URGENT: handshake failure
I'm trying to connect to a site (https://secure.web.telia.com) using URLConnection in J2SDK1.4rc1. No problem loading the page in IE6, but with JSSE, I get:
��javax.net.ssl.SSLException: error while writing to socket
End of handshake:
��init context
��trigger seeding of SecureRandom
��done seeding SecureRandom
��%% No cached client session
��*** ClientHello, v3.1
��RandomCookie: GMT: 1012760556 bytes = { 102, 53, 25, 80, 221, 29, 6, 175, 85, 97, 24, 116, 33, 6, 88, 150, 96, 57, 222, 232, 51, 91, 136, 253, 219, 227, 46, 105 }
��Session ID: {}
��Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
��Compression Methods: { 0 }
��***
��[write] MD5 and SHA1 hashes: len = 59
��0000: 01 00 00 37 03 01 3C 5E 80 EC 66 35 19 50 DD 1D ...7..<^..f5.P..
��0010: 06 AF 55 61 18 74 21 06 58 96 60 39 DE E8 33 5B ..Ua.t!.X.`9..3[
��0020: 88 FD DB E3 2E 69 00 00 10 00 05 00 04 00 09 00 .....i..........
��0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
��main, WRITE: SSL v3.1 Handshake, length = 59
��[write] MD5 and SHA1 hashes: len = 77
��0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
��0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
��0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 3C 5E 80 .............<^.
��0030: EC 66 35 19 50 DD 1D 06 AF 55 61 18 74 21 06 58 .f5.P....Ua.t!.X
��0040: 96 60 39 DE E8 33 5B 88 FD DB E3 2E 69 .`9..3[.....i
��main, WRITE: SSL v2, contentType = 22, translated length = 16310
��main, SEND SSL v3.1 ALERT: fatal, description = close_notify
��main, WRITE: SSL v3.1 Alert, length = 2
Please help me if you can! I can't find any workaround for this!
Bye,
��Dag
Certainly,
Here's the code:
URL url = new URL("https://secure.web.telia.com");
URLConnection uCon = url.openConnection();
BufferedReader br = new BufferedReader(new InputStreamReader(uCon.getInputStream()));
StringBuffer page = new StringBuffer(4096);
String line;
while ((line = br.readLine()) != null) {
page.append( line ).append("\n");
System.out.println(page);
br.close();
and here's the trace:
javax.net.ssl.SSLException: error while writing to socket
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:58)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:556)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6275)
at TestGET.main(TestGET.java:67) (the third bodeline above)
Similar Messages
-
Hi,
I have to establish the connection from SAP WebAS to an Apache server via HTTPS. The Apache authentication is based on client certificates. But I'm still unable to establish a connection. Everything runs fine via HTTPS if client certificate authentication is disabled on Apache (anonymous access). But as soon as client authentication is enabled, the icm log displays the following failure:
[Thr 1800] *** ERROR during SecudeSSL_Read() from SSL_read()==SSL_ERROR_SSL
[Thr 1800] session uses PSE file "/usr/sap/E3T/DVEBMGS00/sec/SAPSSLC.pse";;
[Thr 1800] SecudeSSL_Read: SSL_read() failed --
secude_error 536872195 (0x20000503) = "handshake failure"
[Thr 1800] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 1800] ERROR in ssl3_read_bytes: (536872195/0x20000503) handshake failure
WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSLv3 handshake failure alert message from the peer
[Thr 1800] << ---------- End of Secude-SSL Errorstack ----------
[Thr 1800] <<- ERROR: SapSSLRead(sssl_hdl=0x115f8a310)==SSSLERR_SSL_READ
[Thr 1800] ->> SapSSLErrorName(rc=-58)
[Thr 1800] <<- SapSSLErrorName()==SSSLERR_SSL_READ
[Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): SapSSLRead returned (-58): SSSLERR_SSL_READ [icxxthrio_mt 2539]
[Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): read failed (rc = -1) [icxxthrio_mt 2611]
[Thr 1800] *** ERROR => IcmHandleNetRead(id=3/1967): IcmReadFromConn failed (rc = -1) [icxxthrio_mt 1304]
In the Apache logs, it seems that SAP is not sending a client certificate. So Apache closes the connection. Do you have an idea how I can make SAP WebAS send the certificate ?
Thanks in advance
ChristanHi,
>Because the third line in your log says that no PSE could be found?
I'm not sure of that.
Here is an extract of the log of an ICM starting without a client certificate in STRUST
[Thr 4392] = secudessl_Create_SSL_CTX(): PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLC.pse" not found,
[Thr 4392] = using PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLS.pse" as fallback
[Thr 4392] ******** Warning ********
[Thr 4392] *** No SSL-client PSE "SAPSSLC.pse" available
[Thr 4392] *** this will probably limit SSL-client side connectivity
[Thr 4392] ********
[Thr 4392] = Success SapCryptoLib SSL ready!
Here is an extract of the log of an ICM starting with a client certificate in STRUST.
[Thr 9208] =================================================
[Thr 9208] = SSL Initialization on PC with Windows NT
[Thr 9208] = (700_REL,Mar 19 2007,mt,ascii,SAP_UC/size_t/void* = 16/64/64)
[Thr 9208] SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
resulting Filename = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
[Thr 9208] = found SAPCRYPTOLIB 5.5.5C pl17 (Aug 18 2005) MT-safe
[Thr 9208] = current UserID: BT0D0000\SAPServiceDXI
[Thr 9208] = found SECUDIR environment variable
[Thr 9208] = using SECUDIR=I:\usr\sap\DXI\DVEBMGS68\sec
[Thr 9208] = Success SapCryptoLib SSL ready!
Christian,
Could you restart the ICM and check the trace file to find out if you get the message about a missing SAPSSLC.pse ?
Regards,
Olivier
[Thr 9208] ================================================= -
AS2 using HTTPS - Handshake failure # null
Hello,
I have scenario IDoc - PI - AS2 using HTTPS.
when i am trying to send data it is giving me "Handshake Failure" error.
I have check certificate and configuration properly.
Parnter is saying "your client doesnu2019t sent the requested client certificate"
following are traces:
20120102 061927 011 SECS I SES_INIT (83903899) Netprof : NP_AS2_CERT_Sender_TEST selected [src_addr="---Hostname/port"] [dest_addr="hostname/port"]
20120102 061927 013 SECS I SES_INIT (83903899) Server TLS Security Profile : TLS_AS2_SRV_CERT_Port selected
20120102 061927 103 NET I CONN_RESP (17809) incoming connection response [resp_add=""]
20120102 061929 030 SECS I C_BUILD (83903899) Server Certificate sent: Receiver_Partner
20120102 061929 030 SECS I C_BUILD (83903899) Server Certificate sent: VeriSign Class 3 International
20120102 061929 030 SECS I C_BUILD (83903899) Server Certificate sent: VeriSign Class 3 Public Primary
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KRAFT Root Prod CA
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KRAFT Root Test CA
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KnorrPrandel (SIGN) New
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KnorrPrandel (SSL) New
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 MarkantSyntradeRoot
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 ProcterGambleProd
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: D-TRUST Root Class 2 CA 2007
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: Entrust.net CA
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: EquifaxSecure(4Bacardi)
20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: Sender RootCA (Sender)
20120102 061929 053 NET W TLSALSND (17809) alert 40 sent (handshake failure)
20120102 061929 105 NET I DISC_REQ (17809) disconnection request [reason="0"]
Please suggest.
//ManishaHello,
have u downloaded the certificate from the vendor url and uploaded in STRUST.
have u restarted ICM through SMICM. did connection test in SM 59 ? what is the response ???
Regards,
Phani -
Erro SOAP Receiver: handshake failure
Pessoal, boa tarde.
Tenho um Canal de Comunicação SOAP Receiver, com autenticação por usuário e senha.
Ao enviar a requisição para o Channel, é gerado o seguinte erro:
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Category>XIAdapterFramework</SAP:Category>
<SAP:Code area="MESSAGE">GENERAL</SAP:Code>
<SAP:P1 />
<SAP:P2 />
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.RecoverableException: Peer sent alert: Alert Fatal: handshake failure: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure</SAP:AdditionalText>
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack />
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
mencionando problema de handshake.
No log Java, encontrei as seguintes mensagens:
p.aii.af.soapadapter#co
ssl_debug(6603): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(6603): Received v3 server_hello handshake message.
ssl_debug(6603): Server selected SSL version 3.1.
ssl_debug(6603): Server created new session CA:23:B4:0E:C7:16:0A:8F...
ssl_debug(6603): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(6603): CompressionMethod selected by server: NULL
ssl_debug(6603): Received certificate handshake message with server certificate.
ssl_debug(6603): Server sent a 1024 bit RSA certificate, chain has 1 elements.
ssl_debug(6603): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(6603): Received server_hello_done handshake message.
ssl_debug(6603): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(6603): Sending change_cipher_spec message...
ssl_debug(6603): Sending finished message...
ssl_debug(6603): Received alert message: Alert Fatal: handshake failure
ssl_debug(6603): SSLException while handshaking: Peer sent alert: Alert Fatal: handshake failure
ssl_debug(6603): Shutting down SSL layer...
Alguém já viu este erro e teria alguma informação a respeito?
Desde já agradeço.
Pedro BaroniCarlos,
Em nosso cenário não utilizamos Certificado, porém em contato com o Fornecedor dos WebServices, identificamos o problema na aplicação dele, pois haviam configurado para somente aceitar conexões com Certificado. Porém o problema já foi corrigido na aplicação dele e a Interface voltou a funcionar.
Obrigado. -
Hello everyone
here iam struggling with a problem, of handshake failure. the synoptical story is
1. I am developing a java client to connect a payware merchant server at a port 3443 through SSL, with package JSSE from JDK1.4.1 on windows 2000 using socket API.
2. I got the two server certificates namely ca.pem and client.pem. I feel these are server's public key and CA key. Is it right? I have to keep these certificates in the client's keystore. Here itself, i feel the problem is. How to create a keystore for adding these certificates at client's machine using keytool.
a) If i create using "keytool -genkey" and there after, i try
to add above certificates, i am getting the exceptions,
and not adding these certificates.
3. here i don't want to have client side certificates, i.e one way handshaking, or in otherwards, it is server authentication only.
4. after this process i am using below code and trying to contact, iam getting the handshake failure exception, why I unable to resolve this.
the code i am using:
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.net.ssl.*;
import java.security.cert.X509Certificate;
import java.security.cert.*;
import java.security.KeyStore;
* This example demostrates how to use a SSLSocket as client to
* send a request through SSL socket and get response from a server developed
* in C++. Communication through the SSL layers.
* It assumes that the client is not behind a firewall
public class TestSocketClient {
public static void main(String[] args) throws Exception {
try {
// System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
// java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.debug","SSL");
System.setProperty("javax.net.ssl.TrustStore","testkeys");
System.setProperty("javax.net.ssl.TrustStorePassword","passphrase");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
KeyStore ks = KeyStore.getInstance("JKS");
char[] pass = "passphrase".toCharArray();
ks.load(new FileInputStream("testkeys"),pass);
kmf.init(ks,pass);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
X509TrustManager xtm =new MyX509TrustManager();
TrustManager[] tm = {xtm};
tmf.init(ks);
SSLContext context = SSLContext.getInstance("SSL");
java.security.SecureRandom sr = new java.security.SecureRandom();
context.init(kmf.getKeyManagers(),tm,sr);
SSLSocketFactory sslfactory = context.getSocketFactory();
/* SSLSocketFactory factory =
(SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket =
(SSLSocket)sslfactory.createSocket("10.0.0.20",3443);
// socket.setNeedClientAuth(true);
String[] protocols = {"SSLv3","TLSv1"};
socket.setEnabledProtocols(protocols);
// socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
OutputStream os;
System.out.println("socket is created.");
* send http request
* Before any application data is sent or received, the
* SSL socket will do SSL handshaking first to set up
* the security attributes.
* SSL handshaking can be initiated by either flushing data
* down the pipe, or by starting the handshaking by hand.
* Handshaking is started manually in this example because
* PrintWriter catches all IOExceptions (including
* SSLExceptions), sets an internal error flag, and then
* returns without rethrowing the exception.
* Unfortunately, this means any error messages are lost,
* which caused lots of confusion for others using this
* code. The only way to tell there was an error is to call
* PrintWriter.checkError().
System.out.println(" just before handshake ");
// socket.setNeedClientAuth(false);
// socket.startHandshake();
// System.out.println(" Hand shake is completed ");
PrintWriter out = new PrintWriter(
socket.getOutputStream());
System.out.println(" print writer object is created ");
String s="GET http://www.verisign.com/index.html HTTP/1.1";
byte[] b1=s.getBytes("ISO-8859-1");
// out.println("GET http://www.verisign.com/index.html HTTP/1.1");
// os.write(b1);
out.print(b1);
System.out.println(" print is created ");
out.flush();
BufferedReader in = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));
String inputLine=null;
System.out.println("The input line is: "+inputLine);
while ((inputLine = in.readLine()) != null) {
System.out.println("Received messages from here.");
System.out.println(inputLine);
// out.close();
System.out.println(" output is trying to flushing the data ");
* Make sure there were no surprises
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");
/* read response */
in.close();
out.close();
socket.close();
} catch (Exception e) {
System.out.println(" the exception is "+e);
e.printStackTrace();
System.exit(0);
debugging information:
---------- Run the application ----------
found key for : duke
chain [0] = [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [ 3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V1
Subject: ST=Dublin, L=Leopardstown, OU=Banking Support, O=Trintech Technologies, CN=trintech.com, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@749757
Validity: [From: Fri Aug 23 13:05:43 GMT+03:00 2002,
To: Sun Sep 22 13:05:43 GMT+03:00 2002]
Issuer: CN=TEST RSA CERTIFICATION AUTHORITY - FOR INTERNAL TESTING PURPOSES ONLY - NO LIABILITY, OU=Banking Division, O=Trintech Technologies Ltd, L=Dublin, ST=County Dublin, C=IE
SerialNumber: [ f0]
Algorithm: [MD5withRSA]
Signature:
0000: 7F 7A 9C F6 9D 6D AF AF 2D D4 4F 92 39 4E 95 9B .z...m..-.O.9N..
0010: 2C 50 76 59 BB E1 27 02 86 DC DB 72 99 7C 97 11 ,PvY..'....r....
0020: 11 36 97 F3 53 E0 68 DB A9 98 B7 94 EF 17 6D 91 .6..S.h.......m.
0030: 81 14 FE B6 33 7C 60 CA 13 12 13 EB 75 E7 23 0C ....3.`.....u.#.
0040: A5 AB 6D F5 0B A2 DA B6 12 DD 48 43 4C AC 80 79 ..m.......HCL..y
0050: 7F EF 98 E7 5A 67 D5 20 C8 91 C2 32 10 F4 F8 02 ....Zg. ...2....
0060: B8 44 45 AC 45 24 57 12 60 12 03 6F 9C 50 CB D4 .DE.E$W.`..o.P..
0070: 8F C5 E5 FB AE 44 0B BC D1 F3 A8 EE 78 64 C0 CF .....D......xd..
adding private entry as trusted cert: [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [ 3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@dfafd1
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
adding as trusted cert: [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a8c488
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
trigger seeding of SecureRandom
done seeding SecureRandom
socket is created.
just before handshake
print writer object is created
print is created
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 987413342 bytes = { 254, 80, 236, 112, 44, 177, 113, 24, 240, 17, 19, 124, 170, 193, 156, 242, 6, 94, 107, 49, 236, 18, 211, 50, 196, 36, 58, 91 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 3B DB BB 5E FE 50 EC 70 2C B1 ...7..;..^.P.p,.
0010: 71 18 F0 11 13 7C AA C1 9C F2 06 5E 6B 31 EC 12 q..........^k1..
0020: D3 32 C4 24 3A 5B 00 00 10 00 05 00 04 00 09 00 .2.$:[..........
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
main, READ: SSL v3.0 Handshake, length = 74
*** ServerHello, v3.0
RandomCookie: GMT: 1019049914 bytes = { 146, 60, 74, 221, 254, 223, 224, 218, 86, 64, 214, 127, 32, 0, 235, 238, 181, 210, 212, 218, 141, 38, 198, 142, 110, 175, 146, 113 }
Session ID: {1, 241, 227, 143, 175, 90, 192, 25, 155, 216, 173, 103, 159, 41, 90, 222, 86, 8, 76, 153, 122, 138, 88, 120, 112, 104, 65, 202, 147, 134, 163, 143}
Cipher Suite: { 0, 10 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
** SSL_RSA_WITH_3DES_EDE_CBC_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 00 3D BD 78 BA 92 3C 4A DD FE DF ...F..=.x..<J...
0010: E0 DA 56 40 D6 7F 20 00 EB EE B5 D2 D4 DA 8D 26 ..V@.. ........&
0020: C6 8E 6E AF 92 71 20 01 F1 E3 8F AF 5A C0 19 9B ..n..q .....Z...
0030: D8 AD 67 9F 29 5A DE 56 08 4C 99 7A 8A 58 78 70 ..g.)Z.V.L.z.Xxp
0040: 68 41 CA 93 86 A3 8F 00 0A 00 hA........
main, READ: SSL v3.0 Handshake, length = 1561
*** Certificate chain
chain [0] = [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d251a3
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
chain [1] = [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@edc073
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
[read] MD5 and SHA1 hashes: len = 1561
0000: 0B 00 06 15 00 06 12 00 02 F5 30 82 02 F1 30 82 ..........0...0.
0010: 02 5A A0 03 02 01 02 02 03 08 B1 FA 30 0D 06 09 .Z..........0...
0020: 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 C4 31 0B *.H........0..1.
0030: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0040: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0050: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0060: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0070: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0080: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0090: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
00A0: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
00B0: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00C0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00D0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00E0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00F0: 6F 6D 30 1E 17 0D 30 32 30 31 30 38 31 34 34 38 om0...0201081448
0100: 30 31 5A 17 0D 30 33 30 31 30 38 31 34 34 38 30 01Z..03010814480
0110: 31 5A 30 81 8E 31 0B 30 09 06 03 55 04 06 13 02 1Z0..1.0...U....
0120: 4B 57 31 17 30 15 06 03 55 04 03 13 0E 51 75 61 KW1.0...U....Qua
0130: 6C 69 74 79 6E 65 74 2E 6E 65 74 31 37 30 35 06 litynet.net1705.
0140: 03 55 04 0A 13 2E 51 75 61 6C 69 74 79 6E 65 74 .U....Qualitynet
0150: 20 47 65 6E 65 72 61 6C 20 54 72 61 64 69 6E 67 General Trading
0160: 20 61 6E 64 20 43 6F 6E 74 72 61 63 74 69 6E 67 and Contracting
0170: 20 43 6F 2E 31 0C 30 0A 06 03 55 04 0B 13 03 49 Co.1.0...U....I
0180: 53 50 31 0F 30 0D 06 03 55 04 07 13 06 4B 75 77 SP1.0...U....Kuw
0190: 61 69 74 31 0E 30 0C 06 03 55 04 08 13 05 53 61 ait1.0...U....Sa
01A0: 66 61 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D fat0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: B3 22 23 70 88 16 D8 60 DA A4 CF FF 87 57 54 69 ."#p...`.....WTi
01D0: 53 66 7F 92 A5 38 80 EB E4 AB 12 68 72 AF 91 28 Sf...8.....hr..(
01E0: 26 34 D6 E3 D4 F5 6C C2 69 A3 FF E6 DC 5F C9 A1 &4....l.i...._..
01F0: D9 57 22 45 DB 7F 48 6B 6A 10 8C 85 0D 73 C4 0D .W"E..Hkj....s..
0200: B8 18 5D 89 09 D6 D1 83 B6 1A CF 90 12 80 8B F0 ..].............
0210: 0D 9D CD CC C0 7A 92 86 22 AD A6 EC 4A 57 D5 A2 .....z.."...JW..
0220: 0C 27 C6 3D BC AC 34 6A 3F E6 EC 06 8C 59 8D 1A .'.=..4j?....Y..
0230: 5E 55 9C 28 9B D9 EA 33 B0 D2 82 3B C8 83 02 B5 ^U.(...3...;....
0240: 02 03 01 00 01 A3 25 30 23 30 13 06 03 55 1D 25 ......%0#0...U.%
0250: 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0C ..0...+.......0.
0260: 06 03 55 1D 13 01 01 FF 04 02 30 00 30 0D 06 09 ..U.......0.0...
0270: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 01 *.H.............
0280: 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE 0D &....ih1.Dl.$^..
0290: AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 74 ..'....P."..).0t
02A0: 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 63 8..$5....P..^..c
02B0: B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 F0 ...[..y(+.SJ].0.
02C0: 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 DC rS]=.1u.o...A...
02D0: 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 E6 ,d..ey..M.s.a>..
02E0: 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 56 N *.h...wR...N.V
02F0: 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D 00 ...._. .........
0300: 03 17 30 82 03 13 30 82 02 7C A0 03 02 01 02 02 ..0...0.........
0310: 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
0320: 00 30 81 C4 31 0B 30 09 06 03 55 04 06 13 02 5A .0..1.0...U....Z
0330: 41 31 15 30 13 06 03 55 04 08 13 0C 57 65 73 74 A1.0...U....West
0340: 65 72 6E 20 43 61 70 65 31 12 30 10 06 03 55 04 ern Cape1.0...U.
0350: 07 13 09 43 61 70 65 20 54 6F 77 6E 31 1D 30 1B ...Cape Town1.0.
0360: 06 03 55 04 0A 13 14 54 68 61 77 74 65 20 43 6F ..U....Thawte Co
0370: 6E 73 75 6C 74 69 6E 67 20 63 63 31 28 30 26 06 nsulting cc1(0&.
0380: 03 55 04 0B 13 1F 43 65 72 74 69 66 69 63 61 74 .U....Certificat
0390: 69 6F 6E 20 53 65 72 76 69 63 65 73 20 44 69 76 ion Services Div
03A0: 69 73 69 6F 6E 31 19 30 17 06 03 55 04 03 13 10 ision1.0...U....
03B0: 54 68 61 77 74 65 20 53 65 72 76 65 72 20 43 41 Thawte Server CA
03C0: 31 26 30 24 06 09 2A 86 48 86 F7 0D 01 09 01 16 1&0$..*.H.......
03D0: 17 73 65 72 76 65 72 2D 63 65 72 74 73 40 74 68 .server-certs@th
03E0: 61 77 74 65 2E 63 6F 6D 30 1E 17 0D 39 36 30 38 awte.com0...9608
03F0: 30 31 30 30 30 30 30 30 5A 17 0D 32 30 31 32 33 01000000Z..20123
0400: 31 32 33 35 39 35 39 5A 30 81 C4 31 0B 30 09 06 1235959Z0..1.0..
0410: 03 55 04 06 13 02 5A 41 31 15 30 13 06 03 55 04 .U....ZA1.0...U.
0420: 08 13 0C 57 65 73 74 65 72 6E 20 43 61 70 65 31 ...Western Cape1
0430: 12 30 10 06 03 55 04 07 13 09 43 61 70 65 20 54 .0...U....Cape T
0440: 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 14 54 68 own1.0...U....Th
0450: 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 6E 67 20 awte Consulting
0460: 63 63 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 cc1(0&..U....Cer
0470: 74 69 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 tification Servi
0480: 63 65 73 20 44 69 76 69 73 69 6F 6E 31 19 30 17 ces Division1.0.
0490: 06 03 55 04 03 13 10 54 68 61 77 74 65 20 53 65 ..U....Thawte Se
04A0: 72 76 65 72 20 43 41 31 26 30 24 06 09 2A 86 48 rver CA1&0$..*.H
04B0: 86 F7 0D 01 09 01 16 17 73 65 72 76 65 72 2D 63 ........server-c
04C0: 65 72 74 73 40 74 68 61 77 74 65 2E 63 6F 6D 30 [email protected]
04D0: 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 ..0...*.H.......
04E0: 00 03 81 8D 00 30 81 89 02 81 81 00 D3 A4 50 6E .....0........Pn
04F0: C8 FF 56 6B E6 CF 5D B6 EA 0C 68 75 47 A2 AA C2 ..Vk..]...huG...
0500: DA 84 25 FC A8 F4 47 51 DA 85 B5 20 74 94 86 1E ..%...GQ... t...
0510: 0F 75 C9 E9 08 61 F5 06 6D 30 6E 15 19 02 E9 52 .u...a..m0n....R
0520: C0 62 DB 4D 99 9E E2 6A 0C 44 38 CD FE BE E3 64 .b.M...j.D8....d
0530: 09 70 C5 FE B1 6B 29 B6 2F 49 C8 3B D4 27 04 25 .p...k)./I.;.'.%
0540: 10 97 2F E7 90 6D C0 28 42 99 D7 4C 43 DE C3 F5 ../..m.(B..LC...
0550: 21 6D 54 9F 5D C3 58 E1 C0 E4 D9 5B B0 B8 DC B4 !mT.].X....[....
0560: 7B DF 36 3A C2 B5 66 22 12 D6 87 0D 02 03 01 00 ..6:..f"........
0570: 01 A3 13 30 11 30 0F 06 03 55 1D 13 01 01 FF 04 ...0.0...U......
0580: 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D .0....0...*.H...
0590: 01 01 04 05 00 03 81 81 00 07 FA 4C 69 5C FB 95 ...........Li\..
05A0: CC 46 EE 85 83 4D 21 30 8E CA D9 A8 6F 49 1A E6 .F...M!0....oI..
05B0: DA 51 E3 60 70 6C 84 61 11 A1 1A C8 48 3E 59 43 .Q.`pl.a....H>YC
05C0: 7D 4F 95 3D A1 8B B7 0B 62 98 7A 75 8A DD 88 4E .O.=....b.zu...N
05D0: 4E 9E 40 DB A8 CC 32 74 B9 6F 0D C6 E3 B3 44 0B [email protected].
05E0: D9 8A 6F 9A 29 9B 99 18 28 3B D1 E3 40 28 9A 5A ..o.)...(;..@(.Z
05F0: 3C D5 B5 E7 20 1B 8B CA A4 AB 8D E9 51 D9 E2 4C <... .......Q..L
0600: 2C 59 A9 DA B9 B2 75 1B F6 42 F2 EF C7 F2 18 F9 ,Y....u..B......
0610: 89 BC A3 FF 8A 23 2E 70 47 .....#.pG
main, READ: SSL v3.0 Handshake, length = 210
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
[read] MD5 and SHA1 hashes: len = 210
0000: 0D 00 00 CE 02 01 02 00 C9 00 C7 30 81 C4 31 0B ...........0..1.
0010: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0020: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0030: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0040: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0050: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0060: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0070: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
0080: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
0090: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00A0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00B0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00C0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00D0: 6F 6D om
main, READ: SSL v3.0 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
main, SEND SSL v3.0 ALERT: warning, description = no_certificate
main, WRITE: SSL v3.0 Alert, length = 2
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.0
Random Secret: { 3, 0, 57, 228, 245, 13, 91, 181, 92, 129, 234, 123, 199, 2, 84, 156, 170, 175, 48, 221, 204, 142, 18, 177, 69, 95, 165, 11, 196, 105, 168, 66, 230, 117, 243, 61, 22, 60, 41, 203, 229, 232, 240, 78, 200, 114, 53, 56 }
[write] MD5 and SHA1 hashes: len = 132
0000: 10 00 00 80 78 F9 25 03 98 3E C5 F7 8D 63 17 F2 ....x.%..>...c..
0010: 5A 0F 3D 7C D1 DB 3C 88 69 A1 1F 0F A0 E0 54 AC Z.=...<.i.....T.
0020: 99 8D 4F EC C7 74 F2 BA 8E AD C3 A0 B4 91 E9 1C ..O..t..........
0030: 74 75 2F 89 26 7C 82 6A 70 1F 72 50 F0 07 41 38 tu/.&..jp.rP..A8
0040: 4B 5A 8A F2 DE 61 1A 9D 34 2A 1D 0C C1 9D EC CA KZ...a..4*......
0050: 27 D7 93 3E B1 17 4A 48 62 5E 47 DA 70 6B 10 A2 '..>..JHb^G.pk..
0060: 29 99 3D 17 93 0D B2 FB DF EB 5C 13 91 72 FB 6C ).=.......\..r.l
0070: AD 6D 4D 46 F7 B3 AB 02 76 61 F8 0E 03 7D 32 AF .mMF....va....2.
0080: 3A 53 64 B0 :Sd.
main, WRITE: SSL v3.0 Handshake, length = 132
SESSION KEYGEN:
PreMaster Secret:
0000: 03 00 39 E4 F5 0D 5B B5 5C 81 EA 7B C7 02 54 9C ..9...[.\.....T.
0010: AA AF 30 DD CC 8E 12 B1 45 5F A5 0B C4 69 A8 42 ..0.....E_...i.B
0020: E6 75 F3 3D 16 3C 29 CB E5 E8 F0 4E C8 72 35 38 .u.=.<)....N.r58
CONNECTION KEYGEN:
Client Nonce:
0000: 3B DB BB 5E FE 50 EC 70 2C B1 71 18 F0 11 13 7C ;..^.P.p,.q.....
0010: AA C1 9C F2 06 5E 6B 31 EC 12 D3 32 C4 24 3A 5B .....^k1...2.$:[
Server Nonce:
0000: 3D BD 78 BA 92 3C 4A DD FE DF E0 DA 56 40 D6 7F =.x..<J.....V@..
0010: 20 00 EB EE B5 D2 D4 DA 8D 26 C6 8E 6E AF 92 71 ........&..n..q
Master Secret:
0000: 85 D3 60 38 ED 28 6E 78 A3 1E 6D 6D AB 16 28 00 ..`8.(nx..mm..(.
0010: 43 13 02 A9 27 41 29 52 31 2E E8 4F AD C9 18 2B C...'A)R1..O...+
0020: 32 CE 4F 54 C5 82 24 4D E5 F2 6F 4D 28 E3 F6 BB 2.OT..$M..oM(...
Client MAC write Secret:
0000: CD A6 10 71 07 C6 D4 DE 67 17 3B E1 FD ED D3 1A ...q....g.;.....
0010: 1F C2 0A F0 ....
Server MAC write Secret:
0000: 4D 72 94 AD 25 0C 13 8A 8C 38 99 D7 A7 5C 9C EA Mr..%....8...\..
0010: BC 6D 05 D3 .m..
Client write key:
0000: AF 2E A1 B1 F5 65 C0 DC 06 A9 0B 2F 6D 50 9D AD .....e...../mP..
0010: 9C 54 81 C0 C2 CA 00 1F .T......
Server write key:
0000: C8 D1 05 53 51 AC 90 ED A4 E2 4B ED 9E 51 21 DC ...SQ.....K..Q!.
0010: B6 5C EC 2A AA F9 8F 78 .\.*...x
Client write IV:
0000: 2F 8F 34 8F 63 A6 35 28 /.4.c.5(
Server write IV:
0000: 8F FF D3 C1 AC 32 3D 96 .....2=.
main, WRITE: SSL v3.0 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
*** Finished, v3.0
MD5 Hash: { 210, 197, 57, 55, 38, 216, 173, 32, 214, 81, 225, 100, 54, 5, 93, 247 }
SHA1 Hash: { 183, 114, 192, 183, 141, 75, 236, 153, 35, 197, 117, 135, 145, 199, 218, 137, 187, 186, 216, 148 }
[write] MD5 and SHA1 hashes: len = 40
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 ........
Padded plaintext before ENCRYPTION: len = 64
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 D9 CB BD E2 60 63 C1 09 ............`c..
0030: 3D CD A5 EF 06 89 80 FA 47 D8 4A 9A 03 03 03 03 =.......G.J.....
main, WRITE: SSL v3.0 Handshake, length = 64
main, READ: SSL v3.0 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
the exception is java.net.SocketException: Socket is closed
java.net.SocketException: Socket is closed
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getInputStream(DashoA6275)
at TestSocketClient.main(TestSocketClient.java:108)
Normal Termination
Output completed (9 sec consumed).
Hope somebody came across this situation....... waiting for your appreciate response.
thanksHi,
This might not solve all your problems, but it should allow you to load the certificates into a keystore programmatically in Java.
2. I got the two server certificates namely ca.pem and
client.pem. I feel these are server's public key and
CA key. Is it right?You should proabably find out what they are, and make sure they
are certificates.
How to create a keystore for adding these
certificates at client's machine using keytool. Here is how you can create a keystore (in memory) and load the
certificates (if that's what they are) into the keystore:
// assuming you are using X.509 certificates
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream certFile = new FileInputStream("pathToCert");
Certificate cert = cf.generateCertificate( certFile );
KeyStore trustedks = KeyStore.getInstance("JKS");
// this essentially initializes a keystor in memeory
trustedks.load(null,null);
// substitute "alias" with "server" and "ca" respectively for your case
// though I find it doesn't matter what their alias is.
trustedks.setCertificateEntry( "alias", certificate );
// continue as you did in your example and use this new trusted keystore
Cheers,
Jason -
I am trying to configure e-mail on NSD 7.0.3 appliance. Our mail server is Lotus Domino 9.0.1 and it supports imaps protocol. A mailbox has been created for NSD and I can successfully connect to it using Thunderbird. I can also connect by using "openssl s_client" from the command line of NSD appliance. But when I configure relevant fields in NSD:
Incoming server: ourserver.ourdomain.com
Protocol: IMAPS
Port: <blank>
Username: ServiceDesk
Password: <correct_password>
...and press Test, I receive an error message:
Error connecting to host: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
(I ran tcpdump on the appliance while pressing Test, and the dump output shows NSD server connecting to IMAP server on port 993, IMAP server sending back the certificate and then NSD server responding with "Handshake failure".
IMAP server admin has enabled the use of SSLv2 on server side, but that doesn't seem to change the situation.
Is there anything that we can do on NSD side to get this working? Obviously we could try using plain IMAP (port 143) with all the security impliactions, but we prefer the traffic to be encrypted.vatson,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Handshake failure with client authentication
Hi,
I am using the JDK1.4 beta 3 to accomplish the following: I want to request an HTML page on an Apache webserver configured with SSL and client-authentication. It works with Netscape and Internet Explorer (and also with the openssl s_client test program)...
But now I want to try it using Java... So, I wrote a very simple program based on some examples found on this forum... But i keep getting the following error (excerpt from the javax.net.debug=all command)
As you can see the server request a client certificate that's issued by the certificate authority mentioned...
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<[email protected], CN=Andy Zaidman, OU=stage, O=Kava's Certif
icate Authority, L=Antwerp, ST=Antwerp, C=BE>
[read] MD5 and SHA1 hashes: len = 180
0000: 0D 00 00 B0 02 01 02 00 AB 00 A9 30 81 A6 31 0B ...........0..1.
0010: 30 09 06 03 55 04 06 13 02 42 45 31 10 30 0E 06 0...U....BE1.0..
0020: 03 55 04 08 13 07 41 6E 74 77 65 72 70 31 10 30 .U....Antwerp1.0
0030: 0E 06 03 55 04 07 13 07 41 6E 74 77 65 72 70 31 ...U....Antwerp1
0040: 25 30 23 06 03 55 04 0A 13 1C 4B 61 76 61 27 73 %0#..U....Kava's
0050: 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 Certificate Aut
0060: 68 6F 72 69 74 79 31 0E 30 0C 06 03 55 04 0B 13 hority1.0...U...
0070: 05 73 74 61 67 65 31 15 30 13 06 03 55 04 03 13 .stage1.0...U...
0080: 0C 41 6E 64 79 20 5A 61 69 64 6D 61 6E 31 25 30 .Andy Zaidman1%0
0090: 23 06 09 2A 86 48 86 F7 0D 01 09 01 16 16 41 6E #..*.H........An
00A0: 64 79 2E 5A 61 69 64 6D 61 6E 40 75 69 61 2E 61 [email protected]
00B0: 63 2E 62 65 c.be
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 38, 54, 219, 158, 32, 158, 155, 15, 55, 137, 216, 164, 4
5, 65, 153, 142, 200, 98, 57, 251, 55, 6, 46, 124, 181, 161, 164, 234, 218, 75,
195, 72, 218, 187, 182, 197, 4, 11, 249, 45, 3, 136, 207, 114, 236, 172 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 64 92 2E .............d..
0010: 42 2C A5 79 1D 2B A9 A5 D0 46 2A 1F 67 F3 49 28 B,.y.+...F*.g.I(
0020: E0 ED 1D 85 E3 06 22 49 8A 79 02 48 E2 DD E6 75 ......"I.y.H...u
0030: F3 C0 D3 A8 31 C0 18 94 7C 81 24 75 6A A1 0C 4F ....1.....$uj..O
0040: 99 03 66 B8 37 4F 05 0D 5D CD F2 A0 10 F5 D5 F5 ..f.7O..].......
0050: 50 66 49 91 CA C0 18 F1 07 E9 70 D0 CB EA 70 D3 PfI.......p...p.
0060: 8E 13 55 E7 43 BD 94 1C D3 96 1F E9 67 93 57 62 ..U.C.......g.Wb
0070: 91 5C E6 ED B1 75 9C A8 55 B7 50 DE CE 9B 1C EE .\...u..U.P.....
0080: 57 62 20 9C F3 11 36 68 7A 38 62 79 D1 Wb ...6hz8by.
main, WRITE: SSL v3.1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 26 36 DB 9E 20 9E 9B 0F 37 89 D8 A4 2D 41 ..&6.. ...7...-A
0010: 99 8E C8 62 39 FB 37 06 2E 7C B5 A1 A4 EA DA 4B ...b9.7........K
0020: C3 48 DA BB B6 C5 04 0B F9 2D 03 88 CF 72 EC AC .H.......-...r..
CONNECTION KEYGEN:
Client Nonce:
0000: 3B E9 51 EF F3 13 65 11 4E D6 B7 B1 9F E8 F6 CB ;.Q...e.N.......
0010: B5 2B 34 8F 87 53 66 61 33 BF 5A AD 7D 22 57 7D .+4..Sfa3.Z.."W.
Server Nonce:
0000: 3B E9 53 4E 03 37 E9 CD E8 DB 7C 54 9A 9E 53 B9 ;.SN.7.....T..S.
0010: 78 E0 36 DF 06 17 07 90 2C D1 83 5E 20 05 DC E9 x.6.....,..^ ...
Master Secret:
0000: B5 A0 37 0A 2C 29 AD AC 99 B6 2F E0 4D 80 38 68 ..7.,)..../.M.8h
0010: F7 4F 24 C4 AA 8C ED 25 A9 D6 90 33 4B 5A 0B 1D .O$....%...3KZ..
0020: 11 A5 C9 E8 DB DE EF 9B 8D EB 7C 84 D6 AC 94 4F ...............O
Client MAC write Secret:
0000: F5 AF 61 5B B4 C2 A8 12 DA 7A FE A6 82 79 7F FC ..a[.....z...y..
0010: B9 86 B2 C0 ....
Server MAC write Secret:
0000: 62 22 C6 39 91 E4 45 50 2A 49 E0 26 CF 16 3E 6A b".9..EP*I.&..>j
0010: 46 19 00 D9 F...
Client write key:
0000: D9 D2 99 89 5C CA 2E 7D F3 B8 52 24 9E 01 9B 3B ....\.....R$...;
Server write key:
0000: 37 C3 37 78 8B 85 B0 FE 01 83 E2 6C F7 C6 73 33 7.7x.......l..s3
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished, v3.1
verify_data: { 51, 236, 194, 3, 230, 37, 147, 76, 251, 233, 132, 207 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
Plaintext before ENCRYPTION: len = 36
0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
0010: 64 30 E3 0B 31 CF 7D C7 D6 17 D8 FB 31 23 F9 34 d0..1.......1#.4
0020: 5D B9 47 F9 ].G.
main, WRITE: SSL v3.1 Handshake, length = 36
main, READ: SSL v3.1 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:61)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at HttpClient.main(HttpClient.java:105)
Now, I am sure the certificate is in the keystore, because one of the first things I do in the program is print the certificates available in the keystore...
Does anyone know what I'm doing wrong? If you need the code to make a proper judgement, I will post it...
Tnx in advance!
Greetz,
Andy Zaidman
[email protected]import java.net.*;
import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import java.util.*;
public class HttpClient
public HttpClient(){}
public static void main (String args[])
try
//This is my server certificate - public key
String serverCertificateFile = "MyCA.cer";
//This is my client personal certificate
String clientCertificateFile = "MyPersonal.pfx";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
KeyStore ks = KeyStore.getInstance("JKS");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
ks.load(null, null);
java.security.cert.X509Certificate the_cert = (java.security.cert.X509Certificate) cf.generateCertificate(new FileInputStream(serverCertificateFile));
ks.setCertificateEntry("server", the_cert);
tmf.init(ks);
for (Enumeration e = ks.aliases() ; e.hasMoreElements() ;)
System.out.println(ks.getCertificate(e.nextElement().toString()).toString());
KeyStore ks2 = KeyStore.getInstance("PKCS12", "SunJSSE");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
ks2.load(null, null);
FileInputStream fin = new FileInputStream(clientCertificateFile);
ks2.load(fin, "xxx".toCharArray());
kmf.init(ks2, "xxx".toCharArray());
fin.close();
for (Enumeration e = ks2.aliases() ; e.hasMoreElements() ;)
System.out.println(ks2.getCertificate(e.nextElement().toString()).toString());
SSLContext ctx = SSLContext.getInstance("SSLv3");
KeyManager[] km = kmf.getKeyManagers();
for(int i = 0; i < km.length; ++i)
System.out.println(km);
TrustManager[] tm = tmf.getTrustManagers();
ctx.init(km, tm, null);
// connection part
SSLSocketFactory factory = ctx.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket("localhost", 443);
for(int i = 0; i < socket.getEnabledCipherSuites().length; ++i)
System.out.println(socket.getEnabledCipherSuites()[i]);
socket.startHandshake();
PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
out.println("GET " + "/" + " HTTP/1.1");
out.println();
out.flush();
catch(Exception e)
e.printStackTrace(); -
Handshake Failure: EOFException
I've moved this question from a reply to an earlier question to here because it covers a different problem to the initial one...
I'm trying to establish a TCP connetion between a Java cclient application and a C++ server. At the client end (where I'm working), SSLSockets are used to careted the connection.
Having loaded all my certs & keys into JS Keystores and then into KeyStore objects, my attempted connection is failing with what could be no response from the server.
There is a chance that I set up my JKS files incorrectly but I would have thought that I would see different errors if this were the case. as it is, the client seems to get no repsonse from the server (despite the fact that C++ clients on the same machine are able to connect successfully)
Q: What can I tell from the following debug info? Is it that the server is simply not responding? Or could there be a chance that the JKS files I generated are wrong:
NB: the server details are as follows:
Encryption method used - TLSv1
Using self-signed certificates
Using both server and clients certificates
Private keys of server and clients certificates are encrypted with a pass phrase for extra security
Output
========================
*** ClientHello, TLSv1
RandomCookie: GMT: 1186518602 bytes = { 142, 68, 187, 5, 96, 173, 37, 16, 173, 228, 209, 83, 43, 124, 226, 61, 146, 147, 228, 218, 4, 96, 75, 161, 75, 79, 32, 254 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
IO exception, ioe=javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshakeThanks - that worked a treat!
I specified "TLSv1" as the only enabled protocol (made it configurable)and there were no handshake errors after that. -
Hi ,
In SE10 i have sucessfully transported the Workbench task. but while transporting the Workbench request i am getting this error " Test call of transport control program (tp) ended with return code 0212" .
I have done the check also for the request and it shows no error
Kindly help on solving this issue
Suitable answers will be rewarded
Regards,
Kasi SHi,
The sapnotes 216703 seems to solve your problem.
Solution
Use a newer R3trans. The following versions are available on the service
machines. What is common to all of them is that they are registered with a date
as of 21.04.00 (or later).
1. 45B: This is R3trans version 6.05 (release 45B - 21.04.00 - 23:53:00).
2. 46B: This is R3trans version 6.05 (release 46B - 21.04.00 - 23:53:00).
Hopes it will help you.
Thanks,
Sriram Ponna. -
Urgent: IDoc failures due to Chart of Accounts Not Found
We are posting IDoc FIDCC2.
The IDoc is failing with Error "G/L account 'XXXXXX' is not defined in chart of accounts XXX".
We went into Transaction f.10 and can see the the G/L account setup correctly.
I believe there is some configuration issue and these accounts are setup incorrectly. Please advice....
thanks!!
RonGo to FSP0 and check whether the account exists in CoA.
Hope that helps..
Thanks,
Nandita -
What does this mean? None of our PC users can login to their profiles right now.
[2008/09/18 09:01:43, 0, pid=79438] /SourceCache/samba/samba-187.1/samba/source/lib/opendirectory.c:opendirectoryuser_auth_and_sessionkey(679)
dsDoDirNodeAuthOnRecordType gave -14091 [eDSAuthMethodNotSupported]
[2008/09/18 09:01:43, 0, pid=79438] /SourceCache/samba/samba-187.1/samba/source/auth/authodsam.c:opendirectory_smb_pwd_checkntlmv1(383)
opendirectoryuser_auth_and_sessionkey gave -14091 [eDSAuthMethodNotSupported]
[2008/09/18 09:01:43, 0, pid=79438] /SourceCache/samba/samba-187.1/samba/source/auth/authodsam.c:opendirectory_authuser(233)
dsDoNodeAuth gave -14091 [eDSAuthMethodNotSupported]Maybe this thread helps:
http://discussions.apple.com/thread.jspa?threadID=1219290
Cheers, Daniel -
RMI handshake failure. Different case.
Hi to all. In my case, the client starts a thread to get the remote object server. this will continue until it suceed. First i started the server, finally the client.
But when i started first the client, it fails to get the remote object server even rmi finishes to register the object server in the registry. the client thread always get a null value when trying to get the object server. Anyone experiences the same scenario?All are working fine and tested. This situation only occurs when a client thread is started first by getting the remote object server before registering the object server to the remote registry.
Client thread fails to retrieve the object server even if it is registered..
But when i started first the server, there are no problems. -
2-way handshake fails / "hanskake failure"
I'am trying to set up a 2-way hanshake with a server (Nortel Alteon SSL Accelerator).
I have the client certificate on my keystore as well as the CA Root certificate in the signers.
My java client works just fine if no client authentication is required by the server.
Also, if I test the 2-way handshake with my browser (IE), I have no problem to establish the connection after it prompted me for the appropriate (client) certificate (which I've imported into IE).
So I wonder if there is particular thing to define at the application level to explicitely return the client certificate at runtime (just like I do by clicking on the button in the IE popup) ?
Here is the main properties from JSSE, I'm using :
try {
// Use Sun's reference implementation of a URL handler
// for the HTTPS URL protocol
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
// Registers dynamically Sun's ssl provider.
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Specify the location of the truststore file
// truststore file contains key material for the TrustManager
// This file takes precedence over jssecacerts and cacerts
System.setProperty("javax.net.ssl.trustStore", _trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword",
_trustStorePassword);
endpoint = new java.net.URL(rpcrouter_address);
Here is the exception I get :
stackTrace: javax.net.ssl.SSLHandshakeException: handshake failure
at com.ibm.jsse.bd.a(Unknown Source)
at com.ibm.jsse.bd.startHandshake(Unknown Source)
Tks for the help.
--MASTanks for the attention ...
At first, I used the same file :
Ref : System.setProperty("javax.net.ssl.trustStore", _trustStorePath);
Then, I realized that it might be better to use a different one for the keys, so I've imported the client certificate into a new file and add in my code :
System.setProperty("javax.net.ssl.keyStore",_keyStorePath);
But I always get the same exception :
javax.net.ssl.SSLHandshakeException "handshake failure"
On the server's side, I have that client certificate defined. I still wonder if every thing is fine with the Alteon config (these Nortel's things are tricky ...) but again when I simulate the client authentication within IE, it works just fine.
--MAS -
LDAP security authentication in weblogic sp4 (URGENT)
We have a web application which interacts to the D/B to authenticate a user during our login process. Now we are trying to change the login to LDAP authentication. Here is the List I did on weblogic configuration correct me if this is correct or if am missing any thing.
1. Created a Realm
2. Created a NOVELL LDAP Authenticator (configured user, groups, members, Novell LDAP, Details)
3. Created a X.509 certificates ????? Do I need to create this one for authentication. The only question is I am confused by these parameters and help me out in figuring out these:
a. filter attributes = cn=$subj.cn
b. username attribute = cn
c. userCertificate;binary ??? ( I have a certificate idmtree.der where do I add configuration about this certificate in the console)>>>>>>>>
d. certificate mapping : ou=user,ou=$subj.ou,o=$subj.o,c=$subj.c (IS THIS CORRECT)
4. created a new Weblogic Default Authorizer...
5. created a new Weblogic Default Role Mapper...
6. created a new Weblogic Default Credential Mapper ...(Do I need to setup my certificate inside this credential mapper or not.)
7. I made this realm as the DEFAULT realm and started the server
I get the following exception.
Initializing RoleMapper provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift.>
The RoleMapper provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift>
Initializing Authorizer provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift.>
The Authorizer provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift>
Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure.>
Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:205)
at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:262)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:581)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:700)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:822)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
at weblogic.Server.main(Server.java:32)
>
####<Apr 6, 2006 10:42:55 AM CDT> <Emergency> <WebLogicServer> <DXPCHI029398> <myserver> <main> <<WLS Kernel>> <> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]>
ANY HELP on this would be greatly appreciated am totally exhausted seeing these error messages from morning.
I would like to know if I need a client for connecting to this LDAP authenticator. As am using the Novell API to access the LDAP directory. Let me know, and if so can some one provide me a snippet code.\
Waiting for response.
thanks in advance
kiranHi Christoper,
Based on your description, this seems to be more of a security related question than a workshop one.
Please post to the security newsgroup at http://forums.bea.com/bea/category.jspa?categoryID=2011
with information on service pack installed
Thanks
Raj -
SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
Hello everybody,
I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".
Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.
Below is the SSL debug log
ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...
ssl_debug(15): Received v3 server_hello handshake message.
ssl_debug(15): Server selected SSL version 3.1.
ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...
ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(15): CompressionMethod selected by server: NULL
ssl_debug(15): Server does not supports secure renegotiation.
ssl_debug(15): Received certificate handshake message with server certificate.
ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.
ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(15): Received certificate_request handshake message.
ssl_debug(15): Accepted certificate types: RSA, DSA
ssl_debug(15): Accepted certificate authorities:
ssl_debug(15): CN=XXXXXXXXXXXXXXXXXXXXXXXX
ssl_debug(15): CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15): CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15): Received server_hello_done handshake message.
ssl_debug(15): Sending certificate handshake message with RSA client certificate...
ssl_debug(15): Sending client_key_exchange handshake...
ssl_debug(15): Sending certificate_verify handshake message...
ssl_debug(15): Sending change_cipher_spec message...
ssl_debug(15): Sending finished message...
ssl_debug(15): Received alert message: Alert Fatal: decrypt error
ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
ssl_debug(15): Shutting down SSL layer...
My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).
Does somebody have an idea what could cause this SSL handshake failure?
Best regards,
MaximThe XPI inspector gave more understanding of the situation. It shows which certificates the remote server is sending, which client certificate is used for authentication and many other topics. Interesting enough the XPI inspector shows that PI trusts the server key whereas the NWA log at the very same time tells that it doesn't. I have posted an OSS message asking to explain why there is this discrepancy.
Maybe you are looking for
-
Using Thunderbird 31.5.0. Windows 8.1 (unfortunate garbage version)
-
[SOLVED]Keyboard layout changed.
Hi i did a major upgrade yesterday, having waited to do an upgrade for a few weeks because of wonky nvidia drivers i finally managed to Syu yesterday and upgraded 133 packages. Everything works fine it seems apart from one thing i noticed this mornin
-
Additional text field in Infoset deleted but not reflected in field selection in Query
Hi, I have deleted an additional text field in infoset. It was used in one query. Even in the query it is deleted, but when in field selection screen i am not able to delete. If i try to execute the query, I get dump (syntax error) saying in field ty
-
I have a star schema that has the Customer Dim hooked to the invoice fact 3 times. Aliased Sold to, Ship to and End user. I pull Sold to name into excel and any measure and the query returns almost instantaneously. I pull the ship to name in and t
-
Macbook pro,mac os x( leopard) ( 10.4.11 )
can anyone please help me how to figure out a way to use this computer to write a book. I will need to use this computer to simply write a book as if i were using a typewriter.