Verisign certificate & Chain File Name

Similar Messages

• SSL for Weblogic 6.0: Server Certificate Chain File & Verisign

  http://www.bea.com/support/askbea/wls/S-07188.shtml
  This issue attempts to explain what a "certificate chain file" is for. I still don't understand why this is so difficult. Where do I get this from?
  At the end of the article it points me here:
  http://www.verisign.com/repository/root.html
  And vaguely tells me to convert the unspecified format on that page using a utility from OpenSSL. The format on that page is NOT .pem, what is it? Which utility do I use, and HOW do I convert the root server CA on that page to .der format?
  Thanks for tips!

  Unfortunately this is a missleading exception you are getting.
  Here is a suggested workaround (at-least to get SSL working )
  https://www.verisign.com/server/prg/browser/root.html
  I have been meet same question as you.
  The Server Certificate Chain File obtained from your Browser (such as IE5.5 )
  Jason Pettiss <[email protected]> wrote:
  http://www.bea.com/support/askbea/wls/S-07188.shtml
  This issue attempts to explain what a "certificate chain file" is for.
  I still don't understand why this is so difficult. Where do I get
  this from?
  At the end of the article it points me here:
  http://www.verisign.com/repository/root.html
  And vaguely tells me to convert the unspecified format on that page using
  a utility from OpenSSL. The format on that page is NOT .pem, what is
  it? Which utility do I use, and HOW do I convert the root server
  CA on that page to .der format?
  Thanks for tips!

• How to get the Server Certificate Chain File?

  Hi all,
  I config the SSL for weblogic 6.0 on a Win2k Machine .I followed WebLogic
  documentation:
  Generate a private key file, then submit to Verisign, get the certificate
  file.
  Because I have only one WebLogic server. I clear the "Server Certificate
  Chain File" field.
  But I get error message after reboot WebLogic. Following is the error
  message:
  <2001-1-21 04:57:56 pm> <Alert> <WebLogicServer> <Inconsistent security con
  figuration, java.lang.Exception: Required file server-certchain.pem which is
  spe
  cified by ServerCertificateChainFileName, was not found>
  java.lang.Exception: Required file server-certchain.pem which is specified
  by Se
  rverCertificateChainFileName, was not found
  at
  weblogic.t3.srvr.SSLListenThread.resolvePropertyFromLocalFile(SSLList
  enThread.java:152)
  at
  weblogic.t3.srvr.SSLListenThread.resolvePropertyFromAdminServer(SSLLi
  stenThread.java:180)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  My question is: Should I input the rootCA certificate into the Server
  Certificate Chain File field? If yes, where can I get the rootCA certificate
  file?
  Thanks

  [sorry, deleted irrelevant wrong answer]

• Certificate Chain File

  Hello,
  I have certificates from two different CAs. How can I integrate them both in a root certificate chain file, so that the WLS accepts them both?
  thnaks for zour help
  hannele

  What version of WLS? Are the CA's i PEM or DER format?
  PaulF
  Hannele <[email protected]> wrote in
  news:3d6e2971$[email protected]:
  Hello,
  I have certificates from two different CAs. How can I integrate them
  both in a root certificate chain file, so that the WLS accepts them
  both? thnaks for zour help
  hannele

• Installing Verisign Certificate for SSL - please help

  I'm trying to configure SSL for the first time on my WebLogic Server 6.1 SP1 instance
  on a Win2K Server. I have used the built-in certificate generator servlet to
  generate a CSR. I sent the CSR to Verisign and received a certificate back (looks
  like it's in .pem format). Now, I've gone to the admin console and entered what
  I thought were the right values in the right places, but WLServer doesn't seem
  to like what I've entered and/or the files themselves. Here's what I have:
  Server Key File Name: config/mydomain/my_domain_com-key.der (name changed of course
  from the actual domain name) - This is the file generated automatically by the
  certificate servlet that I moved into this directory.
  Server Certificate File Name: config/mydomain/mycert.pem (this is the file that
  was sent to me by Verisign, supposedly my 40-bit certificate).
  Server Certificate Chain File Name: config/mydomain/verisignca.pem (I created
  this file by going to the verisign site and copy/pasting their .pem format 'intermediate'
  cert into this file - documentation real fuzzy on this step so it's probably wrong).
  SSL is enabled, listening on the default port of 7001, client certificate not
  enforced.
  Now, when I boot the server, I get the following error in the log file: ####<Nov
  19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver> <main>
  <system> <> <000296> <Security configuration problem with certificate file config/mydomain/my_domain_com-key.der,
  java.io.EOFException>.
  What am I doing wrong here? I thought i put that file in the location I specified,
  so does that error mean it can't find it or that the file itself is corrupt?
  That's just the file that was autogenerated by the servlet, i don't see how it
  could be corrupt! Also, I assume that's just the first error ... if I fix that
  one, there likely will be more. I especially don't understand the part about
  the chain file as the documentation is so unclear to me about putting multiple
  certs in the chain file ...
  Thanks for any pointers,
  Josh

  Hi Josh,
  Jus to reconfirm are you sure that the Server key and Server Cert are not
  interchanged ?
  The error message indicates that private key is being read as a certificate.
  Maybe its not a explicit error message and instead should be
  Security configuration problem with private key file
  config/mydomain/my_domain_com-key.der
  Are you able to run with the democerts provided with weblogic ?
  yeshwant
  <system> <> <000296> <Security configuration problem with certificate
  file config/mydomain/my_domain_com-key.der,Josh Daynard wrote:
  Hey Yeshwant,
  Thanks for the tip. I did not use a password when creating the CSR request and
  the 'Key Encrypted' box is unchecked in my console. Any other thoughts???
  Thanks,
  Josh
  Yeshwant <[email protected]> wrote:
  Hi Josh
  when you generated the csr using the certificate webapp , did you use
  a password ie are you using a password
  envrypted private key ?
  if yes you will have to provide that value in the start sript using the
  system property
  weblogic.management.pkpassword=actualpassword and also make sure that
  the Use Encrypted box is checked.
  If not make sure that the Use Encrypted box in the console under the
  ssl tab is unchecked.
  Yeshwant
  Josh Daynard wrote:
  I'm trying to configure SSL for the first time on my WebLogic Server6.1 SP1 instance
  on a Win2K Server. I have used the built-in certificate generatorservlet to
  generate a CSR. I sent the CSR to Verisign and received a certificateback (looks
  like it's in .pem format). Now, I've gone to the admin console andentered what
  I thought were the right values in the right places, but WLServer doesn'tseem
  to like what I've entered and/or the files themselves. Here's whatI have:
  Server Key File Name: config/mydomain/my_domain_com-key.der (name changedof course
  from the actual domain name) - This is the file generated automaticallyby the
  certificate servlet that I moved into this directory.
  Server Certificate File Name: config/mydomain/mycert.pem (this is thefile that
  was sent to me by Verisign, supposedly my 40-bit certificate).
  Server Certificate Chain File Name: config/mydomain/verisignca.pem(I created
  this file by going to the verisign site and copy/pasting their .pemformat 'intermediate'
  cert into this file - documentation real fuzzy on this step so it'sprobably wrong).
  SSL is enabled, listening on the default port of 7001, client certificatenot
  enforced.
  Now, when I boot the server, I get the following error in the log file:####<Nov
  19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver><main>
  <system> <> <000296> <Security configuration problem with certificatefile config/mydomain/my_domain_com-key.der,
  java.io.EOFException>.
  What am I doing wrong here? I thought i put that file in the locationI specified,
  so does that error mean it can't find it or that the file itself iscorrupt?
  That's just the file that was autogenerated by the servlet, i don'tsee how it
  could be corrupt! Also, I assume that's just the first error ... ifI fix that
  one, there likely will be more. I especially don't understand thepart about
  the chain file as the documentation is so unclear to me about puttingmultiple
  certs in the chain file ...
  Thanks for any pointers,
  Josh

• Chain interfaces to set file name in sender channel dynamically

  Hi,
  I have a requirement to use the Seeburger SFTP adapter to import a file from an external server to an SAP ECC system.
  The adapter must be Seeburger as the protocol has to be SFTP, not FTPS as with the File adapter.
  Although I can set a wildcard selection, I really want to poll for specific filenames with predetermined naming criteria.
  The sender SFTP communication channel doesn't provide any options to specify dynamic attributes but I wonder if I can link several interfaces together, please can you confirm if the following process would work conceptually:
  1) SAP ECC program runs and determines the fixed filename that I wish to import (e.g. file_abc123.xml).
  2) SAP ECC program calls an outbound proxy with a mapping to set the relevant parameter in dynamic configuration ('http://seeburger.com/xi' is the namepsace, 'dtSubject' is the parameter name for the filename of the SFTP adapter).  Besides mapping I think the Seeburger attribute mapper module could also be used to set this value.
  3) The outbound proxy is configured on the receiver side to call an SFTP sender channel (with a dummy/blank payload as we're only calling the interface to allow settng of the filename to take place) which links to an inbound service interface on the SAP ECC receiver side. 
  I don't know whether chaining of service interfaces in this fashion (receiving interface also being a sender) is a viable approach or whether there are any alternatives.
  Thanks in advance,
  Alan

  Hi Alan,
  Are the specific file names that you are polling for going to be changing or will they be fixed?  Are each of the unique names going to be processed using the same interface?  If so then I would just create multiple SFTP sender channels that poll at different intervals but use the same mappings, etc.
  Regards,
  Ryan Crosby

• Error creating AIR file: Unable to build a valid certificate chain for the signer.

  Hi, My boss got a certificate from Thawte, and I'm getting this error message when building my AIR app.
  Error creating AIR file: Unable to build a valid certificate chain for the signer.
  I'm on windows XP.
  thanks,
  steve

  To manage your code signing certificate, please see
  http://www.adobe.com/devnet/air/articles/signing_air_applications_print.html
  The error you are seeing is typically caused by exporting a cert without the trust chain.   On Windows, in IE, you can manage your keystore by going to
  Internet Options > Content > Certificates
  When you export the certificate needed for signing your app, be sure to check “Include all certificates in the certificate path, if possible”.

• Passing parameter to process chain - logical file name

  Hi,
  Is there a way to pass a parameter to a process chain? Iu2019m trying to define logical file name (via transaction FILE) allowing to point on physical files name containing a parameter to be defined at run time. Is it possible?
  Example, consider receiving file ending by a number representing its source system origin:
  Filename_1      (file coming from syst 1)
  Filename_2      (file coming from syst 2)
  As both file have the same structure I would like to specify a single datasource Filename_n and a single process chain in which I would set the parameter n at run time. Is there a way to implement that?
  I first thought about an Abap routine reading parameter in a table but than Filename_n canu2019t be treated in parallel u2026 Any other idea?
  Cheers,
  Benoit

  Hi Benoit,
  yes, it is possible to call the file paths with routine at infopackage.
  if you have only 2 file and file names are constant, then you can create 2 infopackages and keep thse two in process chain.
  Start
  I
  infopackage 1
  I
  Infopackage 2
  and from applcation sever, these files will be loaded.
  if upi have more files, you can write a routine at the selection of file path, in infopackage.
  Regards
  Daya Sagar

• Can not import Verisign certificate

  Dear all,
  I am trying to import a Verisign certificate in my ABAP BW 3.5
  Production system.This is a certificate renewal as I had a certificate there for a year that is to expire on the 12th of June. However, because of the fact that we had to change the SSL
  PSE so that it contains field SP, it is more like installing a new
  certificate.
  What I did: I deleted the old PSE that didn't have any information about the "State" field and created a new one.
  I then created the CSR request to Verisign. I received
  the response from Verisign, which I pasted in a text file together with the Verisign Intermediate and Verisign Root certificate which I used last year as well when I installed a Verisign certificate in this server for the first time.
  When I apply the response, by pasting the contents of the text
  file created above, I get the message:
  "CA Certificate missing in database"
  I have already looked at notes 508307, 518185, 510007, 1074447, 511919
  I am sure that the Verisign root and Intermediate certificates are ok because I have used them successfully in the past in the same server and recently to create the certificate chain for other system certificates of my EP 6.0 landscape.
  I am also sure that the Verisign CA root certificate exists in the
  database, I checked table STRUSTCERT and it is there. Also, if it didn't exist, I wouldn't have been able to import the Verisign certificate last year
  I haven't restarted ICM so the previous certificate still works. After the 12th of June though it will expire and all funtionality based on HTTPS in BW will not work.
  Many thanks in advance for your help
  Regards
  Andreas

  Just created a new SSL PSE and imported the certificate chain again and this time it worked...

• HTTPS Client not sending the certificate chain

  Hi,
  I have HTTPS java programme with client authendication.
  When the server request for the certificate from the client, the client is not sending the certificate chain, the server says Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
  In the client I an setting the keystore properties properly
  Below is the ssl trace from the server and the client.
  The trace clearly says that the client has loded its certificate from the key store.
  One thing I noticed is the validity period of the client certificate is different in client and the server.
  I am not sure why it is different. I followed the steps properly to create the certificate.
  Can anyone help me to resolve this
  ==========================Server Trace==========================
  SecureServer version 1.0
  found key for : server
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  trustStore is: d:\babu\ssltest\sscerts\jsseclient1
  trustStore type is : jks
  init truststore
  adding as trusted cert: [
  Version: V1
  Subject: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@166
  Validity: [From: Sun Jun 07 04:00:00 GMT+04:00 1998,
                 To: Tue Jun 07 03:59:59 GMT+04:00 2011]
  Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
  SerialNumber: [    32f057e7 153096f5 1fb86e5b 5a49104b]
  Algorithm: [SHA1withRSA]
  Signature:
  0000: A6 96 37 75 1C FD 95 95 40 E0 C9 53 25 8D E7 12 [email protected]%...
  0010: AC 44 51 10 AC F2 BA 98 4D 72 EF 0B 75 2D 51 19 .DQ.....Mr..u-Q.
  0020: 11 C9 47 E2 2F 96 67 61 0F 36 1D CA E7 C7 23 48 ..G./.ga.6....#H
  0030: 46 97 63 C4 32 AE FF 7B 5A 65 64 50 CA 67 F7 14 F.c.2...ZedP.g..
  adding as trusted cert: [
  Version: V3
  Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
  Validity: [From: Mon Oct 09 04:00:00 GMT+04:00 2006,
                 To: Tue Oct 24 03:59:59 GMT+04:00 2006]
  Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
  SerialNumber: [    5f2e369d 92ccf119 5d9a0371 c2f19ba4]
  Certificate Extensions: 6
  [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
  0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
  0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
  [2]: ObjectId: 2.5.29.31 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
  0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
  0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
  0030: 76 65 72 2E 63 72 6C ver.crl
  [3]: ObjectId: 2.5.29.37 Criticality=false
  ExtendedKeyUsages [
  [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
  [4]: ObjectId: 2.5.29.32 Criticality=false
  CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
  [PolicyQualifierInfo: [
    qualifierID: 1.3.6.1.5.5.7.2.2
    qualifier: 0000: 30 56 30 15 16 0E 56 65   72 69 53 69 67 6E 2C 20  0V0...VeriSign,
  0010: 49 6E 63 2E 30 03 02 01   01 1A 3D 56 65 72 69 53  Inc.0.....=VeriS
  0020: 69 67 6E 27 73 20 43 50   53 20 69 6E 63 6F 72 70  ign's CPS incorp
  0030: 2E 20 62 79 20 72 65 66   65 72 65 6E 63 65 20 6C  . by reference l
  0040: 69 61 62 2E 20 6C 74 64   2E 20 28 63 29 39 37 20  iab. ltd. (c)97
  0050: 56 65 72 69 53 69 67 6E                            VeriSign
  ], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
  0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 risign.com/CPS
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  DigitalSignature
  Key_Encipherment
  [6]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 9D FC BF B3 A3 5D 94 B8 44 32 23 A5 B4 C2 BD 01 .....]..D2#.....
  0010: 90 54 CE 0F 23 1A 08 9D F3 E2 55 9A 4B C9 FE 3E .T..#.....U.K..>
  0020: F8 AD 45 DF 84 53 52 87 00 FA 66 2D 35 3F 48 53 ..E..SR...f-5?HS
  0030: 4A D5 77 0F FB E4 20 1B E5 4F 19 60 F9 EC 79 FF J.w... ..O.`..y.
  trigger seeding of SecureRandom
  done seeding SecureRandom
  SecureServer is listening on port 443.
  matching alias: server
  Accepted connection to ebms.uae.ebg.com (172.16.178.62) on port 3379.
  ----------1-1-1-----
  [read] MD5 and SHA1 hashes: len = 3
  0000: 01 03 01 ...
  [read] MD5 and SHA1 hashes: len = 74
  0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
  0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
  0020: 12 00 00 03 02 00 80 00 00 11 45 29 F4 B8 D5 0B ..........E)....
  0030: F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 ..R...P..I.PF.-.
  0040: 29 47 67 95 15 48 97 75 97 2C )Gg..H.u.,
  Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
  Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  Cipher suite: SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  *** CertificateRequest
  Cert Types: RSA, DSS,
  Cert Authorities:
  <CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
  <OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
  *** ServerHelloDone
  [write] MD5 and SHA1 hashes: len = 912
  0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
  0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
  0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
  0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
  0040: F4 5B 62 D2 8B A1 D6 00 04 00 0B 00 02 18 00 02 .[b.............
  0050: 15 00 02 12 30 82 02 0E 30 82 01 77 02 04 45 28 ....0...0..w..E(
  0060: B8 A9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
  0070: 00 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 .0N1.0...U....ae
  0080: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
  0090: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
  00A0: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
  00B0: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
  00C0: 37 30 1E 17 0D 30 36 31 30 30 38 30 38 33 36 35 70...06100808365
  00D0: 37 5A 17 0D 30 37 30 31 30 36 30 38 33 36 35 37 7Z..070106083657
  00E0: 5A 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 Z0N1.0...U....ae
  00F0: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
  0100: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
  0110: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
  0120: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
  0130: 37 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 70..0...*.H.....
  0140: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 86 .......0........
  0150: FA C2 EC 96 1B 02 01 27 08 D2 70 4D 3B AE D0 38 .......'..pM;..8
  0160: 15 97 E9 1D 94 D2 BE A1 2A 54 39 F8 2E AF 71 4C ........*T9...qL
  0170: FD 9A 71 BF 8A 1E 92 9F 3A 07 DA E9 5E 49 2C C6 ..q.....:...^I,.
  0180: 7D FD AA 1F C6 13 39 38 BC 16 34 04 FE E8 6B 4C ......98..4...kL
  0190: EA E9 BA 29 58 9E 6C 61 B8 1F B8 29 6F 83 5D 44 ...)X.la...)o.]D
  01A0: 7B 47 E5 BC 8E 2E D0 C1 E0 6F 73 15 E2 03 A8 49 .G.......os....I
  01B0: C9 42 39 87 0B 70 A0 80 0D 11 98 76 AE 2B B6 A3 .B9..p.....v.+..
  01C0: 5A BA 5D 3B BF C0 90 86 F6 E3 AB 9B A0 49 02 03 Z.];.........I..
  01D0: 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 ...0...*.H......
  01E0: 05 00 03 81 81 00 54 CC 61 97 1A 69 6C 1F 4B 53 ......T.a..il.KS
  01F0: 1B 7C 54 B3 65 A9 15 C6 1A C0 1B BD FC E5 15 ED ..T.e...........
  0200: 57 F7 29 E7 5E 34 3F D3 9C 40 4E D8 0B AC 79 5B W.).^[email protected][
  0210: 01 64 4E DD D2 FE 57 6A 02 1E 8F C7 00 11 77 0F .dN...Wj......w.
  0220: C8 20 06 0E DB 78 E3 45 57 9B 7D A4 95 0C 20 85 . ...x.EW..... .
  0230: B8 A4 87 D8 AE 29 69 B5 CC DC A1 B4 32 8C 6F 77 .....)i.....2.ow
  0240: F0 9A A8 12 27 C6 96 98 E9 EB AC 74 6E 39 2C D4 ....'......tn9,.
  0250: 1B 1C A1 4B 81 C8 0B B9 CD 0A 18 DC 01 74 5D 99 ...K.........t].
  0260: 4E 14 7A 2C 37 1E 0D 00 01 22 02 01 02 01 1D 00 N.z,7...."......
  0270: 6D 30 6B 31 0B 30 09 06 03 55 04 06 13 02 41 45 m0k1.0...U....AE
  0280: 31 11 30 0F 06 03 55 04 08 13 08 65 6D 69 72 61 1.0...U....emira
  0290: 74 65 73 31 0E 30 0C 06 03 55 04 07 14 05 64 75 tes1.0...U....du
  02A0: 62 61 69 31 11 30 0F 06 03 55 04 0A 14 08 65 6D bai1.0...U....em
  02B0: 69 72 61 74 65 73 31 15 30 13 06 03 55 04 0B 14 irates1.0...U...
  02C0: 0C 65 6D 69 72 61 74 65 73 62 61 6E 6B 31 0F 30 .ebg1.0
  02D0: 0D 06 03 55 04 03 14 06 69 74 6E 35 34 37 00 AC ...U....ebms..
  02E0: 30 81 A9 31 16 30 14 06 03 55 04 0A 13 0D 56 65 0..1.0...U....Ve
  02F0: 72 69 53 69 67 6E 2C 20 49 6E 63 31 47 30 45 06 riSign, Inc1G0E.
  0300: 03 55 04 0B 13 3E 77 77 77 2E 76 65 72 69 73 69 .U...>www.verisi
  0310: 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 gn.com/repositor
  0320: 79 2F 54 65 73 74 43 50 53 20 49 6E 63 6F 72 70 y/TestCPS Incorp
  0330: 2E 20 42 79 20 52 65 66 2E 20 4C 69 61 62 2E 20 . By Ref. Liab.
  0340: 4C 54 44 2E 31 46 30 44 06 03 55 04 0B 13 3D 46 LTD.1F0D..U...=F
  0350: 6F 72 20 56 65 72 69 53 69 67 6E 20 61 75 74 68 or VeriSign auth
  0360: 6F 72 69 7A 65 64 20 74 65 73 74 69 6E 67 20 6F orized testing o
  0370: 6E 6C 79 2E 20 4E 6F 20 61 73 73 75 72 61 6E 63 nly. No assuranc
  0380: 65 73 20 28 43 29 56 53 31 39 39 37 0E 00 00 00 es (C)VS1997....
  Thread-1, WRITE: TLSv1 Handshake, length = 912
  Thread-1, READ: TLSv1 Handshake, length = 141
  *** Certificate chain
  Thread-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
  Thread-1, WRITE: TLSv1 Alert, length = 2
  Thread-1, called closeSocket()
  Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
  IOException occurred when processing request.
  Thread-1, called close()
  Thread-1, called closeInternal(true)
  ==========================Client Trace==========================
  --->>>--------
  keyStore is : d:\babu\ssltest\sscerts\clientpk1
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  found key for : client
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
  Validity: [From: Mon Oct 09 09:44:01 GMT+04:00 2006,
                 To: Sun Jan 07 09:44:01 GMT+04:00 2007]
  Issuer: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
  SerialNumber: [    4529e1a1]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 20 C7 89 9C 04 64 E8 62 AD D2 64 DD 0A E4 2A A1 ....d.b..d...*.
  0010: B6 9A B5 06 DC 3E F8 AA BE B5 8A 12 B5 75 91 EC .....>.......u..
  0020: 33 77 12 27 85 15 14 15 52 B3 7F 4B 03 18 B5 E0 3w.'....R..K....
  0030: 31 E4 0C A7 0A E1 52 3E 9F D1 58 B7 F2 CC F2 DD 1.....R>..X.....
  0040: D4 61 D6 C8 12 39 60 4D C9 FB DC 01 0C 0D FC 98 .a...9`M........
  0050: C6 AD A6 56 3E 05 1B 4E 20 1B 93 77 16 67 0E D1 ...V>..N ..w.g..
  0060: E0 A1 B6 7F CA 13 53 F2 53 92 14 63 9A 82 01 AE ......S.S..c....
  0070: 83 B2 FD FC 2E 29 22 F9 E7 18 DB 6A 14 73 83 E3 .....)"....j.s..
  trustStore is: d:\babu\ssltest\sscerts\jsseserver
  trustStore type is : jks
  init truststore
  adding as trusted cert: [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  ---<<<--------
  THE HEADERS
  ---111--------
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 59
  0000: 01 00 00 37 03 01 45 29 F4 B8 D5 0B F1 F5 52 D2 ...7..E)......R.
  0010: E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 29 47 67 95 ..P..I.PF.-.)Gg.
  0020: 15 48 97 75 97 2C 00 00 10 00 04 00 05 00 0A 00 .H.u.,..........
  0030: 13 00 09 00 12 00 03 00 11 01 00 ...........
  main, WRITE: TLSv1 Handshake, length = 59
  [write] MD5 and SHA1 hashes: len = 77
  0000: 01 03 01 00 24 00 00 00 20 00 00 04 01 00 80 00 ....$... .......
  0010: 00 05 00 00 0A 07 00 C0 00 00 13 00 00 09 06 00 ................
  0020: 40 00 00 12 00 00 03 02 00 80 00 00 11 45 29 F4 @............E).
  0030: B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 .....R...P..I.PF
  0040: AA 2D A7 29 47 67 95 15 48 97 75 97 2C .-.)Gg..H.u.,
  main, WRITE: SSLv2 client hello message, length = 77
  main, READ: TLSv1 Handshake, length = 912
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
  Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
  0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
  0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
  0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
  0040: F4 5B 62 D2 8B A1 D6 00 04 00 .[b.......
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  stop on trusted cert: [
  Version: V1
  Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
  Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
                 To: Sat Jan 06 12:36:57 GMT+04:00 2007]
  Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
  SerialNumber: [    4528b8a9]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
  0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
  0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
  0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
  0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
  0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
  0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
  0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
  [read] MD5 and SHA1 hashes: len = 540
  0000: 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30 82 ..........0...0.
  0010: 01 77 02 04 45 28 B8 A9 30 0D 06 09 2A 86 48 86 .w..E(..0...*.H.
  0020: F7 0D 01 01 04 05 00 30 4E 31 0B 30 09 06 03 55 .......0N1.0...U
  0030: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
  0040: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
  0050: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
  0060: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
  0070: 06 69 74 6E 35 34 37 30 1E 17 0D 30 36 31 30 30 .ebms0...06100
  0080: 38 30 38 33 36 35 37 5A 17 0D 30 37 30 31 30 36 8083657Z..070106
  0090: 30 38 33 36 35 37 5A 30 4E 31 0B 30 09 06 03 55 083657Z0N1.0...U
  00A0: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
  00B0: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
  00C0: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
  00D0: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
  00E0: 06 69 74 6E 35 34 37 30 81 9F 30 0D 06 09 2A 86 .ebms0..0...*.
  00F0: 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 H............0..
  0100: 02 81 81 00 9C 86 FA C2 EC 96 1B 02 01 27 08 D2 .............'..
  0110: 70 4D 3B AE D0 38 15 97 E9 1D 94 D2 BE A1 2A 54 pM;..8........*T
  0120: 39 F8 2E AF 71 4C FD 9A 71 BF 8A 1E 92 9F 3A 07 9...qL..q.....:.
  0130: DA E9 5E 49 2C C6 7D FD AA 1F C6 13 39 38 BC 16 ..^I,.......98..
  0140: 34 04 FE E8 6B 4C EA E9 BA 29 58 9E 6C 61 B8 1F 4...kL...)X.la..
  0150: B8 29 6F 83 5D 44 7B 47 E5 BC 8E 2E D0 C1 E0 6F .)o.]D.G.......o
  0160: 73 15 E2 03 A8 49 C9 42 39 87 0B 70 A0 80 0D 11 s....I.B9..p....
  0170: 98 76 AE 2B B6 A3 5A BA 5D 3B BF C0 90 86 F6 E3 .v.+..Z.];......
  0180: AB 9B A0 49 02 03 01 00 01 30 0D 06 09 2A 86 48 ...I.....0...*.H
  0190: 86 F7 0D 01 01 04 05 00 03 81 81 00 54 CC 61 97 ............T.a.
  01A0: 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 15 C6 1A C0 .il.KS..T.e.....
  01B0: 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 3F D3 9C 40 ......W.).^4?..@
  01C0: 4E D8 0B AC 79 5B 01 64 4E DD D2 FE 57 6A 02 1E N...y[.dN...Wj..
  01D0: 8F C7 00 11 77 0F C8 20 06 0E DB 78 E3 45 57 9B ....w.. ...x.EW.
  01E0: 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 69 B5 CC DC .... ......)i...
  01F0: A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 96 98 E9 EB ..2.ow....'.....
  0200: AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 0B B9 CD 0A .tn9,....K......
  0210: 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E ...t].N.z,7.
  *** CertificateRequest
  Cert Types: RSA, DSS,
  Cert Authorities:
  <CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
  <OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
  [read] MD5 and SHA1 hashes: len = 294
  0000: 0D 00 01 22 02 01 02 01 1D 00 6D 30 6B 31 0B 30 ..."......m0k1.0
  0010: 09 06 03 55 04 06 13 02 41 45 31 11 30 0F 06 03 ...U....AE1.0...
  0020: 55 04 08 13 08 65 6D 69 72 61 74 65 73 31 0E 30 U....emirates1.0
  0030: 0C 06 03 55 04 07 14 05 64 75 62 61 69 31 11 30 ...U....dubai1.0
  0040: 0F 06 03 55 04 0A 14 08 65 6D 69 72 61 74 65 73 ...U....emirates
  0050: 31 15 30 13 06 03 55 04 0B 14 0C 65 6D 69 72 61 1.0...U....emira
  0060: 74 65 73 62 61 6E 6B 31 0F 30 0D 06 03 55 04 03 tesbank1.0...U..
  0070: 14 06 69 74 6E 35 34 37 00 AC 30 81 A9 31 16 30 ..ebms..0..1.0
  0080: 14 06 03 55 04 0A 13 0D 56 65 72 69 53 69 67 6E ...U....VeriSign
  0090: 2C 20 49 6E 63 31 47 30 45 06 03 55 04 0B 13 3E , Inc1G0E..U...>
  00A0: 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D www.verisign.com
  00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 2F 54 65 73 74 /repository/Test
  00C0: 43 50 53 20 49 6E 63 6F 72 70 2E 20 42 79 20 52 CPS Incorp. By R
  00D0: 65 66 2E 20 4C 69 61 62 2E 20 4C 54 44 2E 31 46 ef. Liab. LTD.1F
  00E0: 30 44 06 03 55 04 0B 13 3D 46 6F 72 20 56 65 72 0D..U...=For Ver
  00F0: 69 53 69 67 6E 20 61 75 74 68 6F 72 69 7A 65 64 iSign authorized
  0100: 20 74 65 73 74 69 6E 67 20 6F 6E 6C 79 2E 20 4E testing only. N
  0110: 6F 20 61 73 73 75 72 61 6E 63 65 73 20 28 43 29 o assurances (C)
  0120: 56 53 31 39 39 37 VS1997
  *** ServerHelloDone
  [read] MD5 and SHA1 hashes: len = 4
  0000: 0E 00 00 00 ....
  *** Certificate chain
  JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  Random Secret: { 3, 1, 145, 198, 68, 101, 78, 79, 139, 241, 6, 243, 13, 208, 161, 242, 0, 185, 46, 87, 212, 79, 239, 132, 145, 14, 13, 134, 115, 250, 44, 44, 112, 33, 173, 105, 52, 186, 160, 119, 55, 202, 205, 212, 136, 92, 7, 120 }
  [write] MD5 and SHA1 hashes: len = 141
  0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 3A 83 FA .............:..
  0010: 1E B3 43 52 3B B5 B9 A5 9D 2D 30 5E 71 34 DF 45 ..CR;....-0^q4.E
  0020: 99 99 2D 9A 4A 42 54 3D 47 D8 94 22 BC F3 92 0D ..-.JBT=G.."....
  0030: 23 AA 95 B5 75 EA B2 2B 8B DD DA 91 AA 94 24 4B #...u..+......$K
  0040: 56 34 C8 3C 1D 2D 15 63 CF 03 FF 65 6C DF B9 00 V4.<.-.c...el...
  0050: C3 5E BF 72 F4 70 64 45 D8 5B 58 E2 DF D6 12 1B .^.r.pdE.[X.....
  0060: BE A3 71 E9 1C 49 BB 7E C0 4A 1F CA 1F F5 63 23 ..q..I...J....c#
  0070: 0D 40 0D C6 3B FE 03 E9 DE 2E E5 09 1F 72 D7 6B .@..;........r.k
  0080: D6 ED 5E 99 B0 A8 A0 D3 D2 73 F0 A0 8E ..^......s...
  main, WRITE: TLSv1 Handshake, length = 141
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 91 C6 44 65 4E 4F 8B F1 06 F3 0D D0 A1 F2 ....DeNO........
  0010: 00 B9 2E 57 D4 4F EF 84 91 0E 0D 86 73 FA 2C 2C ...W.O......s.,,
  0020: 70 21 AD 69 34 BA A0 77 37 CA CD D4 88 5C 07 78 p!.i4..w7....\.x
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 45 29 F4 B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E)......R...P..I
  0010: E7 50 46 AA 2D A7 29 47 67 95 15 48 97 75 97 2C .PF.-.)Gg..H.u.,
  Server Nonce:
  0000: 45 29 F4 B8 E3 1F D7 72 74 DB 3B 9F 9C E8 EA 4E E).....rt.;....N
  0010: D1 0F 86 66 2E CF 66 21 CA 92 A4 4A 63 1B 4C E5 ...f..f!...Jc.L.
  Master Secret:
  0000: 3A 36 9A CA 6F 82 0B 32 17 28 04 CD 33 B4 5D BF :6..o..2.(..3.].
  0010: 5F 87 23 71 6B 49 2D 0E 59 DE 2C EA 8E B3 43 C8 _.#qkI-.Y.,...C.
  0020: 5D 3B 3B 4C B7 B9 AB 4E EA A3 E6 CE 54 40 FB 2D ];;[email protected]
  Client MAC write Secret:
  0000: C3 72 45 7B 93 DE 55 FF 0A 8C 9E 91 43 48 6E E4 .rE...U.....CHn.
  Server MAC write Secret:
  0000: E2 05 07 CB 3F 2D 95 41 EF 69 3F 09 6D CB 81 EE ....?-.A.i?.m...
  Client write key:
  0000: EE 7E EE 7D D8 5F 46 CD 88 15 9E F6 C7 EC 05 5F ....._F........_
  Server write key:
  0000: 43 DE B1 D2 FA 54 F0 E6 CA EC E8 1E 6C AD 77 EC C....T......l.w.
  ... no IV for cipher
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  JsseJCE: Using JSSE internal implementation for cipher RC4
  *** Finished
  verify_data: { 196, 3, 24, 202, 107, 99, 158, 203, 62, 203, 204, 35 }
  [write] MD5 and SHA1 hashes: len = 16
  0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
  Plaintext before ENCRYPTION: len = 32
  0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
  0010: 22 2A 55 36 5F 75 DB D4 CF 19 6F 40 93 AF B8 3B "*U6_u....o@...;
  main, WRITE: TLSv1 Handshake, length = 32
  waiting for close_notify or alert: state 1
  Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
  main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
  main, SEND TLSv1 ALERT: fatal, description = unexpected_message
  Plaintext before ENCRYPTION: len = 18
  0000: 02 0A 3E CA 24 9F 8F 40 B8 65 A6 44 5D 7E 0B B5 ..>[email protected]]...
  0010: A9 C7 ..
  main, WRITE: TLSv1 Alert, length = 18
  Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
  main, called closeSocket()
  ---000--------

  Here are the steps I am perfoming to create the certificates. Can anyone please validate the steps...
  //Create private key
  keytool -genkey -keystore clientpk1 -keyalg rsa -alias client -storepass password -keypass password
  //Create CSR
  keytool -certreq -alias client -file client.csr -keypass password -keystore clientpk1 -storepass password
  //Received client-ca.cer and root certificate from verisign
  //Import signed certificate to client keystore
  keytool -import -keystore clientpk1 -keyalg RSA -import -trustcacerts -file client-ca.cer
  //Import signed certificate and the root certificate to keystore(server thruststore)
  keytool -import -keystore jsseclient1 -alias client -file getcacert.cer
  keytool -import -keystore jsseclient1 -alias client -file client-ca.cer
  Thanks in advance,
  Babu

• Ssl empty certificate chain? (correct message format)

  I am having Problems with client certificate/setup.
  I have a client behind proxy that connect to Web Services.
  I have only a client certificate that I import (use keytool) in my keystore.
  I have this setting in my program:
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
  System.setProperty("javax.net.ssl.keyStore", keyStore);
  System.setProperty("javax.net.ssl.keyStoreType", "JKS");
  System.setProperty("javax.net.ssl.keyStorePassword", keystorePass);
  System.setProperty("javax.net.ssl.trustStore", trustStore);
  System.setProperty("javax.net.ssl.trustStoreType", "JKS");
  System.setProperty("javax.net.ssl.trustStorePassword", trustStorePass);
  [proxy setting is ok]
  But when I invoke a service I have a empty certificate chain.
  I use jdk1.3.1_08 and jsse-1_0_3_03
  Please Help me. I have read hundred pages.
  Many thanks in advance for any help.
  My client log:
  adding as trusted cert: [
  Version: V1
  Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
  Key: com.sun.rsajca.JSA_RSAPublicKey@10c424
  Validity: [From: Mon Jan 29 01:00:00 CET 1996,
                 To: Sat Jan 01 00:59:59 CET 2000]
  Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  SerialNumber: [    02a60000 01]
  Algorithm: [MD2withRSA]
  Signature:
  0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
  0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
  0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
  0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
  0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
  0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
  0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
  0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
  adding as trusted cert: [
  Version: V3
  Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.rsajca.JSA_RSAPublicKey@238bd2
  Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
                 To: Wed Apr 05 16:05:41 CEST 2006]
  Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
  SerialNumber: [    01]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
  0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
  0020: 65 e
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
  0010: D5 38 98 59 .8.Y
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
  0010: 29 A0 F1 8F )...
  [[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
  SerialNumber: [  0  ]
  [4]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [MD5withRSA]
  Signature:
  0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
  0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
  0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
  0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
  adding as trusted cert: [
  Version: V1
  Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
  Key: com.sun.rsajca.JSA_RSAPublicKey@198891
  Validity: [From: Wed Nov 09 01:00:00 CET 1994,
                 To: Fri Jan 08 00:59:59 CET 2010]
  Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  SerialNumber: [    02ad667e 4e45fe5e 576f3c98 195eddc0 ]
  Algorithm: [MD2withRSA]
  Signature:
  0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
  0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
  0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
  0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
  0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
  0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
  0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
  0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
  trigger seeding of SecureRandom
  done seeding SecureRandom
  Providers com.sun.net.ssl.internal.www.protocol
  %% No cached client session
  *** ClientHello, v3.1
  RandomCookie: GMT: 1127228533 bytes = { 44, 211, 84, 116, 141, 40, 133, 180, 48, 96, 213, 147, 123, 141, 244, 71, 107, 242, 94, 105, 247, 101, 92, 8, 78, 176, 226, 133 }
  Session ID: {}
  Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 59
  0000: 01 00 00 37 03 01 43 30 24 75 2C D3 54 74 8D 28 ...7..C0$u,.Tt.(
  0010: 85 B4 30 60 D5 93 7B 8D F4 47 6B F2 5E 69 F7 65 ..0`.....Gk.^i.e
  0020: 5C 08 4E B0 E2 85 00 00 10 00 05 00 04 00 09 00 \.N.............
  0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
  main, WRITE: SSL v3.1 Handshake, length = 59
  [write] MD5 and SHA1 hashes: len = 77
  0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
  0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
  0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 43 30 24 .............C0$
  0030: 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 7B 8D F4 u,.Tt.(..0`.....
  0040: 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 Gk.^i.e\.N...
  main, WRITE: SSL v2, contentType = 22, translated length = 16310
  main, READ: SSL v3.1 Handshake, length = 944
  *** ServerHello, v3.1
  RandomCookie: GMT: 1127228167 bytes = { 57, 3, 100, 77, 244, 140, 105, 242, 70, 226, 115, 205, 144, 85, 197, 193, 174, 24, 87, 199, 88, 124, 184, 79, 20, 170, 150, 186 }
  Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
  Cipher Suite: { 0, 4 }
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 43 30 23 07 39 03 64 4D F4 8C ...F..C0#.9.dM..
  0010: 69 F2 46 E2 73 CD 90 55 C5 C1 AE 18 57 C7 58 7C i.F.s..U....W.X.
  0020: B8 4F 14 AA 96 BA 20 26 02 00 00 87 7D 0D FE D1 .O.... &........
  0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
  0040: AB 76 94 AA 37 8B 8B 00 04 00 .v..7.....
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.rsajca.JSA_RSAPublicKey@313906
  Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
                 To: Wed Apr 05 16:05:41 CEST 2006]
  Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
  SerialNumber: [    01]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
  0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
  0020: 65 e
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
  0010: D5 38 98 59 .8.Y
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
  0010: 29 A0 F1 8F )...
  [[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
  SerialNumber: [  0  ]
  [4]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [MD5withRSA]
  Signature:
  0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
  0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
  0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
  0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
  updated/found trusted cert: [
  Version: V3
  Subject: [email protected], CN=bdrtest.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: com.sun.rsajca.JSA_RSAPublicKey@313906
  Validity: [From: Tue Apr 05 16:05:41 CEST 2005,
                 To: Wed Apr 05 16:05:41 CEST 2006]
  Issuer: [email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT
  SerialNumber: [    01]
  Certificate Extensions: 4
  [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
  0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
  0020: 65 e
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 4A M.S.z.i;6...Sj.J
  0010: D5 38 98 59 .8.Y
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 2D F5 B5 55 88 86 E9 14 60 F1 E6 1C AD E2 71 79 -..U....`.....qy
  0010: 29 A0 F1 8F )...
  [[email protected], CN=dns.tex.izs.it, OU=CED, O=IZSAM, L=Teramo, ST=Teramo, C=IT]
  SerialNumber: [  0  ]
  [4]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:false
  PathLen: undefined
  Algorithm: [MD5withRSA]
  Signature:
  0000: 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 s...o..D.<...DJ.
  0010: 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD .q_f.........r..
  0020: B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 09 4E .<..8r.....^[..N
  0030: CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 35 E0 ..).z..u.#<...5.
  [read] MD5 and SHA1 hashes: len = 866
  0000: 0B 00 03 5E 00 03 5B 00 03 58 30 82 03 54 30 82 ...^..[..X0..T0.
  0010: 02 FE A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 ..........0...*.
  0020: 48 86 F7 0D 01 01 04 05 00 30 81 85 31 0B 30 09 H........0..1.0.
  0030: 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 03 55 ..U....IT1.0...U
  0040: 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D 06 03 ....Teramo1.0...
  0050: 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 0C 06 U....Teramo1.0..
  0060: 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 0A 06 .U....IZSAM1.0..
  0070: 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 03 55 .U....CED1.0...U
  0080: 04 03 13 0E 64 6E 73 2E 74 65 78 2E 69 7A 73 2E ....dns.tex.izs.
  0090: 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D 01 09 it1.0...*.H.....
  00A0: 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 [email protected]
  00B0: 74 30 1E 17 0D 30 35 30 34 30 35 31 34 30 35 34 t0...05040514054
  00C0: 31 5A 17 0D 30 36 30 34 30 35 31 34 30 35 34 31 1Z..060405140541
  00D0: 5A 30 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 Z0..1.0...U....I
  00E0: 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 T1.0...U....Tera
  00F0: 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 mo1.0...U....Ter
  0100: 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A amo1.0...U....IZ
  0110: 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 SAM1.0...U....CE
  0120: 44 31 17 30 15 06 03 55 04 03 13 0E 62 64 72 74 D1.0...U....bdrt
  0130: 65 73 74 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 est.izs.it1.0...
  0140: 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 *.H........d.zip
  0150: 70 6F 40 69 7A 73 2E 69 74 30 81 9F 30 0D 06 09 [email protected]...
  0160: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0
  0170: 81 89 02 81 81 00 F6 E3 70 EC 18 8B B7 1D D6 11 ........p.......
  0180: 11 59 3E 43 09 2D AE F1 06 A3 0C 21 F7 00 09 C2 .Y>C.-.....!....
  0190: 07 52 0B 29 35 CF 65 38 2C 6C 0A 61 06 50 B9 20 .R.)5.e8,l.a.P.
  01A0: 8C 5F A0 B9 B7 E2 8B 2B 10 89 B9 7F 40 0F 49 A1 [email protected].
  01B0: D8 9E A2 C8 BE 4E 63 20 F2 49 35 25 F1 5D 64 00 .....Nc .I5%.]d.
  01C0: ED 02 FD D7 96 51 73 C7 E9 DA 61 AA 88 FB 5D 0A .....Qs...a...].
  01D0: 41 56 EC 36 4F 85 B2 A1 8F E6 DE DC E2 2D B2 DF AV.6O........-..
  01E0: AA 3D 99 51 23 14 19 02 8A 2C D4 F0 4C 83 39 1C .=.Q#....,..L.9.
  01F0: 1B E5 8F 65 06 05 02 03 01 00 01 A3 82 01 11 30 ...e...........0
  0200: 82 01 0D 30 09 06 03 55 1D 13 04 02 30 00 30 2C ...0...U....0.0,
  0210: 06 09 60 86 48 01 86 F8 42 01 0D 04 1F 16 1D 4F ..`.H...B......O
  0220: 70 65 6E 53 53 4C 20 47 65 6E 65 72 61 74 65 64 penSSL Generated
  0230: 20 43 65 72 74 69 66 69 63 61 74 65 30 1D 06 03 Certificate0...
  0240: 55 1D 0E 04 16 04 14 4D 11 53 D1 7A 92 69 3B 36 U......M.S.z.i;6
  0250: F7 D6 BA 53 6A 81 4A D5 38 98 59 30 81 B2 06 03 ...Sj.J.8.Y0....
  0260: 55 1D 23 04 81 AA 30 81 A7 80 14 2D F5 B5 55 88 U.#...0....-..U.
  0270: 86 E9 14 60 F1 E6 1C AD E2 71 79 29 A0 F1 8F A1 ...`.....qy)....
  0280: 81 8B A4 81 88 30 81 85 31 0B 30 09 06 03 55 04 .....0..1.0...U.
  0290: 06 13 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 ...IT1.0...U....
  02A0: 54 65 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 Teramo1.0...U...
  02B0: 06 54 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A .Teramo1.0...U..
  02C0: 13 05 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B ..IZSAM1.0...U..
  02D0: 13 03 43 45 44 31 17 30 15 06 03 55 04 03 13 0E ..CED1.0...U....
  02E0: 64 6E 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D dns.tex.izs.it1.
  02F0: 30 1B 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 0...*.H........d
  0300: 2E 7A 69 70 70 6F 40 69 7A 73 2E 69 74 82 01 00 [email protected]...
  0310: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 0...*.H.........
  0320: 41 00 73 D0 96 DD 6F EF FB 44 AB 3C B1 ED F5 44 A.s...o..D.<...D
  0330: 4A C4 11 71 5F 66 18 FF 86 B8 FD 1A 7D 0A 10 72 J..q_f.........r
  0340: C6 FD B6 3C 90 1F 38 72 E3 A9 13 84 97 5E 5B 95 ...<..8r.....^[.
  0350: 09 4E CB 86 29 7D 7A BB 07 75 97 23 3C D5 B1 16 .N..).z..u.#<...
  0360: 35 E0 5.
  *** ServerHelloDone
  [read] MD5 and SHA1 hashes: len = 4
  0000: 0E 00 00 00 ....
  *** ClientKeyExchange, RSA PreMasterSecret, v3.1
  Random Secret: { 3, 1, 60, 231, 207, 10, 49, 242, 250, 171, 53, 8, 41, 187, 100, 227, 91, 207, 240, 75, 233, 38, 44, 239, 48, 98, 118, 122, 4, 85, 50, 152, 59, 82, 172, 186, 169, 235, 87, 214, 155, 243, 41, 52, 92, 5, 252, 141 }
  [write] MD5 and SHA1 hashes: len = 134
  0000: 10 00 00 82 00 80 86 7D 83 84 8C 38 3A 3A C3 37 ...........8::.7
  0010: D1 4E 69 55 77 6D 14 C8 04 F4 AB 62 3D 71 32 6F .NiUwm.....b=q2o
  0020: A4 0D 16 F6 99 0C FD FD 39 08 C3 B2 B8 BF 93 BA ........9.......
  0030: 23 CE 3E 8D 91 75 EC 29 D0 30 72 00 1B 00 F2 71 #.>..u.).0r....q
  0040: 8D C2 FF 78 16 89 C5 8B 99 4A 1E 17 8F 86 A9 F9 ...x.....J......
  0050: B3 46 04 B5 5C 0B 27 84 22 E4 0A 7D 0E 9E 8A CC .F..\.'.".......
  0060: 5D 52 FB 63 77 11 FF 54 FB FC 96 89 F6 15 BC 0F ]R.cw..T........
  0070: 6C EE C9 43 1D 51 97 D0 4B 48 31 FA D5 0B 63 6A l..C.Q..KH1...cj
  0080: B2 9B 99 2C 99 CA ...,..
  main, WRITE: SSL v3.1 Handshake, length = 134
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 3C E7 CF 0A 31 F2 FA AB 35 08 29 BB 64 E3 ..<...1...5.).d.
  0010: 5B CF F0 4B E9 26 2C EF 30 62 76 7A 04 55 32 98 [..K.&,.0bvz.U2.
  0020: 3B 52 AC BA A9 EB 57 D6 9B F3 29 34 5C 05 FC 8D ;R....W...)4\...
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 43 30 24 75 2C D3 54 74 8D 28 85 B4 30 60 D5 93 C0$u,.Tt.(..0`..
  0010: 7B 8D F4 47 6B F2 5E 69 F7 65 5C 08 4E B0 E2 85 ...Gk.^i.e\.N...
  Server Nonce:
  0000: 43 30 23 07 39 03 64 4D F4 8C 69 F2 46 E2 73 CD C0#.9.dM..i.F.s.
  0010: 90 55 C5 C1 AE 18 57 C7 58 7C B8 4F 14 AA 96 BA .U....W.X..O....
  Master Secret:
  0000: 6E 47 12 2F BD 40 E5 30 E2 0E 0C 24 23 DD FC 53 nG./[email protected]...$#..S
  0010: DD 7C A8 6C 9F 36 48 82 03 B1 63 21 64 73 A6 E3 ...l.6H...c!ds..
  0020: 4D E6 6B 06 77 7D A6 38 4A EB 76 C1 34 85 75 31 M.k.w..8J.v.4.u1
  Client MAC write Secret:
  0000: 95 7D A9 28 CA 82 E9 69 3E DC 79 8D C0 36 70 30 ...(...i>.y..6p0
  Server MAC write Secret:
  0000: 7D 10 E4 35 B4 D9 62 BA 83 1D F3 16 B0 D1 14 AC ...5..b.........
  Client write key:
  0000: 44 0E 25 5D AC 78 51 19 21 66 06 CF 3D 8C 98 98 D.%].xQ.!f..=...
  Server write key:
  0000: 3D C2 21 97 4C E3 D3 69 9E D9 8A CC 63 E0 0C 8E =.!.L..i....c...
  ... no IV for cipher
  main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
  *** Finished, v3.1
  verify_data: { 65, 234, 65, 174, 47, 136, 37, 130, 121, 68, 222, 210 }
  [write] MD5 and SHA1 hashes: len = 16
  0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
  Plaintext before ENCRYPTION: len = 32
  0000: 14 00 00 0C 41 EA 41 AE 2F 88 25 82 79 44 DE D2 ....A.A./.%.yD..
  0010: E8 81 F0 28 5A 40 91 C8 BA 85 76 8F 34 EB 95 C7 ...([email protected]...
  main, WRITE: SSL v3.1 Handshake, length = 32
  main, READ: SSL v3.1 Change Cipher Spec, length = 1
  main, READ: SSL v3.1 Handshake, length = 32
  Plaintext after DECRYPTION: len = 32
  0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
  0010: 61 F9 5F E0 B3 90 BA B2 63 8A 45 8F 61 84 40 39 a._.....c.E.a.@9
  *** Finished, v3.1
  verify_data: { 23, 71, 110, 41, 17, 6, 160, 65, 160, 12, 157, 65 }
  %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  [read] MD5 and SHA1 hashes: len = 16
  0000: 14 00 00 0C 17 47 6E 29 11 06 A0 41 A0 0C 9D 41 .....Gn)...A...A
  Plaintext before ENCRYPTION: len = 63
  0000: 50 4F 53 54 20 2F 77 73 73 75 69 6E 69 41 75 74 POST /wssuiniAut
  0010: 43 65 72 74 2F 77 73 53 75 69 6E 69 55 70 64 2E Cert/wsSuiniUpd.
  0020: 61 73 6D 78 20 48 54 54 50 2F 31 2E 31 0D 0A 2F asmx HTTP/1.1../
  0030: 83 FA 4C 02 2F 83 20 D3 49 7C CD 39 A2 95 53 ..L./. .I..9..S
  main, WRITE: SSL v3.1 Application Data, length = 63
  Plaintext before ENCRYPTION: len = 57
  0000: 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 Content-Type: te
  0010: 78 74 2F 78 6D 6C 3B 20 63 68 61 72 73 65 74 3D xt/xml; charset=
  0020: 22 75 74 66 2D 38 22 0D 0A 54 E1 A0 DE 70 E4 92 "utf-8"..T...p..
  0030: 12 58 C1 C6 58 9A 44 39 E2 .X..X.D9.
  main, WRITE: SSL v3.1 Application Data, length = 57
  Plaintext before ENCRYPTION: len = 37
  0000: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
  0010: 38 34 38 0D 0A 86 C7 70 1C 67 47 DC 1C D4 E7 67 848....p.gG....g
  0020: CB 64 69 5A 44 .diZD
  main, WRITE: SSL v3.1 Application Data, length = 37
  Plaintext before ENCRYPTION: len = 69
  0000: 50 72 6F 78 79 2D 41 75 74 68 6F 72 69 7A 61 74 Proxy-Authorizat
  0010: 69 6F 6E 3A 20 42 61 73 69 63 20 5A 47 35 68 64 ion: Basic ZG5hd
  0020: 47 56 73 62 47 45 36 59 7A 46 7A 61 57 52 70 4D GVsbGE6YzFzaWRpM
  0030: 44 45 3D 0D 0A C1 74 CC F1 05 89 84 2C B1 69 45 DE=...t.....,.iE
  0040: 2A 6F B3 7A 23 *o.z#
  main, WRITE: SSL v3.1 Application Data, length = 69
  Plaintext before ENCRYPTION: len = 71
  0000: 53 4F 41 50 41 63 74 69 6F 6E 3A 20 68 74 74 70 SOAPAction: http
  0010: 3A 2F 2F 62 64 72 2E 69 7A 73 2E 69 74 2F 77 65 ://bdr.izs.it/we
  0020: 62 73 65 72 76 69 63 65 73 2F 49 6E 73 65 72 74 bservices/Insert
  0030: 5F 4E 6F 74 65 0D 0A 4B 7C 0F A5 D6 00 58 78 BC _Note..K.....Xx.
  0040: 0B 59 52 E1 FC 70 86 .YR..p.
  main, WRITE: SSL v3.1 Application Data, length = 71
  Plaintext before ENCRYPTION: len = 42
  0000: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 User-Agent: Java
  0010: 31 2E 33 2E 31 5F 30 38 0D 0A 61 25 77 68 A0 C2 1.3.1_08..a%wh..
  0020: AC 52 CA F3 A3 F7 75 8A B0 FE .R....u...
  main, WRITE: SSL v3.1 Application Data, length = 42
  Plaintext before ENCRYPTION: len = 38
  0000: 48 6F 73 74 3A 20 62 64 72 74 65 73 74 2E 69 7A Host: bdrtest.iz
  0010: 73 2E 69 74 0D 0A D3 39 F0 0E C3 28 D0 12 1A 58 s.it...9...(...X
  0020: 83 A4 BB 23 11 48 ...#.H
  main, WRITE: SSL v3.1 Application Data, length = 38
  Plaintext before ENCRYPTION: len = 78
  0000: 41 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D Accept: text/htm
  0010: 6C 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D l, image/gif, im
  0020: 61 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 3D 2E age/jpeg, *; q=.
  0030: 32 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 89 64 2, */*; q=.2...d
  0040: F7 A9 7F 6C 29 07 22 6F AC F3 B4 D4 7F C1 ...l)."o......
  main, WRITE: SSL v3.1 Application Data, length = 78
  Plaintext before ENCRYPTION: len = 40
  0000: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
  0010: 2D 61 6C 69 76 65 0D 0A 1E D0 BD FD 9C 84 0A E0 -alive..........
  0020: 9D 3D 26 26 99 09 BB FB .=&&....
  main, WRITE: SSL v3.1 Application Data, length = 40
  Plaintext before ENCRYPTION: len = 18
  0000: 0D 0A C9 79 35 92 83 D8 A1 BF 46 B9 3E FC B9 78 ...y5.....F.>..x
  0010: 07 89 ..
  main, WRITE: SSL v3.1 Application Data, length = 18
  Plaintext before ENCRYPTION: len = 864
  0000: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 <?xml version="1
  0010: 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 .0" encoding="UT
  0020: 46 2D 38 22 3F 3E 0A 3C 73 6F 61 70 2D 65 6E 76 F-8"?>.<soap-env
  0030: 3A 45 6E 76 65 6C 6F 70 65 20 78 6D 6C 6E 73 3A :Envelope xmlns:
  0040: 73 6F 61 70 2D 65 6E 76 3D 22 68 74 74 70 3A 2F soap-env="http:/
  0050: 2F 73 63 68 65 6D 61 73 2E 78 6D 6C 73 6F 61 70 /schemas.xmlsoap
  0060: 2E 6F 72 67 2F 73 6F 61 70 2F 65 6E 76 65 6C 6F .org/soap/envelo
  0070: 70 65 2F 22 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 pe/" xmlns:xsi="
  main, WRITE: SSL v3.1 Application Data, length = 864
  main, READ: SSL v3.1 Handshake, length = 20
  Plaintext after DECRYPTION: len = 20
  0000: 00 00 00 00 AC FA A9 49 7D 8A 0B A9 50 2F 74 A3 .......I....P/t.
  0010: D2 BA 7A 39 ..z9
  *** HelloRequest (empty)
  %% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  %% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 4625
  *** ClientHello, v3.1
  RandomCookie: GMT: 1127228534 bytes = { 18, 49, 204, 75, 133, 78, 163, 164, 250, 200, 97, 100, 19, 143, 176, 205, 50, 166, 159, 21, 80, 181, 243, 41, 64, 166, 190, 104 }
  Session ID: {38, 2, 0, 0, 135, 125, 13, 254, 209, 98, 207, 105, 118, 74, 36, 210, 126, 57, 176, 194, 64, 207, 8, 203, 68, 171, 118, 148, 170, 55, 139, 139}
  Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
  Compression Methods: { 0 }
  [write] MD5 and SHA1 hashes: len = 91
  0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
  0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
  0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
  0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
  0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
  0050: 0A 00 12 00 13 00 03 00 11 01 00 ...........
  Plaintext before ENCRYPTION: len = 107
  0000: 01 00 00 57 03 01 43 30 24 76 12 31 CC 4B 85 4E ...W..C0$v.1.K.N
  0010: A3 A4 FA C8 61 64 13 8F B0 CD 32 A6 9F 15 50 B5 ....ad....2...P.
  0020: F3 29 40 A6 BE 68 20 26 02 00 00 87 7D 0D FE D1 .)@..h &........
  0030: 62 CF 69 76 4A 24 D2 7E 39 B0 C2 40 CF 08 CB 44 [email protected]
  0040: AB 76 94 AA 37 8B 8B 00 10 00 05 00 04 00 09 00 .v..7...........
  0050: 0A 00 12 00 13 00 03 00 11 01 00 06 4B 44 B4 6C ............KD.l
  0060: 9E B4 85 36 A4 D9 93 23 DB 49 0C ...6...#.I.
  main, WRITE: SSL v3.1 Handshake, length = 107
  main, READ: SSL v3.1 Handshake, length = 4076
  Plaintext after DECRYPTION: len = 4076
  0000: 02 00 00 46 03 01 43 30 23 09 DD 0A F6 93 D0 16 ...F..C0#.......
  0010: CE 00 CC 72 55 92 92 12 4A B3 B7 92 8F 94 02 CA ...rU...J.......
  0020: FE 25 A6 65 88 CF 20 2D 10 00 00 0F 1A 6E 56 46 .%.e.. -.....nVF
  0030: 1B AD 9F E9 00 B2 DD 00 07 60 94 08 43 9E AC 9B .........`..C...
  0040: 89 EA 73 79 EA 00 D1 00 04 00 0B 00 03 5E 00 03 ..sy.........^..
  0050: 5B 00 03 58 30 82 03 54 30 82 02 FE A0 03 02 01 [..X0..T0.......
  0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
  0070: 04 05 00 30 81 85 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
  0080: 02 49 54 31 0F 30 0D 06 03 55 04 08 13 06 54 65 .IT1.0...U....Te
  0090: 72 61 6D 6F 31 0F 30 0D 06 03 55 04 07 13 06 54 ramo1.0...U....T
  00A0: 65 72 61 6D 6F 31 0E 30 0C 06 03 55 04 0A 13 05 eramo1.0...U....
  00B0: 49 5A 53 41 4D 31 0C 30 0A 06 03 55 04 0B 13 03 IZSAM1.0...U....
  00C0: 43 45 44 31 17 30 15 06 03 55 04 03 13 0E 64 6E CED1.0...U....dn
  00D0: 73 2E 74 65 78 2E 69 7A 73 2E 69 74 31 1D 30 1B s.tex.izs.it1.0.
  00E0: 06 09 2A 86 48 86 F7 0D 01 09 01 16 0E 64 2E 7A ..*.H........d.z
  00F0: 69 70 70 6F 40 69 7A 73 2E 69 74 30 1E 17 0D 30 [email protected]
  0100: 35 30 34 30 35 31 34 30 35 34 31 5A 17 0D 30 36 50405140541Z..06
  0110: 30 34 30 35 31 34 30 35 34 31 5A 30 81 85 31 0B 0405140541Z0..1.
  0120: 30 09 06 03 55 04 06 13 02 49 54 31 0F 30 0D 06 0...U....IT1.0..
  0130: 03 55 04 08 13 06 54 65 72 61 6D 6F 31 0F 30 0D .U....Teramo1.0.
  0140: 06 03 55 04 07 13 06 54 65 72 61 6D 6F 31 0E 30 ..U....Teramo1.0
  0150: 0C 06 03 55 04 0A 13 05 49 5A 53 41 4D 31 0C 30 ...U....IZSAM1.0
  0160: 0A 06 03 55 04 0B 13 03 43 45 44 31 17 30 15 06 ...U....CED1.0..
  0170: 03 55 04 03 13 0E 62 64 72 74 65 73 74 2E 69 7A .U....bdrtest.iz
  0180: 73 2E 69 74 31 1D 30 1B 06 09 2A 86 48 86 F7 0D s.it1.0...*.H...
  0190: 01 09 01 16 0E 64 2E 7A 69 70 70 6F 40 69 7A 73 .....d.zippo@izs
  01A0: 2E 69 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D .it0..0...*.H...
  01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
  01C0: F6 E3 70 EC 18 8B B7 1D D6 11 11 59 3E 43 09 2D ..p........Y>C.-
  01D0: AE F1 06 A3 0C 21 F7 00 09 C2 07 52 0B 29 35 CF .....!.....R.)5.
  01E0: 65 38 2C 6C 0A 61 06 50 B9 20 8C 5F A0 B9 B7 E2 e8,l.a.P. ._....
  01F0: 8B 2B 10 89 B9 7F 40 0F 49 A1 D8 9E A2 C8 BE 4E [email protected]
  0200: 63 20 F2 49 35 25 F1 5D 64 00 ED 02 FD D7 96 51 c .I5%.]d......Q
  0210: 73 C7 E9 DA 61 AA 88 FB 5D 0A 41 56 EC 36 4F 85 s...a...].AV.6O.
  0220: B2 A1 8F E6 DE DC E2 2D B2 DF AA 3D 99 51 23 14 .......-...=.Q#.
  0230: 19 02 8A 2C D4 F0 4C 83 39 1C 1B E5 8F 65 06 05 ...,..L.9....e..
  0240: 02 03 01 00 01 A3 82 01 11 30 82 01 0D 30 09 06 .........0...0..
  0250: 03 55 1D 13 04 02 30 00 30 2C 06 09 60 86 48 01 .U....0.0,..`.H.
  0260: 86 F8 42 01 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C ..B......OpenSSL
  0270: 20 47 65 6E 65 72 61 74 65 64 20 43 65 72 74 69 Generated Certi
  0280: 66 69 63 61 74 65 30 1D 06 03 55 1D 0E 04 16 04 ficate0...U.....
  0290: 14 4D 11 53 D1 7A 92 69 3B 36 F7 D6 BA 53 6A 81 .M.S.z.i;6...Sj.
  02A0: 4A D5 38 98 59 30 81 B2 06 03 55 1D 23 04 81 AA J.8.Y0....U.#...
  02B0: 30 81 A7 80 14 2D F5 B5 55 88 86 E9 14 60 F1 E6 0....-..U....`..
  02C0: 1C AD E2 71 79 29 A0 F1 8F A1 81 8B A4 81 88 30 ...qy).........0
  02D0: 81 85 31 0B 30 09 06 03 55 04 06 13 02 49 54 31 ..1.0...U....IT1
  02E0: 0F 30 0D 06 03 55 04 08 13 06 54 65 72 61 6D 6F .0...U....Teramo
  02F0: 31 0F 30 0D 06 03 55 04 07 13 06 54 65 72 61 6D 1.0...U....Teram
  0300: 6F 31 0E 30 0C 06 03 55 04 0A 13 05 49 5A 53 41 o1.0...U....IZSA
  0310: 4D 31 0C 30 0A 06 03 55 04 0B 13 03 43 45 44 31 M1.0...U....CED1
  0320: 17 30 15 06 03 55 04 03 13 0E 64 6E 73 2E 74 65 .0...U....dns.te
  0330: 78 2E 69 7A 73 2E 69 74 31 1D 30 1B 06 09 2A 86 x.izs.it1.0...*.
  0340: 48 86 F7 0D 01 09 01 16 0E 64 2E 7A 69 70 70 6F H........d.zippo
  0350: 40 69 7A 73 2E 69 74 82 01 00 30 0D 06 09 2A 86 @izs.it...0...*.
  0360: 48 86 F7 0D 01 01 04 05 00 03 41 00 73 D0 96 DD H.........A.s...
  0370: 6F EF FB 44 AB 3C B1 ED F5 44 4A C4 11 71 5F 66 o..D.<...DJ..q_f
  0380: 18 FF 86 B8 FD 1A 7D 0A 10 72 C6 FD B6 3C 90 1F .........r...<..
  0390: 38 72 E3 A9 13 84 97 5E 5B 95 09 4E CB 86 29 7D 8r.....^[..N..).
  03A0: 7A BB 07 75 97 23 3C D5 B1 16 35 E0 0D 00 0C 28 z..u.#<...5....(
  03B0: 01 01 0C 24 00 C4 30 81 C1 31 0B 30 09 06 03 55 ...$..0..1.0...U
  03C0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
  03D0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
  *** ServerHello, v3.1
  RandomCookie: GMT: 1127228169 bytes = { 221, 10, 246, 147, 208, 22, 206, 0, 204, 114, 85, 146, 146, 18, 74, 179, 183, 146, 143, 148, 2, 202, 254, 37, 166, 101, 136, 207 }
  Session ID: {45, 16, 0, 0, 15, 26,

  Thanks very much for reply.
  I'm sorry, I missed a piece in previous post.
  This is Server response:
  Plaintext after DECRYPTION: len = 4316
  0000: 48 54 54 50 2F 31 2E 31 20 34 30 33 20 41 63 63 HTTP/1.1 403 Acc
  0010: 65 73 73 20 46 6F 72 62 69 64 64 65 6E 0D 0A 53 ess Forbidden..S
  0020: 65 72 76 65 72 3A 20 4D 69 63 72 6F 73 6F 66 74 erver: Microsoft
  0030: 2D 49 49 53 2F 35 2E 30 0D 0A 44 61 74 65 3A 20 -IIS/5.0..Date:
  0040: 57 65 64 2C 20 32 31 20 53 65 70 20 32 30 30 35 Wed, 21 Sep 2005
  0050: 20 30 37 3A 32 34 3A 33 39 20 47 4D 54 0D 0A 43 07:24:39 GMT..C
  0060: 6F 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 onnection: close
  0070: 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 ..Content-Length
  0080: 3A 20 34 32 33 37 0D 0A 43 6F 6E 74 65 6E 74 2D : 4237..Content-
  0090: 54 79 70 65 3A 20 74 65 78 74 2F 68 74 6D 6C 0D Type: text/html.
  00A0: 0A 0D 0A 3C 21 44 4F 43 54 59 50 45 20 48 54 4D ...<!DOCTYPE HTM
  00B0: 4C 20 50 55 42 4C 49 43 20 22 2D 2F 2F 57 33 43 L PUBLIC "-//W3C
  00C0: 2F 2F 44 54 44 20 48 54 4D 4C 20 33 2E 32 20 46 //DTD HTML 3.2 F
  00D0: 69 6E 61 6C 2F 2F 45 4E 22 3E 0D 0A 3C 68 74 6D inal//EN">..<htm
  00E0: 6C 20 64 69 72 3D 6C 74 72 3E 0D 0A 0D 0A 3C 68 l dir=ltr>....<h
  00F0: 65 61 64 3E 0D 0A 3C 73 74 79 6C 65 3E 0D 0A 61 ead>..<style>..a
  0100: 3A 6C 69 6E 6B 09 09 09 7B 66 6F 6E 74 3A 38 70 :link....font:8p
  0110: 74 2F 31 31 70 74 20 76 65 72 64 61 6E 61 3B 20 t/11pt verdana;
  0120: 63 6F 6C 6F 72 3A 46 46 30 30 30 30 7D 0D 0A 61 color:FF0000...a
  0130: 3A 76 69 73 69 74 65 64 09 09 7B 66 6F 6E 74 3A :visited...font:
  0140: 38 70 74 2F 31 31 70 74 20 76 65 72 64 61 6E 61 8pt/11pt verdana
  0150: 3B 20 63 6F 6C 6F 72 3A 23 34 65 34 65 34 65 7D ; color:#4e4e4e.
  0160: 0D 0A 3C 2F 73 74 79 6C 65 3E 0D 0A 0D 0A 3C 4D ..</style>....<M
  0170: 45 54 41 20 4E 41 4D 45 3D 22 52 4F 42 4F 54 53 ETA NAME="ROBOTS
  0180: 22 20 43 4F 4E 54 45 4E 54 3D 22 4E 4F 49 4E 44 " CONTENT="NOIND
  0190: 45 58 22 3E 0D 0A 0D 0A 3C 74 69 74 6C 65 3E 54 EX">....<title>T
  01A0: 68 65 20 70 61 67 65 20 72 65 71 75 69 72 65 73 he page requires
  01B0: 20 61 20 63 6C 69 65 6E 74 20 63 65 72 74 69 66 a client certif
  01C0: 69 63 61 74 65 3C 2F 74 69 74 6C 65 3E 0D 0A 0D icate</title>...
  Please Help me.
  Regards.

• Managed Server won't talk to NodeManager--   Security issue... Certificate Chain incomplete

  Hey All,
  I am trying to set up a Managed Server and have it talk to the NodeManager running
  (Weblogic 8.1 SP2) on the same machine. I can't, however, seem to get a good
  SSL handshake between the two. I get the following error:
  ####<Mar 11, 2004 9:55:56 AM EST> <Warning> <Security> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <BEA-090508>
  <Certificate chain received from hostname - ipaddress was incomplete.>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Validation
  error = 4>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Certificate
  chain is incomplete>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <SSLTrustValidator
  returns: 4>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Trust
  status (4): CERT_CHAIN_INCOMPLETE>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <NEW
  ALERT: com.certicom.tls.record.alert.Alert@1642565 Severity: 2 Type: 42
  java.lang.Throwable: Stack trace
       at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
       at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
       at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
       at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
       at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
       at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
       at java.io.BufferedWriter.flush(BufferedWriter.java:230)
       at weblogic.nodemanager.client.CommandInvoker.execute(CommandInvoker.java:113)
       at weblogic.nodemanager.client.CommandInvoker.invoke(CommandInvoker.java:91)
       at weblogic.nodemanager.client.NodeManagerClient.executeCommand(NodeManagerClient.java:161)
       at weblogic.nodemanager.client.NodeManagerRuntime.executeNMCommand(NodeManagerRuntime.java:1058)
       at weblogic.nodemanager.client.NodeManagerRuntime.ping(NodeManagerRuntime.java:688)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:711)
       at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:690)
       at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
       at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
       at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
       at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
       at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:946)
       at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProxy.java:481)
       at weblogic.management.runtime.NodeManagerRuntimeMBean_Stub.ping(NodeManagerRuntimeMBean_Stub.java:543)
       at weblogic.management.console.webapp._domain.__machine._jspService(__machine.java:669)
       at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
       at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
       at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:301)
       at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:150)
       at weblogic.management.console.actions.ForwardAction.perform(ForwardAction.java:35)
       at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:173)
       at weblogic.management.console.actions.internal.ActionServlet.doGet(ActionServlet.java:91)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
       at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
       at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  >
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <write
  ALERT offset = 0 length = 2>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <close():
  28959207>
  Here is what I have done:
  1) I created a managed server using admin console
  2) I created both an Identity and Trust keystore (jks type file) with the server's
  private key (Identity) and the root trusted certificate authority (Trust).
  3) I configured my managed server to use the two keystores
  4) I edited the NodeManager.properties file to use the same keystores.
  5) I started the NodeManager on the machine and I used the following command line
  options by editing the %WL_HOME%\server\bin\startNodeManager.cmd file:
  -Dweblogic.nodemanager.debugLevel=90
  -Dssl.debug=true
  -Djava.protocol.handler.pkgs=weblogic.net
  6) I also added the following commands to my startWebLogic.cmd file:
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  -Dssl.debug=true
  -Djava.protocol.handler.pkgs=weblogic.net
  7) I started my admin server and created a Machine that included the managed server.
  8) I configured the NodeManager properties for the Machine I created to point
  to the NodeManager already running on that physical box.
  9) I clicked on the tab to "Monitor" the NodeManager/Machine and it died giving
  the above exception.
  I would have no idea why the Certificate chain would be "incomplete". The Issuer
  and Subject DNs match up fine:
  PRIVATE KEY BEING LOADED BY SSL MANAGER:
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[0]
  = [
  Version: V3
  Subject: CN=host dns name, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@1a0
  Validity: [From: Fri Mar 05 08:59:26 EST 2004,
                 To: Mon Mar 06 08:59:26 EST 2006]
  Issuer: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
  ROOT CERTIFICATE AUTHORITY BEING LOADED:
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[1]
  = [
  Version: V3
  Subject: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffa28
  Validity: [From: Wed Jul 05 09:00:29 EDT 2000,
                 To: Tue Jul 04 09:00:29 EDT 2006]
  Issuer: CN=DoD CLASS 3 Root CA, OU=PKI, OU=DoD, O=U.S. Government, C=US
  Anyway, if anyone could provide me with some insight as to why I might be receiving
  this error I would be sincerely indebted to you. I can't seem to find any other
  people with the same problem in the Support archives. Thanks for all of the help!
  Regards,
  Cabell Fisher

  Hi,
  Can you please help me;
  I have a similar problem on WL7 SP4 ( UNIX )
  I have made a site that check https site.
  When I try to read the page of the site, I've got Certificate chain is incomplete message.
  On WL8 version ( WINDOWS ), I have no problem to retrieve certificate and then access to the site.
  I have read that this error occure when Root CA Self signed certificat is not include in the keystore.
  I'm using CACERTS keystore.
  Can you tell me the process to generate the CA Root certificate and then import in the CACERTS.
  Thanks a lot for your help.
  Sincerely
  Stephane

• The verification of the server's certificate chain failed

  Hi All,
  Not sure this is the right forum for this but never mind.
  I am trying to get abap2GApps working and am having problems with the client certificates.
  I am getting the below error in ICM :-
  [Thr 06] Mon Jul 30 09:34:47 2012
  [Thr 06] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
  [Thr 06]    session uses PSE file "/usr/sap/BWD/DVEBMGS58/sec/SAPSSLC.pse"
  [Thr 06] SecudeSSL_SessionStart: SSL_connect() failed
    secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
  [Thr 06] >>            Begin of Secude-SSL Errorstack            >>
  [Thr 06] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
  ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Equifax Secure Certificate Authority, O=E
  ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
  [Thr 06] <<            End of Secude-SSL Errorstack
  [Thr 06]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
  [Thr 06]   SSL NI-sock: local=172.30.7.170:59036  peer=172.30.8.100:80
  [Thr 06] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000053910f0)==SSSLERR_SSL_CONNECT
  [Thr 06] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {000726d5} [icxxconn_mt.c 2031]
  Having already got the accounts.google.com SSL certificate chain installed and working I can't get the docs.google.com SSL chain working.
  For accounts.google.com they use (this set works) :-
  1) CN=accounts.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
  2) CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
  3) OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  For docs.google.com they use a different set of SSL certs. :-
  1) CN=*.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
  2) CN=Google Internet Authority, O=Google Inc, C=US
  3) OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Can anyone explain what I am doing wrong or how to correct this?
  Thanks
  Craig

  Further UPDATE
  After removing every certificate related to docs.google.com I still get the same error!
  I have even tried downloading the root certificate directly from GeoTrust themselves and yet I still get the same error.
  I have even resorted to running SAP program ZSSF_TEST_PSE from note 800240 to check the PSE and all is well!
  Referring to SAP Note 1318906 suggests I am missing a certificate in the chain but I am not!
  "Situation: The ICM is in the client role and the following entry is displayed in the trace:
  ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
  Reason:You try to set up a secure connection to a server, but the validity of the certificate cannot be verified because the required certificates are not available.
  Solution:The missing certificates are listed in the trace file. You must use transaction STRUST to insert these certificates in the Personal Security Environment (PSE) that is used for the connection. The certificates are usually made available to you by the server administrator. If the certificates are public Certification Authority (CA) certificates, you can also request the certificates there."
  What could possibly causing this?
  Please help!
  Craig

• [Security:090508]Certificate chain received from 'hostname' was incomplete

  Hey All,
  I am trying to set up a Managed Server and have it talk to the NodeManager running
  (Weblogic 8.1 SP2) on the same machine. I can't, however, seem to get a good
  SSL handshake between the two. I get the following error:
  ####<Mar 11, 2004 9:55:56 AM EST> <Warning> <Security> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <BEA-090508>
  <Certificate chain received from hostname - ipaddress was incomplete.>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Validation
  error = 4>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Certificate
  chain is incomplete>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <SSLTrustValidator
  returns: 4>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Trust
  status (4): CERT_CHAIN_INCOMPLETE>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <NEW
  ALERT: com.certicom.tls.record.alert.Alert@1642565 Severity: 2 Type: 42
  java.lang.Throwable: Stack trace
       at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
  Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
  Source)
       at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
  Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
       at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
       at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
       at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
       at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
       at java.io.BufferedWriter.flush(BufferedWriter.java:230)
       at weblogic.nodemanager.client.CommandInvoker.execute(CommandInvoker.java:113)
       at weblogic.nodemanager.client.CommandInvoker.invoke(CommandInvoker.java:91)
       at weblogic.nodemanager.client.NodeManagerClient.executeCommand(NodeManagerClient.java:161)
       at weblogic.nodemanager.client.NodeManagerRuntime.executeNMCommand(NodeManagerRuntime.java:1058)
       at weblogic.nodemanager.client.NodeManagerRuntime.ping(NodeManagerRuntime.java:688)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:711)
       at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:690)
       at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
       at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
       at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
       at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
       at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:946)
       at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProxy.java:481)
       at weblogic.management.runtime.NodeManagerRuntimeMBean_Stub.ping(NodeManagerRuntimeMBean_Stub.java:543)
       at weblogic.management.console.webapp._domain.__machine._jspService(__machine.java:669)
       at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
       at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
       at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:301)
       at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:150)
       at weblogic.management.console.actions.ForwardAction.perform(ForwardAction.java:35)
       at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:173)
       at weblogic.management.console.actions.internal.ActionServlet.doGet(ActionServlet.java:91)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
       at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
       at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  >
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <write
  ALERT offset = 0 length = 2>
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <close():
  28959207>
  Here is what I have done:
  1) I created a managed server using admin console
  2) I created both an Identity and Trust keystore (jks type file) with the server's
  private key (Identity) and the root trusted certificate authority (Trust).
  3) I configured my managed server to use the two keystores
  4) I edited the NodeManager.properties file to use the same keystores.
  5) I started the NodeManager on the machine and I used the following command line
  options by editing the %WL_HOME%\server\bin\startNodeManager.cmd file:
  -Dweblogic.nodemanager.debugLevel=90
  -Dssl.debug=true
  -Djava.protocol.handler.pkgs=weblogic.net
  6) I also added the following commands to my startWebLogic.cmd file:
  -Dweblogic.security.SSL.ignoreHostnameVerification=true
  -Dssl.debug=true
  -Djava.protocol.handler.pkgs=weblogic.net
  7) I started my admin server and created a Machine that included the managed server.
  8) I configured the NodeManager properties for the Machine I created to point
  to the NodeManager already running on that physical box.
  9) I clicked on the tab to "Monitor" the NodeManager/Machine and it died giving
  the above exception.
  I would have no idea why the Certificate chain would be "incomplete". The Issuer
  and Subject DNs match up fine:
  PRIVATE KEY BEING LOADED BY SSL MANAGER:
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[0]
  = [
  Version: V3
  Subject: CN=host dns name, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@1a0
  Validity: [From: Fri Mar 05 08:59:26 EST 2004,
                 To: Mon Mar 06 08:59:26 EST 2006]
  Issuer: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
  ROOT CERTIFICATE AUTHORITY BEING LOADED:
  ####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
  <ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[1]
  = [
  Version: V3
  Subject: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffa28
  Validity: [From: Wed Jul 05 09:00:29 EDT 2000,
                 To: Tue Jul 04 09:00:29 EDT 2006]
  Issuer: CN=DoD CLASS 3 Root CA, OU=PKI, OU=DoD, O=U.S. Government, C=US
  Anyway, if anyone could provide me with some insight as to why I might be receiving
  this error I would be sincerely indebted to you. I can't seem to find any other
  people with the same problem in the Support archives. Thanks for all of the help!
  Regards,
  Cabell Fisher

  Hi,
  Can you please help me;
  I have a similar problem on WL7 SP4 ( UNIX )
  I have made a site that check https site.
  When I try to read the page of the site, I've got Certificate chain is incomplete message.
  On WL8 version ( WINDOWS ), I have no problem to retrieve certificate and then access to the site.
  I have read that this error occure when Root CA Self signed certificat is not include in the keystore.
  I'm using CACERTS keystore.
  Can you tell me the process to generate the CA Root certificate and then import in the CACERTS.
  Thanks a lot for your help.
  Sincerely
  Stephane

• OAM Access Server - Cannot load cert chain file aaa_chain.pem

  Hi experts,
  I am in the midst of changing the Transport Layer Security (TLS) of OAM Access Server from Open mode to Cert mode, and encountering the error not able to load aaa_chain.pem.
  Below are the steps which I have did:-
  1. Change the TLS mode for both Access Server and Webgate from Open >> Cert mode in the Access System console
  2. Stop the Access Server from Services
  3. From the <access server install dir> run ConfigureAAAServer.exe to generate aaa_req.pem and aaa_key.pem.
  4. Copy the certificate request from the aaa_req.pem and submit to Internal CA (Ms CA).
  5. Download the Certificate and Certificate Chain in Base 64 encoding, and rename into *.pem. E.g. certnew.cer >> aaa_cert.pem certnew.p7b >> aaa_chain.pem.
  6. Copy *.pem files in to <access server install dir>/oblix/config
  7. Rerun ConfigureAAAServer.exe to install the cert, all went smoothly without issue.
  8. Start Access Server from Services. <<< Service failed to start.
  NOTE: I did the same thing for Policy Manager, used genCert.exe to generate certificate request, submit the CA to sign and installed.
  Check on the event viewer, the following error was found.
  **===========================================================================**
  Log Name: Application
  Source: ObAAAServer-AccSvr01
  Date: 16/8/2010 1:06:39 AM
  Event ID: 1
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: IDMsvr.SSO.com
  Description:
  The description for Event ID 1 from source ObAAAServer-AccSvr01 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
  If the event originated on another computer, the display information had to be saved with the event.
  The following information was included with the event:
  Access Server Exception: Error: Cannot load cert chain file C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem
  the message resource is present but the message is not found in the string/message table
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="ObAAAServer-AccSvr01" />
  <EventID Qualifiers="49152">1</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2010-08-15T17:06:39.000Z" />
  <EventRecordID>1072</EventRecordID>
  <Channel>Application</Channel>
  <Computer>IDMsvr.SSO.com</Computer>
  <Security />
  </System>
  <EventData>
  <Data>Access Server Exception: Error: Cannot load cert chain file C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem</Data>
  </EventData>
  </Event>
  **===========================================================================**
  The ConfigureAAAServer.exe_
  C:\Program Files (x86)\NetPoint\access\oblix\tools\configureAAAServer>configureA
  AAServer.exe reconfig "C:\Program Files (x86)\NetPoint\access"
  Please enter the Mode in which you want the Access Server to run : 1(Open) 2(Si
  mple) 3(Cert) : 3
  Do you want to request a certificate (1) or install a certificate (2) ? : 1
  Please enter the Pass phrase for this Access Server :
  Do you want to store the password in the file ? : 1(Y) 2(N) : 1
  Preparing to generate certificate. This may take up to 60 seconds. Please wai
  t.
  Loading 'screen' into random state - done
  Generating a 1024 bit RSA private key
  .............++++++
  ..++++++
  writing new private key to 'C:\Program Files (x86)\NetPoint\access\oblix\config\
  aaa_key.pem'
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  Country Name (2 letter code) [US]:.
  State or Province Name (full name) [Some-State]:.
  Locality Name (eg, city) []:.
  Organization Name (eg, company) [Some-Organization Pty Ltd]:.
  Organizational Unit Name (eg, section) []:.
  Common Name (eg, hostName.domainName.com) []:IDMsvr.sso.com
  Email Address []:.
  writing RSA key
  Your certificate request is in file : C:\Program Files (x86)\NetPoint\access/ob
  lix/config/aaa_req.pem
  Please get your certificate request signed by the Certificate Authority.
  On obtaining your certificate, please place your certificate in 'C:\Program Fil
  es (x86)\NetPoint\access/oblix/config/aaa_cert.pem' file and the certificate aut
  hority's certificate for the corresponding component (for example: WebGate, AXML
  Server) in 'C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem'
  file.
  Once you have your certificate placed at the above mentioned location, please f
  ollow the instructions on how to start the Access Server.
  More Information on setting up Access Server in Certificate mode can be obtaine
  d from the Setup Installation Guide.
  Access Server mode has been re-configured successfully.
  Please note that new security mode will take effect only after the security mod
  e for this Access Server is changed to 'cert' from the Access Manager System Con
  sole.
  Do you want to specify or update the failover information ? : 1(Y) 2(N) :2
  Please restart the Access Server from the Control Panel Services once you have
  placed your certificates at the above mentioned location.
  Press enter key to continue ...
  C:\Program Files (x86)\NetPoint\access\oblix\tools\configureAAAServer>configureA
  AAServer.exe reconfig "C:\Program Files (x86)\NetPoint\access"
  Please enter the Mode in which you want the Access Server to run : 1(Open) 2(Si
  mple) 3(Cert) : 3
  Do you want to request a certificate (1) or install a certificate (2) ? : 2
  Please enter the Pass phrase for this Access Server :
  Do you want to store the password in the file ? : 1(Y) 2(N) : 1
  Please provide the full path to the Certificate key file [C:\Program Files (x86)
  \NetPoint\access/oblix/config/aaa_key.pem] : C:\Program Files (x86)\NetPoint\acc
  ess\oblix\config\aaa_key.pem
  Please provide the full path to the Certificate file [C:\Program Files (x86)\Net
  Point\access/oblix/config/aaa_cert.pem] : C:\Program Files (x86)\NetPoint\access
  \oblix\config\aaa_cert.pem
  Please provide the full path to the Certificate authority's certificate chain fi
  le [C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem] : C:\Prog
  ram Files (x86)\NetPoint\access\oblix\config\aaa_chain.pem
  Access Server mode has been re-configured successfully.
  Please note that new security mode will take effect only after the security mod
  e for this Access Server is changed to 'cert' from the Access Manager System Con
  sole.
  Do you want to specify or update the failover information ? : 1(Y) 2(N) :2
  Please restart the Access Server from the Control Panel Services.
  Press enter key to continue ...
  **===========================================================================**
  I followed through the documentation on OAM Identity & Common Admin - Chapter 8 guide.
  Is there anything which I have missed or something to do with the certificate.
  Thanks in advance.
  Regards,
  Wing
  Edited by: user13340813 on Aug 19, 2010 8:56 PM

  No, you didn't do anything wrong, JeanPhilippe. I'm right there with you. There's even another thread on this issue:
  <http://discussions.apple.com/thread.jspa?messageID=10808126>
  I had the same problem: IMAP & POP services would not launch using SSL. Finally got it resolved today. It had nothing to do with certificates and their names, or creating them in openssl, and everything to do with a botched dovecot.conf file, courtesy of Server Admin.
  It appears that every time I changed the certificate for IMAP & POP SSL in Server Admin, it appended the new selection to the dovecot.conf file on 3 separate lines. The result was an unhealthy list of every certificate file Server Admin had ever been pointed to for this service.
  After making a backup, I edited the file (/etc/dovecot/dovecot.conf) down to the single cert file I wanted it to use. It happened to be first in the list, FWIW.
  If you want to duplicate this, look for the lines beginning with:
  "sslcertfile"
  "sslkeyfile"
  "sslcafile"
  Obviously you need to be careful in there. But I did not even have to bounce the service before it took my changes. Thankfully, Server Admin did not overwrite my edits (which I've seen happen with manual config of other services, such as the iChat service.)
  Good luck, and let me know if I can provide more detail.