SSL Protocol Error. Certificate is either invalid or common name...

There is only one website I have found that has this issue for us. It is collegesource.org. I have worked with their support but so far we have no solution.
I have Windows Vista with IE7, Firefox 3.6 and chrome 4.0 and Adobe Reader 9.3.
When I attempt to open the course catalogs for any school on this website it gives me the error below. XP machines on the same network with IE7 can access the PDFs on this site just fine. We could work around this by just downloading the PDFs and opening them outside of the browser but unfortunately when you right click and try to save the target it is a frame.htm.
Every search I have done for this error only finds 1 similar post and that problem doesn't have a resolution.
I also attempted to downgrade to Adobe Reader 8.1 and the error I received was "this computer must be connected to the network in order to open this document"

So the CN value should be without the ":8443" addition when creating the cert file?
Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.
When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:
@ IE i get:
Thanks for looking in to this!

Similar Messages

SSL protocol error. Certificate is either invalid or common name or authority are not recognized. I

Hi, I have problems when I tried to open a PDF document with a police of RM generated in the Laundpad, I use a self-signed ssl certificates with the common name https://127.0.0.1:8443 and the base URL in the configuration is the same. I have tried to resolve this issue during a week but i could it and I do not understand how to solve it.
If anybody can help me, please. This is the picture when I try to open a PDF file with RM policies. Thanks

So the CN value should be without the ":8443" addition when creating the cert file?
Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.
When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:
@ IE i get:
Thanks for looking in to this!

Can't access ABS URL and autodiscover.sipdomain URLs externally - SSL protocol error

Problems:
- Can't sync Address Book for external or internal clients (I can do searches however just fine so I'm not sure what protocol is used to perform those, if not with address book)
- Can't connect to Lync mobile.
What I discovered was common with these issues is when I go to try and manually enter in the browser either:
https://lyncdiscover.sipdomain.com/ (to test mobile autodiscover connectivity)
or
https://"extwebservicesURL"/abs (to test address book)
I get same response from google: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
I also ran Test-CsMcxP2PIM and got this:
TargetUri : https://pitlyncpool01.pit.local:443/CertProv/CertProvisioningService.svc
TargetFqdn : pitlyncpool01.pit.local
Result : Failure
Latency : 00:00:00
Error : ERROR - No response received for Web-Ticket service.
Inner Exception:The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be
sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o
rg/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>IIS 7.5 Detailed Error - 500.0 - Internal Server Error</title>
<style type="text/css">
And similar result when I test with "Test-CsAddressBookService"
TargetUri : https://pitlyncpool01.pit.local:443/groupexpansion/service.svc
TargetFqdn : pitlyncpool01.pit.local
Result : Failure
Latency : 00:00:00
Error : ERROR - No response received for Web-Ticket service.
Inner Exception:The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be
sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o
rg/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>IIS 7.5 Detailed Error - 500.0 - Internal Server Error</title>
The only search on google that I found on this is to uninstall IIS and Lync web components and reinstall. Which I tried, but Lync web components wouldn't install back (error), so I restored server back from the snapshot and back to square one..
Also tried https://www.testocsconnectivity.com to run test on mobile autodiscovery and got this:
ExRCA is attempting to obtain the SSL certificate from remote server lyncdiscover.sipdomain.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Is there anything else I can look into to find out why am I getting these errors? Maybe to try OCS logging utility? But I don't know which components to checkmark for logging..
Thank you for any help and Happy New Year!
Sergey

Hi,
It seems the web service url is not valid or the web service not function. Is it Lync Standard Edition or Enterprise? Did the mobility issue also happen for external? Have you assigned a public certificate for reverse proxy correctly?
1. Please go to topology builder and check which FQDN you did put in for internal and external web service. For Lync Server Standard Edition, the internal web base URL should be same with your front end server FQDN.
If the internal domain name is different with external domain name, for example, your internal domain is contoso.net, but your external domain name is contoso.com. The external base URL should use the contoso.com domain name.
2. Please make sure the certificate has been assigned on front end server successfully. Please go to Lync Server deployment wizard to check it.
3. In IIS, please make sure Lync Server Internal Web Site is configured on ports 80 and 443 and Lync Server External Web is configured on ports 8080 and 4443.
More details about configuring reverse proxy for your reference:
http://social.technet.microsoft.com/wiki/contents/articles/9807.configuring-forefront-tmg-2010-as-reverse-proxy-for-lync-server-2010.aspx
If the issue persists, please try to enable logging tool and reproduce the issue to get report for further troubleshooting.
http://blog.schertz.name/2011/06/using-the-lync-logging-tool/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information
found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Kent Huang
TechNet Community Support

[SOLVED] Unknown SSL protocol error in connection

Hi there. I'm trying to get a website with curl but i'm getting this error:
[martriay@atila ~]$ curl -v "https://servicios1.afip.gov.ar"
* Rebuilt URL to: https://servicios1.afip.gov.ar/
* Hostname was NOT found in DNS cache
* Adding handle: conn: 0x20412c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x20412c0) send_pipe: 1, recv_pipe: 0
* Trying 200.1.116.53...
* Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443
And when i try with SSLv3:
[martriay@atila ~]$ curl -3 -v "https://servicios1.afip.gov.ar"
* Rebuilt URL to: https://servicios1.afip.gov.ar/
* Hostname was NOT found in DNS cache
* Adding handle: conn: 0x8032c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x8032c0) send_pipe: 1, recv_pipe: 0
* Trying 200.1.116.53...
* Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
* Unsupported SSL protocol version
* Closing connection 0
curl: (35) Unsupported SSL protocol version
That's from my archlinux server, while on my desktop's fedora it works just fine. Both computers are within the same network.
openssl version:
[martriay@atila ~]$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
openssl connection attempt
[martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443
CONNECTED(00000003)
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 322 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
If I add the -ssl3 option:
[martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443 -ssl3
CONNECTED(00000003)
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO High-Assurance Secure Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
Certificate chain
0 s:/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Server certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
subject=/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
No client certificate CA names sent
SSL handshake has read 3048 bytes and written 485 bytes
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : RC4-MD5
Session-ID: F34244E0C2E402103FC9B7216E504E89761FDAF31CC1AC3A7939BE99AD8D0C57
Session-ID-ctx:
Master-Key: 146C91E59E259AD38C1E7A0B8E5DBEAE2D768622DE4045CD927D60A40FF8CA527A2694E227FEE30CC0909ADE0B72B0C8
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1389232087
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Any ideas?
Last edited by martriay (2014-01-09 14:05:02)

Downgrade curl to 7.33.0-3. There is a known bug that is now fixed and should be released with the next version. I got bit by this too
Scott

Getting a Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error

trying ti sign into the App Store on my macbook pro and it asks for further security clearance. then gives me this error in safari and chrome?

HI ...
Go to ~/Library/Caches/com.apple.appstore/Cache.db
Move the Cache.db file to the Trash.
Restart your Mac.
Try the App Store.
~ (Tilde) character represents the Home folder.
For Lion: To find the Home folder in OS X Lion, open the Finder, hold the Option key, and choose Go > Library

Forte Install: Error in instructions. Invalid jvm file...

When I try to install Forte (Sun ONE Studio 4)(I tries CE, CE bundled with J2SE1.4 and EE) on a WIndows XP system I get the following message:
"Error in instructions. Invalid jvm file name specified in LAUNCH. Invalid variable specification. Line number (4)" (That is line number (5) for installation of the bundle).
This happens while InstallShield states:
"Searching for Java(tm) Virtual Machine... Verifying Java 1.3.X by Sun Microsystems"
I tried probably every combination of the 3 Forte above with J2re1.4.1, j2sdk1.3.1_05,j2sdk1.4.0_02,j2sdk1.4.1 and no SDK/JRE installed. I tried the .sp file in the download directory this the problem seemed related, I gave him pathes, I installed from the cmd with -is:javahome C:\jdk1.3.1_05 (and all the other locations it was installed to)...
Anybody has any clue? If you have any question about my system, just ask

I have a same problem. I fail to install "Sun One Studio 4 (Forte, Community Edition)".
My environment is "j2sdk1.4.1 on windowse2000".
I can install same package in same environment (as far as I believe) on another machine...
Thanks and best regards.

Invalid DataStore object name /BIC/B0000173: Reason: No valid entry in tabl

Hi gurus,
I recently transported the 0FI_GL_10 datasource to preproduction. when i am trying to load the data in PrePod we are getting this error message.
Invalid DataStore object name /BIC/B0000173: Reason: No valid entry in table RSTS
Any help is appreciated with points.

any more detailed messages,sm21 or st22??
did you try doing RSRV on the datastore object??
are you using the nw2004s data flow??
if using 3.x data flow ,skip PSA and try reloading it.
Hope it Helps
Chetan
@CP..

HTTP Error 403.16 - Forbidden, Your client certificate is either not trusted or is invalid.

Dear Experts,
I have tried mutual authentication with sample website as per below link:
http://itq.nl/testing-with-client-certificate-authentication-in-a-development-environment-on-iis-8-5/#comment-19427
1. Created a Root certificate, client and server certificate based on this root certificate by using Makecert command as per below link:
2. Import these certificates in Trusted Root Certification authority of both the stores (Local and Current user)
3. Created a sample website with HTML page
4.Hosted this website in IIS with HTTPS binding and selected the above server certifcate
5. Enabled "Require SSL" and selected "Require" under SSL settings of website
6. Exported the client certificate in base64 format --> Edited in notepad --> made the key into single line
7. Placed the above key under Configuration editor --> system.webServer/security/authentication/iisClientCertificateMappingAuthentication --> one to one mapping with user credentials.
8. I tried to access the website
But, I ended with below error :(
HTTP Error 403.16 - Forbidden
Your client certificate is either not trusted or is invalid.
Detailed Error Information:
Module    IIS Web Core
Notification    BeginRequest
Handler    ExtensionlessUrlHandler-Integrated-4.0
Error Code    0x800b0109
Requested URL    https://localhost:443/
Physical Path    E:\SampleRoot
Logon Method    Not yet determined
Logon User    Not yet determined
Could you please let me know what I missed here.
Note:
I am using windows8, IIS8.0.
Thanks in advance.
Regards,
M. Prasad Reddy.

Hi Prasad,
As per this case, I have been shared the corresponding details below
1.First of all,make sure that you import the certificate whether it belongs to Trusted RootCertification or not .
    If that is the case ,Goto Microsoft Management Console (MMC), open the Certificates snap-in.
    For instance, the certificate store that WCF is configured to retrieve X.509 certificates from, select the Trusted RootCertification Authoritiesfolder. Under the Trusted Root Certification Authorities folder, right-click the Certificatesfolder,
point to All Tasks, and then click Import.
2.you configured the server certificate as well, But check the client certificate whether have root certificate or not by following command?
makecert -pe -n "CN=SSLClientAuthClient"
         -eku 1.3.6.1.5.5.7.3.2 -is root -ir localmachine -in WebSSLTestRoot
         -ss my -sr currentuser -len 2048
3. Also check the Service Certificate whether its configured on the WCF Service side
4.Make sure that you followed all the steps are done correctly from your given referred link below
http://itq.nl/testing-with-client-certificate-authentication-in-a-development-environment-on-iis-8-5/#comment-19427
5.Besides, please try to set the require SSL as ignore to see if you can access the website.
If the above details cannot able to resolve this issue, please post your config file here.

Using JSSE : "Invalid Netscape CertType extension for SSL client" Error

Hi all,
Im using the sample code given sun site for JSSE with Client Authentication. The sample as such it worked with the testkeys provided in that. But it didn't workout when I tried using other certificates.
Both client and server certificates I generated from our internal Netscape Certificate Manager.
Function of the server :
The server will read a private key from the given keystore and starts listening on a port. This server will server only GET request.
Function of the client :
The Client sends a GET request to the server and gets the response back.
I simply changed the key store name alone in the working sample code.
It is not working.
The Exception thrown on client side :
D:\users\Jp\java\jssesamples\sockets\client\class>java SSLSocketClientWithClientAuth1 localhost 1089 /urls
localhost
1089
/urls
java.net.SocketException: Software caused connection abort: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at com.sun.net.ssl.internal.ssl.OutputRecord.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at SSLSocketClientWithClientAuth1.main(SSLSocketClientWithClientAuth1.java:119)
Exception thrown on server side :
D:\users\Jp\java\jssesamples\sockets\server\class>java ClassFileServer 1089 . TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
at java.lang.Thread.run(Thread.java:536)
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
error writing response: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExce
ption: Invalid Netscape CertType extension for SSL client
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.Certificate
Exception: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.e(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.DataOutputStream.writeBytes(DataOutputStream.java:256)
at ClassServer.run(ClassServer.java:128)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension
for SSL client
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at ClassServer.getPath(ClassServer.java:162)
at ClassServer.run(ClassServer.java:109)
... 1 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 17 more
The Client code :
* @(#)SSLSocketClientWithClientAuth.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
import java.security.KeyStore;
* This example shows how to set up a key manager to do client
* authentication if required by server.
* This program assumes that the client is not inside a firewall.
* The application can be modified to connect to a server outside
* the firewall by following SSLSocketClientWithTunneling.java.
public class SSLSocketClientWithClientAuth1 {
public static void main(String[] args) throws Exception {
 String host = null;
 int port = -1;
 String path = null;
 for (int i = 0; i < args.length; i++)
 System.out.println(args);
 if (args.length < 3) {
 System.out.println(
 "USAGE: java SSLSocketClientWithClientAuth " +
 "host port requestedfilepath");
 System.exit(-1);
 try {
 host = args[0];
 port = Integer.parseInt(args[1]);
 path = args[2];
 } catch (IllegalArgumentException e) {
 System.out.println("USAGE: java SSLSocketClientWithClientAuth " +
 "host port requestedfilepath");
 System.exit(-1);
 try {
 * Set up a key manager for client authentication
 * if asked by the server. Use the implementation's
 * default TrustStore and secureRandom routines.
 SSLSocketFactory factory = null;
 try {
 SSLContext ctx;
 KeyManagerFactory kmf;
 KeyStore ks;
 char[] passphrase = "passphrase".toCharArray();
 ctx = SSLContext.getInstance("TLS");
 kmf = KeyManagerFactory.getInstance("SunX509");
 ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
 ks.load(new FileInputStream("clientkey"), passphrase);
 kmf.init(ks, passphrase);
 ctx.init(kmf.getKeyManagers(), null, null);
 factory = ctx.getSocketFactory();
 } catch (Exception e) {
 throw new IOException(e.getMessage());
 SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
 * send http request
 * See SSLSocketClient.java for more information about why
 * there is a forced handshake here when using PrintWriters.
 socket.startHandshake();
 PrintWriter out = new PrintWriter(
 new BufferedWriter(
 new OutputStreamWriter(
 socket.getOutputStream())));
 out.println("GET " + path + " HTTP/1.1");
 /* Some internet sites throw bad request error for HTTP/1.1 req if hostname is not specified so the foll line */
 out.println("Host: " + host);
 out.println();
 out.flush();
 * Make sure there were no surprises
 if (out.checkError())
 System.out.println(
 "SSLSocketClient: java.io.PrintWriter error");
 /* read response */
 BufferedReader in = new BufferedReader(
 new InputStreamReader(
 socket.getInputStream()));
 String inputLine;
 while ((inputLine = in.readLine()) != null)
 System.out.println(inputLine);
 in.close();
 out.close();
 socket.close();
 } catch (Exception e) {
 e.printStackTrace();
The Server code :
* @(#)ClassFileServer.java 1.5 01/05/10
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
import java.io.*;
import java.net.*;
import java.security.KeyStore;
import javax.net.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
/* ClassFileServer.java -- a simple file server that can server
* Http get request in both clear and secure channel
* The ClassFileServer implements a ClassServer that
* reads files from the file system. See the
* doc for the "Main" method for how to run this
* server.
public class ClassFileServer extends ClassServer {
private String docroot;
private static int DefaultServerPort = 2001;
* Constructs a ClassFileServer.
* @param path the path where the server locates files
public ClassFileServer(ServerSocket ss, String docroot) throws IOException
 super(ss);
 this.docroot = docroot;
* Returns an array of bytes containing the bytes for
* the file represented by the argument path.
* @return the bytes for the file
* @exception FileNotFoundException if the file corresponding
* to path could not be loaded.
public byte[] getBytes(String path)
 throws IOException
 System.out.println("reading: " + path);
 File f = new File(docroot + File.separator + path);
 int length = (int)(f.length());
 if (length == 0) {
 throw new IOException("File length is zero: " + path);
 } else {
 FileInputStream fin = new FileInputStream(f);
 DataInputStream in = new DataInputStream(fin);
 byte[] bytecodes = new byte[length];
 in.readFully(bytecodes);
 return bytecodes;
* Main method to create the class server that reads
* files. This takes two command line arguments, the
* port on which the server accepts requests and the
* root of the path. To start up the server: 
* <code> java ClassFileServer <port> <path>
* </code> 
* <code> new ClassFileServer(port, docroot);
* </code>
public static void main(String args[])
 System.out.println(
 "USAGE: java ClassFileServer port docroot [TLS [true]]");
 System.out.println("");
 System.out.println(
 "If the third argument is TLS, it will start as\n" +
 "a TLS/SSL file server, otherwise, it will be\n" +
 "an ordinary file server. \n" +
 "If the fourth argument is true,it will require\n" +
 "client authentication as well.");
 int port = DefaultServerPort;
 String docroot = "";
 if (args.length >= 1) {
 port = Integer.parseInt(args[0]);
 if (args.length >= 2) {
 docroot = args[1];
 String type = "PlainSocket";
 if (args.length >= 3) {
 type = args[2];
 try {
 ServerSocketFactory ssf =
 ClassFileServer.getServerSocketFactory(type);
 ServerSocket ss = ssf.createServerSocket(port);
 if (args.length >= 4 && args[3].equals("true")) {
 ((SSLServerSocket)ss).setNeedClientAuth(true);
 new ClassFileServer(ss, docroot);
 } catch (IOException e) {
 System.out.println("Unable to start ClassServer: " +
 e.getMessage());
 e.printStackTrace();
private static ServerSocketFactory getServerSocketFactory(String type) {
 if (type.equals("TLS")) {
 SSLServerSocketFactory ssf = null;
 try {
 // set up key manager to do server authentication
 SSLContext ctx;
 KeyManagerFactory kmf;
 KeyStore ks;
 char[] passphrase = "passphrase".toCharArray();
 ctx = SSLContext.getInstance("TLS");
 kmf = KeyManagerFactory.getInstance("SunX509");
 ks = KeyStore.getInstance("JKS");
// ks.load(new FileInputStream("testkeys"), passphrase);
 ks.load(new FileInputStream("serverkey"), passphrase);
 kmf.init(ks, passphrase);
 ctx.init(kmf.getKeyManagers(), null, null);
 ssf = ctx.getServerSocketFactory();
 return ssf;
 } catch (Exception e) {
 e.printStackTrace();
 } else {
 return ServerSocketFactory.getDefault();
 return null;
Could anyone help ?
thanks in advance
Jayaprakash

The same thing.
I have found the place where the exception throws.
It is com.sun.net.ssl.internal.ssl.AVA class.
It has a constructor AVA(StringReader)
There is a check in this constructor of different certificate extensions
(if-else). If it sees no familiar extension it throws exception and handshake fails.
It is not difficult to fix this problem: just ignore unknown extension.
Everything works fine with this "improved" class (under VA 3.5).
But the problem is - the using of this class in applets.
How can I say the browser to use my "improved" class and not the one it downloaded with java plug-in?

Urgent Please..Error while configuring SSL protocol

Hi,
I am facing problems when I am trying to configure my WLS 6.0(on
Win 2000) for SSL protocol.I have used the CSR generator to generate
CSR & I have got a trial SSL id from VeriSign.I have now got the
following files:
hercules-key.der(private key generated by CSR generator)
cert.pem (digital certificate from VeriSign)
When I configured the server console with
Server Key file name =./config/mydomain/hercules-key.der
Server Certificate file name=./config/mydomain/cert.pem
Server Certificate chain file name=./config/mydomain/cert.pem
& restarted the server with the following command:
startWeblogic -Dweblogic.management.pkpassword=<the pwd I gave>
I am getting the following error:
<Mar 19, 2001 11:20:11 AM PST> <Alert> <WebLogicServer> <Security
configuration
problem with certificate file ./hercules-key.der, java.io.EOFException>
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:133)
at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:393)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Please tell me where I went wrong.Do I need to make any more changes
in the console.
Thanks in advance.. Sita

The Server Certificate File Name should point to the cert that establishes
the server's identity.
The Server Certificate Chain File Name should contain as its first member
the cert used to sign the server's cert, the second member should contain a
cert used to sign the first cert in the file, etc. until the last cert in
the chain which should be self-signed. The Server Certificate Chain File
Name is required to have at least one cert in it (and if there is only one
it must be self-signed, ie a root CA cert and it must be the cert that was
used to sign the server's certificate).
If you got the trial cert from Verisign their email to you should have told
you how to obtain a root CA from them to use.
"Sita Mulomudi" <[email protected]> wrote in message
news:[email protected]...
>
Hi,
I am facing problems when I am trying to configure my WLS 6.0(on
Win 2000) for SSL protocol.I have used the CSR generator to generate
CSR & I have got a trial SSL id from VeriSign.I have now got the
following files:
hercules-key.der(private key generated by CSR generator)
cert.pem (digital certificate from VeriSign)
When I configured the server console with
Server Key file name =./config/mydomain/hercules-key.der
Server Certificate file name=./config/mydomain/cert.pem
Server Certificate chain file name=./config/mydomain/cert.pem
& restarted the server with the following command:
startWeblogic -Dweblogic.management.pkpassword=<the pwd I gave>
I am getting the following error:
<Mar 19, 2001 11:20:11 AM PST> <Alert> <WebLogicServer> <Security
configuration
problem with certificate file ./hercules-key.der, java.io.EOFException>
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:133)
at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:393)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Please tell me where I went wrong.Do I need to make any more changes
in the console.
Thanks in advance.. Sita

Hybrid Connection fails for Windows SQL Server 2014 - SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted

Hello,
I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
Azure Management portal shows the status of Hybrid Connection as established.
However, the website throws an error when trying to open a connection
<
addname="DefaultConnection"
connectionString="Data
Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
providerName="System.Data.SqlClient"
/>
(The same website, with the same connection string deployed on SQL Server machine works correctly).
I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
[Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
The certificate chain was issued by an authority that is not trusted
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
System.Data.SqlClient.SqlConnection.Open() +96
System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
[EntityException: The underlying provider failed on Open.]
System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
System.Data.EntityClient.EntityConnection.Open() +104
System.Data.Objects.ObjectContext.EnsureConnection() +75
System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
CloudShop.Services.ProductsRepository.GetProducts() +216
CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
CloudShop.Controllers.HomeController.Index() +1130
lambda_method(Closure , ControllerBase , Object[] ) +62
System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213
Regards,
Michal
Michal Morciniec

Same issue here, looking for more information !

I'm trying to timestamp (RFC 3161) a pdf using my own timestamp server hardware but always get an error: "Certificate invalid for use" ...

I'm trying to timestamp (RFC 3161) a pdf using my own timestamp server hardware but always get an error: "Certificate invalid for use" (Original text - pt_BR:O certificado não é válido para uso). How can I get more info on what I'm missing or whats wrong with the certificate?

Which Acrobat version are you using? Do you use "Document Timestamp" command? If so, do you get this error during the signing process and the signature is not created or signature is created and you get this error when it is validated? If the latter you can open signature properties, click on the "Advanced Properties" and in the next dialog on timestamp's "Show Certificate". If you get this error during the signing process do you get an alert that shows some cryptic info with a number? If you do provide the content of this alert.
Also which Acrobat version (including minor) are you using?

Error:iaik.security.ssl.SSLCertificateException: Peer certificate rejected

Hi,
I am getting error com.sap.engine.interfaces.messaging.api.exception.MessagingException:
iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
When i test for digital signing and encryption using soap receiver CC
we passed all the values for soap CC
Created key store view and in that view I have generated private certificate and generated CSR using SAP CA(test ssl for 8 weeks) for the private key and also imported public key for encryption given by reciver
When i test i get the error message
I check certificates validity dates
I restarted java engine and ICM
I added the public key in trusted CA in NWA
I re created the view and added the certifcates
still the same error
how and where to check to check IAIK in NWA and how to deploy it in java engine using NWA, we are using PI7.11 (no VA)
any suggestions?

Hi,
The main causes for this kind of problem are:
1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in the URL below:
Security Configuration at Message Level
http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
0a1550b0/frameset.htm
2. The server certificate chain contains expired certificate. Check for it and if it's the case renew it or extend the validation.
3. The certificate chain was not in correct order. Basically the server certificate chain should be in order
Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again.
4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period.
(This certificate is the one which is sent to Server for Client authentication)
As a resource, you may need to create a new SSL Server key.
The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site. I mean if I request URL X then the CN must be CN=X.
In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
In any other case the SSL communication will not work.
Regards,
Caio Cagnani

Firefox gives me an error (SSL protocol has been disabled) when every I go to a site that requires a user name/password; how do I fix it

Everytime I try to log on to any website that requires a username & password, I receive the following error: SSL protocol has been disabled. I have tried all of the suggested solutions to this issue - but to no avail. I cannot log on to yahoomail. gmail, hotmail, ebay, paypal, or any other site that requires a user name and pass word. Internet Explorer works just fine - and again I have tried all the solutions suggested on the firefox support forum - but none have worked
== URL of affected sites ==
http://www.yahoo.com
== User Agent ==
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.5; InfoPath.2; .NET CLR 1.1.4322)

Check your settings on Tools > Options > Advanced > Encryption; see: http://support.mozilla.com/en-US/kb/Options+window+-+Advanced+panel#Encryption_tab

The name ("common name") of a valid code-signing certificate in a keychain within your keychain path. A missing or invalid certificate will cause a build error. [CODE_SIGN_IDENTITY]

The name ("common name") of a valid code-signing certificate in a keychain within your keychain path. A missing or invalid certificate will cause a build error. [CODE_SIGN_IDENTITY]

If you could ask a coherent question, maybe...
Perhaps you should be posting in the developers forums...

SSL Protocol Error. Certificate is either invalid or common name...

Similar Messages

Maybe you are looking for