Using trusted certificates to avoid
I have a certain presumption I wish to confirm.
Presumption: When an SSL client attempts to make a connection to a remote host, once that connection is made, the client says (i.e, behaves as if he says), "I know what site I want to connect to. I have attempted a connect to that URL. I am now connected to some site but I will not allow this connection to proceed unless the remote host presents evidence he is who I think he is." whereupon the remote host presents all the certificates he has available (from jssecacerts file, I think). The client host compares each presented certificate in turn to the list of trusted certificates he has in his keystore (cacerts). When he finds one that is a match the client says, "Okay, I will allow this connection to proceed." and moves on. If the client does not find a match he aborts the connection and throws the exception which reports "unable to find a valid path to the requested target."
Now, my presumption is that the remote host may have purchased a certificate from one of the "trusted authorities" such as verisign, thawte, geotrust, etc. and have imported that certificate into his jssecacerts file. Therefore presenting that certificate, among others, when asked by the enquiring client. The client compares that certificate to his cacerts file and finds there a base certificate (by following the "trust chain") from, say, verisign from which his presented certificate has been derived. Therefore the client is able to follow the "trust chain" up from the remote server's certificate to the trusted base certificate already existing in the client's cacerts keystore and, therby, be able to accept the connection to the remote host.
Is that the way it works? So I can avoid either causing the client visiting my server site to throw the "unable to find ... to requested target" exception and to prevent the client which may be connectiong via a browser from having to ask the user to say, "Yes. I am willing to accept this unknown site as a trusted site."
Correct?
Thanks.
Is that the way it works?Yes.
So I can avoid either
causing the client visiting my server site to throw
the "unable to find ... to requested target"
exception and to prevent the client which may be
connectiong via a browser from having to ask the user
to say, "Yes. I am willing to accept this unknown
site as a trusted site."Yes.
However note that what SSL is doing here is authentication, i.e. proving that the site is who it says it is. Whether that's the site you want, i.e. whether you want to authorize communications with that host, is ineradicably up to the application. And that's what handshake completion listeners and HostnameVerifiers are for.
Too many people in these forums try to achieve authorization via the SSL truststore. That's not what it's for.
Similar Messages
-
Issue while signing a jar using RSA certificate
Hi,
I am trying to sign a java applet using trusted certificate with the help of Java keytool and jarsigner of JRE1.6. For this I have followed the following steps:
1.Generated key pair in a keystore - keytool -genkeypair -keyalg RSA -alias eaikey -keystore eaikeystore -validity 3650 -keysize 2048
2.Generated CSR using command keytool -certreq -alias eaikey -file eaicert.csr -keystore eaikeystore and send the .csr file to the CA
3.CA has returned the certificate reply (.cer file)that contained a root certificate
4.When I tried to import the certificate using command keytool -import -file eaicert.cer -alias eaicertkey -keystore eaikeystore to keystore, initially it gave me error as Input not an X.509 certificate.So I opened the .cer file in my text editor and removed the texts before the Begin And End Certificate.Then it got imported correctly by running the
5.When I tried to sign the jar using command jarsigner application.jar eaicertkey -keystore eaikeystore
it gave the exception as jarsigner: Certificate chain not found for: eaicertkey. eaicertkey must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
Please help me with the step I am missing here.I doubt I am doing something wrong in the import step.
Thanks in advance.you can mail me directly to [email protected], and I'll try to help.
no guarenty :-)
Tal
[email protected] -
How can i Use SERVLET with RMI to avoid trust certificate
I know that for begining RMI, you must launch the server and the client.
for the server i use :
java -Djavax.net.ssl.trustStore=server.keystore -Djavax.net.ssl.keyStore=server.keystore -Djavax.net.ssl.keyStorePassword=server TestServer
for the client I use :
java -Djavax.net.ssl.trustStore=client.keystore -Djavax.net.ssl.keyStore=client.keystore -Djavax.net.ssl.keyStorePassword=client TestClient
and all work fine.
but i want to use a servlet for rmi client and i wrote this:
public class AppelServlet extends HttpServlet
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
try
System.out.println("Registering secure RMI socket factory ...");
java.rmi.server.RMISocketFactory.setSocketFactory(new SecureRMISocketFactory());
TestRemote test = (TestRemote) Naming.lookup("rmi://127.0.0.1:7123/TestClient");
String reponse=test.toLowerCase("HELLO WORLD");
System.out.println("la reponse est : "+reponse);
catch (Exception e)
System.out.println("test client exception: " +e);
PrintWriter out = response.getWriter();
response.setContentType("text/html");
and i have the following error on tomcat:
Registering secure RMI socket factory ...
test client exception: java.rmi.ConnectIOException: error during JRMP connection
establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate
i think i must precise how to indicate the truststore like in the first case.
help me please.
hamdiHi,
Try doing the following steps.
Assuming you have a certificate obtained
Export the certificate into a .cer file.
On IE, goto tools->internet options->content->certificates, and export to a .cer file.
Using keytool of java import the certificate to the store that can be used doing the following command.
keytool -import -alias <ailas> -file < .cer filename> -keystore <storename here>
set the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword properties at the command prompt using the command below.
java -Djavax.net.ssl.trustStore=<storename> -Djavax.net.ssl.trustStorePassword=<password> <classname>
Let me know if this helped.
Also take a look at this link for using RMI with SSL
http://java.sun.com/products/jdk/1.2/docs/guide/rmi/SSLInfo.html
Regards,
Roopasri Vittal
Developer Technical Support
Sun Microsystems
http://sun.com/developers/support -
Hi all ,
I would like to know about the trust store and trust root certificates . Please let me know why we have to use these certificates and in which scenario it could be helpful?Hi All,
Please help me in advise for my query.
Thanks,
Sriram -
No trusted certificate found error while running a webservice
Hi,
I created a stub to a webservice and then tried to invoke the webservice using a simple java class
in JDeveloper. While running the java client to invoke the webservice i get this below mentioned error
SOAPException: faultCode=SOAP-ENV:IOException; msg=sun.security.validator.ValidatorException: No trusted certificate found; targetException=javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at org.apache.soap.SOAPException.<init>(SOAPException.java:78)
Kindly have a solution for what to be done on this.
Thanks,
Ramesh.R
Edited by: Ramesh_R on Jan 20, 2010 10:28 AMhave to import the certificate in the cacerts of the Jdev jre/lib/security/cacerts file
Edited by: Ramesh_R on 16-Jan-2011 02:40 -
Problem in Authenticating Clients using SSL certificates in EP 7.0
Hi all,
Our team is configuring client authentication using ssl certificates to Enterprise Portal 7.0. We have exhausted our search on SDN and have also brought SAP on board to resolve this issue.
We have completed our configuration as defined in following links
http://help.sap.com/saphelp_nw04/helpdata/en/8a/8bc061dcf64638aa695f250ce7ca78/content.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/b0/881e3e3986f701e10000000a114084/content.htm
and SAP note 583439.
But once a client types in the portal URL a message is shown that your certificate will be mapped to your user. Although we have manually mapped our certificate to a particular user but every time it asks for user ID and password.
So in short it dosent authenticate users on their certicates.
Following are snaps that I have taken from my default logs.
Latest snap.
Date , Time , Message , Severity , Category , Location , Application , User
02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:296 , ssl_debug(74): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Wrote 147 bytes in 1 records, 126 bytes net, 126 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Read 672 bytes in 1 records, 651 bytes net, 651 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Sending alert: Alert Warning: close notify , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Wrote 9523 bytes in 24 records, 9019 bytes net, 375 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Read 11234 bytes in 21 records, 10793 bytes net, 513 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Sending alert: Alert Warning: close notify , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:281 , ssl_debug(73): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:28:250 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:953 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:27:265 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:952 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:921 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:624 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:593 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:296 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:26:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:623 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:592 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:25:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:936 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:639 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:295 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:24:264 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:967 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:23:279 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:966 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:935 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:638 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:607 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:310 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:22:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:637 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:606 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:21:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:950 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:653 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:309 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:20:278 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:981 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:19:293 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:980 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:949 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:621 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:324 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:18:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:652 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:620 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:17:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:964 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:667 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:323 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:16:292 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:995 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:666 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:635 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:322 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:15:291 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:979 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:963 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:635 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:619 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:291 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:14:275 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:947 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:931 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:603 , ssl_debug(74): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:587 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Handshake completed, statistics: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Session added to session cache. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Received finished message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Received change_cipher_spec message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending finished message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:259 , ssl_debug(74): Sending change_cipher_spec message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Resuming previous session... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Received v3 client_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:13:243 , ssl_debug(74): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:12:462 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:12:118 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:11:774 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:11:446 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:11:102 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:10:758 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:10:414 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:10:086 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:09:742 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:09:398 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:09:054 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:08:726 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:08:382 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:08:038 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:07:694 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:07:366 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:07:022 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:06:678 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:06:334 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:06:006 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:05:662 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:05:318 , ssl_debug(73): Exception reading SSL message: java.net.SocketTimeoutException: Read timed out , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Read 153 bytes in 3 records, wrote 130 bytes in 3 records. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Handshake completed, statistics: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Session added to session cache. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Received finished message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Received change_cipher_spec message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending finished message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending change_cipher_spec message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Resuming previous session... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Client is trying to resume session 79:5C:C5:27:04:EB:FC:68... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Received v3 client_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:04:834 , ssl_debug(73): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Wrote 0 bytes in 0 records, 0 bytes net, 0 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Read 0 bytes in 0 records, 0 bytes net, 0 average. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:286 , ssl_debug(72): Exception reading SSL message: java.io.EOFException: Connection closed by remote host. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Read 943 bytes in 3 records, wrote 861 bytes in 3 records. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Handshake completed, statistics: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Session added to session cache. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending finished message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Sending change_cipher_spec message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Received finished message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Received change_cipher_spec message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Exiting method , Path , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , oid: OBJECT ID = SubjectKeyIdentifier , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Certificate: Version: 3
Serial number: 4123385933
Signature algorithm: md5WithRSAEncryption (1.2.840.113549.1.1.4)
Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US
Valid not before: Tue Feb 20 09:17:00 EST 2007
not after: Wed Feb 20 09:17:00 EST 2008
Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US
RSA public key (1024 bits):
public exponent: 10001
modulus: c1f13eb65d6d1f934c6504427dedfd963284979fd61e5d64ac8de1c647f85085f84e173d3bee65837aa97030ebfa6b9521e042b1244de3444e7e82a26a3542a419d6f0bbf276b71e0fb3083a5ed8353852816deec7dd9ceb5ded748ec4a52cb068af1a5e93299f882ee9cb531a60cb0e4b77372c832556e8d993a601d7214741
Certificate Fingerprint (MD5) : BD:B4:9E:51:A9:FA:8B:9B:40:5B:85:6E:5A:CC:B1:68
Certificate Fingerprint (SHA-1): 4B:BB:43:8C:CC:DC:A1:92:56:40:CE:0B:8E:88:DA:28:EC:2A:46:52
Extensions: 1
, Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): ChainVerifier: Found a trusted certificate, returning true , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Not after: Wed Feb 20 09:17:00 EST 2008 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Not before: Tue Feb 20 09:17:00 EST 2007 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Serial: f5c5e04d , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Issuer: CN=usmdlsdowa123.dow.com,OU=JV,O=Dow,L=Midland,C=US , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Subject: CN=nai2626,OU=J V,O=DOW,L=Midland,ST=MI,C=US , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , cert [0 of 1] , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:239 , Entering method with ([Ljava.security.cert.X509Certificate;@7bc735, iaik.security.ssl.SSLTransport@539802) , Path , , com.sap.engine.services.ssl.verifyChain () , ,
02/27/2007 , 15:14:03:239 , ssl_debug(72): Received certificate_verify handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Received client_key_exchange handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Client sent a 1024 bit RSA certificate, chain has 1 elements. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Received certificate handshake message with client certificate. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello_done handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate_request handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending certificate handshake message with server certificate... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): CompressionMethods supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): CipherSuites supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Creating new session 79:5C:C5:27:04:EB:FC:68... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:224 , ssl_debug(72): Received v2 client hello message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:14:03:146 , ssl_debug(72): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , Error in resource clean up for a disconnected client
java.lang.NullPointerException
at com.sap.engine.services.httpserver.dispatcher.Processor.closeConnection(Processor.java:1684)
at com.sap.engine.services.httpserver.dispatcher.Processor.fail(Processor.java:518)
at com.sap.engine.core.manipulator.TCPRunnableConnection.disposeConnection(TCPRunnableConnection.java:470)
at com.sap.engine.core.manipulator.TCPRunnableConnection$CloseThread.run(TCPRunnableConnection.java:1031)
at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:525)
at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
, Error , , com.sap.engine.services.httpserver.dispatcher , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): Closing transport... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , Cannot get input and output streams from socket. ConnectionsManipulator is not initialized.
[EXCEPTION]
java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(Unknown Source)
at iaik.security.ssl.o.b(Unknown Source)
at iaik.security.ssl.o.c(Unknown Source)
at iaik.security.ssl.r.f(Unknown Source)
at iaik.security.ssl.f.c(Unknown Source)
at iaik.security.ssl.f.a(Unknown Source)
at iaik.security.ssl.r.d(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
, Error , /System/Network , com.sap.engine.core.manipulator.TCPRunnableConnection.init() , ,
02/27/2007 , 15:13:59:535 , Handshake failed
[EXCEPTION]
java.io.EOFException: Connection closed by remote host.
at iaik.security.ssl.Utils.a(Unknown Source)
at iaik.security.ssl.o.b(Unknown Source)
at iaik.security.ssl.o.c(Unknown Source)
at iaik.security.ssl.r.f(Unknown Source)
at iaik.security.ssl.f.c(Unknown Source)
at iaik.security.ssl.f.a(Unknown Source)
at iaik.security.ssl.r.d(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLSocket.startHandshake(Unknown Source)
at com.sap.engine.services.ssl.factory.SSLSocket.startHandshake(SSLSocket.java:139)
at com.sap.engine.services.ssl.factory.SSLSocket.getInputStream(SSLSocket.java:257)
at com.sap.engine.core.manipulator.TCPRunnableConnection.init(TCPRunnableConnection.java:324)
at com.sap.engine.core.manipulator.TCPRunnableConnection.run(TCPRunnableConnection.java:524)
at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)
at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)
, Info , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): Shutting down SSL layer... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): Sending alert: Alert Fatal: handshake failure , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:535 , ssl_debug(71): IOException while handshaking: Connection closed by remote host. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello_done handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate_request handshake message... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending certificate handshake message with server certificate... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CompressionMethod: NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Sending server_hello handshake message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): NULL , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): CompressionMethods supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT_WITH_RC4_40_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_EXPORT1024_WITH_RC4_56_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_DES_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_3DES_EDE_CBC_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_SHA , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): SSL_RSA_WITH_RC4_128_MD5 , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): CipherSuites supported by the client: , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Creating new session 65:0B:55:9C:7D:29:83:F8... , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Client requested SSL version 3.0, selecting version 3.0. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Received v2 client hello message. , Debug , , com.sap.engine.services.ssl , ,
02/27/2007 , 15:13:59:504 , ssl_debug(71): Starting handshake (iSaSiLk 3.06)... , Debug , , com.sap.engine.services.ssl , ,
Regards,
Atif MukhtarAtif,
Did you get a solution to the problem you were having? We have a similar problem.
Thanks,
Dave -
Problems in using a certificate with different versions of JVM
Hi friends,
I am facing a typical problem:
I have to use a certificate which uses the sha1DSA signing algorithm to contact a web service(I am coding a client). I was using J2SDK_1.4.1_02 before. I added the certificate to keystore and it was working fine. But if I upgraded my JRE to 1.4.2_13 the same code doesn't work,. I got the following exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA12275)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:570)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA12275)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:263)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(HttpSOAPConnection.java:151)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:121)
at TestRequest.getCustomerInfo(TestRequest.java:60)
at TestRequest.main(TestRequest.java:122)After some investigation I found that this JRE is accepting only certificate with sha1RSA signature algorithm. Please help me if anybody knows why this occurs or is this an issue which is to be addressed in server side.Hi Michal,
Keeping in mind the recommendations of the Production Checklist...
All other things being equal, homogenous deployments are usually less prone to surprises.
But JDK 1.6 is noticeably faster than JDK 1.4, and features much better JMX support as well, so it's a probably the better option.
Jon Purdy
Oracle -
Weblogic Start script fails while Loading trusted certificates from jks
Hi,
I have a Weblogic Portal 10.3.2 installation on a Solaris Unix box. There is one Admin server and two Managed servers. I am trying to deploy an EJB based application on one of the Managed servers. Note that this application has been working fine in the Weblogic 9.2 environment.
When the Managed Server is started, I get the below messages in the Weblogic console log. We have an internal SSO authentication system, which is integrated with this application. When this integration is removed, we are able to login to the application without any issues. When it is turned on, the redirection from SSO to the application fails - most likely because of the below SSL related errors.
I have accessed the below link and accordingly set the property -Dweblogic.ssl.JSSEEnabled=true. But it didn't help.
http://justasg.blogspot.com/2012/04/tlsssl-certificate-errors-and-warnings.html
Please let me know if you have any suggestions.
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /data/applications/norkom/BEA103/wlserver_10.3/server/lib/DemoTrust.jks.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
<Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.228.12.24:7020 for protocols iiop, t3, ldap, snmp, http.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7020 for protocols iiop, t3, ldap, snmp, http.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <WebLogicServer> <BEA-000332> <Started WebLogic Managed Server "NCA_Server" for domain "norkom" running in Development Mode>
<Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
<WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
Note: We have another Solaris Unix box, with the same installation of Weblogic with the same SSO redirection, but another EJB application is deployed. Also, there is no Managed and the application is deployed on the Admin server itself. But when the server is started, I don't see any attempts to load any certificates and also there are no issues.
So either please suggest how this certificate loading can be rectified or suggest a way to disable the certificate loading (if at all its an option).
Please let me know if you need any further details.Firstly,
938767 wrote:
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
<Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>I don't think that this will be your problem... Unless you are actually using some of those certificates you can ignore those messages.
But the following looks suspicious, I guess 7022 is your SSL port...
<Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
<Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>Hope that helps.
Cheers,
Vlad
Give points - it is good etiquette to reward an answerer points (5 - helpful; 10 - correct) for their post if they answer your question. If you think this answer is helpful, please consider giving points. -
Sun.security.validator.ValidatorException: No trusted certificate found
Hello,
I am using Java 1.6.0_04 (JBoss-4.2.2.GA application). My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.
I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:
-Djavax.net.ssl.trustStore=/Path-to-file -Djavax.net.ssl.trustStorePassword=password On my development environment I can call the Web Service correctly.
Although, on the production environment, I am getting the following exception:
javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
at $Proxy171.send(Unknown Source)
at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.io.IOException: Could not transmit message
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
... 6 more
Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
333)
at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
at org.jboss.remoting.Client.invoke(Client.java:1634)
at org.jboss.remoting.Client.invoke(Client.java:548)
at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
... 9 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No truste
d certificate found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLCo
nnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:23
0)
at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
275)
... 14 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
09)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
49)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 26 more Both systems are configured with the same JBoss, JVM, ...
The certificate details are:
Owner=
CN=*...., OU=..., O=..., L=..., ST=..., C=PT
Issuer=
CN=..., O=..., C=PT
Version=3
Serial Number=BC81A81843E26C2597CD10354588F61E
Valid From=Monday, 3 March 2008 18:50
Valid Until=Tuesday, 3 March 2009 18:50
Signature Algorithm=SHA1withRSA
Fingerprints=
MD5: 0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
SHA1: 35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
Key Usage= critical
List:
. digitalSignature
. keyEncipherment
. dataEncipherment
. keyAgreement
Extended Key Usage= none
On production I have also tried adding the following properties:
-Djavax.net.ssl.keyStore=/Path-to-file -Djavax.net.ssl.keyStorePassword=password But I still get the error.
Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?
Any help would really be welcome.
Thanks in advance.
Best regards,
Victor BatistaHi,
Thanks for your prompt reply.
I have also tried to add all the chain of certificates on my truststore, although I get the exception:
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Mar 07 12:54:22 WET 2008
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:123)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
... 26 moreAnd all the certificates are valid.
I really don't understand what is going on.
Can I Ignore expired certificates? Any property?
When I use -Djavax.net.ssl.trustStore pointing to my keystore, will cacerts be also used?
Do I need to import all the certificates in the chain of the server, or the top most is sufficient?
The server where I am having the problem has limited connectivity. It should have connectivity to the issuers of the certificates, in order to validate them, or not?
Thanks in advance,
Victor -
How to use SSL certificates in OSX Server
I have setup OSX server with a host name that is pointed properly to my OSX server. My question is about using certificates that were purchased through my domain registrar.
I bought a cert and after the validation process, I was given a link to download 4 certificate files.
AddTrustExternalCARoot.crt
DV_NetworkSolutionsDVServerCA2.crt
DV_USERTrustRSACertificationAuthority.crt
[domain name].crt
So after downloading these and opening them one by one, I installed them in the keychain as a system cert.
The part I cant figure out is how to use the domain cert instead of the one that the server creates upon completion of setup (the self signed one).
On the certificate selection in the sidebar, I can choose Import a certificate identity, but when I drag my domain cert into the box, it shows up as a non-identity cert and the Import button is still grayed out. I dragged all four certs there and all of them show as non-identity certs.
If I go down the path of the Get a Trusted Certificate, it takes me through the CSR request which I dont think I need since i have my certificates already.
Am I missing a step? Or do I need to export from the keychain, then import into the server application? Seems like the new certificates should show up in the server application. Any help would be greatly appreciated.I got the answer and wanted to post for anyone that happened to have this question.
During the SSL cert setup, it asks where your domain is hosted and since it was hosted by Network Solutions, I chose that option which doesnt do the CSR request. I had to choose Other/VPS.
Once I did that, I was able to generate a CSR in the server application and get my certificate issued again by pasting the request code on my registrars website. Once I received those certs, I dragged my domain cert into the Pending one listed in the certificate list.
Also I chose Apache/ModSSL as the type of server. Hope that helps and new people like myself in setting up the server application. -
Trusted certificates from your previous version of Adobe Reader were found.
After upgrading Adobe Reader from 10 to 11, some users are getting "Adobe Reader Security - Trusted certificates from your previous version of Adobe Reader were found. Would you like to import them." I need to know what registry settings we can modify to either set this automatically to "Import" or "Use Default" I need to add one of these options into our Adobe Reader Settings GPO that is using group policy preferences. This only appears for users who have data in C:\Users\%username%\AppData\Roaming\Adobe\Acrobat\10.0\Security and only the very first time the user opens Adobe Reader after the upgrade per user profile on a given server.
I'm not sure this is true: "If they don't exist then there is no dialog. " Could be, but I've never heard of it.
However, acrodata files perform a number of functions for several features, so removing them is unwise. Also, they will just come back when a user exercizes certain features.
Better to just turn off the feature with the supported preference.
Ben -
Problems trusting certificates from other users
I'm unable to trust certificates from users when the email address on their certificate does not precisely match the From address of the message. The mismatch is typically something like a From address of [email protected] and a certificate address of doe.john.12345.
Mail says "Unable to verify message signature" when I select the message. I click "Show Details" followed by "Show Certificate". I then get an option to check "Messages from xxx are valid if signed by yyy", which I do followed by clicking "OK".
The yellow "Unable verify message signature" bar stays in place. Repeating the above process shows that the the option to trust the validity is again unchecked. However, in the area with certificate, it lists that the certificate is trusted for the email address in the From field.
Any idea what's going on here?
Thanks,
AndreasI should add that this happens when using certs that were signed with a CAC. I have an ORC ECA cert.
—Andreas -
Seeburger AS2 error: No Trusted Certificate found
Dear SAP experts,
Good day!
Need your expert advice regarding the error that I am getting in Seeburger AS2.
Here's the scenario:
SAP XI is sending messages to Trading Partner via AS2 adapter which resides in Seeburger.
I've trigerred already messages but they are getting this kind of error:
Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # : javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER.
Kindly advice if there are missing or invalid certificates on both sides?
What would be the cause of the issue?
Many Thanks!
GodoGodo,
I think you are using secure communication for your seeburger CC. Can you pls. check if you have installed(keystore) certifcate on J2EE engine and configured certificate provided by ftp client in your CC.
Also one more important thing,
Make sure that you have entry with ftp server name and correspoding ip address in hosts.inc on a system where your adapter engine resides.
Check detail error messsage at:
http://XI server : port / nwa --> Message Monitoring --> Logs and Trances and select DefaultTrace in second drop down list. You will find all events details with description. ( If you run your interface and check you will find recent activities on XI server. Hope this will give you much better picture)
Hope this will help.
Nilesh -
HTTPS/SSL client using 'myproxy' certificates
Hi, I'm trying to write a java client that will achieve the same as the following curl command:
/usr/bin/curl -k --cert /tmp/x509up_u10002 https://mysecure_server
The cert specified is obtained from a myproxy server (http://grid.ncsa.uiuc.edu/myproxy/)
I have written a java client that works fine if its given a p12 certificate and password but I meed it to work with the passwordless cert obtained from the myproxy server.
I believe that the cert /tmp/x509up_u10002 is in pem format.
All my attempts result in errors such as :
sun.security.validator.ValidatorException: No trusted certificate found
(this is despite having the ca cert in the truststore AND an 'all-trusting' TrustManager)
or
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
or even
java.io.IOException: toDerInputStream rejects tag type 45 ?????
I'm totally new to this security stuff and would very much appreciate any help or pointers.
Will the java security mechanisms support such a cert without a password?
Many Thanks
Keithhi all i am new in using cURl with java and has to perform following work by curl with java i.e.
when a user submit the form then the java class get the submitted webpage along with data from the user side to our side without connecting to db and aslo i am getting of verifying the type of certificate i am using.
Message was edited by:
centurions -
Using PFX certificate to call web services
Hi,
I need to use a PFX certificate to invoke a web services over HTTPS using a simple Java client; I've followed these steps:
1 - convert .pfx certificate in .cer format: I've imported the certificate in Internet Explorer and then exported in .cer format
2 - write a simple code before invocation of web service like this: System.setProperty("javax.net.ssl.trustStore","C:\\myCertificate.cer");
System.setProperty("javax.net.ssl.trustStoreType","PKCS12");
System.setProperty("javax.net.ssl.trustStorePassword","myPwd");but it does'nt work and this exception occured:
java.net.SocketException: Default SSL context init failed: DerInputStream.getLength(): lengthTag=109, too big.Then I've tried to import my certificate in a jsk keystore by keystore tool; after I've changed my code like this:
System.setProperty("javax.net.ssl.keyStore","C:\\myjks.jks");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.keyStorePassword","myPwd");but the eception is:
sun.security.validator.ValidatorException: No trusted certificate foundWich are the right stpes to use a pfx certificate in a Java environment?
Thanks in advance.
RobI've resolved my problem coding a custom SecureSocketFactory which I load programmatically into my SSL Context and then activate in my Axis client:
public class MySocketFactory implements SecureSocketFactory {
private Hashtable ht;
public MySocketFactory(Hashtable ht) throws Exception {
this.ht = ht;
public Socket create(String host, int port, StringBuffer hds,
BooleanHolder bh) throws Exception {
SSLSocket theSocket = null;
try {
KeyStore keyStoreKeys;
KeyManagerFactory keyMgrFactory;
SSLContext sslContext;
keyStoreKeys = KeyStore.getInstance("PKCS12");
keyStoreKeys.load(new FileInputStream("mykey.pfx"),"mypwd".toCharArray());
keyMgrFactory = KeyManagerFactory.getInstance("SunX509");
keyMgrFactory.init(keyStoreKeys, "mypwd".toCharArray());
sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyMgrFactory.getKeyManagers(), null, null);
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
theSocket = (SSLSocket) socketFactory.createSocket(host, port);
} catch (Exception e) {
e.printStackTrace();
return theSocket;
}Then, in my proxy client, I activate in Axis my factory by this statement:
AxisProperties.setProperty("org.apache.axis.components.net.SecureSocketFactory", "socketfactory.MySocketFactory");bye
Rob
Maybe you are looking for
-
Hi, I have a windows 2008 R2 Enterprise servers with standalone MS-SQL 2008 R2 named instance. The server is having two networks, once production and the second for backup. The server FQDN is resolving to the production IP. The backup NIC DNS dyn
-
Increase internal table memory
Dear Techis, How to increase size of internal table. while executing it gettin in DUMP. I checked wid basis consultanat the Heap memory is more than sufficient, but still my report is not gettin executed its showin dump . Will anybody pls tell me is
-
HT1651 How to install itunes in macbook 2008
how to intsall itunes in 2008 macbook
-
Reader X has stopped working error message, when you close program
I have a user that gets the error message that reader has stopped working, whenever she closes reader. Uninstall and re-install has not helped
-
Dear all, I have to migrate data. One object is the Material Contract: Contract In the SAP Purchasing component, a type of "outline agreement", or longer-term buying arrangement. The contract is a binding commitment to procure a certain material or s