SSL/SP7 Issues?

Has anyone run into any SSL issues after upgrading to WL 510 SP7?
What used to work in SP6 is now borken in SP7. I can switch back and
forth btw the two and using request.sendRedirect() to a secure
protocol works under SP6, but does not under SP7. The error is
essentially a DNS issue. Not too sure what's happening. Anyone else
experiencing similar issues?
Thanks!
Jason

Yes, SP7 is broken with respect to SSL...
Jason Jonas wrote:
Has anyone run into any SSL issues after upgrading to WL 510 SP7?
What used to work in SP6 is now borken in SP7. I can switch back and
forth btw the two and using request.sendRedirect() to a secure
protocol works under SP6, but does not under SP7. The error is
essentially a DNS issue. Not too sure what's happening. Anyone else
experiencing similar issues?
Thanks!
Jason

Similar Messages

SSL Handshake issue in ios

SSL Handshake passed through ipad safari browser but fails via app. Any suggestion would be great?

I don't see how answering the 'why?' question will solve your problem, but in any case you're asking in the wrong place. You would have to ask the developers, if you can find them. You could try one of the Java Security mailing lists.
NB this issue discussed extensively at Stack Overflow: jsse - SSL handshake issue while java client talking to SSLv3 ONLY server - Stack Overflow.

When accessing Intranet sites that use SSL Certificates issued by our internal PKI, FF for Windows give an error of "improperly formatted DER-encoded message"

When accessing Intranet sites with that have SSL Certificates issued by our internal PKI, FF for Windows gives an error messsage - An error occurred during a connection to myshaw. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)
Chrome and IE work fine. This is a new PKI using the SHA-2 signature algorithm.

Hi Guigs2,
From the other post you link too, I can confirm that both the Root and Subordinate CA have been commissioned with the:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\IssuingCA\CSP\AlternateSignatureAlgorithm = 1
registry key set. As can be seen above, the Signature algorithm on an issued certificate is RSASSA-PSS. This is been Microsoft suggested deployment IF you do not wish to support either XP or Windows 2003 machine and lower. In fact, I believe the option has been around since Windows 2008, however, there were of course, a lot more XP machines back then.
The obvious answer is that we would like to maintain the updated algorithm, AND see support for it added for Firefox. I think you will see a LOT more posts like this as people deploy more 2012 PKI infrastructure supporting only Windows 7 and up. Heavens, we may well be forced to Chrome or even back to IE!!! Whilst I do not what to necessary open up other potential vulnerabilities, for the sake of testing, what do you mean by disabling mozilla:pkix?

HT5808 I have an original iPad and there have been no recent iOS updates for it. Am I vulnerable to the recent SSL security issues? Is my iPad safe to use?

I have the original iPad. There have been no recent ios updates for it. Is the SSL security issue a problem? Is my iPad safe to use?

You are OK. The fix is not necessary in iOS 5.1.1.

OBIEE 11g SSL Configuration Issue : Unable to import the Server certs

Hello All,
We are trying to configure OBIEE 11.1.1.6.0 with SSL using Windows server 2003 (IIS) and facing some issues with that.
Followed the document : OBIEE11g SSL Setup and Configuration [1326781.1]
http://obieedue.blogspot.sg/2012/08/obiee11g-ssl-setup-and-configuration.html
and also completed generating the required certificate signing request and keystores for SSL communication and sent it to the CA (IT Admin team) to to have the certificate signed by CA. The issue comes when I am trying to import the CA certificate (Root certificate) and Server Certificate into the Java Keystore.
I am importing the Root CA Certificate first which is successfully added to the keystore.
keytool -import -trustcacerts -alias mycacert -file cacert.pem -keystore mykeystore.jks -storepass Welcome1
Trust this certificate? [no]: yes
Certificate was added to keystore.
But when trying to add the Server Certificate to the keystore using the command below :
keytool -import -v -alias testserver -file server.cer -keystore mykeystore.jks -keypass Welcome1 -storepass Welcome1
Certificate reply was installed in keystore
I get the following error:
keytool error: java.lang.Exception: Failed to establish chain from reply
java.lang.Exception: Failed to establish chain from reply
at sun.security.tools.KeyTool.establishCertChain(KeyTool.java:2662)
at sun.security.tools.KeyTool.installReply(KeyTool.java:1870)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:807)
at sun.security.tools.KeyTool.run(KeyTool.java:172)
at sun.security.tools.KeyTool.main(KeyTool.java:166)
Read many forums and tried to convert it to the PKCS#7 format and import the cert to the identity keystore, but was not successful in that either. I have also checked with the IT Admin team and found there is only one RootCA and no other intermediate CA's.
Please advice if any one has similar issues or suggestions.
Thanks in advance,
SVS

Hi,
One obvious reason would be that you did not specify -trustcacerts, and the root CA is not included in the present server keystore. In that case, using the -trustcacerts option would solve the problem, if the root CA is indeed in the JDK cacerts.
To print out the certificates present in the JDK cacerts, use the following command:
keytool -list -keystore <JAVA_HOME>/jre/lib/security/cacerts -storepass changeit -v
Then check if the root CA that signed your server certificate is present, and has not expired (in which case,you would need to re-import a newer one into cacerts).
Another common reason for that error message is when you have used a proprietary CA to sign your server certificate. Then it would obviously not be in the JDK cacerts. The solution in that case is to import your proprietary root CA into the JDK cacerts, using the following command:
keytool -import -keystore <JAVA_HOME>/jre/lib/security/cacerts -file yourRootCA.pem -storepass changeit -alias youralias
A third reason for that error message is when your server was signed by an intermediate certificate. In that case, you would have received from your CA a chain of certificates. One way to solve this (not the only one, but this one works well): Prepend your intermediate CA file to your server cert file, and import the obtained concatenated file into the server keystore. Be careful, the intermediate CA must be BEFORE the server cert. Example:
copy rootca.cer certchain.p7b
type server.cer >> certchain.p7b
The file certchain.p7b will be the concatenation of the intermediate CA and the signed server cert. Then import the newly created file under the key alias as follows:
keytool -import -keystore serverks.jks -file certchain.p7b -alias yourkey -trustcacerts
If you only prepend the intermediate root CA, you must make sure the the final root CA is in cacerts. But you can also prepend your whole chain of trust inside the server keystore.
Regards,
Kal

Issue with one of the Managed server while enabling SSL.__ Issue Resovled

Weblogic version:wls 8.1sp6
SSL: internal
Environment:
1 AdminServer and 2 Managed servers. Admin and M1 are on same host. M2 is on different host. We have enabled SSL on M1 & M2 only. Configuration of M1 & M2 are identical. After restarting the servers M1 has no issue with SSL but M2 throws javax.net.ssl.SSLKeyException as shown below,
<Aug 4, 2008 12:29:01 PM BST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<Aug 4, 2008 12:29:02 PM BST> <Info> <WebLogicServer> <BEA-000213> <Adding address: 10.96.201.249 to licensed client list>
<Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090171> <Loading the identity certificate stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
<Aug 4, 2008 12:29:09 PM BST> <Notice> <Security> <BEA-090170> <Loading the private key stored under the alias wpy-euq02 from the JKS keystore file /home/lonwpyq/ssl_cert/WPY_PAYROLLSOLUTIONSKeystore.jks.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
<Aug 4, 2008 12:29:09 PM BST> <Error> <Cluster> <BEA-000141> <TCP/IP socket failure occurred while fetching statedump over HTTP from -6401422690190304510S:lonlxwebhost99:[16544,16544,16042,16042,16544,16042,-1,0,0]:etg:lonwpyq_16543_1.
javax.net.ssl.SSLKeyException: [Security:090773]The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
at weblogic.cluster.HTTPExecuteRequest.connect(HTTPExecuteRequest.java:73)
at weblogic.cluster.HTTPExecuteRequest.execute(HTTPExecuteRequest.java:121)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)>
Please let me know where I am going wrong. Thnx in advance
Message was edited by:
Shashi_sr

Solution given by BEA Engineer:
<Warning> <Security> <BEA-090773> <The certificate chain received from lonlxwebhost99.lehman.com - 10.71.129.99 contained a V3 certificate which key usage constraints forbid its key use by the key agreement algorithm.>
The reason for this was
The CA Certificate was missing a required bit (according to RFC 3280).
keyEncipherment bit is not in the KeyUsage and KeyUsage is marked as critical.
As per RFC:
The keyEncipherment bit is asserted when the subject public key is
used for key transport. For example, when an RSA key is to be
used for key management, then this bit is set.
According to RFC3280, when the key will be used to encrypt other keys that are send over the wire ("key transport") the keyEncipherment bit of the KeyUsage extension must be set. If the KeyUsage extension is critical, the SSL certificate validation will check that the key can be used in the key agreement. That is, that the key can be used to encrypt the symmetric public key.
Your KeyUsage only contains the following bits:
[4]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
Since it is marked Critical, it MUST have the keyEncipherment bit.
Otherwise, it should not be marked as Critical.
So the three solutions that should work are
1) Remove keyUsage
2) Don't mark keyUsage as critical
3) If keyUsage is critical, make sure keyEncipherment bit is set.

CF7 and JDK 1.4.2 - EV SSL Certificate Issue

Let me start off by telling the group that we do not use CF for any of our applications. We are a payments company that hosts a .NET API in IIS that 100's of thousands of customer use. We have one particular customer using CF7 and JDK 1.4.2 who is currently unable to process against our API. About a week ago we upgraded our SSL certificates to EV (Extended Validation) and since that time our once happy customer is now unhappy. I have spent hours working with him, going through FAQs and walk throughs, knowledge bases and forums and have had no luck. Here are the details:
EV Certificate issued by DigiCert (4096-bit).
Customer is on CF7 and JDK 1.4.2.
When he attempts to process against our API with the new certificate he gets 'Connection Failure: Status code unavailable' message from his CF application. He is using cfhttp to post his requests. We found a work around that indicated that the only issue with JDK 1.4.2 was importing the high-bit certificates. Our customer installed JDK 1.6, imported the certificate (and all intermediate certificates) successfully into the cacerts file, but when attempting to list using JDK 1.4.2 is returns an invalid certificate error and still will not work.
Please help as we are currently in a work around state for this customer (not long term) and we have exhausted the resources we have access to for solving this issue.
Thanks in advance to those gurus that reply. I have attached a sample post from our customers logs with non-essential data removed.
I can be reached by phone at 801-341-5620 if anyone feels like reaching out to talk.
- Dave

Dave,
I am having a similar issue with CF7 and PayPal's Reporting API which also uses EV SSL.
I can offer that in my testing, both CF 8 and CF 9 do seem to be able to work when using CFHTTP and EV SSL,
so the only solution I can offer at this time is to make the suggestion to your customer that they need to upgrade
to either CF 8 or CF 9 to get the issue quickly resolved.
I'm still working to see if I can find a solution for CF7 and I've been asking around in the CF community for help, so
if I do find a solution, I'll definitely post it there for you.
Cheers

SSL certificate issue with WLS 10.3

Hi All,
I am facing this issue with my WLS cluster.
<21-Apr-2010 10:42:00 o'clock BST> <Warning> <Security> <BEA-090482> <BAD_CERTIF
ICATE alert was received from system.core.com - 10.15.135.30.
Check the peer to determine why it rejected the certificate chain (trusted CA co
nfiguration, hostname verification). SSL debug tracing may be required to determ
ine the exact reason the certificate was rejected.>
<21-Apr-2010 10:42:00> <Warning> <Uncaught exception in server handler: javax.ne
t.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from
system.core.com - 10.15.135.30. Check the peer to determine wh
y it rejected the certificate chain (trusted CA configuration, hostname verifica
tion). SSL debug tracing may be required to determine the exact reason the certi
ficate was rejected.>
Please suggest. I have also tried the below settings.
Node Manager:
-Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
Admin Server:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
Many thanks in advance.

Hi Sandip,
I am facing this issue right after when I have configured the listen address to my system IP in Machine(NodeManager), earlier it was "localhost".
Also I have tried to generate the certificates e.g.
C:\bea\wlserver_10.3\server\bin>java utils.CertGen -cn system.core.com -keyfilepass DemoIdentityPassPhr
ase -certfile mycertificate -keyfile .keystore
Generating a certificate with common name system.core.com and key strength 1024
issued by CA with certificate from C:\bea\WLSERV~1.3\server\lib\CertGenCA.der file and key from C:\bea\WLSERV~1.3\server
\lib\CertGenCAKey.der file
C:\bea\wlserver_10.3\server\bin>java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePa
ssPhrase -keyfile .keystore.pem -keyfilepass DemoIdentityPassPhrase -certfile mycertificate.pem -alias demoidentity
No password was specified for the key entry
Key file password will be used
Imported private key .keystore.pem and certificate mycertificate.pem
into a new keystore DemoIdentity.jks of type jks under alias demoidentity
Tried the above but not wokring. Please advise.
Edited by: R Vashi on 21-Apr-2010 03:38

SSL Cert issues

I have a fresh install of Exchange 2013 w/ SP1. I have imported a cert from the EMS and when trying to enable it, I get the following error.
F9{-- your thumbprint --}7398 was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing).
I then ran the command below to resolve the issue.
certutil -repairstore my "SerialNumber"
During this process it brings up and authentication issue, but will only let me select Smart Card. All I can do here is hit Cancel, and then I get access denied. Why will it not let me enter a password here instead of using Smart Card? I have verified in
the registry that the smarts are not being forced for logon.

you have to export Your cert again With Private key and use password instead of user authentication.I have never imported certificate from EMS,only used ECP to request and finish certificate import.Never needed to use Private key there.Maybe you should try
that way if it doesnt work With private key on during export.
Here is a good guide using ECP:
http://exchangeserverpro.com/create-ssl-certificate-request-exchange-2013/
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

NAC SSL certificate Issue

I recently applied a signed certificate to both the CAM and CAS. ever since then I have been having problems with the system. In the perfigo logs on the CAM I receive a lot of messages with "Certificate chaining error" in them. My question is what is the best way to roll back the signed certificates to the self signed ones? Any other suggestions would be greatly appreciated.
Thanks in advance.

Hi Giles,
Thanks for te update. The problem I am facing is:-I have 2 SSL certificates on my ACE and I have also configured 2 server farms (farm1 and farm2)each associated with ssl certificate, now the problem i am facing is when we access the farm2 serverfarm we are issued the certificate of farm1 wereas i need to be getting the certificate from the farm2.
Thanks in advance.
Regards
Sum

How do I address SSL security issue on iPad 1

This new security issue discovered recently had my wife and I getting busy updating our phones, great now I have a possible bigger issue. How do I address this SSL issue on my iPad 1 running iOS 5.1.1 . So far apple does not seem to be releasing anything for us iPad 1 folks.
• Does this mean Apple does not care?
• Are they trying to leverage us into newer iPads?
• Is there a iOS 5.1.2 in the works?
• Or does it mean our iPad 1's are not affected by this breach.
Wish I had the coin to just go out and buy a new iPad but my disabled income does not have room for that, the one I have now was given to me by a very good friend and business owner before I was diagnosed. I use my iPad for virtually everything needing computing power. I really need to figure this out as I do Alot of shopping online.

Since Apple does not discuss their customers or potential security breaches, I would assume that you are not affected. My assumption is based solely on the fact that if there were an issue with your device and security, either an update would be made available or an announcement would come from Apple advising you to migrate to a newer device.

Firefox does not recognize SSL Certificate issuer Entrust Certification Authority – L1K, but Entrust Certification Authority – L1C is ok?

We have a new Entrust SSL Certificate with issuer Entrust Certification Authority – L1K which Firefox does not recognize. Internet Explorer and Chrome are ok.
On a different system we have an Entrust SSL Certificate with issuer Entrust Certification Authority – L1C which is ok with Firefox.

Did you verify that all intermediate certificates are installed on the server?
You can inspect the certificate chain via a site like this:
*http://www.networking4all.com/en/support/tools/site+check/
*https://www.ssllabs.com/ssltest/

Mac Mini Ethernet SSL connection issues

Hi,
Up until recently I have been using my Late 2012 Mac mini with a WiFi connection. Recently though I've had reason to switch to a Gigabit Ethernet connection (short version, moved from UK to Canada, living with in-laws and they have a crappy wireless router that can't hold a stable connection for more than a few hours).
However, I'm getting a really odd Ethernet network issue where my mac will "corrupt" SSL connections. This normally manifests itself in web pages not fully downloading, images becoming corrupted, or errors when downloading files. The last one is particularly hurting as I have been doing some heavy downloading of DMG files and other installers, all of which are a 100% guaranteed fail with DMG files reporting as being corrupted if I try to open them.
I have also lost my time machine backup as OSX has reported that this has failed verification and needs to be created new; I accepted creating a new one (reluctantly) and the backup now fails to complete every time it runs - either the wireless cuts out or the SSL connection corrupts the backup.
I have a 16-port GigE Switch (Netgear GS116) with a number of computers and the home modem plugged into this.
I've tried the following to look at this:
I've tried (and tested) a number of different Cat5e and Cat6 cables. These all work fine with other Windows / Linux machines and according to my cable tester all check out. 100% of the cables I own produce the error leading me to believe that it's not a cable problem.
Problem occurs even if the switch is bypassed and the mac plugged directly into the modem.
Problem does not occur (for web pages and small downloads) when plugged into wireless - this is just sloooow and as the router seems to develop issues with DNS over WiFi, I have to reset it every few hours so long term downloads fail.
I found an article (which I have now lost the URL for) where someone suffered intermittent network issues with Ethernet that they resolved by un-checking the "Enable automatic connection" on the 802.1X page of the network settings. This appeared to help for a couple of days and I enjoyed fast Ethernet and downloads once more. However, today the problem is back in force.
I am able to download files from a windows machine (well, except for downloads via the App store) and then transfer them over the network to the mini with no problems at all - the corruption issue only seems to occur when SSL is involved.
So I'm wondering what it could be and how I would go about diagnosing the issue. I'm more familiar with Windows / Linux systems, having not owned a Mac since the days of System 7 - the mini was bought so I could play with learning XCode and try my hand at Mac software development.
Thanks in advance,
~MrBasset.
Machine specs:
Late 2012 Mac Mini running OXS Mavericks 10.9.3
2.5Ghz Intel Core i5
16GB Ram

Launch the Console application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
The title of the Console window should be All Messages. If it isn't, select
SYSTEM LOG QUERIES ▹ All Messages
from the log list on the left. If you don't see that list, select
View ▹ Show Log List
from the menu bar at the top of the screen.Click the Clear Display icon in the toolbar. Then try the action that you're having trouble with again. Select any messages that appear in the Console window. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
The log contains a vast amount of information, almost all of which is irrelevant to solving any particular problem. When posting a log extract, be selective. A few dozen lines are almost always more than enough.
Please don't indiscriminately dump thousands of lines from the log into this discussion.
Please don't post screenshots of log messages—post the text.
Some private information, such as your name, may appear in the log. Anonymize before posting.

SSL Handshake issue

I'm running a web app in Tomcat that does an HTTPS connection to a server. The application will work fine for a time and then will suddenly stop working because of a handshake error. I've run SSL debugging but it's not apparent to me what the problem is. I'm looking for some suggestions.
4/1/08 2:58 PM: %% No cached client session
4/1/08 2:58 PM: *** ClientHello, TLSv1
RandomCookie: GMT: 1190233283 bytes = { 58, 242, 225, 57, 171, 194, 80, 90, 139, 96, 196, 251, 211, 129, 179, 202, 7, 232, 52, 68, 206, 146, 156, 48, 115, 22, 49, 134/1/08 2:58 PM: }
Session ID: {}
4/1/08 2:58 PM: Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 04/1/08 2:58 PM: }
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 79
4/1/08 2:58 PM: TP-Processor10, WRITE: SSLv2 client hello message, length = 107
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 42
4/1/08 2:58 PM: *** ServerHello, TLSv1
RandomCookie: GMT: 1190233283 bytes = { 141, 189, 206, 207, 250, 67, 40, 152, 186, 234, 234, 101, 166, 234, 247, 8, 11, 237, 223, 124, 72, 94, 232, 60, 199, 94, 121, 1214/1/08 2:58 PM: }
Session ID: {}
4/1/08 2:58 PM: Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
4/1/08 2:58 PM: Compression Method: 0
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: %% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
4/1/08 2:58 PM: ** SSL_RSA_WITH_RC4_128_MD5
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 1032
4/1/08 2:58 PM: *** Certificate chain
4/1/08 2:58 PM: chain [0] = [
Version: V3
Subject: CN=vui.intrado.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Operations B2B03, O=Intrado, L=Longmont, ST=Colorado, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 123095664288727041032981792382713558924388820769033568750837609874847919816986574572326945022043788299975362758450430393268875591860173731899392101803427012444800895939587473517523357557784121771690988156414678400971980713801386242045333122455367857077525864235945214278003628280016127022895491321514431881967
public exponent: 65537
Validity: [From: Sun May 14 20:00:00 EDT 2006,
               To: Wed May 14 19:59:59 EDT 2008]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [    7bfce8d2 6dfe312b d05b12e7 2ae6b3fe]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
0060: 67 69 66 gif
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRSecure-crl.verisign.com/SVRSecure.crl]
[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 72 70 61        risign.com/rpa
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.verisign.com]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 16 7C 21 67 0E 0C 9D 2C E3 5B 13 54 D9 2C DC 6E ..!g...,.[.T.,.n
0010: 49 E7 24 21 75 DD F3 C2 51 D4 99 43 84 BD 47 9C I.$!u...Q..C..G.
0020: 9A 5F E1 1E 6B 79 4F D1 51 B7 42 F6 33 DE A0 0F ._..kyO.Q.B.3...
0030: 61 7E F3 A5 C8 43 FC 42 A0 2D 74 D1 2E AB BE 96 a....C.B.-t.....
0040: DF FA DD B3 54 29 2F 53 B7 26 C2 AE 31 CC BB 6D ....T)/S.&..1..m
0050: 35 0C C5 BD 96 7F 94 3E 55 95 F3 DD 8A E9 E5 6D 5......>U......m
0060: 8C F0 5E B1 4C 8B A0 AA 80 60 DA 9E D8 0D 11 FE ..^.L....`......
0070: CF BC 9D 86 5E FD 08 B0 C6 FF CE 7A 45 ....^......zE
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: Found trusted certificate:
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: Sun RSA public key, 1000 bits
modulus: 6144706769222379850430183405655235862870193813433361902309516534729547168229223442088128897090426025874990958624426272027915771330043379079076269082776443120496525109458437435793974957144923190172655546279112796066635455545786300647745888353781002359412766112775410851780140804282673804950495744761467
public exponent: 65537
Validity: [From: Tue Nov 08 19:00:00 EST 1994,
               To: Thu Jan 07 18:59:59 EST 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [    02ad667e 4e45fe5e 576f3c98 195eddc0]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 119
4/1/08 2:58 PM: *** CertificateRequest
Cert Types: RSA, DSS
4/1/08 2:58 PM: Cert Authorities:
4/1/08 2:58 PM: <C=US, L=Boulder, ST=CO, O=Intrado, OU=Intrado, CN=Intrado Inc>
4/1/08 2:58 PM: *** ServerHelloDone
4/1/08 2:58 PM: *** Certificate chain
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 141
4/1/08 2:58 PM: SESSION KEYGEN:
4/1/08 2:58 PM: PreMaster Secret:
0000: 03 01 77 B0 D4 B2 A6 6B 5A 54 F3 B7 B3 C7 93 6B ..w....kZT.....k
0010: 55 09 96 E1 E6 48 A0 7C D0 58 60 5E 48 D1 C9 AE U....H...X`^H...
0020: 93 DE 95 06 D6 E7 F5 BB 1D 41 A2 CE DF F8 57 C7 .........A....W.
4/1/08 2:58 PM: CONNECTION KEYGEN:
4/1/08 2:58 PM: Client Nonce:
0000: 47 F2 85 C3 3A F2 E1 39 AB C2 50 5A 8B 60 C4 FB G...:..9..PZ.`..
0010: D3 81 B3 CA 07 E8 34 44 CE 92 9C 30 73 16 31 0D ......4D...0s.1.
4/1/08 2:58 PM: Server Nonce:
0000: 47 F2 85 C3 8D BD CE CF FA 43 28 98 BA EA EA 65 G........C(....e
0010: A6 EA F7 08 0B ED DF 7C 48 5E E8 3C C7 5E 79 79 ........H^.<.^yy
4/1/08 2:58 PM: Master Secret:
0000: C5 14 7F 52 BF 83 1E BA 6D 55 00 56 4E 48 9B A6 ...R....mU.VNH..
0010: 27 FC 75 BD AC 4D 85 FA B9 05 8E 5A F2 12 1A B2 '.u..M.....Z....
0020: 07 5B F2 BF 6B 13 D6 64 0D DD C8 1C 05 ED 49 0A .[..k..d......I.
4/1/08 2:58 PM: Client MAC write Secret:
0000: D6 02 93 3D 70 2E F3 B4 7E F2 34 82 2F 1E 28 36 ...=p.....4./.(6
4/1/08 2:58 PM: Server MAC write Secret:
0000: A5 33 17 04 CA 4F BC 6D 03 95 09 4F CD 24 82 2B .3...O.m...O.$.+
4/1/08 2:58 PM: Client write key:
0000: 48 9A BD 05 DB 35 59 8F 94 5B F5 84 8D DE E2 C1 H....5Y..[......
4/1/08 2:58 PM: Server write key:
0000: 37 5C 66 DF F3 02 E7 B7 74 50 07 FE 71 73 7A 6E 7\f.....tP..qszn
4/1/08 2:58 PM: ... no IV used for this cipher
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Change Cipher Spec, length = 1
4/1/08 2:58 PM: *** Finished
verify_data: { 238, 215, 175, 86, 1, 3, 125, 177, 105, 85, 182, 1194/1/08 2:58 PM: }
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 32
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Alert, length = 2
TP-Processor10, RECV TLSv1 ALERT: fatal, 4/1/08 2:58 PM: handshake_failure
4/1/08 2:58 PM: TP-Processor10, called closeSocket()
4/1/08 2:58 PM: TP-Processor10, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
4/1/08 2:58 PM: LOADING STATIC======================
4/1/08 2:58 PM: %% No cached client session
4/1/08 2:58 PM: *** ClientHello, TLSv1
RandomCookie: GMT: 1190233284 bytes = { 65, 153, 203, 177, 240, 215, 243, 44, 119, 245, 122, 207, 103, 144, 180, 159, 210, 245, 33, 103, 15, 226, 127, 93, 67, 150, 205, 1884/1/08 2:58 PM: }
Session ID: {}
4/1/08 2:58 PM: Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 04/1/08 2:58 PM: }
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 79
4/1/08 2:58 PM: TP-Processor10, WRITE: SSLv2 client hello message, length = 107
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 42
4/1/08 2:58 PM: *** ServerHello, TLSv1
RandomCookie: GMT: 1190233284 bytes = { 9, 32, 248, 7, 14, 138, 237, 198, 81, 132, 124, 47, 82, 168, 174, 192, 186, 67, 208, 40, 49, 94, 200, 30, 15, 23, 235, 374/1/08 2:58 PM: }
Session ID: {}
4/1/08 2:58 PM: Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
4/1/08 2:58 PM: Compression Method: 0
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: %% Created: [Session-3, SSL_RSA_WITH_RC4_128_MD5]
4/1/08 2:58 PM: ** SSL_RSA_WITH_RC4_128_MD5
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 1032
4/1/08 2:58 PM: *** Certificate chain
4/1/08 2:58 PM: chain [0] = [
Version: V3
Subject: CN=vui.intrado.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Operations B2B03, O=Intrado, L=Longmont, ST=Colorado, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 123095664288727041032981792382713558924388820769033568750837609874847919816986574572326945022043788299975362758450430393268875591860173731899392101803427012444800895939587473517523357557784121771690988156414678400971980713801386242045333122455367857077525864235945214278003628280016127022895491321514431881967
public exponent: 65537
Validity: [From: Sun May 14 20:00:00 EDT 2006,
               To: Wed May 14 19:59:59 EDT 2008]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [    7bfce8d2 6dfe312b d05b12e7 2ae6b3fe]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
0060: 67 69 66 gif
[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRSecure-crl.verisign.com/SVRSecure.crl]
[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 72 70 61        risign.com/rpa
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.verisign.com]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 16 7C 21 67 0E 0C 9D 2C E3 5B 13 54 D9 2C DC 6E ..!g...,.[.T.,.n
0010: 49 E7 24 21 75 DD F3 C2 51 D4 99 43 84 BD 47 9C I.$!u...Q..C..G.
0020: 9A 5F E1 1E 6B 79 4F D1 51 B7 42 F6 33 DE A0 0F ._..kyO.Q.B.3...
0030: 61 7E F3 A5 C8 43 FC 42 A0 2D 74 D1 2E AB BE 96 a....C.B.-t.....
0040: DF FA DD B3 54 29 2F 53 B7 26 C2 AE 31 CC BB 6D ....T)/S.&..1..m
0050: 35 0C C5 BD 96 7F 94 3E 55 95 F3 DD 8A E9 E5 6D 5......>U......m
0060: 8C F0 5E B1 4C 8B A0 AA 80 60 DA 9E D8 0D 11 FE ..^.L....`......
0070: CF BC 9D 86 5E FD 08 B0 C6 FF CE 7A 45 ....^......zE
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: Found trusted certificate:
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: Sun RSA public key, 1000 bits
modulus: 6144706769222379850430183405655235862870193813433361902309516534729547168229223442088128897090426025874990958624426272027915771330043379079076269082776443120496525109458437435793974957144923190172655546279112796066635455545786300647745888353781002359412766112775410851780140804282673804950495744761467
public exponent: 65537
Validity: [From: Tue Nov 08 19:00:00 EST 1994,
               To: Thu Jan 07 18:59:59 EST 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [    02ad667e 4e45fe5e 576f3c98 195eddc0]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Handshake, length = 119
4/1/08 2:58 PM: *** CertificateRequest
Cert Types: RSA, DSS
4/1/08 2:58 PM: Cert Authorities:
4/1/08 2:58 PM: <C=US, L=Boulder, ST=CO, O=Intrado, OU=Intrado, CN=Intrado Inc>
4/1/08 2:58 PM: *** ServerHelloDone
4/1/08 2:58 PM: *** Certificate chain
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 141
4/1/08 2:58 PM: SESSION KEYGEN:
4/1/08 2:58 PM: PreMaster Secret:
0000: 03 01 B4 97 6F 97 A2 3F 49 3A 6D 33 AA 00 0B 4F ....o..?I:m3...O
0010: 31 31 DB E2 99 58 19 41 78 B2 F9 AC 05 6C F0 4F 11...X.Ax....l.O
0020: BB 55 BE 41 70 AA 76 58 1E AB 6F 08 2B 49 C3 F4 .U.Ap.vX..o.+I..
4/1/08 2:58 PM: CONNECTION KEYGEN:
4/1/08 2:58 PM: Client Nonce:
0000: 47 F2 85 C4 41 99 CB B1 F0 D7 F3 2C 77 F5 7A CF G...A......,w.z.
0010: 67 90 B4 9F D2 F5 21 67 0F E2 7F 5D 43 96 CD BC g.....!g...]C...
4/1/08 2:58 PM: Server Nonce:
0000: 47 F2 85 C4 09 20 F8 07 0E 8A ED C6 51 84 7C 2F G.... ......Q../
0010: 52 A8 AE C0 BA 43 D0 28 31 5E C8 1E 0F 17 EB 25 R....C.(1^.....%
4/1/08 2:58 PM: Master Secret:
0000: 23 BD B9 EC C1 C7 44 46 77 D9 5D 71 B8 D0 73 44 #.....DFw.]q..sD
0010: 9E C6 E3 CB 2B 28 97 74 0F F9 36 01 28 07 99 C6 ....+(.t..6.(...
0020: 6C 19 93 CC 0C BC FD 06 37 2D AE 1B 70 5E F2 68 l.......7-..p^.h
4/1/08 2:58 PM: Client MAC write Secret:
0000: 95 53 86 89 4D 91 E9 13 EF D6 B0 DA A1 8B 14 5B .S..M..........[
4/1/08 2:58 PM: Server MAC write Secret:
0000: CA 3E 7E 09 AF 37 A0 20 D0 9A 09 58 F1 C7 9F 29 .>...7. ...X...)
4/1/08 2:58 PM: Client write key:
0000: DB 2C 8E 50 F6 52 35 BD 2A 93 9A 74 24 E0 98 91 .,.P.R5.*..t$...
4/1/08 2:58 PM: Server write key:
0000: 60 15 83 88 28 2B 0B 55 71 62 2E 34 82 00 C8 B3 `...(+.Uqb.4....
4/1/08 2:58 PM: ... no IV used for this cipher
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Change Cipher Spec, length = 1
4/1/08 2:58 PM: *** Finished
verify_data: { 108, 130, 148, 248, 86, 192, 183, 217, 87, 4, 181, 834/1/08 2:58 PM: }
4/1/08 2:58 PM: ***
4/1/08 2:58 PM: TP-Processor10, WRITE: TLSv1 Handshake, length = 32
4/1/08 2:58 PM: TP-Processor10, READ: TLSv1 Alert, length = 2
TP-Processor10, RECV TLSv1 ALERT: fatal, 4/1/08 2:58 PM: handshake_failure
4/1/08 2:58 PM: TP-Processor10, called closeSocket()
4/1/08 2:58 PM: TP-Processor10, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
4/1/08 2:58 PM: Finalizer, called close()
4/1/08 2:58 PM: Finalizer, called closeInternal(true)

4/1/08 2:58 PM: *** CertificateRequest
Cert Types: RSA, DSS
4/1/08 2:58 PM: Cert Authorities:
4/1/08 2:58 PM: <C=US, L=Boulder, ST=CO, O=Intrado, OU=Intrado, CN=Intrado Inc>Here the server has asked for client authentication. The later traces show that the client hasn't provided any. So the server has taken the option of aborting the connection. This action corresponds to SSLSocket.setNeedClientAuth(true) at the server.
Do you have the javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword system properties set? or a custom KeyManager installed? or whatever all that corresponds to in Tomcat?

SSL Strust : Issuer certificate missing in database

Hi,
I am apply ssl in Abap stack STRUST. When i apply the certificate respond from the CA , it showing error
Issuer certificate missing in database:CN=DigiCert High Assurance CA-3, OU=www.digicert.c
Any idea??
Thanks

In Strust, goto Certificate->Database, create a new "ROOT CA" entry ex;Z_NETCA.
Select any PSE(System PSE) ->Certificate->Import and Import the "Issuer Certificate".
Certificate->Export->Database>Select Z_NETCA, CA, Some description ->OK
Now you will be able to import your certificate response without any issues.
To Get the "Issuer Certificate" open your certificate response(certificate) , goto Certification Path TAB and select the next level higher to your Server CA and ->View Certificate->Goto Details tab and Copy to File->Export in base64 or DER format.

SSL/SP7 Issues?

Similar Messages

Maybe you are looking for