 0D 0A 61 25 77 68 A0 C2 1.3.1_08..a%wh..
0020: AC 52 CA F3 A3 F7 75 8A B0 FE .R....u...
main, WRITE: SSL v3.1 Application Data, length = 42
Plaintext before ENCRYPTION: len = 38
0000: 48 6F 73 74 3A 20 62 64 72 74 65 73 74 2E 69 7A Host: bdrtest.iz
0010: 73 2E 69 74 0D 0A D3 39 F0 0E C3 28 D0 12 1A 58 s.it...9...(...X
0020: 83 A4 BB 23 11 48 ...#.H
main, WRITE: SSL v3.1 Application Data, length = 38
Plaintext before ENCRYPTION: len = 78
0000: 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D Accept: text/htm
0010: 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D l, image/gif, im
0020: 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 3D 2E age/jpeg, *; q=.
0030: 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 89 64 2, */*; q=.2...d
0040: F7 A9 7F 6C 29 07 22 6F AC F3 B4 D4 7F C1 ...l)."o......
main, WRITE: SSL v3.1 Application Data, length = 78
Plaintext before ENCRYPTION: len = 40
0000: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0010: 2D 61 6C 69 76 65 0D 0A 1E D0 BD FD 9C 84 0A E0 -alive..........
0020: 9D 3D 26 26 99 09 BB FB .=&&....
main, WRITE: SSL v3.1 Application Data, length = 40
Plaintext before ENCRYPTION: len = 18
0000: 0D 0A C9 79 35 92 83 D8 A1 BF 46 B9 3E FC B9 78 ...y5.....F.>..x
0010: 07 89 ..
main, WRITE: SSL v3.1 Application Data, length = 18
Plaintext before ENCRYPTION: len = 864
0000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
0010: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 .0" encoding="UT
0020: 46 2D 38 22 3F 3E 0A 3C 73 6F 61 70 2D 65 6E 76 F-8"?>.<soap-env
0030: 3A 45 6E 76 65 6C 6F 70 65 20 78 6D 6C 6E 73 3A :Envelope xmlns:
0040: 73 6F 61 70 2D 65 6E 76 3D 22 68 74 74 70 3A 2F soap-env="http:/
0050: 2F 73 63 68 65 6D 61 73 2E 78 6D 6C 73 6F 61 70 /schemas.xmlsoap
0060: 2E 6F 72 67 2F 73 6F 61 70 2F 65 6E 76 65 6C 6F .org/soap/envelo
0070: 70 65 2F 22 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 pe/" xmlns:xsi="
main, WRITE: SSL v3.1 Application Data, length = 864
main, READ: SSL v3.1 Handshake, length = 20
Plaintext after DECRYPTION: len = 20
0000: 00 00 00 00 AC FA A9 49 7D 8A 0B A9 50 2F 74 A3 .......I....P/t.
0010: D2 BA 7A 39 ..z9
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 4625
*** ClientHello, v3.1
RandomCookie: GMT: 1127228534 bytes = { 18, 49, 204, 75, 133, 78, 163, 164, 250, 200, 97, 100, 19, 143, 176, 205, 50, 166, 159, 21, 80, 181, 243, 41, 64, 166, 190, 104 }
Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 91
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
Plaintext before ENCRYPTION: len = 107
0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
0050: 0A 00 12 00 13 00 03 00 11 01 00 06 4B 44 B4 6C ............KD.l
0060: 9E B4 85 36 A4 D9 93 23 DB 49 0C ...6...#.I.
main, WRITE: SSL v3.1 Handshake, length = 107
main, READ: SSL v3.1 Handshake, length = 4076
Plaintext after DECRYPTION: len = 4076
0000: 02 00 00 46 03 01 43 30 23 09 DD 0A F6 93 D0 16 ...F..C0#.......
0010: CE 00 CC 72 55 92 92 12 4A B3 B7 92 8F 94 02 CA ...rU...J.......
0020: FE 25 A6 65 88 CF 20 2D 10 00 00 0F 1A 6E 56 46 .%.e.. -.....nVF
0030: 1B AD 9F E9 00 B2 DD 00 07 60 94 08 43 9E AC 9B .........`..C...
0040: 89 EA 73 79 EA 00 D1 00 04 00 0B 00 03 5E 00 03 ..sy.........^..
0050: 5B 00 03 58 30 82 03 54 30 82 02 FE A0 03 02 01 [..X0..T0.......
0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 85 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 .IT1.0...U....Te
0090: 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 ramo1.0...U....T
00A0: 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 eramo1.0...U....
00B0: 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 IZSAM1.0...U....
00C0: 43 45 44 31 17 30 15 06 03 55 04 03 13 0E 64 6E CED1.0...U....dn
00D0: 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D 30 1B s.tex.izs.it1.0.
00E0: 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A ..*.H........d.z
00F0: 69 70 70 6F 40 69 7A 73 2E 69 74 30 1E 17 0D 30 [email protected]
0100: 35 30 34 30 35 31 34 30 35 34 31 5A 17 0D 30 36 50405140541Z..06
0110: 30 34 30 35 31 34 30 35 34 31 5A 30 81 85 31 0B 0405140541Z0..1.
0120: 30 09 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 0...U....IT1.0..
0130: 03 55 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D .U....Teramo1.0.
0140: 06 03 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 ..U....Teramo1.0
0150: 0C 06 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 ...U....IZSAM1.0
0160: 0A 06 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 ...U....CED1.0..
0170: 03 55 04 03 13 0E 62 64 72 74 65 73 74 2E 69 7A .U....bdrtest.iz
0180: 73 2E 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D s.it1.0...*.H...
0190: 01 09 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 .....d.zippo@izs
01A0: 2E 69 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D .it0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: F6 E3 70 EC 18 8B B7 1D D6 11 11 59 3E 43 09 2D ..p........Y>C.-
01D0: AE F1 06 A3 0C 21 F7 00 09 C2 07 52 0B 29 35 CF .....!.....R.)5.
01E0: 65 38 2C 6C 0A 61 06 50 B9 20 8C 5F A0 B9 B7 E2 e8,l.a.P. ._....
01F0: 8B 2B 10 89 B9 7F 40 0F 49 A1 D8 9E A2 C8 BE 4E [email protected]
0200: 63 20 F2 49 35 25 F1 5D 64 00 ED 02 FD D7 96 51 c .I5%.]d......Q
0210: 73 C7 E9 DA 61 AA 88 FB 5D 0A 41 56 EC 36 4F 85 s...a...].AV.6O.
0220: B2 A1 8F E6 DE DC E2 2D B2 DF AA 3D 99 51 23 14 .......-...=.Q#.
0230: 19 02 8A 2C D4 F0 4C 83 39 1C 1B E5 8F 65 06 05 ...,..L.9....e..
0240: 02 03 01 00 01 A3 82 01 11 30 82 01 0D 30 09 06 .........0...0..
0250: 03 55 1D 13 04 02 30 00 30 2C 06 09 60 86 48 01 .U....0.0,..`.H.
0260: 86 F8 42 01 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C ..B......OpenSSL
0270: 20 47 65 6E 65 72 61 74 65 64 20 43 65 72 74 69 Generated Certi
0280: 66 69 63 61 74 65 30 1D 06 03 55 1D 0E 04 16 04 ficate0...U.....
0290: 14 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 .M.S.z.i;6...Sj.
02A0: 4A D5 38 98 59 30 81 B2 06 03 55 1D 23 04 81 AA J.8.Y0....U.#...
02B0: 30 81 A7 80 14 2D F5 B5 55 88 86 E9 14 60 F1 E6 0....-..U....`..
02C0: 1C AD E2 71 79 29 A0 F1 8F A1 81 8B A4 81 88 30 ...qy).........0
02D0: 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 54 31 ..1.0...U....IT1
02E0: 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 6D 6F .0...U....Teramo
02F0: 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 61 6D 1.0...U....Teram
0300: 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A 53 41 o1.0...U....IZSA
0310: 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 44 31 M1.0...U....CED1
0320: 17 30 15 06 03 55 04 03 13 0E 64 6E 73 2E 74 65 .0...U....dns.te
0330: 78 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 2A 86 x.izs.it1.0...*.
0340: 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 70 6F H........d.zippo
0350: 40 69 7A 73 2E 69 74 82 01 00 30 0D 06 09 2A 86 @izs.it...0...*.
0360: 48 86 F7 0D 01 01 04 05 00 03 41 00 73 D0 96 DD H.........A.s...
0370: 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 11 71 5F 66 o..D.<...DJ..q_f
0380: 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD B6 3C 90 1F .........r...<..
0390: 38 72 E3 A9 13 84 97 5E 5B 95 09 4E CB 86 29 7D 8r.....^[..N..).
03A0: 7A BB 07 75 97 23 3C D5 B1 16 35 E0 0D 00 0C 28 z..u.#<...5....(
03B0: 01 01 0C 24 00 C4 30 81 C1 31 0B 30 09 06 03 55 ...$..0..1.0...U
03C0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
03D0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
*** ServerHello, v3.1
RandomCookie: GMT: 1127228169 bytes = { 221, 10, 246, 147, 208, 22, 206, 0, 204, 114, 85, 146, 146, 18, 74, 179, 183, 146, 143, 148, 2, 202, 254, 37, 166, 101, 136, 207 }
Session ID: {45, 16, 0, 0, 15, -
Web Service (SSL) and certificates (keytool) with INternet Explorer
Hi,
Followed this steps http://www.grallandco.com/blog/archives/2006/10/using_htts_with.html to have a secure SSL WEb service (with client authorization).
Tested from Jdeveloper it worked O.K.
Now I would like to test it with Internet explorer, but now server ask for certificate before internet show parameters page to invoke Web Service.
I generated self signed certificates and keystore using keytool. (This keystore is used by the OC4J and my proxy client).
Imported this certificate (.cer) to internet explorer succesfully, but when access URL for the web service (https) internet does not show this certificate to use it, so failed to connect...
keytool certificates could be used by INternet explorer for this purposes?, what am I doing wrong?
Thanks
J.Hi,
I already configured HTTPS - client authenticate for OC4J, and you can work with follow step:
1: Create keystore for OC4J by java keytool
2: Using openssl to create certificate for your server (privatekey, certificate)
3. Using keytool to import your server's certificate (2) to keystore (1)
4. Generate client certificate (4)
5. Sign on client certificate (4) by privatekey and server certificate (20
6. Import client certificate to windows - (should create keystore with format pkcs12)
You can using "Java Certificate Services" to help you create keystore with multi format or sign cert....
Rgs -
AnyConnect SSL-client Certificate AND AAA RADIUS
Hi All,
I'm trying to setup Anyconnect VPN Phone feature. I have the license, and I have been able to get the phone to authenticate / register etc with a username / password.
I want to use the cert on the phone, use the CN as the username and just verify that against my ACS server via RADIUS.... Easier said than done. The ASA is grabbing the Username, but for the life of me, i can't get it to send the username over to the RADIUS server. I have enabled all sorts of aaa and radius debugging and just get no output at all...
Here are some relevant log messages I'm getting:
Starting SSL handshake with client outside:72.91.xx.xx/42501 for TLSv1 session
Certificate was successfully validated. serial number: 5C7DB8EB000000xxxxxx, subject name: cn=CP-7942G-SEP002155551BD7,ou=EVVBU,o=Cisco Systems Inc..
Certificate chain was successfully validated with warning, revocation status was not checked.
Tunnel group search using certificate maps failed for peer certificate: serial number: 5C7DB8EB000000xxxxxx, subject name: cn=CP-7942G-SEP002155551BD7,ou=EVVBU,o=Cisco Systems Inc., issuer_name: cn=Cisco Manufacturing CA,o=Cisco Systems.
Device completed SSL handshake with client outside:72.91.xx.xx/42501
Group SSLClientProfile: Authenticating ssl-client connection from 72.91.14.42 with username, CP-7942G-SEP002155551BD7, from client certificate
Teardown TCP connection 35754 for outside:72.91.xx.xx/42501 to identity:173.227.xxx.xxx/443 duration 0:00:05 bytes 5473 TCP Reset by appliance
Relevant Config:
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
authentication-server-group RADIUS
default-group-policy GroupPolicy1
tunnel-group SSLClientProfile webvpn-attributes
authentication aaa certificate
radius-reject-message
pre-fill-username ssl-client
group-alias SSLClientProfile enable
group-url https://URL enable
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
wins-server none
dns-server value <ip1> <ip2>
vpn-tunnel-protocol ssl-client
default-domain value xxxxxxxx
address-pools value VPNPOOL
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 192.168.102.242
key *****
aaa-server RADIUS (inside) host 192.168.240.242
key *****
ASA version 8.4
What am I doing wrong? It will not send the request to the AAA server, very much frustating me...PRogress....
I changed the authentication to Certificate ONLY and set authorization to be RADIUS... now it's sending the request to my ACS server. Next question: What's the password that's being sent? Is it blank? I've tried the phone's whole username, tried the MAC and tried just the SEP part. No Dice. Thoughts?
Maybe you are looking for
-
How can I transfer data from a PowerBook G4 to a new 27" iMac?
I am about to purchase a new 27" iMac and will need to transfer the apps and data to it from an Apple PowerBook G4, running OS 10.4.11 (Tiger). In the past i've been able to use an Ethernet cable to do the transfer. I called the Apple retail store
-
Adobe Acrobat 9 - Print certain webpage as PDF file but some of its contents were corrupted
Print certain webpage as PDF file but some of its contents were corrupted as non-readable alphanumeric. Preview of the PDF file shown OK but when printed, its contents were corrupted. Adobe Acrobat 9 Professional reinstalled but problem persists.
-
Hello Everyone. I just purchased Photoshop Elements 9 and I have just joined the Adobe Forum. I am an amateur photographer with a challenge. I am creating slideshows for family, and before I go any further, I need to get some questions answered about
-
Hi all, i'm having a little trouble working with XML in pl SQL could somebody please help me? I'm the biggest noob here is a sample of what i'm doing: FUNCTION getXML(IdSP IN NUMBER) RETURN CLOB is p xmlparser.parser; dadosAvaria dbms_xmlgen.ctxHandl
-
Hi folks, In How Many ways or Techinques used to have relation beween two factables which dont have common dimesions or how to establish relation beween two factables. Thanks Ravindra KAvali