"The certificate chain was issued by an authority that is not trusted" when migrating to SQL 2012

Similar Messages

• Hybrid Connection fails for Windows SQL Server 2014 - SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted

  Hello,
  I have configured BizTalk Services Hybrid Connection between Standard Azure Website and SQL Server 2014 on premise.
  Azure Management portal shows the status of Hybrid Connection as established.
  However, the website throws an error when trying to open a connection
  <
  addname="DefaultConnection"
  connectionString="Data
  Source=machine name;initial catalog=AdventureWorks2012;Uid=demouser;Password=[my password];MultipleActiveResultSets=True"
  providerName="System.Data.SqlClient"
  />
  (The same website, with the same connection string deployed on SQL Server machine works correctly).
  I tried various options with the connections sting (IP address instead of machine name, Trusted_Connection=False, Encrypt=False, etc. the result is the same
  [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
  [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.
  I tried various machines - on premise and a clean Azure VM with SQL Server and it results in the same error - below full stack
  The certificate chain was issued by an authority that is not trusted             
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            
  Exception Details: System.ComponentModel.Win32Exception: The certificate chain was issued by an authority that is not trusted
  Source Error:
  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.                  
  Stack Trace:
  [Win32Exception (0x80004005): The certificate chain was issued by an authority that is not trusted]
  [SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)]
  System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) +5341687
  System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +546
  System.Data.SqlClient.TdsParserStateObject.SNIWritePacket(SNIHandle handle, SNIPacket packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock) +5348371
  System.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate) +91
  System.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate) +331
  System.Data.SqlClient.TdsParser.TdsLogin(SqlLogin rec, FeatureExtension requestedFeatures, SessionData recoverySessionData) +2109
  System.Data.SqlClient.SqlInternalConnectionTds.Login(ServerInfo server, TimeoutTimer timeout, String newPassword, SecureString newSecurePassword) +347
  System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover) +238
  System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout) +892
  System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance) +311
  System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData) +646
  System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions) +278
  System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions) +38
  System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +732
  System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection) +85
  System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1057
  System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +78
  System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +196
  System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +146
  System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +16
  System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +94
  System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +110
  System.Data.SqlClient.SqlConnection.Open() +96
  System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +44
  [EntityException: The underlying provider failed on Open.]
  System.Data.EntityClient.EntityConnection.OpenStoreConnectionIf(Boolean openCondition, DbConnection storeConnectionToOpen, DbConnection originalConnection, String exceptionCode, String attemptedOperation, Boolean& closeStoreConnectionOnFailure) +203
  System.Data.EntityClient.EntityConnection.Open() +104
  System.Data.Objects.ObjectContext.EnsureConnection() +75
  System.Data.Objects.ObjectQuery`1.GetResults(Nullable`1 forMergeOption) +41
  System.Data.Objects.ObjectQuery`1.System.Collections.Generic.IEnumerable<T>.GetEnumerator() +36
  System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) +369
  System.Linq.Enumerable.ToList(IEnumerable`1 source) +58
  CloudShop.Services.ProductsRepository.GetProducts() +216
  CloudShop.Controllers.HomeController.Search(String SearchCriteria) +81
  CloudShop.Controllers.HomeController.Index() +1130
  lambda_method(Closure , ControllerBase , Object[] ) +62
  System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
  System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +193
  System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
  System.Web.Mvc.Async.<>c__DisplayClass42.<BeginInvokeSynchronousActionMethod>b__41() +28
  System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +10
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
  System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +58
  System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +225
  System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +10
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
  System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +23
  System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +99
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +50
  System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
  System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +14
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +39
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +29
  System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
  System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +25
  System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +23
  System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
  System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +31
  System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
  System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9651188
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
  Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.36213            
  Regards,
  Michal
  Michal Morciniec

  Same issue here, looking for more information !

• Error code 265: The certificate chain was issued by an authority that is not trusted.

  We are in the process of trying to set up a wireless network that uses NPS servers to authenticate domain users with computers that are not on our domain (BYOD).
  We are using a valid, wildcard SSL (with intermediate certificates) to authenticate via PEAP.  The certificate was issued by Godaddy.
  When trying to connect, we are getting the authentication request.
  The result of a connection attempt is no connection with an event log error code of - “265: The certificate chain was issued by an authority that is not trusted.”
  We have tried ensuring that the certificates are in the correct containers on the respective NPS servers: “Certificates\Personal\Certificates” With the intermediate certificates located: “Certificates/Intermediate Certification Authorities”
  All these attempts have proven fruitless.  Any assistance or direction would be very much appreciated.

  Hi,
  Do you import the intermediate certificate in the right account? It should be imported in the Computer Account.
  Have you imported the intermediate certificate in your client? Client need it to validate the certificate of your NPS server.
  Here is a similar thread in which Greg has explained this issue in detail.
  http://social.technet.microsoft.com/Forums/en-US/b770fcf6-d1e9-4aac-9005-62cb5ff6d485/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted?forum=winserverNAP
  Hope this helps.
  Steven Lee
  TechNet Community Support

• TMG - 0x80090325 -Certificate Chain was issued by an authority that is not trusted

  Hello,
  I am having some problems with testing a OWA (SSL) rule. I get that message.
  The TMG belongs to the domain and therefore as far as I know it gets the root certificate of my CA (I have deployed a Enterprise CA for my domain).
  That is why I don't understand the message: "...that is not trusted."
  The exact message:
  Testing https://mail.mydomain.eu/owa
  Category: Destination server certificate error
  Error details: 0x80090325 - The certificate chain was issued by an authority that is not trusted
  Thanks in advance!
  Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

  Thanks Keith for your reply and apologies for the delay in my answer.
  I coud not wait and I reinstalled the whole machine (W28k R2 + TMG 2010) . I suppose I am still a bad troubleshooter, I have experience setting up ISA, TMG, PKI, Active directory but to a certain extent.
  1. Yes, I saw it when hitting the button "Test Rule" in the Publising rule in the TMG machine.
  2. No, it did not work in this implementation but it has worked in others, this is not difficult to set up, until now, hehe.
  3. You said: "...If you are seeing it when running "Test Rule" then it simply means that TMG does not trust something about the certificate that is on your Exchange Server...."
  But the certificates are auto-enrolled, and when I saw the details of the certificates they all are "valid" , there is a "valid" message.
  4. You wrote: "...Easiest way see everything is create an access rule that allows traffic from the LocalHost of TMG to the CAS and open up a web browser. Does the web browser complain?..."
  But as I said, I re-installed the whole thing because nobody jumped in here , and I needed to move forward, I hope you understand.
  5. S Guna kindly proposed this:
  If you are using internal CA,
  You need to import the Root CA certificate to TMG servers.
  Import Private Key of the certificate to Server personal
  Create a Exchange publishing Rule and Point the lisitner to the Correct certificate.
  Since you are using internal CA, You need to import the Root CA certificate to all the client browers from where you are accessing OWA
  But I think I do not have to perform any of those tasks, although I am not an expert but have worked with Certificate for one year or so.
  Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

• TMG Error code 500 Certificate chain was issued by an authority that is not trusted

  Hello colleagues
  I have site https://site.domain.ru:9510/pmpsvc
  In site work: http://imgur.com/2cQ6vlF
  I publish this site through TMG 2010, but I have error:
  500 Internal Server Error. The certificate chain was issued by an authority that is not trusted (-2146893019).
  On TMG server via MMC I imported certificate to:
  http://imgur.com/eYqjrQg and reboot TMG server, but problem is not solved.
  Maybe someone solved this problem?
  Thanks.

  This is because your certificate is unable to reach CA to verify the certificate
  Ensure your TMG can reach the certificate authority
  Import Root CA certificate to Trusted Root certificate authority in CertMGR
  If you are using intermediate CA then import the intermediate CA certificate to intermediate CA in certmgr
  Thanks, but I use certificate "*.domain.ru" and another https sites without port 9510 works fine. Maybe problem with site on TMG because problem with certificate on web-server (about Certificate error) -
  http://imgur.com/2cQ6vlF ??

• Security certificate was issued by a company you have not choosen to trust.

  This issue is new to our client that is running Outlook 2010 (on a Win 7 machine) and connecting to an Exchange 2007 box. 
  There is only one Exchange box.  I have tried the suggestions with assigning the certificate to the “Trusted Root Certification Authorities” area. 
  I have launched the “certmgr.msc” and see the “mail.domain.com” certificate listed. 
  I deleted and readded it as well.  We have a signed 3^rd party certificate that does not expire until 2016. 
  I have uninstalled and reinstalled Outlook 2010 on the machine. 
  I have also unchecked the “use Cached Exchange Mode” in the “Change Account Settings” area. 
  I have been searching for a solution for this for two weeks now. 
  Everything I have read has to do with Exchange 2010 and Outlook 2010 working together. 
  I have attached the error, I’m sure most that are reading this have seen it. 
  I’m not sure if there is a setting I’m missing on the machine, or what is going on. 
  Thank you to all that have read this.  I look forward to additional advice for a solution.

  Wendy,
  Thanks for the reply.  I have tried this solution multiple times. 
  I have added the certificate to the trusted root authority. 
  I was still getting the issue.  I then removed the certificate from the certificate management console. 
  I then followed the directions again, and checked to make sure the certificate was listed under the “Trusted Root Certification Authorities store.” 
  Please let me know if you have any other suggestions.
  Who issued this cert? What 3rd party? You shouldnt have to do anything for a trsuted 3rd party cert unless something is messed up on the certificate chain.
  When you click on the View Certificate, is it the correct 3rd party cert?
  Andy,
  The 3rd Party is Go Daddy.  The cert is good until 2016.  When I cick on view certificate it has the correct issued by name and valid from dates.  The only error is "Windows does not have enough information to verify this certificate." 
  When I click on the Certification Path the box at the botton  "Certificate Status:" has a note "This certificate is OK."  Please let me know your thoughts on this.

• Go Daddy UCC Certificate: "ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update"

  Hello,
  I have this issue regarding certificate chains while performing Outlook Anywhere connectivity test
  by Microsoft Remote Connectivity Analyzer:
  "ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled."
  Note: even if I got the error, Outlook Anywhere and
  ActiveSync services work fine.
  Environment:
  - Exchange 2007 with SP3
  - Go Daddy Multiple Domains UCC certificate (up to 5 Subject Alternative Names)
  I already read and followed instructions on this TechNet post
  Can I safely ignore this warning about the SSL cert? Using GoDaddy UCC cert but it is a little bit different by this case.
  So after an investigation I understand the issue above is related to SSL certificate
  Certification Path (see screenshots below).
  NO ERRORS on ExRCA checking
  Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
  repository
  Go Daddy Class 2 Certification Authority is under Intermediate Certification Authorities
  repository
  Starfield Technologies (http://www.valicert.com)
  is under Trusted Root Certification Authorities repository
  ERROR on ExRCA checking
  Go Daddy Secure Certification Authority is under Intermediate Certification Authorities
  repository
  Go Daddy Class 2 Certification Authority is under Trusted Root Certification Authorities
  repository
  Can you add some useful information ?
  I'm opening a support ticket at Go Daddy; I hope they could me some positive feedbacks.
  Regards,
  Luca Fabbri
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

  Strange I have a feeling the exrca tool can't validate the godaddy class2 root authority due some older compability and wants to use the older original root authority valicert owned godaddy. Or when the exrca tool is validating the root CA it only has the
  goaddy class2 root ca that was issued by valicert and not the standalone cert when doing the comparision. I sent the question to MS and will let you know when I hear back.
  You can get rid of it
  https://certs.godaddy.com/anonymous/repository.seam
  Download the cert
  ◦gd_cross_intermediate.crt
  Then import it into the trusted root cert authority on your CAS boxes. Then you need to delete the other godaddy class2 root authority. Make sure you see the one you imported both will be named goaddy class2 root authority but one will be issued by valicert.
  Re-run the test and it will go away, I also saw the error with my domain as well using godaddy and got rid of it by using the new cert authority.
  James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

• Cannot complete the certificate chain: No trusted cert found

  Hi:
  I am currently working on a application that makes a web service call to a third party service provider. I am using weblogic 10 application server and session bean makes a call to the gateway class which in turn initiates a web service call using SSL layer. I get the following error when gateway class is trying to make a SSL connection with the third party server. I have set the keystore to be custom and java standard and both Identity key store and turst key store points to C:\bea10\jdk160_05\jre\lib\security\cacerts key store. The interesting thing is when I tried with different other URLs www.bankofamerica.com and www.freshdirect.com
  I get the same error. I am not sure why certificate validation fails even if it is a trusted CA and I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net
  Can someone shed me somelight whats going on here? I also took a look at thread Re: SSL issues tried to import the server certificates into java keystore. but nothing worked out. Appreciate your help.
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: Cannot complete the certificate chain: No trusted cert found
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: Validating certificate 0 in the chain: Serial number: 805312903
  Issuer:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  Subject:C=CA, ST=Ontario, L=Toronto, O=Givex Corp., CN=*.givex.com
  Not Valid Before:Wed Nov 21 09:56:03 EST 2007
  Not Valid After:Sat Nov 20 09:56:03 EST 2010
  Signature Algorithm:SHA1withRSA
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: Validating certificate 1 in the chain: Serial number: 1116160170
  Issuer:C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
  Subject:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  Not Valid Before:Sun Oct 01 01:00:00 EDT 2006
  Not Valid After:Tue Nov 26 13:25:48 EST 2013
  Signature Algorithm:SHA1withRSA
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: NEW ALERT with Severity: FATAL, Type: 42
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
       at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
       at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
       at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
       at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
       at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
       at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
       at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
       at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
       at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: write ALERT, offset = 0, length = 2
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: SSLIOContextTable.removeContext(ctx): 29310343
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: SSLIOContextTable.removeContext(ctx): 29310343
  <Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220048> <A exception was thrown from the client handler sending a JAXM message.>
  <Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220034> <A stack trace associated with message 220048 follows:
  javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
       at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
       at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
       at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
       at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
       at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
       at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
       at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
       at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
       at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
  >

  I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net<You can list the contents of your cacerts file to see if exact matching version of the SecureTrust signer cert is present.
  You can also use a simple java program to test whether you can connect to the 2 servers that your're having issues with:
  import java.net.*;
  import java.io.*;
  public class SSL_Test {
  public static void main(String[] args) throws Exception {
  URL sslURL = new URL("https://someserver.com/someservice.wsdl");
  BufferedReader in = new BufferedReader( new InputStreamReader( sslURL.openStream()));
  String inputLine;
  while ((inputLine = in.readLine()) != null)
  System.out.println(inputLine);
  in.close();
  compile and run with something like:
  javac SSL_Test.java
  # all on one line
  java -D -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=***** -Djavax.net.debug=ssl,handshake SSL_Test
  This just tests whether your truststore can trust the server cert.

• HTTPS Client not sending the certificate chain

  Hi,
  I have HTTPS java programme with client authendication.
  When the server request for the certificate from the client, the client is not sending the certificate chain, the server says Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
  In the client I an setting the keystore properties properly
  Below is the ssl trace from the server and the client.
  The trace clearly says that the client has loded its certificate from the key store.
  One thing I noticed is the validity period of the client certificate is different in client and the server.
  I am not sure why it is different. I followed the steps properly to create the certificate.
  Can anyone help me to resolve this
  ==========================Server Trace==========================
  SecureServer version 1.0
  found key for : server
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  trustStore is: d:\babu\ssltest\sscerts\jsseclient1
  trustStore type is : jks
  init truststore
  adding as trusted cert: [
  Version: V1
  Subject: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@166
  Validity: [From: Sun Jun 07 04:00:00 GMT+04:00 1998,
                 To: Tue Jun 07 03:59:59 GMT+04:00 2011]
  Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
  SerialNumber: [    32f057e7 153096f5 1fb86e5b 5a49104b]
  Algorithm: [SHA1withRSA]
  Signature:
  0000: A6 96 37 75 1C FD 95 95 40 E0 C9 53 25 8D E7 12 [email protected]%...
  0010: AC 44 51 10 AC F2 BA 98 4D 72 EF 0B 75 2D 51 19 .DQ.....Mr..u-Q.
  0020: 11 C9 47 E2 2F 96 67 61 0F 36 1D CA E7 C7 23 48 ..G./.ga.6....#H
  0030: 46 97 63 C4 32 AE FF 7B 5A 65 64 50 CA 67 F7 14 F.c.2...ZedP.g..
  adding as trusted cert: [
  Version: V3
  Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
  Validity: [From: Mon Oct 09 04:00:00 GMT+04:00 2006,
                 To: Tue Oct 24 03:59:59 GMT+04:00 2006]
  Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
  SerialNumber: [    5f2e369d 92ccf119 5d9a0371 c2f19ba4]
  Certificate Extensions: 6
  [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
  0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
  0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
  [2]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
  0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
  0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
  0030: 76 65 72 2E 63 72 6C ver.crl
  [3]: ObjectId: 2.5.29.37 Criticality=false
  ExtendedKeyUsages [
  [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
  [4]: ObjectId: 2.5.29.32 Criticality=false
  CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
  [PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.2
    qualifier: 0000: 30 56 30 15 16 0E 56 65   72 69 53 69 67 6E 2C 20  0V0...VeriSign,
  0010: 49 6E 63 2E 30 03 02 01   01 1A 3D 56 65 72 69 53  Inc.0.....=VeriS
  0020: 69 67 6E 27 73 20 43 50   53 20 69 6E 63 6F 72 70  ign's CPS incorp
  0030: 2E 20 62 79 20 72 65 66   65 72 65 6E 63 65 20 6C  . by reference l
  0040: 69 61 62 2E 20 6C 74 64   2E 20 28 63 29 39 37 20  iab. ltd. (c)97
  0050: 56 65 72 69 53 69 67 6E                            VeriSign
  ], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
  0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 risign.com/CPS
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  DigitalSignature
  Key_Encipherment
  [6]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 9D FC BF B3 A3 5D 94 B8 44 32 23 A5 B4 C2 BD 01 .....]..D2#.....
  0010: 90 54 CE 0F 23 1A 08 9D F3 E2 55 9A 4B C9 FE 3E .T..#.....U.K..>
  0020: F8 AD 45 DF 84 53 52 87 00 FA 66 2D 35 3F 48 53 ..E..SR...f-5?HS
  0030: 4A D5 77 0F FB E4 20 1B E5 4F 19 60 F9 EC 79 FF J.w... ..O.`..y.
  trigger seeding of SecureRandom
  done seeding SecureRandom
  SecureServer is listening on port 443.
  matching alias: server
  Accepted connection to ebms.uae.ebg.com (172.16.178.62) on port 3379.
  ----------1-1-1-----
  [read] MD5 and SHA1 hashes: len = 3
  0000: 01 03 01 ...
  [read] MD5 and SHA1 hashes: len = 74
  0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
  0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
  0020: 12 00 00 03 02 00 80 00 00 11 45 29 F4 B8 D5 0B ..........E)....
  0030: F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 ..R...P..I.PF.-.
  0040: 29 47 67 95 15 48 97 75 97 2C )Gg..H.u.,
  Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
  Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  Cipher suite: SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  *** CertificateRequest
  Cert Types: RSA, DSS,
  Cert Authorities:
  <CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
  <OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
  *** ServerHelloDone
  [write] MD5 and SHA1 hashes: len = 912
  0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
  0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
  0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
  0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
  0040: F4 5B 62 D2 8B A1 D6 00 04 00 0B 00 02 18 00 02 .[b.............
  0050: 15 00 02 12 30 82 02 0E 30 82 01 77 02 04 45 28 ....0...0..w..E(
  0060: B8 A9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
  0070: 00 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 .0N1.0...U....ae
  0080: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
  0090: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
  00A0: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
  00B0: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
  00C0: 37 30 1E 17 0D 30 36 31 30 30 38 30 38 33 36 35 70...06100808365
  00D0: 37 5A 17 0D 30 37 30 31 30 36 30 38 33 36 35 37 7Z..070106083657
  00E0: 5A 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 Z0N1.0...U....ae
  00F0: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
  0100: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
  0110: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
  0120: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
  0130: 37 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 70..0...*.H.....
  0140: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 86 .......0........
  0150: FA C2 EC 96 1B 02 01 27 08 D2 70 4D 3B AE D0 38 .......'..pM;..8
  0160: 15 97 E9 1D 94 D2 BE A1 2A 54 39 F8 2E AF 71 4C ........*T9...qL
  0170: FD 9A 71 BF 8A 1E 92 9F 3A 07 DA E9 5E 49 2C C6 ..q.....:...^I,.
  0180: 7D FD AA 1F C6 13 39 38 BC 16 34 04 FE E8 6B 4C ......98..4...kL
  0190: EA E9 BA 29 58 9E 6C 61 B8 1F B8 29 6F 83 5D 44 ...)X.la...)o.]D
  01A0: 7B 47 E5 BC 8E 2E D0 C1 E0 6F 73 15 E2 03 A8 49 .G.......os....I
  01B0: C9 42 39 87 0B 70 A0 80 0D 11 98 76 AE 2B B6 A3 .B9..p.....v.+..
  01C0: 5A BA 5D 3B BF C0 90 86 F6 E3 AB 9B A0 49 02 03 Z.];.........I..
  01D0: 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 ...0...*.H......
  01E0: 05 00 03 81 81 00 54 CC 61 97 1A 69 6C 1F 4B 53 ......T.a..il.KS
  01F0: 1B 7C 54 B3 65 A9 15 C6 1A C0 1B BD FC E5 15 ED ..T.e...........
  0200: 57 F7 29 E7 5E 34 3F D3 9C 40 4E D8 0B AC 79 5B W.).^[email protected][
  0210: 01 64 4E DD D2 FE 57 6A 02 1E 8F C7 00 11 77 0F .dN...Wj......w.
  0220: C8 20 06 0E DB 78 E3 45 57 9B 7D A4 95 0C 20 85 . ...x.EW..... .
  0230: B8 A4 87 D8 AE 29 69 B5 CC DC A1 B4 32 8C 6F 77 .....)i.....2.ow
  0240: F0 9A A8 12 27 C6 96 98 E9 EB AC 74 6E 39 2C D4 ....'......tn9,.
  0250: 1B 1C A1 4B 81 C8 0B B9 CD 0A 18 DC 01 74 5D 99 ...K.........t].
  0260: 4E 14 7A 2C 37 1E 0D 00 01 22 02 01 02 01 1D 00 N.z,7...."......
  0270: 6D 30 6B 31 0B 30 09 06 03 55 04 06 13 02 41 45 m0k1.0...U....AE
  0280: 31 11 30 0F 06 03 55 04 08 13 08 65 6D 69 72 61 1.0...U....emira
  0290: 74 65 73 31 0E 30 0C 06 03 55 04 07 14 05 64 75 tes1.0...U....du
  02A0: 62 61 69 31 11 30 0F 06 03 55 04 0A 14 08 65 6D bai1.0...U....em
  02B0: 69 72 61 74 65 73 31 15 30 13 06 03 55 04 0B 14 irates1.0...U...
  02C0: 0C 65 6D 69 72 61 74 65 73 62 61 6E 6B 31 0F 30 .ebg1.0
  02D0: 0D 06 03 55 04 03 14 06 69 74 6E 35 34 37 00 AC ...U....ebms..
  02E0: 30 81 A9 31 16 30 14 06 03 55 04 0A 13 0D 56 65 0..1.0...U....Ve
  02F0: 72 69 53 69 67 6E 2C 20 49 6E 63 31 47 30 45 06 riSign, Inc1G0E.
  0300: 03 55 04 0B 13 3E 77 77 77 2E 76 65 72 69 73 69 .U...>www.verisi
  0310: 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 gn.com/repositor
  0320: 79 2F 54 65 73 74 43 50 53 20 49 6E 63 6F 72 70 y/TestCPS Incorp
  0330: 2E 20 42 79 20 52 65 66 2E 20 4C 69 61 62 2E 20 . By Ref. Liab.
  0340: 4C 54 44 2E 31 46 30 44 06 03 55 04 0B 13 3D 46 LTD.1F0D..U...=F
  0350: 6F 72 20 56 65 72 69 53 69 67 6E 20 61 75 74 68 or VeriSign auth
  0360: 6F 72 69 7A 65 64 20 74 65 73 74 69 6E 67 20 6F orized testing o
  0370: 6E 6C 79 2E 20 4E 6F 20 61 73 73 75 72 61 6E 63 nly. No assuranc
  0380: 65 73 20 28 43 29 56 53 31 39 39 37 0E 00 00 00 es (C)VS1997....
  Thread-1, WRITE: TLSv1 Handshake, length = 912
  Thread-1, READ: TLSv1 Handshake, length = 141
  *** Certificate chain
  Thread-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
  Thread-1, WRITE: TLSv1 Alert, length = 2
  Thread-1, called closeSocket()
  Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
  IOException occurred when processing request.
  Thread-1, called close()
  Thread-1, called closeInternal(true)
  ==========================Client Trace==========================
  --->>>--------
  keyStore is : d:\babu\ssltest\sscerts\clientpk1
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  found key for : client
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
  Validity: [From: Mon Oct 09 09:44:01 GMT+04:00 2006,
                 To: Sun Jan 07 09:44:01 GMT+04:00 2007]
  Issuer: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
  SerialNumber: [    4529e1a1]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 20 C7 89 9C 04 64 E8 62 AD D2 64 DD 0A E4 2A A1 ....d.b..d...*.
  0010: B6 9A B5 06 DC 3E F8 AA BE B5 8A 12 B5 75 91 EC .....>.......u..
  0020: 33 77 12 27 85 15 14 15 52 B3 7F 4B 03 18 B5 E0 3w.'....R..K....
  0030: 31 E4 0C A7 0A E1 52 3E 9F D1 58 B7 F2 CC F2 DD 1.....R>..X.....
  0040: D4 61 D6 C8 12 39 60 4D C9 FB DC 01 0C 0D FC 98 .a...9`M........
  0050: C6 AD A6 56 3E 05 1B 4E 20 1B 93 77 16 67 0E D1 ...V>..N ..w.g..
  0060: E0 A1 B6 7F CA 13 53 F2 53 92 14 63 9A 82 01 AE ......S.S..c....
  0070: 83 B2 FD FC 2E 29 22 F9 E7 18 DB 6A 14 73 83 E3 .....)"....j.s..
  trustStore is: d:\babu\ssltest\sscerts\jsseserver
  trustStore type is : jks
  init truststore
  adding as trusted cert: [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  ---<<<--------
  THE HEADERS
  ---111--------
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 59
  0000: 01 00 00 37 03 01 45 29 F4 B8 D5 0B F1 F5 52 D2 ...7..E)......R.
  0010: E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 29 47 67 95 ..P..I.PF.-.)Gg.
  0020: 15 48 97 75 97 2C 00 00 10 00 04 00 05 00 0A 00 .H.u.,..........
  0030: 13 00 09 00 12 00 03 00 11 01 00 ...........
  main, WRITE: TLSv1 Handshake, length = 59
  [write] MD5 and SHA1 hashes: len = 77
  0000: 01 03 01 00 24 00 00 00 20 00 00 04 01 00 80 00 ....$... .......
  0010: 00 05 00 00 0A 07 00 C0 00 00 13 00 00 09 06 00 ................
  0020: 40 00 00 12 00 00 03 02 00 80 00 00 11 45 29 F4 @............E).
  0030: B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 .....R...P..I.PF
  0040: AA 2D A7 29 47 67 95 15 48 97 75 97 2C .-.)Gg..H.u.,
  main, WRITE: SSLv2 client hello message, length = 77
  main, READ: TLSv1 Handshake, length = 912
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
  Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
  0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
  0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
  0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
  0040: F4 5B 62 D2 8B A1 D6 00 04 00 .[b.......
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  stop on trusted cert: [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  [read] MD5 and SHA1 hashes: len = 540
  0000: 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30 82 ..........0...0.
  0010: 01 77 02 04 45 28 B8 A9 30 0D 06 09 2A 86 48 86 .w..E(..0...*.H.
  0020: F7 0D 01 01 04 05 00 30 4E 31 0B 30 09 06 03 55 .......0N1.0...U
  0030: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
  0040: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
  0050: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
  0060: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
  0070: 06 69 74 6E 35 34 37 30 1E 17 0D 30 36 31 30 30 .ebms0...06100
  0080: 38 30 38 33 36 35 37 5A 17 0D 30 37 30 31 30 36 8083657Z..070106
  0090: 30 38 33 36 35 37 5A 30 4E 31 0B 30 09 06 03 55 083657Z0N1.0...U
  00A0: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
  00B0: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
  00C0: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
  00D0: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
  00E0: 06 69 74 6E 35 34 37 30 81 9F 30 0D 06 09 2A 86 .ebms0..0...*.
  00F0: 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 H............0..
  0100: 02 81 81 00 9C 86 FA C2 EC 96 1B 02 01 27 08 D2 .............'..
  0110: 70 4D 3B AE D0 38 15 97 E9 1D 94 D2 BE A1 2A 54 pM;..8........*T
  0120: 39 F8 2E AF 71 4C FD 9A 71 BF 8A 1E 92 9F 3A 07 9...qL..q.....:.
  0130: DA E9 5E 49 2C C6 7D FD AA 1F C6 13 39 38 BC 16 ..^I,.......98..
  0140: 34 04 FE E8 6B 4C EA E9 BA 29 58 9E 6C 61 B8 1F 4...kL...)X.la..
  0150: B8 29 6F 83 5D 44 7B 47 E5 BC 8E 2E D0 C1 E0 6F .)o.]D.G.......o
  0160: 73 15 E2 03 A8 49 C9 42 39 87 0B 70 A0 80 0D 11 s....I.B9..p....
  0170: 98 76 AE 2B B6 A3 5A BA 5D 3B BF C0 90 86 F6 E3 .v.+..Z.];......
  0180: AB 9B A0 49 02 03 01 00 01 30 0D 06 09 2A 86 48 ...I.....0...*.H
  0190: 86 F7 0D 01 01 04 05 00 03 81 81 00 54 CC 61 97 ............T.a.
  01A0: 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 15 C6 1A C0 .il.KS..T.e.....
  01B0: 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 3F D3 9C 40 ......W.).^4?..@
  01C0: 4E D8 0B AC 79 5B 01 64 4E DD D2 FE 57 6A 02 1E N...y[.dN...Wj..
  01D0: 8F C7 00 11 77 0F C8 20 06 0E DB 78 E3 45 57 9B ....w.. ...x.EW.
  01E0: 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 69 B5 CC DC .... ......)i...
  01F0: A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 96 98 E9 EB ..2.ow....'.....
  0200: AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 0B B9 CD 0A .tn9,....K......
  0210: 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E ...t].N.z,7.
  *** CertificateRequest
  Cert Types: RSA, DSS,
  Cert Authorities:
  <CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
  <OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
  [read] MD5 and SHA1 hashes: len = 294
  0000: 0D 00 01 22 02 01 02 01 1D 00 6D 30 6B 31 0B 30 ..."......m0k1.0
  0010: 09 06 03 55 04 06 13 02 41 45 31 11 30 0F 06 03 ...U....AE1.0...
  0020: 55 04 08 13 08 65 6D 69 72 61 74 65 73 31 0E 30 U....emirates1.0
  0030: 0C 06 03 55 04 07 14 05 64 75 62 61 69 31 11 30 ...U....dubai1.0
  0040: 0F 06 03 55 04 0A 14 08 65 6D 69 72 61 74 65 73 ...U....emirates
  0050: 31 15 30 13 06 03 55 04 0B 14 0C 65 6D 69 72 61 1.0...U....emira
  0060: 74 65 73 62 61 6E 6B 31 0F 30 0D 06 03 55 04 03 tesbank1.0...U..
  0070: 14 06 69 74 6E 35 34 37 00 AC 30 81 A9 31 16 30 ..ebms..0..1.0
  0080: 14 06 03 55 04 0A 13 0D 56 65 72 69 53 69 67 6E ...U....VeriSign
  0090: 2C 20 49 6E 63 31 47 30 45 06 03 55 04 0B 13 3E , Inc1G0E..U...>
  00A0: 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D www.verisign.com
  00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 2F 54 65 73 74 /repository/Test
  00C0: 43 50 53 20 49 6E 63 6F 72 70 2E 20 42 79 20 52 CPS Incorp. By R
  00D0: 65 66 2E 20 4C 69 61 62 2E 20 4C 54 44 2E 31 46 ef. Liab. LTD.1F
  00E0: 30 44 06 03 55 04 0B 13 3D 46 6F 72 20 56 65 72 0D..U...=For Ver
  00F0: 69 53 69 67 6E 20 61 75 74 68 6F 72 69 7A 65 64 iSign authorized
  0100: 20 74 65 73 74 69 6E 67 20 6F 6E 6C 79 2E 20 4E testing only. N
  0110: 6F 20 61 73 73 75 72 61 6E 63 65 73 20 28 43 29 o assurances (C)
  0120: 56 53 31 39 39 37 VS1997
  *** ServerHelloDone
  [read] MD5 and SHA1 hashes: len = 4
  0000: 0E 00 00 00 ....
  *** Certificate chain
  JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  Random Secret: { 3, 1, 145, 198, 68, 101, 78, 79, 139, 241, 6, 243, 13, 208, 161, 242, 0, 185, 46, 87, 212, 79, 239, 132, 145, 14, 13, 134, 115, 250, 44, 44, 112, 33, 173, 105, 52, 186, 160, 119, 55, 202, 205, 212, 136, 92, 7, 120 }
  [write] MD5 and SHA1 hashes: len = 141
  0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 3A 83 FA .............:..
  0010: 1E B3 43 52 3B B5 B9 A5 9D 2D 30 5E 71 34 DF 45 ..CR;....-0^q4.E
  0020: 99 99 2D 9A 4A 42 54 3D 47 D8 94 22 BC F3 92 0D ..-.JBT=G.."....
  0030: 23 AA 95 B5 75 EA B2 2B 8B DD DA 91 AA 94 24 4B #...u..+......$K
  0040: 56 34 C8 3C 1D 2D 15 63 CF 03 FF 65 6C DF B9 00 V4.<.-.c...el...
  0050: C3 5E BF 72 F4 70 64 45 D8 5B 58 E2 DF D6 12 1B .^.r.pdE.[X.....
  0060: BE A3 71 E9 1C 49 BB 7E C0 4A 1F CA 1F F5 63 23 ..q..I...J....c#
  0070: 0D 40 0D C6 3B FE 03 E9 DE 2E E5 09 1F 72 D7 6B .@..;........r.k
  0080: D6 ED 5E 99 B0 A8 A0 D3 D2 73 F0 A0 8E ..^......s...
  main, WRITE: TLSv1 Handshake, length = 141
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 91 C6 44 65 4E 4F 8B F1 06 F3 0D D0 A1 F2 ....DeNO........
  0010: 00 B9 2E 57 D4 4F EF 84 91 0E 0D 86 73 FA 2C 2C ...W.O......s.,,
  0020: 70 21 AD 69 34 BA A0 77 37 CA CD D4 88 5C 07 78 p!.i4..w7....\.x
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 45 29 F4 B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E)......R...P..I
  0010: E7 50 46 AA 2D A7 29 47 67 95 15 48 97 75 97 2C .PF.-.)Gg..H.u.,
  Server Nonce:
  0000: 45 29 F4 B8 E3 1F D7 72 74 DB 3B 9F 9C E8 EA 4E E).....rt.;....N
  0010: D1 0F 86 66 2E CF 66 21 CA 92 A4 4A 63 1B 4C E5 ...f..f!...Jc.L.
  Master Secret:
  0000: 3A 36 9A CA 6F 82 0B 32 17 28 04 CD 33 B4 5D BF :6..o..2.(..3.].
  0010: 5F 87 23 71 6B 49 2D 0E 59 DE 2C EA 8E B3 43 C8 _.#qkI-.Y.,...C.
  0020: 5D 3B 3B 4C B7 B9 AB 4E EA A3 E6 CE 54 40 FB 2D ];;[email protected]
  Client MAC write Secret:
  0000: C3 72 45 7B 93 DE 55 FF 0A 8C 9E 91 43 48 6E E4 .rE...U.....CHn.
  Server MAC write Secret:
  0000: E2 05 07 CB 3F 2D 95 41 EF 69 3F 09 6D CB 81 EE ....?-.A.i?.m...
  Client write key:
  0000: EE 7E EE 7D D8 5F 46 CD 88 15 9E F6 C7 EC 05 5F ....._F........_
  Server write key:
  0000: 43 DE B1 D2 FA 54 F0 E6 CA EC E8 1E 6C AD 77 EC C....T......l.w.
  ... no IV for cipher
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  JsseJCE: Using JSSE internal implementation for cipher RC4
  *** Finished
  verify_data: { 196, 3, 24, 202, 107, 99, 158, 203, 62, 203, 204, 35 }
  [write] MD5 and SHA1 hashes: len = 16
  0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
  Plaintext before ENCRYPTION: len = 32
  0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
  0010: 22 2A 55 36 5F 75 DB D4 CF 19 6F 40 93 AF B8 3B "*U6_u....o@...;
  main, WRITE: TLSv1 Handshake, length = 32
  waiting for close_notify or alert: state 1
  Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
  main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
  main, SEND TLSv1 ALERT: fatal, description = unexpected_message
  Plaintext before ENCRYPTION: len = 18
  0000: 02 0A 3E CA 24 9F 8F 40 B8 65 A6 44 5D 7E 0B B5 ..>[email protected]]...
  0010: A9 C7 ..
  main, WRITE: TLSv1 Alert, length = 18
  Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
  main, called closeSocket()
  ---000--------

  Here are the steps I am perfoming to create the certificates. Can anyone please validate the steps...
  //Create private key
  keytool -genkey -keystore clientpk1 -keyalg rsa -alias client -storepass password -keypass password
  //Create CSR
  keytool -certreq -alias client -file client.csr -keypass password -keystore clientpk1 -storepass password
  //Received client-ca.cer and root certificate from verisign
  //Import signed certificate to client keystore
  keytool -import -keystore clientpk1 -keyalg RSA -import -trustcacerts -file client-ca.cer
  //Import signed certificate and the root certificate to keystore(server thruststore)
  keytool -import -keystore jsseclient1 -alias client -file getcacert.cer
  keytool -import -keystore jsseclient1 -alias client -file client-ca.cer
  Thanks in advance,
  Babu

• SCCM 2012 DB migration - certificate chain error

  Hi all
  I am having an issue with migrating an SCCM 2012 database to a new SQL instance that doesn't seem to be uncommon however have had no luck in resolving the issue with what other people have suggested on forums...I have an SCCM 2012 installation which currently
  has the site database located on a co-located SQL 2012 instance. I am trying to migrate this database to a different SQL 2012 server with multiple named instances.
  I have followed the instructions as per the following article:
  http://blogs.technet.com/b/configurationmgr/archive/2013/04/02/how-to-move-the-configmgr-2012-site-database-to-a-new-sql-server.aspx
  I have backed up and restored the database to the new instance as per the guide however when running the Configuration Manager Setup Wizard I am getting the following errors:
  *** Failed to connect to the SQL Server, connection type: SMS ACCESS. Configuration Manager Setup 22/04/2015 11:51:10 AM 4428 (0x114C)
  INFO: SQL Connection failed. Connection: SMS ACCESS, Type: Secure Configuration Manager Setup 22/04/2015 11:51:10 AM 4428 (0x114C)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]SSL Provider: The certificate chain was issued by an authority that is not trusted. Configuration Manager Setup 22/04/2015 11:51:13 AM 4428 (0x114C)
  *** [08001][-2146893019][Microsoft][SQL Server Native Client 11.0]Client unable to establish connection Configuration Manager Setup 22/04/2015 11:51:13 AM 4428 (0x114C)
  *** Failed to connect to the SQL Server, connection type: SMS ACCESS. Configuration Manager Setup 22/04/2015 11:51:13 AM 4428 (0x114C)
  The errors will continue to pop up every 3 seconds for a few minutes before timing out and the wizard errors out.
  I have tried as others suggested and performed the following with no luck:
  - added the SCCM 2012 service account (account that I'm running the Config Manager wizard as) and computer account to the local administrators group on the SQL server
  - given the SCCM 2012 service account (account that I'm running the Config Manager wizard as) sysadmin privileges to the SQL instance
  - from our internal CA I've issued a certificate for the SQL server and installed it on both the SQL and SCCM server
  - tried exporting the SCCM server cert from the SMS_SITE_COMPONENT_MANAGER\Trusted People store and installed it into the Local Computer\Personal certificate store on the SQL server. Even tried installing it into the MSSQL$INST02\Personal store (INST02 being
  the name of the SQL instance)
  Articles that I've already referenced to try and fix this however without any luck:
  https://social.technet.microsoft.com/Forums/en-US/b5e1fc09-1f09-4de2-93c3-c0261fdda238/the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted-when-migrating-to-sql-2012?forum=configmanagerdeployment#a294676b-d51a-4049-82cf-adde14f9711a
  https://social.technet.microsoft.com/Forums/en-US/1726fa9d-a97b-41cb-8531-5a5f7191132e/cant-migrate-sccm-database-to-sql-server-2008-r2-cluster-connection-failed-sms-access?forum=configmanagergeneral
  Does anyone have any suggestions? The ideal would solution for me would be to remove the need to use certificates for the connection to the SQL backend if that it at all possible.
  Cheers
  Brady

  At this point I recommend that you connect Microsoft support CSS and ask them how to solve this problem.
  IMO you shouldn't need the two certs from your internal CA but you will need the two cert from your site server.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• Hacked Message: Your Apple ID was just used to download Podcasts from the App Store on a computer or device that had not previously been associated with that Apple ID

  So I just got a message from Apple saying
  "Your Apple ID was just used to download Podcasts from the App Store on a computer or device that had not previously been associated with that Apple ID"
  I am new to Apple products and signed up to the app store about an hour before but have not downloaded any apps yet.
  I also turned on iCloud Drive.
  Neither of these are Podcasts and I do not have any Podcasts on my device.
  The message is a really poor warning, it could for instance list the IP address which would immediately tell me if it was me.
  It could list what type of device it was.
  It could list what Podcast was downloaded.
  But no, just some random message, probably generated by the really bad default iPhone settings that put ease of use before security.
  I have a long complex password that I do not want ot have to change just because Apple generates a stupid message.
  On Google you have a log of all logins and devices, is there something similar with Apple, so I can figure this out?

  Kroll17 wrote:
  I don't know, I thought it was pretty clear
  "was just used to download Podcasts from the App Store"
  it said it was used to download a Podcast from the App Store
  I have not down downloaded any podcasts and there are no podcasts in the podcasts app, of course if Apple were to list the podcast that was downloaded, the IP address and the device it might help one dismiss the message.
  I am running the latest v8.1.1 although how the version of my OS related to a message generated by Apple servers is beyond me, unless my device is not authenticating properly so Apple thinks I am someone else but then as I have not downloaded any Podcasts that would not seem to be the issue.
  It does NOT say you downloaded a podcast. First, podcasts are not downloaded from the App Store; they are downloaded from the iTunes store.
  It's very clear to me; the app named  "Podcasts" was downloaded, not a podcast. "Podcasts" is a app provided by Apple for managing and downloading podcasts.

• When I try to activate my prepaid CC card I get: "This card was purchased in a country that does not match your Adobe ID." I bought it in the USA for use here in the UK...how can I activate it? It is a student edition. Thanks

  When I try to activate my prepaid CC card I get: "This card was purchased in a country that does not match your Adobe ID." I bought it in the USA for use here in the UK...how can I activate it? It is a student edition. Thanks

  I don't know that you can purchase in one country and use it in another.  Try contactoing Adobe support thru chat:
  Creative Cloud support (all Creative Cloud customer service issues)
  http://helpx.adobe.com/x-productkb/global/service-ccm.html ( http://adobe.ly/19llvMN )

• Your Apple ID, was just used to download Excalibur: Knights of the King from the App Store on a computer or device that had not previously been associated with that Apple ID.

  I keep receiving :
  Your Apple ID, ********@*******.***, was just used to download xxxxxxxx from the App Store on a computer or device that had not previously been associated with that Apple ID.
  You may also be receiving this email if you reset your password since your last purchase.
  If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.
  If you did not initiate this download, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.
  Regards,
  Apple
  Apple has been no help, Mac Store has been no help.
  Only iPad 2 & home computer authorized for downloading.
  Anybody have an answer/same problem?
  Thanks !
  <Email Edited By Host>

  I'm having a similar problem.  I had previously (over a year ago) purchased 2 episodes of Law &amp; Order.  Then about 2 months ago, I purchased the 3rd season of Sons of Anarchy.  When I downloaded these episodes to my iPad, about a dozen full seasons of various shows popped up, too.  No money was removed from my iTunes account &amp; theses particular shows aren't in my iTunes library on my desktop.  I've tried every which way to delete them from my ipad, but can't.  I went to the Apple store &amp; they suggested I contact expresslane.apple.com for help.  I submitted my problem, via email Friday, as they asked, but have not received any response.  Any suggestions on how to get rid of these "phantoms?".

• Everytime I purchase using iTunes on my home computer it asks me to verify my c/card, and states "Your Apple ID, ..., was just used to purchase ... from the iTunes Store on a computer or device that had not previously been associated with that Apple ID.

  When i use my laptop to make an iTunes store purchase, it always asks me to verify my account details by entering my credit card verification number. After i do this i then receive an email stating "Your Apple ID, ..., was just used to purchase ... from the iTunes Store on a computer or device that had not previously been associated with that Apple ID."
  My Laptop is my home device and apart from purchasing app's on my iphone 4, i only use my laptop to make itunes purchases.

  I'm having a similar problem.  I had previously (over a year ago) purchased 2 episodes of Law &amp; Order.  Then about 2 months ago, I purchased the 3rd season of Sons of Anarchy.  When I downloaded these episodes to my iPad, about a dozen full seasons of various shows popped up, too.  No money was removed from my iTunes account &amp; theses particular shows aren't in my iTunes library on my desktop.  I've tried every which way to delete them from my ipad, but can't.  I went to the Apple store &amp; they suggested I contact expresslane.apple.com for help.  I submitted my problem, via email Friday, as they asked, but have not received any response.  Any suggestions on how to get rid of these "phantoms?".

• After entering the redemption code from Adobe Photoshop CC, I keep getting an error saying "This card was purchased in a country that does not match your Adobe ID. You can try signing in with a different Adobe ID or get in touch with us if you need help."

  Hi. I'm a Mac user. After entering the redemption code from Adobe Photoshop CC, I keep getting an error saying "This card was purchased in a country that does not match your Adobe ID. You can try signing in with a different Adobe ID or get in touch with us if you need help." What should I do?

  Did you purchase the software in another country than where you live?