Write Channel Closed, possible SSL handshaking or trust failure
Hi,
I Have a problem while working with Two-way SSL. I get Write Channel Closed, possible
SSL handshaking or trust failure error while contacting the server for invoking
a webservice secured by SSL.
I could figure out that the error is happening on client side while validating
the server certificate.
One more observation that i was able to find is, it works fine if the Server certificate
and the client certificate are signed by the same (root) CA.
I tried various options but couldn't find my luck. The BEA documentation in this
regards is not at all sufficient.
If i give strict checking false on my client end, the application works fine.
But for my scenario i want strict checking to be happend (otherwise there is no
point in going for SSL itself).
I am using WLSSLAdapter on my client side. The client application is a standalone
java class running out of weblogic (ideally running on JRun).
The way i have coded in my java class is:
String certificatePath = "C:/Cerificates/cert.pem";
String caCertificatePath = "C:/Cerificates/clientca.pem";
String targetURL = "https://localhost:443/feedservice/FeedService";
//set weblogic ServiceFactory
System.setProperty( "javax.xml.rpc.ServiceFactory",
"weblogic.webservice.core.rpc.ServiceFactoryImpl" );
System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
adapter.setProtocolVersion("SSL3");
adapter.setStrictChecking(true);
adapter.setVerbose(true);
FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
String pwd = "password";
System.out.println("Loding Certificate from ........"+certificatePath);
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
System.out.println("Loding CA Certificate from ........"+caCertificatePath);
adapter.setTrustedCertificatesFile(caCertificatePath);
// optionally set the Adapter factory to use this instance always.
sslFactory.setDefaultAdapter(adapter);
sslFactory.setUseDefaultAdapter(true);
// Webservice invocation code..
call.setTargetEndpointAddress(targetURL);
call.setProperty("weblogic.webservice.client.ssladapter",adapter);
Object result = call.invoke(new Object[]{"test.xml"});
The error that i get :
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Exception in handler's handleRequest().
Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write Channel
Closed, possible SSL handshaking or trust fail
ure
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...
The signature validation failure means your trusted CA certificate is not the issuer
of the identity certificate. The identity certificate issuer name can match to
the trusted CA certificate name, but the signature check really determines whether
it is the issuer.
Pavel.
"Chandra Sekhar Rao" <[email protected]> wrote:
>
Hi payal,
I have the issuer of the server identity certificate in the trust file
on client
side. The problem is with signature validation
"Pavel" <[email protected]> wrote:
It looks like your client does not trust the server certificate. Make
sure the
certificate you pass in adapter.setTrustedCertificatesFile(caCertificatePath);
is the issuer of the server's identity certificate.
Pavel.
"Chandra Sekhar Rao" <[email protected]> wrote:
Hi,
I Have a problem while working with Two-way SSL. I get Write Channel
Closed, possible
SSL handshaking or trust failure error while contacting the server
for
invoking
a webservice secured by SSL.
I could figure out that the error is happening on client side whilevalidating
the server certificate.
One more observation that i was able to find is, it works fine if the
Server certificate
and the client certificate are signed by the same (root) CA.
I tried various options but couldn't find my luck. The BEA documentation
in this
regards is not at all sufficient.
If i give strict checking false on my client end, the application works
fine.
But for my scenario i want strict checking to be happend (otherwisethere
is no
point in going for SSL itself).
I am using WLSSLAdapter on my client side. The client application is
a standalone
java class running out of weblogic (ideally running on JRun).
The way i have coded in my java class is:
String certificatePath = "C:/Cerificates/cert.pem";
String caCertificatePath = "C:/Cerificates/clientca.pem";
String targetURL = "https://localhost:443/feedservice/FeedService";
//set weblogic ServiceFactory
System.setProperty( "javax.xml.rpc.ServiceFactory",
"weblogic.webservice.core.rpc.ServiceFactoryImpl" );
System.setProperty("java.protocol.handler.pkgs","com.certicom.net.ssl");
System.setProperty("https.cipherSuites","SHA1withRSA,MD5withRSA");
SSLAdapterFactory sslFactory = SSLAdapterFactory.getDefaultFactory();
WLSSLAdapter adapter = (WLSSLAdapter) sslFactory.getSSLAdapter();
adapter.setProtocolVersion("SSL3");
adapter.setStrictChecking(true);
adapter.setVerbose(true);
FileInputStream clientCredentialFile = new FileInputStream (certificatePath);
String pwd = "password";
System.out.println("Loding Certificate from ........"+certificatePath);
adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
System.out.println("Loding CA Certificate from ........"+caCertificatePath);
adapter.setTrustedCertificatesFile(caCertificatePath);
// optionally set the Adapter factory to use this instance always.
sslFactory.setDefaultAdapter(adapter);
sslFactory.setUseDefaultAdapter(true);
// Webservice invocation code..
call.setTargetEndpointAddress(targetURL);
call.setProperty("weblogic.webservice.client.ssladapter",adapter);
Object result = call.invoke(new Object[]{"test.xml"});
The error that i get :
java.io.IOException: Write Channel Closed, possible SSL handshakingor
trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:106)
at java.io.FilterOutputStream.write(FilterOutputStream.java:78)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:359)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:284)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:34)
at weblogic.webservice.core.HandlerChain.handleRequest(HandlerChain.java:131)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:421)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Exception in handler's handleRequest().
Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Write
Channel
Closed, possible SSL handshaking or trust fail
ure
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:479)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:363)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:423)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:292)
at com.chase.userspace.aceclient.Client.main(Client.java:253)
Can someone give the working phone number of ....BEA CUSTOMER SUPPORT...
Similar Messages
-
Possible SSL handshaking or trust failure in WLS 7.0
hi,
i have set Server Certificate File Name to democert.pem, Server Key File Name
to demokey.pem, and Server Certificate Chain File Name to ca.pem, using the demo
certificate. when running the client, i use -Dweblogic.webservice.client.ssl.strictcertchecking=false
from the cmd. still getting exception:
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure
at com.certicom.tls.record.WriteHandler.write(Unknown Source) ...
i believe it no longer can be the wrong server name in the certificate, so it
must be the trusted CA's list. i cannot find any corresponding file though. what
should i be using for the Trusted CA File Name? i can access the webservices home
page by browser as well as the wsdl file, but once i try using the web service
methods, i get the same error through browser and with a soap client.
any ides?Taime
add this setting also to start you Weblogic - Server - Instance include the strictcert
- setting. Then you can use your webservice from a http - client. I do it the
same way.
Regards
"taime giamzone" <[email protected]> wrote:
>
thanks markus,
now i can use the service through a java client! weird enough, by browser,
i still
get the same exception. has somebody succeeded in using a secure web
service by
browser?
"Markus Gasser" <[email protected]> wrote:
Hi Claudia , Hi Taime
I had the same problem. It was a hard way to find out. Here's the solution
Add -Dtrustedfile=<your path>\trusted.crt
to the vm parameters starting your wls - server or client.
The problem is, that WLS 7 expects a trusted ceritficate and the demo
certificate
isn't trusted.
You will find the trusted.crt normally in the domain directory
Markus
"Claudia" <[email protected]> wrote:
Hi,
I have the same problem. I followed the instructions from the Configuring
Security
side, but it doesn't work.
I tried to test the WebService with the default web page generated
from
weblogic
and there I figured out, that I have to enter the default realm password.
I supposed
that would be the password I use to start the server, but it wasn't.
Still I haven't
guessed the password.
The security works too goog ;-)
Please help.
Claudia -
"java.io.IOException: Write Channel Closed" starting AdminServer from WLST
Hi,
I am trying to start the admin server through WLST.
Per "Oracle® Fusion Middleware WebLogic Scripting Tool Command Reference 11g Release 1 (10.3.2)" I tried it both ways - online and offline.
When online
wls:/nm/ClassicDomain> startServer('AdminServer','ClassicDomain','t3://10.110.90.156:7002','weblogic','<password>','/u0/app/oracle/product/middleware/user_projects/domains')
I am getting
Starting server AdminServer ...
Traceback (innermost last):
File "<console>", line 1, in ?
File "<iostream>", line 412, in startServer
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEStarting server AdminServer ...
Traceback (innermost last):
File "<console>", line 1, in ?
File "<iostream>", line 412, in startServer
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:202)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:272)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:276)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212)
at java.io.BufferedWriter.flush(BufferedWriter.java:236)
at weblogic.nodemanager.common.DataFormat.writeCommand(DataFormat.java:243)
at weblogic.nodemanager.client.NMServerClient.sendCmd(NMServerClient.java:320)
at weblogic.nodemanager.client.NMServerClient.sendServer(NMServerClient.java:265)
at weblogic.nodemanager.client.NMServerClient.start(NMServerClient.java:94)
at weblogic.management.scripting.NodeManagerService.nmStart(NodeManagerService.java:368)
at weblogic.management.scripting.LifeCycleHandler.startSvr(LifeCycleHandler.java:887)
at weblogic.management.scripting.WLScriptContext.startSvr(WLScriptContext.java:384)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
java.io.IOException: java.io.IOException: Write Channel Closed
and the node manager log shows:
WARNING: Uncaught exception in server handlerjava.io.IOException: Bad properties data format
java.io.IOException: Bad properties data format
at weblogic.nodemanager.common.DataFormat.readProperties(DataFormat.java:44)
at weblogic.nodemanager.server.Handler.handleStart(Handler.java:537)
at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:118)
at weblogic.nodemanager.server.Handler.run(Handler.java:70)
at java.lang.Thread.run(Thread.java:619)
And if I try it offline
wls:/offline> startServer('AdminServer','ClassicDomain','t3://10.110.90.156:7002','weblogic','<passwd>','/u0/app/oracle/product/middleware/user_projects/domains');
I am getting a big stack below. Can anybody through an idea?
Thank you
Anatoliy
Offline stack:
Starting weblogic server ...
WLST-WLS-1273604718586: <May 11, 2010 3:05:19 PM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with BEA JRockit(R) Version R27.6.5-32_o-121899-1.6.0_14-20091001-2113-linux-ia32 from BEA Systems, Inc.>
WLST-WLS-1273604718586: <May 11, 2010 3:05:20 PM EDT> <Info> <Management> <BEA-140013> </u0/app/oracle/product/middleware/user_projects/domains/config/config.xml not found>
WLST-WLS-1273604718586: <May 11, 2010 3:05:20 PM EDT> <Info> <Management> <BEA-141254> <Generating new domain directory in /u0/app/oracle/product/middleware/user_projects/domains>
...WLST-WLS-1273604718586: <May 11, 2010 3:05:27 PM EDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
WLST-WLS-1273604718586:
WLST-WLS-1273604718586: There are 1 nested errors:
WLST-WLS-1273604718586:
WLST-WLS-1273604718586: weblogic.management.ManagementException: Failure during domain creation
WLST-WLS-1273604718586: at weblogic.management.internal.DomainDirectoryService.generateDomain(DomainDirectoryService.java:229)
WLST-WLS-1273604718586: at weblogic.management.internal.DomainDirectoryService.ensureDomainExists(DomainDirectoryService.java:152)
WLST-WLS-1273604718586: at weblogic.management.internal.DomainDirectoryService.start(DomainDirectoryService.java:72)
WLST-WLS-1273604718586: at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
WLST-WLS-1273604718586: at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
WLST-WLS-1273604718586: at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:749)
WLST-WLS-1273604718586: at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:488)
WLST-WLS-1273604718586: at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:446)
WLST-WLS-1273604718586: at weblogic.Server.main(Server.java:67)
WLST-WLS-1273604718586: Caused by: com.bea.plateng.domain.script.ScriptException: The domain location must have write permission.
WLST-WLS-1273604718586: at com.bea.plateng.domain.script.ScriptExecutor.writeDomain(ScriptExecutor.java:723)
WLST-WLS-1273604718586: at com.bea.plateng.domain.script.ScriptParserClassic$StateMachine.processWrite(ScriptParserClassic.java:575)
WLST-WLS-1273604718586: at com.bea.plateng.domain.script.ScriptParserClassic$StateMachine.execute(ScriptParserClassic.java:431)
WLST-WLS-1273604718586: at com.bea.plateng.domain.script.ScriptParserClassic.parseAndRun(ScriptParserClassic.java:150)
WLST-WLS-1273604718586: at com.bea.plateng.domain.script.ScriptParserClassic.doExecute(ScriptParserClassic.java:112)
WLST-WLS-1273604718586: at com.bea.plateng.domain.script.ScriptParser.execute(ScriptParser.java:73)
WLST-WLS-1273604718586: at com.bea.plateng.domain.DomainInfoHelper.executeSilentScript(DomainInfoHelper.java:858)
WLST-WLS-1273604718586: at com.bea.plateng.domain.DomainInfoHelper.createDefaultDomain(DomainInfoHelper.java:1762)
WLST-WLS-1273604718586: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
WLST-WLS-1273604718586: at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
WLST-WLS-1273604718586: at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
WLST-WLS-1273604718586: at java.lang.reflect.Method.invoke(Method.java:597)
WLST-WLS-1273604718586: at weblogic.management.internal.DomainDirectoryService.generateDomain(DomainDirectoryService.java:224)
WLST-WLS-1273604718586: ... 8 more
WLST-WLS-1273604718586:
WLST-WLS-1273604718586: >
WLST-WLS-1273604718586: <May 11, 2010 3:05:27 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
WLST-WLS-1273604718586: <May 11, 2010 3:05:27 PM EDT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
WLST-WLS-1273604718586: <May 11, 2010 3:05:27 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
WLST-WLS-1273604718586: Stopped draining WLST-WLS-1273604718586
WLST-WLS-1273604718586: Stopped draining WLST-WLS-1273604718586 .............................................Could not connect to the server to verify that it has started. The error returned is: javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3://10.110.90.156:7002: Destination unreachable; nested exception is:
java.net.ConnectException: Connection refused; No available router to destination] Traceback (innermost last):
File "<console>", line 1, in ?
File "<iostream>", line 432, in startServer
File "<iostream>", line 618, in raiseWLSTException
WLSTException: Error occured while performing startServer : Could not start the server, the process might have timed out or there is an Error starting the server. Please refer to the log files for more details.Hi,
Thank you for the quick response.
I tried that, I can connect so wls:/offline> nmConnect('weblogic','password','10.110.90.156','5556','ClassicDomain','/u0/app/oracle/product/middleware/user_projects/domains/ClassicDomain');
Connecting to Node Manager ...
Successfully Connected to Node Manager.
wls:/nm/ClassicDomain>
but on
nmStart(serverName="AdminServer",domainDir="/u0/app/oracle/product/middleware/user_projects/domains/ClassicDomain")
Starting server AdminServer ...
Error Starting server AdminServer: weblogic.nodemanager.NMException: Exception while starting server 'AdminServer'
wls:/nm/ClassicDomain> nmStart(serverName="AdminServer",domainDir="/u0/app/oracle/product/middleware/user_projects/domains/ClassicDomain")
Starting server AdminServer ...
Error Starting server AdminServer: weblogic.nodemanager.NMException: Exception while starting server 'AdminServer'
wls:/nm/ClassicDomain>
And the AdminServer log shows security authentication error. Wondering why since I am not entering password when I do nmStart?
Do you have an idea?
Thank you
Anatoliy -
Node Manager unable to start managed Server. SSL Handshake problem
I am getting the following Error:
weblogic.nodemanager.NodeManagerException: [Could not execute command start for server wecarebeadev via the Node Manager - reason: [CommandInvoker: Failed to send command: 'online to server 'wecarebeadev' to NodeManager at host: 'localhost:5555' with exception Write Channel Closed, possible SSL handshaking or trust failure. Please ensure that the NodeManager is active on the target machine].]
I have Weblogic Server 7.0 SP1 with Admin and Managed Server running on the same physical machine as Windows Services.
SSL port has been setup properly for Managed Server. Host Name Verification Ignored is checked for MS.Hi Ajay,
This happens when the SSL communication between the admin and the node
manager fails. The SSL configuration of the admin server or the node
manager is the problem.
cheers,
gaurav.
On 30 Jun 2003 12:19:49 -0700, Ajay Kulkarni <[email protected]> wrote:
I am getting the following Error:
weblogic.nodemanager.NodeManagerException: [Could not execute command
start for server wecarebeadev via the Node Manager - reason:
[CommandInvoker: Failed to send command: 'online to server 'wecarebeadev'
to NodeManager at host: 'localhost:5555' with exception Write Channel
Closed, possible SSL handshaking or trust failure. Please ensure that the
NodeManager is active on the target machine].]
I have Weblogic Server 7.0 SP1 with Admin and Managed Server running on
the same physical machine as Windows Services.
SSL port has been setup properly for Managed Server. Host Name
Verification Ignored is checked for MS.
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ -
SSL WebServices config error ? trust failure
I’m at a loss in getting SSL to work with 7.0’s Web Services. I compiled and ran
the basic javaclass example using http. I’m using the demo cert provided with
WLS. I haven’t changed any admin console SSL settings. Then (I think) I followed
the directions for changing it to SSL. I have had no luck and I’ve looked through
many notes in the forums discussing the issue with some solutions and tried several
combinations. I must be overlooking something. Any help is greatly appreciated.
I’d love to see how anyone has modified the sample’s ant “run” task to execute
it.
I can’t get it to work using the web client or a Java client. I’ve also seen
different system property settings mentioned. My local docs mention -Dweblogic.webservice.client.ssl.trustedcerts
but the newer docs mention –Dtrustedfile.
I had recompiled the example specifying the protocol="https" option and redeployed
the ear. Using the web client, I encounter the “Failed to retrieve WSDL from
https://localhost:7002/basic_javaclass/HelloWorld?WSDL. Please check the URL and
the protocol: Write Channel Closed, possible SSL handshaking or trust failure”
error when I try to invoke the service. I have the same error from the Java client.
I tried entering the system password (weblogic). I assume I’m getting this because
of the demo certification issue. When starting the web server, I’ve tried the
following additions using the democert.pem and trusted.crt files. What file should
I reference?
Here is my WLS server startup option additions attempting to get it to run:
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dtrustedfile=C:\bea\weblogic700\user_projects\wlsexamples\democert.pem
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.webservice.client.ssl.trustedcerts=C:\bea\weblogic700\user_projects\wlsexamples\democert.pem
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.webservice.client.ssl.strictcertchecking=false
On the Java client side, I have created a new runssl task with the additional
settings. Here is my latest version. I’ve tried multiple combinations. I get
the same error as the web app does.
<target name="runssl" depends="check">
<java classname="examples.webservices.basic.javaclass.Client"
fork="true">
<arg value="https://localhost:7002/basic_javaclass/HelloWorld?WSDL"/>
<sysproperty key="bea.home" value="c:\bea"/>
<sysproperty key="trustedfile" value="C:\bea\weblogic700\user_projects\wlsexamples\trusted.crt"/>
<sysproperty key="weblogic.webservice.client.ssl.trustedcerts" value="C:\bea\weblogic700\user_projects\wlsexamples\trusted.crt"/>
<sysproperty key="java.protocol.handler.pkgs" value="weblogic.webservice.client"/>
<sysproperty key="weblogic. webservice.client.ssl.strictcertchecking" value="false"/>
<sysproperty key="weblogic.webservice.verbose" value="true"/>
<classpath>
<pathelement location="${CLIENT_CLASSES}/${client_jar_file}"/>
<pathelement path="${java.class.path}"/>
<pathelement path="${CLIENT_CLASSES}"/>
<pathelement path="${CLIENT_CLASSES}/webserviceclient+ssl.jar"/>
</classpath>
</java>
</target>
Thanks in advance,
DaveHi Dave,
I had recompiled the example specifying the protocol="https" option and redeployed
the ear. Using the web client, I encounter the “Failed to retrieve WSDL from
https://localhost:7002/basic_javaclass/HelloWorld?WSDL. Please check the URL and
Sounds like the server side is not setup for SSL yet. A quick check is to use netstat -a and see if port 7002 is active. Be sure to
follow the docs (System Admin) carefully and work this issue first, making sure you can at least get to the WSDL before addressing the
other issues. Take a quick look at your server config.xml and there should be a section in the server for SSL that looks something like
this:
<SSL Enabled="true" Name="myserver"
ServerCertificateChainFileName="ca1024.der"
ServerCertificateFileName="democert1024.pem" ServerKeyFileName="demokey1024.pem"
TrustedCAFileName="client2certs.pem"/>
Hope this helps,
Brtuce
Dave Lyons wrote:
I’m at a loss in getting SSL to work with 7.0’s Web Services. I compiled and ran
the basic javaclass example using http. I’m using the demo cert provided with
WLS. I haven’t changed any admin console SSL settings. Then (I think) I followed
the directions for changing it to SSL. I have had no luck and I’ve looked through
many notes in the forums discussing the issue with some solutions and tried several
combinations. I must be overlooking something. Any help is greatly appreciated.
I’d love to see how anyone has modified the sample’s ant “run” task to execute
it.
I can’t get it to work using the web client or a Java client. I’ve also seen
different system property settings mentioned. My local docs mention -Dweblogic.webservice.client.ssl.trustedcerts
but the newer docs mention –Dtrustedfile.
I had recompiled the example specifying the protocol="https" option and redeployed
the ear. Using the web client, I encounter the “Failed to retrieve WSDL from
https://localhost:7002/basic_javaclass/HelloWorld?WSDL. Please check the URL and
the protocol: Write Channel Closed, possible SSL handshaking or trust failure”
error when I try to invoke the service. I have the same error from the Java client.
I tried entering the system password (weblogic). I assume I’m getting this because
of the demo certification issue. When starting the web server, I’ve tried the
following additions using the democert.pem and trusted.crt files. What file should
I reference?
Here is my WLS server startup option additions attempting to get it to run:
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dtrustedfile=C:\bea\weblogic700\user_projects\wlsexamples\democert.pem
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.webservice.client.ssl.trustedcerts=C:\bea\weblogic700\user_projects\wlsexamples\democert.pem
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.webservice.client.ssl.strictcertchecking=false
On the Java client side, I have created a new runssl task with the additional
settings. Here is my latest version. I’ve tried multiple combinations. I get
the same error as the web app does.
<target name="runssl" depends="check">
<java classname="examples.webservices.basic.javaclass.Client"
fork="true">
<arg value="https://localhost:7002/basic_javaclass/HelloWorld?WSDL"/>
<sysproperty key="bea.home" value="c:\bea"/>
<sysproperty key="trustedfile" value="C:\bea\weblogic700\user_projects\wlsexamples\trusted.crt"/>
<sysproperty key="weblogic.webservice.client.ssl.trustedcerts" value="C:\bea\weblogic700\user_projects\wlsexamples\trusted.crt"/>
<sysproperty key="java.protocol.handler.pkgs" value="weblogic.webservice.client"/>
<sysproperty key="weblogic. webservice.client.ssl.strictcertchecking" value="false"/>
<sysproperty key="weblogic.webservice.verbose" value="true"/>
<classpath>
<pathelement location="${CLIENT_CLASSES}/${client_jar_file}"/>
<pathelement path="${java.class.path}"/>
<pathelement path="${CLIENT_CLASSES}"/>
<pathelement path="${CLIENT_CLASSES}/webserviceclient+ssl.jar"/>
</classpath>
</java>
</target>
Thanks in advance,
Dave[att1.html] -
Hi
Had to un-install and then re-install MS SQL Server 2012 with SSRS.
After we re-installed we are able to get to the Web Services page but not the Report Server page and get the above error message. We need to use SSL and when we bind the cert in RS Configuration Manager it says it does this successfully on the WebServices
tab. We also do a similar exercise on the ReportServer page.
Any help warmly welcomed :D
ThanksHi Rich Whight,
According to your description, after you re-installed SQL Server 2012 with SSRS, you are able to access Web Service URL, but when you tried to access Report Manager URL, the error occurred: The underlying connection was closed. Could not establish trust
relationship for the SSL/TLS Secure channel.
The issue may be caused when the certificate isn't installed correctly in the trusted root for the local computer. To verify and install the certificate, Please refer to the steps blow:
In RsReportServer.config file(default location: C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer), change the “SecureConnectionLevel” element value from 0 to 3.
Add correct value to <UrlRoot> element.
Add the same value to the <ReportServerUrl> element as step2.
Go to Microsoft management Console, add the certificate which you use to access the report server under “Trusted Root Certification Authorities”.
For more information about SSL configuration and Managing Trusted Root Certificates, please refer to the following documents:
http://blogs.msdn.com/b/mariae/archive/2007/12/12/ssl-configuration-and-reporting-services.aspx
http://technet.microsoft.com/en-us/library/cc754841.aspx
If you have any more questions, please feel free to ask.
Best Regards,
Wendy Fu -
Is it possible to take control over ssl handshake process?
Hi,
I'd like to write an application that will show whole ssl handshake process step by step. So I was wondering if it is possible to do something like that:
when user connects his ssl client to ssl server he can push eg."Next" button moving to the next handshake step. But to do that i must have control on that handshake process:).
Thanx.Yeah I forgot about read and write. Forgive me please my questions, but I am just beginning programmer. Anyway I still get this exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Ofcourse I screwed something again, can you tell me what?
Here is client part:
while(myAppData.hasRemaining()){
SSLEngineResult result = engine.wrap(myAppData, myNetData);
// System.out.println(result.getStatus()); //here i get BUFFER_OVERFLOW why?
if(result.getStatus() == SSLEngineResult.Status.OK){
myAppData.compact();
while(myNetData.hasRemaining()){
int num = socketChannel.write(myNetData);
System.out.println(num);
if(num == -1){
System.out.println("close channel");
}else if(num == 0){
System.out.println("no write");
System.out.println(result.getStatus());
int bytesConsumed = result.bytesConsumed();
System.out.println("Bytes consumed: "+bytesConsumed);
int bytesProduced = result.bytesProduced();
System.out.println("Bytes produced: "+bytesProduced);
handStatus = result.getHandshakeStatus();
System.out.println(handStatus); //NEED-UNWRAP
}else if(result.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW){
// System.out.println(result.getStatus());
}else if(result.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW){
// System.out.println(result.getStatus()); }
and server part:
int num = sc.read(peerNetData);
System.out.println(num);
if(num == -1){
//closed channel
System.out.println("num=-1");
}else if(num == 0){
//no bytes read
System.out.println("num=0");
}else{
peerNetData.flip();
//here I get this exception
result = engine.unwrap(peerNetData, peerAppData);
if(result.getStatus() == SSLEngineResult.Status.OK){
peerNetData.compact();
int bytesConsumed = result.bytesConsumed();
int bytesProduced = result.bytesProduced();
hStat = result.getHandshakeStatus();
SSLEngineResult.Status status = result.getStatus();
System.out.println(status);
System.out.println(hStat);
if(peerAppData.hasRemaining()){
//use peerAppData
} -
Weblogic server 10.3.5 error during SSL handshake
Please some one help to figure the issue with following logs.
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 33095418>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33092490 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33092490>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33092690>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <33095215 SSL Version data invalid>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <Connection to SSL port from Sa-PC - 150.1.104.124 appears to be either unknown SSL version or maybe is plaintext>
<16-Jan-2013 18:40:40 o'clock GMT> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer Sa-PC - 150.1.104.124 during SSL handshake.>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 70
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at javax.net.ssl.impl.SSLSocketImpl.startHandshake(Unknown Source)
at weblogic.server.channels.DynamicSSLListenThread$1.run(DynamicSSLListenThread.java:130)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <close(): 33095215>
<16-Jan-2013 18:40:40 o'clock GMT> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 33095418>
I just created domain with http and https ports. I installed an web app. When I am trying to access the app from browser through https the above error is occurring.
Please somebody help me.
Thanks in advance.
SKThis message indicates that the SSL connection is closed successfully. It is a warning message and normal to see in the logs when you enable the SSL debug flags. This is an expected behavior. If you see alerts when SSL debug is NOT ENABLED then it is a real alert and we need to take care of those issues. Also, it is not a real alert, it is a caught and handled exception from the certicom code which is not harmful and should be ignored, just because you have enabled the SSL debug flag. Once you turn it off, you won't see it in the logs.
Edited by: sharmela on Jan 22, 2013 4:55 AM -
Netscape Directory Server closes LDAPS connection during SSL handshake
I'm trying to bind to a NDS 6.2 LDAP server over SSL using the 1.4.2_03 JNDI LDAP provider,
but I can't get past the initial TSL handshake: it throws a "Remote host closed connection
during handshake" exception. The JSSE FAQ mentions this as likely a problem with
protocol incompatibilities (e.g. SSL3 vs. TLS1), but I can't seem to force the LDAP provider
to use an older protocol to investigate this further.
Here are the environment parameters I'm passing
java.naming.provider.url=ldap://ldaphost:636/o=foo,ou=bar
java.naming.security.principal=cn=foobar
java.naming.security.credentials=password
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
java.naming.security.authentication=simple
java.naming.security.protocol=ssland the associated JSSE debug trace follows.
Any ideas? Do I need to create some custom socket factory to mess with protocols?
pch
================
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: C:\tools\jdk1.4.2\jre\lib\security\jssecacerts
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: [email protected], CN=Petes Bait and Tackle Class Z CA, O=Petes Bait and Tackle, L=Falls Church, ST=Virginia, C=US
Issuer: [email protected], CN=Petes Bait and Tackle Class Z CA, O=Petes Bait and Tackle, L=Falls Church, ST=Virginia, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Thu Jun 24 13:24:27 EDT 2004 until Fri Jun 24 13:24:27 EDT 2005
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1071325469 bytes = { 1, 25, 191, 168, 187, 165, 118, 46, 45, 64, 183, 165, 131, 120, 155, 107, 208, 170, 19, 80, 74, 234, 177, 118, 51, 83, 194, 158 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 40 DB 21 1D 01 19 BF A8 BB A5 ...E..@.!.......
0010: 76 2E 2D 40 B7 A5 83 78 9B 6B D0 AA 13 50 4A EA [email protected].
0020: B1 76 33 53 C2 9E 00 00 1E 00 04 00 05 00 2F 00 .v3S........../.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 40 DB 21 1D 01 19 BF A8 BB A5 76 2E 2D 40 ..@.!.......v.-@
0050: B7 A5 83 78 9B 6B D0 AA 13 50 4A EA B1 76 33 53 ...x.k...PJ..v3S
0060: C2 9E ..
main, WRITE: SSLv2 client hello message, length = 98
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()My first suggestion is to find an log on de NDS server (maybe it states a reason for the closing the connection)
Otherwise use Ethereal to examen the trafic between the to machines. Maybe that helps.
Or check if the NDS wants 2-way authentication and is trying to get your certificate as wel. -
In SSL Handshake : failed extension check error
Hi all,
Could anyone help in this?
Im facing a problem in SSL handshaking using JSSE, J2SDK1.4.
The CertificateException message is :
Invalid Netscape CertType extension for SSL client
And the source of error is : failed extension check
The following is the trace SSL Server.
D:\users\Jp\java\jssesamples\sockets\server\class>java -Djavax.net.debug=SSL,handshake,data,trustmanager ClassFileServer 1089
. TLS true
USAGE: java ClassFileServer port docroot [TLS [true]]
If the third argument is TLS, it will start as
a TLS/SSL file server, otherwise, it will be
an ordinary file server.
If the fourth argument is true,it will require
client authentication as well.
found key for : serverkey
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
adding private entry as trusted cert: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
adding as trusted cert: [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
trigger seeding of SecureRandom
done seeding SecureRandom
matching alias: serverkey
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 74
0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
0020: 12 00 00 03 02 00 80 00 00 11 3D 94 3D E6 6A 85 ..........=.=.j.
0030: 4E 4B 5F DC 11 A2 3C F3 59 F7 1E 96 93 87 31 6A NK_...<.Y.....1j
0040: CD 2B 58 8A A1 7E A4 7D C5 C7 .+X.......
Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
*** ClientHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 106, 133, 78, 75, 95, 220, 17, 162, 60, 243, 89, 247, 30, 150, 147, 135, 49, 106, 20
5, 43, 88, 138, 161, 126, 164, 125, 197, 199 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_
CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES4
0_CBC_SHA]
Compression Methods: { 0 }
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1016347878 bytes = { 163, 141, 218, 216, 192, 179, 129, 194, 37, 124, 119, 173, 229, 90, 173, 39, 166, 16
6, 58, 146, 118, 120, 174, 234, 161, 101, 91, 104 }
Session ID: {61, 148, 61, 230, 252, 82, 216, 137, 71, 131, 250, 161, 21, 201, 221, 98, 131, 132, 212, 15, 253, 235, 102, 35,
90, 154, 189, 159, 119, 125, 204, 167}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, SEND TLSv1 ALERT: warning, description = close_notify
Finalizer, WRITE: TLSv1 Alert, length = 2
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a3
Validity: [From: Fri Sep 27 12:36:44 IST 2002,
To: Sat Sep 27 12:36:44 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 11]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 39 C0 C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 9..94*RlGH......
0010: 51 AF DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 Q..CT.4...bp.%..
0020: E9 94 EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 .......(..b.4..d
0030: 32 28 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 2(Z.N......$-(..
0040: 94 6D F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 .m...4.cp.M8y...
0050: 9F F1 C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A ...h........0...
0060: 7C EE 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D ...2.^.Y.<....5.
0070: D9 B2 F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F ..........`.".._
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=Jayaprakash A, OU=Sample Server, O=Sample Server Org, L=Mumbai, ST=Maharashtra, C=IN>
<CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In>
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 1970
0000: 02 00 00 46 03 01 3D 94 3D E6 A3 8D DA D8 C0 B3 ...F..=.=.......
0010: 81 C2 25 7C 77 AD E5 5A AD 27 A6 A6 3A 92 76 78 ..%.w..Z.'..:.vx
0020: AE EA A1 65 5B 68 20 3D 94 3D E6 FC 52 D8 89 47 ...e[h =.=..R..G
0030: 83 FA A1 15 C9 DD 62 83 84 D4 0F FD EB 66 23 5A ......b......f#Z
0040: 9A BD 9F 77 7D CC A7 00 04 00 0B 00 06 35 00 06 ...w.........5..
0050: 32 00 03 0A 30 82 03 06 30 82 02 6F A0 03 02 01 2...0...0..o....
0060: 02 02 01 11 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 98 31 0B 30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0090: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
00A0: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
00B0: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
00C0: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
00D0: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
00E0: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
00F0: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
0100: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 30 1E ficate Manager0.
0110: 17 0D 30 32 30 39 32 37 30 37 30 36 34 34 5A 17 ..020927070644Z.
0120: 0D 30 33 30 39 32 37 30 37 30 36 34 34 5A 30 81 .030927070644Z0.
0130: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
0140: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
0150: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
0160: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
0170: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
0180: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
0190: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
01A0: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
01B0: 41 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 A0..0...*.H.....
01C0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 A5 66 .......0.......f
01D0: A2 53 DE A9 94 5F 48 C1 4B 67 E2 A8 AE EB 86 40 .S..._H.Kg.....@
01E0: F0 BD 58 94 1E 25 7F B3 AA A5 FB 9D B7 33 DB 6C ..X..%.......3.l
01F0: 5A 21 2D 95 44 5E 5A 28 AB 59 40 0C C2 D2 CC EE Z!-.D^Z(.Y@.....
0200: C8 74 DD 62 25 43 5C CE 79 FF 6D 9B 04 25 8E BD .t.b%C\.y.m..%..
0210: 05 9C 9C D6 55 DC 13 23 98 C5 5D 5C 01 5F D6 54 ....U..#..]\._.T
0220: 34 22 20 CE A1 AE C8 0C B4 FC 03 4D 2B C8 2B 54 4" ........M+.+T
0230: 3A 98 50 33 11 2F 27 C2 60 9E F9 40 52 26 05 A9 :.P3./'.`..@R&..
0240: B6 E8 F4 73 1A B0 E9 11 EF C3 23 D9 1D FB 02 03 ...s......#.....
0250: 01 00 01 A3 76 30 74 30 11 06 09 60 86 48 01 86 ....v0t0...`.H..
0260: F8 42 01 01 04 04 03 02 06 40 30 0E 06 03 55 1D [email protected].
0270: 0F 01 01 FF 04 04 03 02 04 F0 30 1F 06 03 55 1D ..........0...U.
0280: 23 04 18 30 16 80 14 61 03 42 D0 1B 10 56 EE 2E #..0...a.B...V..
0290: F1 24 61 D5 25 B3 31 03 27 85 AA 30 2E 06 03 55 .$a.%.1.'..0...U
02A0: 1D 11 04 27 30 25 81 23 63 6F 73 6C 74 65 6D 70 ...'0%.#cosltemp
02B0: 2E 6A 61 79 61 70 72 61 6B 61 73 68 40 6F 72 62 .jayaprakash@orb
02C0: 69 74 65 63 68 2E 63 6F 2E 69 6E 30 0D 06 09 2A itech.co.in0...*
02D0: 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 39 C0 .H............9.
02E0: C7 39 34 2A 52 6C 47 48 AB 80 D2 0D BB D2 51 AF .94*RlGH......Q.
02F0: DD 43 54 B6 34 B6 C5 A7 62 70 0F 25 0D 80 E9 94 .CT.4...bp.%....
0300: EE 02 8F EA B5 28 82 C3 62 7C 34 BE AB 64 32 28 .....(..b.4..d2(
0310: 5A C7 4E CA C0 9A B9 7B BF 24 2D 28 AF BA 94 6D Z.N......$-(...m
0320: F0 E8 03 34 91 63 70 CA 4D 38 79 BC 1E 98 9F F1 ...4.cp.M8y.....
0330: C6 68 CD 14 FA 1B CD FA DF F9 30 A4 9A 1A 7C EE .h........0.....
0340: 86 32 11 5E 0A 59 B9 3C B1 B6 A5 F2 35 7D D9 B2 .2.^.Y.<....5...
0350: F0 88 A3 7B 95 1F D0 03 60 E8 22 01 F4 5F 00 03 ........`.".._..
0360: 22 30 82 03 1E 30 82 02 87 A0 03 02 01 02 02 01 "0...0..........
0370: 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 .0...*.H........
0380: 30 81 98 31 0B 30 09 06 03 55 04 06 13 02 49 6E 0..1.0...U....In
0390: 31 14 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 1.0...U....Mahar
03A0: 61 73 68 74 72 61 31 18 30 16 06 03 55 04 07 13 ashtra1.0...U...
03B0: 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 45 50 5A .Andheri / SEEPZ
03C0: 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 62 69 74 1#0!..U....Orbit
03D0: 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 20 4C 69 ech Solutions Li
03E0: 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 0B 13 04 mited1.0...U....
03F0: 51 50 45 47 31 25 30 23 06 03 55 04 03 13 1C 4F QPEG1%0#..U....O
0400: 72 62 69 74 65 63 68 20 43 65 72 74 69 66 69 63 rbitech Certific
0410: 61 74 65 20 4D 61 6E 61 67 65 72 30 1E 17 0D 30 ate Manager0...0
0420: 32 30 37 31 38 31 39 30 30 30 30 5A 17 0D 32 38 20718190000Z..28
0430: 30 37 31 38 31 39 30 30 30 30 5A 30 81 98 31 0B 0718190000Z0..1.
0440: 30 09 06 03 55 04 06 13 02 49 6E 31 14 30 12 06 0...U....In1.0..
0450: 03 55 04 08 13 0B 4D 61 68 61 72 61 73 68 74 72 .U....Maharashtr
0460: 61 31 18 30 16 06 03 55 04 07 13 0F 41 6E 64 68 a1.0...U....Andh
0470: 65 72 69 20 2F 20 53 45 45 50 5A 31 23 30 21 06 eri / SEEPZ1#0!.
0480: 03 55 04 0A 13 1A 4F 72 62 69 74 65 63 68 20 53 .U....Orbitech S
0490: 6F 6C 75 74 69 6F 6E 73 20 4C 69 6D 69 74 65 64 olutions Limited
04A0: 31 0D 30 0B 06 03 55 04 0B 13 04 51 50 45 47 31 1.0...U....QPEG1
04B0: 25 30 23 06 03 55 04 03 13 1C 4F 72 62 69 74 65 %0#..U....Orbite
04C0: 63 68 20 43 65 72 74 69 66 69 63 61 74 65 20 4D ch Certificate M
04D0: 61 6E 61 67 65 72 30 81 9F 30 0D 06 09 2A 86 48 anager0..0...*.H
04E0: 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 ............0...
04F0: 81 81 00 DC 3A 63 36 00 7B F1 7C C4 C0 6B 52 1F ....:c6......kR.
0500: 4B 71 46 28 3E C0 C3 B9 0B E9 FB 2D CA 7F E3 90 KqF(>......-....
0510: 84 60 60 C3 3B C3 B1 0F 9F CF 5C 3B 6E 3C C4 6D .``.;.....\;n<.m
0520: BD 11 12 9F A5 A7 FE EE 1A 4C 67 9E D7 BE 1B 1E .........Lg.....
0530: 1C C5 5A 0F 42 B1 4A 88 CA 49 13 02 0F 3F 79 EE ..Z.B.J..I...?y.
0540: A2 86 4D 88 3D 98 48 30 2E AB A4 D1 6B 9B 95 39 ..M.=.H0....k..9
0550: 81 03 CA 1C 7D 14 8E EB 9D CB 09 C5 BD 50 58 A0 .............PX.
0560: 52 81 5C DD E9 09 EC BD 83 05 24 10 73 68 A5 5A R.\.......$.sh.Z
0570: 44 4B 09 02 03 01 00 01 A3 76 30 74 30 11 06 09 DK.......v0t0...
0580: 60 86 48 01 86 F8 42 01 01 04 04 03 02 00 D7 30 `.H...B........0
0590: 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF ...U.......0....
05A0: 30 1D 06 03 55 1D 0E 04 16 04 14 61 03 42 D0 1B 0...U......a.B..
05B0: 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA 30 .V...$a.%.1.'..0
05C0: 1F 06 03 55 1D 23 04 18 30 16 80 14 61 03 42 D0 ...U.#..0...a.B.
05D0: 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 03 27 85 AA ..V...$a.%.1.'..
05E0: 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 86 0...U...........
05F0: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0600: 81 81 00 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 ..........EL....
0610: 86 B9 37 BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D ..7.;O..].;p5...
0620: 54 B7 89 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B T..[J2..aZ...$..
0630: F4 23 40 D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 .#@.M.Sz.NN...:W
0640: EF 43 02 C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 .C..........t%S.
0650: 7B 38 2F 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D .8/\..p..._..<U-
0660: FF 2A FB 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA .*....*....]_6..
0670: 57 EF 74 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 W.t...R...h..N..
0680: A2 0C 7F 0D 00 01 27 02 01 02 01 22 00 83 30 81 ......'...."..0.
0690: 80 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 14 .1.0...U....IN1.
06A0: 30 12 06 03 55 04 08 13 0B 4D 61 68 61 72 61 73 0...U....Maharas
06B0: 68 74 72 61 31 0F 30 0D 06 03 55 04 07 13 06 4D htra1.0...U....M
06C0: 75 6D 62 61 69 31 1A 30 18 06 03 55 04 0A 13 11 umbai1.0...U....
06D0: 53 61 6D 70 6C 65 20 53 65 72 76 65 72 20 4F 72 Sample Server Or
06E0: 67 31 16 30 14 06 03 55 04 0B 13 0D 53 61 6D 70 g1.0...U....Samp
06F0: 6C 65 20 53 65 72 76 65 72 31 16 30 14 06 03 55 le Server1.0...U
0700: 04 03 13 0D 4A 61 79 61 70 72 61 6B 61 73 68 20 ....Jayaprakash
0710: 41 00 9B 30 81 98 31 0B 30 09 06 03 55 04 06 13 A..0..1.0...U...
0720: 02 49 6E 31 14 30 12 06 03 55 04 08 13 0B 4D 61 .In1.0...U....Ma
0730: 68 61 72 61 73 68 74 72 61 31 18 30 16 06 03 55 harashtra1.0...U
0740: 04 07 13 0F 41 6E 64 68 65 72 69 20 2F 20 53 45 ....Andheri / SE
0750: 45 50 5A 31 23 30 21 06 03 55 04 0A 13 1A 4F 72 EPZ1#0!..U....Or
0760: 62 69 74 65 63 68 20 53 6F 6C 75 74 69 6F 6E 73 bitech Solutions
0770: 20 4C 69 6D 69 74 65 64 31 0D 30 0B 06 03 55 04 Limited1.0...U.
0780: 0B 13 04 51 50 45 47 31 25 30 23 06 03 55 04 03 ...QPEG1%0#..U..
0790: 13 1C 4F 72 62 69 74 65 63 68 20 43 65 72 74 69 ..Orbitech Certi
07A0: 66 69 63 61 74 65 20 4D 61 6E 61 67 65 72 0E 00 ficate Manager..
07B0: 00 00 ..
Thread-1, WRITE: TLSv1 Handshake, length = 1970
Thread-1, READ: TLSv1 Handshake, length = 1727
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
chain [1] = [
Version: V3
Subject: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@e6
Validity: [From: Fri Jul 19 00:30:00 IST 2002,
To: Wed Jul 19 00:30:00 IST 2028]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 01]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
Object Signing
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 0B DB 06 7D 10 E6 DE 45 4C 87 8A 86 E9 86 B9 37 .......EL......7
0010: BF 3B 4F B2 B8 5D E6 3B 70 35 A8 01 7D 54 B7 89 .;O..].;p5...T..
0020: 5B 4A 32 9D 85 61 5A 1E 01 A1 24 88 0B F4 23 40 [J2..aZ...$...#@
0030: D3 4D 1E 53 7A 92 4E 4E CB B8 EF 3A 57 EF 43 02 .M.Sz.NN...:W.C.
0040: C4 FF 91 91 D7 8D B9 99 18 74 25 53 B8 7B 38 2F .........t%S..8/
0050: 5C 95 A2 70 7F EE 0F 5F 14 C1 3C 55 2D FF 2A FB \..p..._..<U-.*.
0060: 99 7C B5 2A F5 A5 00 D6 5D 5F 36 D5 FA 57 EF 74 ...*....]_6..W.t
0070: 03 10 7B 52 FF E8 B9 68 00 C4 4E 16 E4 A2 0C 7F ...R...h..N.....
failed extension check: [
Version: V3
Subject: CN=Jayaprakash A, OU=Sample Client, O=Sample Client Org, L=Mumbai, ST=Maharashtra, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2d2
Validity: [From: Fri Sep 27 12:36:25 IST 2002,
To: Sat Sep 27 12:36:25 IST 2003]
Issuer: CN=Orbitech Certificate Manager, OU=QPEG, O=Orbitech Solutions Limited, L=Andheri / SEEPZ, ST=Maharashtra, C=In
SerialNumber: [ 10]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 61 03 42 D0 1B 10 56 EE 2E F1 24 61 D5 25 B3 31 a.B...V...$a.%.1
0010: 03 27 85 AA .'..
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[RFC822Name: [email protected]]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 4C 68 F2 CD FF 1E 9C F0 14 56 51 AF AA 41 CD 98 Lh.......VQ..A..
0010: 55 D9 5F D8 38 7F C3 25 49 BA D0 F1 93 AC 88 E2 U._.8..%I.......
0020: 8A 72 0E 68 F2 49 5D 60 B6 D1 2C C2 54 E4 A7 E4 .r.h.I]`..,.T...
0030: 72 21 49 ED E7 66 F2 C1 A5 28 B6 5C 76 29 CC 06 r!I..f...(.\v)..
0040: 4F 2B C3 A9 54 2D D0 63 7D C4 FD 3D 49 13 36 7F O+..T-.c...=I.6.
0050: D5 E4 B2 4C 4F C6 DA BC A2 67 FE 7F 94 37 A1 58 ...LO....g...7.X
0060: FF 9C DB 1B CD 0F 75 F0 49 DB AF 44 49 8F 28 77 ......u.I..DI.(w
0070: 1F C1 E5 13 BA 46 26 DD 72 5E AD A1 68 8B 89 FE .....F&.r^..h...
ext exception was: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
Thread-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown
Thread-1, WRITE: TLSv1 Alert, length = 2
Thread-1, called closeSocket()
Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape
CertType extension for SSL client
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL cli
ent
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)I'm having a related problem. It only occurs on the 1.4.1 version of the JRE. The 1.4.0 works fine. I've created my own custom socket for an RMI server that uses SSL to encrypt any data being sent. I have a valid certificate that works fine to encrypt data from my web server. The client gets the same exception that was posted above. Here is the stack trace on the client's machine if they are running the 1.4.1 JRE:
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
at com.msfw.imageserver.RMIServer_Stub.processRequest(Unknown Source)
at com.msfw.business.Server.rmiQuery(Server.java:389)
at com.msfw.business.Server.callServer(Server.java:540)
at com.msfw.business.Server.callServer(Server.java:523)
at com.msfw.business.Server.callServer(Server.java:518)
at com.msfw.business.Server.callServer(Server.java:572)
at com.msfw.business.Server.callServer(Server.java:578)
at com.msfw.idwebview.IdViewApplet.callServer(IdViewApplet.java:6058)
at com.msfw.idwebview.IdViewApplet.appletRun(IdViewApplet.java:889)
at com.msfw.idwebview.IdViewApplet.start(IdViewApplet.java:1177)
at com.msfw.splash.SplashApplet.init(SplashApplet.java:101)
at sun.applet.AppletPanel.run(AppletPanel.java:347)
at java.lang.Thread.run(Thread.java:536)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
... 15 more
Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL server
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
... 26 more
I also created my own homemade certificate and get the same results. Like I said before, the 1.4.0 JRE doesn't do this so it seems to be a new bug in the 1.4.1. Does anyone know how to get around this or what is causing this problem? Thanks. -
Ssl-handshake fails with scandinavian chars in client certificate
Hello,
We've run into a problem with 2-way-ssl and certificates that have scandinavian
characters in the subject. The problem cert is used as client-certificate for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link that will immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they cause it,
but the certs ought to be according to specs: name-fields encoding is UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and with SP2 (and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri, C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri, C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14' for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest failed
java.lang.NullPointerException: Could not set value for ASN.1 string object..
java.lang.NullPointerException: Could not set value for ASN.1 string object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(Unknown Source)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE-----BMPString is another asn1 type that can be used for certificate attributes with
non-ascii characters. The workaround is simply to use the BMPString instead of
UTF8String for that subject name attribute in the certificate request. This off-course
assumes that you can replace the certificate, and have control over what asn1
type is used for the subject name attributes in the certificate request (via a
tool options, or by generating the request yourself), so it is probably not applicable.
Pavel.
"Ari Räisänen" <[email protected]> wrote:
>
Thanks again, Pavel!
I'm filing a support case about this. You talked about a workaround (BMPString).
Could you be more spesific? I haven't talked about this issue with Igor
yet.
Regards,
Ari
"Pavel" <[email protected]> wrote:
Sounds like a bug in certicom code. It should support UTF8String.
I'd file a support case.
You might be able to use BMPString instead as a workaround.
Pavel.
"Igor Styrman" <[email protected]> wrote:
Hello,
We've run into a problem with 2-way-ssl and certificates that have
scandinavian
characters in the subject. The problem cert is used as client-certificate
for
authentication and it goes like this:
1. Client surfs with http in our site, until clicks https-link thatwill
immediately
start the ssl-handshake
2. Server presents it's trusted cert-list fine
3. PIN is being asked fine
4. Next the request processing stops on the exception below and nothing
will happen
on the client side.
Certs without these äöå -chars work fine, so our guess is that they
cause it,
but the certs ought to be according to specs: name-fields encoding
is
UTF-8 according
to RFC 2459 from year 1999. A failing example-cert is also below.
Would this be a problem with the certificate rather than BEA-implementation?
Same behavior on Windows and Solaris Weblogic 8.11 as such and withSP2
(and with
sp2 + CASE_ID_NUM: 501454 hotfix).
Best Regards,
Igor Styrman
<avalable(): 20303264 : 0 + 0 = 0>
<write ALERT offset = 0 length = 2>
<SSLIOContextTable.removeContext(ctx): 1765100>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <Filtering
JSSE
SSLSocket>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.addContext(ctx):
6487148>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLSocket
will
be Muxing>
PM EEST><SSLListenThread.Default> <<WLS Kernel>> <> <000000> <SSLIOContextTable.findContext(is):
11153746>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL Version 2 with no padding>
<21647856 SSL3/TLS MAC>
<21647856 received SSL_20_RECORD>
<HANDSHAKEMESSAGE: ClientHelloV2>
<write HANDSHAKE offset = 0 length = 58>
<write HANDSHAKE offset = 0 length = 1789>
<Converting principal: OU=Class 4 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=SHP ROOT CA, O=SHP, C=FI>
<Converting principal: CN=topsel, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust
Solutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=SatShp CA, O=Satakunnan sairaanhoitopiiri,
C=FI>
<Converting principal: OU=Class 1 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: [email protected], CN=Thawte
Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape
Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: OU=Class 3 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<Converting principal: CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<Converting principal: [email protected], CN=Thawte
Server
CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, ST=Western
Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town,
ST=Western Cape, C=ZA>
<Converting principal: [email protected], CN=Thawte
Premium
Server CA, OU=Certification Services Division, O=Thawte Consultingcc,
L=Cape
Town, ST=Western Cape, C=ZA>
<Converting principal: OU=Secure Server Certification Authority, O="RSA
Data Security,
Inc.", C=US>
<Converting principal: CN=Baltimore CyberTrust Root, OU=CyberTrust,O=Baltimore,
C=IE>
<Converting principal: CN=Fujitsu Test CA, O=Fujitsu Services Oy, C=FI>
<Converting principal: CN=GTE CyberTrust Root 5, OU="GTE CyberTrustSolutions,
Inc.", O=GTE Corporation, C=US>
<Converting principal: CN=PSHP CA, O=Pirkanmaan sairaanhoitopiiri,
C=FI>
<Converting principal: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE>
<Converting principal: OU=Class 2 Public Primary Certification Authority,
O="VeriSign,
Inc.", C=US>
<write HANDSHAKE offset = 0 length = 2409>
<write HANDSHAKE offset = 0 length = 4>
<SSLFilter.isActivated: false>
<isMuxerActivated: false>
<SSLFilter.isActivated: false>
<21647856 readRecord()>
<21647856 SSL3/TLS MAC>
<21647856 received HANDSHAKE>
<HANDSHAKEMESSAGE: Certificate>
PM EEST> <Error> <Kernel> <> <satshpeduServer> <ExecuteThread: '14'
for queue:
'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-000802> <ExecuteRequest
failed
java.lang.NullPointerException: Could not set value for ASN.1 string
object..
java.lang.NullPointerException: Could not set value for ASN.1 string
object.
at com.certicom.security.asn1.ASN1String.setValue(Unknown Source)
at com.certicom.security.asn1.ASN1String.setBufferTo(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeString(UnknownSource)
at com.certicom.security.asn1.ASN1String.decode(Unknown Source)
at com.certicom.security.pkix.AttributeTypeAndValue.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSetOf(Unknown Source)
at com.certicom.security.asn1.ASN1SetOf.decode(Unknown Source)
at com.certicom.security.asn1.ASN1SequenceOf.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Name.decodeContents(Unknown Source)
at com.certicom.security.asn1.ASN1Choice.decode(Unknown Source)
at com.certicom.security.pkix.TBSCertificate.decodeContents(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.pkix.Certificate.decodeContents(Unknown Source)
at com.certicom.security.asn1.DERInputStream.decodeStructured(Unknown
Source)
at com.certicom.security.asn1.DERInputStream.decodeSequence(Unknown
Source)
at com.certicom.security.asn1.ASN1Sequence.decode(Unknown Source)
at com.certicom.security.asn1.ASN1Type.decode(Unknown Source)
at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.MessageCertificate.<init>(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeMessage.create(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(Unknown
Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:514)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIDFm/PMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkZJ
MRwwGgYDVQQKExNGdWppdHN1IFNlcnZpY2VzIE95MRgwFgYDVQQDEw9GdWppdHN1
IFRlc3QgQ0EwHhcNMDQwNjAyMTE1MjE4WhcNMDYwNjAyMTIyMjE4WjB3MQswCQYD
VQQGEwJGSTEQMA4GA1UEChMHRnVqaXRzdTEgMB4GA1UEAwwXSMO2bG3DtmzDpGlu
ZW4gw4VrZSAwMDExDDAKBgNVBAUTAzAwMTEXMBUGA1UEBAwOSMO2bG3DtmzDpGlu
ZW4xDTALBgNVBCoMBMOFa2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO44
Zm31uJb8048/6PByPyXzaW3gCz1mT02TuwVtjMRJ4ObbFCqMGC+YosA2kNKoW0Ef
C+YlKNqhvaid0bATQefdSHVQhzFL3HFIfZc3ONAJQ/U+I6W69r2JePoCvZppknmC
YrnCCDx3Ap27B7v57f/XTmdpiB8IdiCTl3PnV78PAgMBAAGjggFEMIIBQDAfBgNV
HSMEGDAWgBT8T+xYc3T6j89O8cZ4hC9r1e9DojAdBgNVHQ4EFgQUtS4z8K26uW2d
IeJ3aelDnqnkBnYwCwYDVR0PBAQDAgSwMFMGA1UdEQRMMEqgKwYKKwYBBAGCNxQC
A6AdDBtha2UuaG9sbW9sYWluZW5AZnVqaXRzdS5jb22BG2FrZS5ob2xtb2xhaW5l
bkBmdWppdHN1LmNvbTB9BgNVHR8EdjB0MHKgcKBuhmxsZGFwOi8vMjEyLjI0Ni4y
MjIuMTQyOjM4OS9DTj1GdWppdHN1JTIwVGVzdCUyMENBLE89RnVqaXRzdSUyMFNl
cnZpY2VzJTIwVGVzdCxDPUZJP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwHQYD
VR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQAZ
KV3Og/y6zUOMwZGswUxAne5fe4Ab70bmX+z49MVeA0dfdQwQdR9GwFVF+fcK+q0T
3Lmcwpm5KiHWYoIOxPb6MqTTWxV7HSXWr7A7P4BbTGxsujpUULcmQGQFAd69R0Ur
JFDwYnDEP2+4RzrvlP6AWspyHJePYmCt9h3JfxYAqVLTL0suO1uh8hgtStujmqsI
0WNCfnQ+sURdDzp6WpVFcxFQa5aAcyx9sWWqV5Ta5l6JTCmoHth7qoV3BtUKv4+z
SqIHKA1ixrvlhqWkjYxg51N6ihbbR5shBRRinAqRIQjTzXmun2wJzwNigt4zWiNg
tvrGCMOrvrb5QTxVtLNr
-----END CERTIFICATE----- -
Weblogic 8.1 SP 6 throws Read channel closed when sending SOAP message
Hi,
I am using Weblogic8.1 SP6 & Axis1 to send SOAP message through RPC call using SSL. This is working intermittently.
I use WLSSLAdapter to set up the SSL, and some properties I set:
System.setProperty("javax.xml.soap.MessageFactory", "weblogic.webservice.core.soap.MessageFactoryImpl");
System.setProperty("javax.xml.rpc.ServiceFactory", "weblogic.webservice.core.rpc.ServiceFactoryImpl");
System.setProperty("weblogic.webservice.verbose", "true");
In case of error, the server throws this:
java.io.IOException: Read channel closed
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Sourc
e)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown S
ource)
at com.certicom.tls.record.ReadHandler.read(Unknown Source)
at com.certicom.tls.record.ReadHandler.read(Unknown Source)
at com.certicom.tls.record.ReadHandler.read(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown S
ource)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Sourc
e)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown S
ource)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:105)
AT java.io.FilterOutputStream.write(FilterOutputStream.java:80)
at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientB
inding.java:430)
at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.ja
va:219)
at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.j
ava:37)
at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.jav
a:143)
at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:471)
at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:566)
at weblogic.webservice.core.rpc.CallImpl.invoke(CallImpl.java:419)
Before sending message, application will first retrieve WSDL from the target. This is always success.
I need to know how to fix this problem.
Any help is appreciated. Thanks.
AlvinHi,
Even I am facing the same issue could any body help me out to solve this issue. -
EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake
Hi All ,
I am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of EAP_TLS under golbal authentication setup .
I have downloaded client supplicant certficate file for my windows XP machine .
When i tried to authenticated i am finding following error message under failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .
Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
Suggest me whether i need to enable all corresponding CA certficate undercertficate trust list , Kindly let me know were i am doing wrong on this ..Hello,
I am NO expert on certificates but I have seen your error dozens of times from wireless clients on my Cisco ACS 4.2 Radius server.
Through trial and error I wrote up this procedure for our Helpdesk for installing certs in Windows XP and Windows 7. These steps haven't failed me yet and the Helpdesk doesn't bother me as much anymore so see if this helps you:
- Manually install the Global CA under BOTH Trusted Root Certification Authorities\Certificates AND Intermediate Certification Authorities\Certificates
- Manually install the Intermediate CA under JUST the Intermediate Certification Authorities\Certificates
- Delete the wireless network from the computer
- REBOOT!!
- Open the Microsoft Management Console, “mmc”.
- Go FILE\Add Remove SnapIn. Select Certificates ..
- If promoted, do it for “My User Account”.
- Make sure the certificates are where you put them.
- If you see any of these exact certificates out of place in either Trusted Root Certification Authorities\Certificates or Intermediate Certification Authorities\Certificates, remove them.
- Redo wireless network setup again
I hope this helps you.
Mike -
Hi,
I am getting the "Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" error during SSL handshake.
I am implementing SSL authentication in custom JCA adapter. I have the keypairs in the DEFAULT view in keystorage and the public key of server in services_ssl view. I am able to access the certificated by doing a looklup. Below is the implementation
KeystoreManager manager = (KeystoreManager)ctx.lookup("keystore");
trustKeyStore = manager.getKeystore("service_ssl");
keyStore = manager.getKeystore("DEFAULT);
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keyStore, null);
KeyManager[] kmanager= kmfactory.getKeyManagers();
TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
tmfactory.init(trustKeyStore);
TrustManager[] trustmanagers = tmfactory.getTrustManagers();
SSLContext sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(keymanagers, trustManagers, null);
I am able to get the contents of DEFAULT view and services_ssl view. When i try to connect to the server using httpClient.executeMethod() i am getting the below.
Is this the correct way to initialize the SSL context? Any info on this will be really helpful.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:618)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:502)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:395)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
... 10 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validator.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
... 27 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
ThanksYou need to re-add the host using the mkhost command, that will rewrite the wallet for you.
Thanks
Rich -
How to Ignore SSL handshake warning in Flash Builder 4?
Is it possible to configure Flash Builder to ignore SSL handshake issues when attempting to configure a Flex client to communicate with a PHP backend? I'm attempting to connect to my PHP backend server running with a shared SSL certificate so the domain name doesn't match the certificate.
Here's the error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ...You understood correctly:
- I removed all Build Path > Source Paths
- I moved those paths over to Library Paths > Source attachment
I took inspiration by how the Flex SDK is added to the project. Flex and flex related frameworks (e.g. datavisualization lib) also specify a Source Attachment under Lib Path. If I remove the source attachment I am not able to drill down into Flex code when I want to by Command-clicking on a class name (or hitting F3).
All my SWC are open source. BTW some of the source paths I was using were the path to the Flex code and to datavisualtization lib, which I think are the biggest library I am linking against. So maybe to recreate, just add those 2 libraries and make sure to add the source path AND source attachment.
I am using RSLs for every library if that matters.
I don't understand why specifying a Source Attachment would cause any issues... the swc is in sync with the source specified in its source attachment.
Maybe you are looking for
-
Remove Actions for Org Unit & Positiin in Succession Planning.
Hi, We are in process of implementing Nakisa 3.0 SP1. In succession planning, we want to remove few actions for org units & position. I tried to look for the configuration of the same in admin console in detailed configuration for my positions & my o
-
Getting a java.awt.Window.pack(unknown source) error
Hello, This is the exact error stack: ERROR: 10:48:21,503 - TcLogger$IC_PrintStream.println:? java.lang.NullPointerException java.lang.NullPointerException at com.teamcenter.rac.util.PropertyLayout.askRowPreferredSize(Unknown Source) at com
-
I set my downloadlocation under Extra--> General to D:\Downloads. But they keep coming in in the Tempfolder. How can this be?
-
NDS - Maximum Limit in SQL String
When executing NDS I usually just use EXECUTE IMMEDIATE, but now I've had to use the OPEN FOR statement and execute a SQL string that I read in from a column in a table. Now I know I've encountered an error before that states I've exceed a limit in t
-
Anyone got NTP working with a Windows 2008 NTP server?
Hello, I'm trying to sync the time on our routers and swithces with a Windows 2008R2 server, but it doesn't work. Has anyone managed to do this: Config: ntp master ntp update-calendar ntp server 192.168.2.164 sh ntp associations address re