Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Coldfusion 11 java/jre ssl mutual auth api calls. Help with coldfusion/java logs.

2845823Jan 23 2015 — edited Jan 27 2015

Hello,

I am here because I have exhausted my Coldfusion/Java ssl keystore certs trouble shooting abilities. Here is the issue. I am developing a Coldfusion 11 application that must make api calls to Chase payconnexion SOAP services. I am using the coldfusion cfhttp tags to do this, which is using the java jre 1.7.x to accomplish this. The problem, I am getting generic 500 internal server errors from Chase. They claim that I am not sending a cert during the ssl exchange. What I have done is:

- put our wildcard cert/key pair in the coldfusion keystore

- put our root and chain in the keystore

- put the chase server cert in the keystore

- converted the key/crt files to .pfx and make the calls

to chase with those, something like:

<cfhttp url="#chase_api_server#/"

result="http_response"

method="post"

port="1401" charset="utf-8"

clientCert = "#cert_path#/#cert_file1#"

clientCertPassword = "#cert_password#">

</cfhttp>

Here is what I see in the Cf logs, can anyone help me interpret what

is happening ??

Thanks,

Bob

=============================================================

***

found key for : 1

chain [0] = [

[

Version: V3

Subject: CN=*.payments.austintexas.gov, O=City of Austin, L=Austin, ST=Texas, C=US

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: <snip>

Validity: [From: Mon Aug 11 12:39:37 CDT 2014,

To: Thu Sep 01 18:34:24 CDT 2016]

SerialNumber: [<snip>7]

Certificate Extensions: 9

[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://ocsp.entrust.net

accessMethod: caIssuers

accessLocation: URIName: http://aia.entrust.net/2048-l1c.cer

]

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

<snip>]

]

[3]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

CA:false

PathLen: undefined

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://crl.entrust.net/level1c.crl]

]]

[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [1.2.840.113533.7.75.2]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: <snip>

]] ]

[CertificatePolicyId: [2.23.140.1.2.2]

[] ]

]

[6]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

]

[7]: ObjectId: 2.5.29.15 Criticality=false

KeyUsage [

DigitalSignature

Key_Encipherment

]

[8]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

DNSName: *.payments.austintexas.gov

DNSName: payments.austintexas.gov

]

[9]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

<snip>]

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

chain [1] = [

[

Version: V3

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: <snip>

public exponent: 65537

Validity: [From: Fri Nov 11 09:40:40 CST 2011,

To: Thu Nov 11 20:51:17 CST 2021]

SerialNumber: [ <snip>]

Certificate Extensions: 7

[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://ocsp.entrust.net

]

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

<snip>]

]

[3]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

CA:true

PathLen:0

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://crl.entrust.net/2048ca.crl]

]]

[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [2.5.29.32.0]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: <snip>

]] ]

]

[6]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

Key_CertSign

Crl_Sign

]

[7]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

<snip>]

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

chain [2] = [

[

Version: V3

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: <snip>public exponent: 65537

Validity: [From: Fri Dec 24 11:50:51 CST 1999,

To: Tue Jul 24 09:15:12 CDT 2029]

SerialNumber: [<snip>]

Certificate Extensions: 3

[1]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

CA:true

PathLen:2147483647

]

[2]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

Key_CertSign

Crl_Sign

]

[3]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

<snip>]

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

***

trustStore is: /opt/coldfusion11/jre/lib/security/cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

trigger seeding of SecureRandom

done seeding SecureRandom

Jan 23, 2015 13:15:37 PM Information [ajp-bio-8014-exec-7] - Starting HTTP request {URL='https://ws.payconnexion.com:1401/pconWS/9_5/', method='post'}

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256

Allow unsafe renegotiation: true

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1405197529 bytes = { 191, 115, 95, 85, 79, 234, 145, 176, 62, 70, 36, 102, 168, 15, 127, 174, 88, 118, 4, 177, 226, 5, 254, 55, 108, 203, 80, 80 }

Session ID: {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods: { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension server_name, server_name: [host_name: ws.payconnexion.com]

***

ajp-bio-8014-exec-7, WRITE: TLSv1 Handshake, length = 191

ajp-bio-8014-exec-7, READ: TLSv1 Handshake, length = 81

*** ServerHello, TLSv1

RandomCookie: <snip>

Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA

Compression Method: 0

Extension renegotiation_info, renegotiated_connection: <empty>

***

%% Initialized: [Session-5, TLS_RSA_WITH_AES_256_CBC_SHA]

** TLS_RSA_WITH_AES_256_CBC_SHA

ajp-bio-8014-exec-7, READ: TLSv1 Handshake, length = 4183

*** Certificate chain

chain [0] = [

[

Version: V3

Subject: CN=ws.payconnexion.com, OU=PayConnexion, O=JPMorgan Chase, L=New York, ST=New York, C=US

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: <snip>

public exponent: 65537

Validity: [From: Sun Apr 20 19:00:00 CDT 2014,

To: Tue Jun 02 18:59:59 CDT 2015]

Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

SerialNumber: [ <snip>]

Certificate Extensions: 8

[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://se.symcd.com

accessMethod: caIssuers

accessLocation: URIName: http://se.symcb.com/se.crt

]

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

<snip>]

]

[3]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

CA:false

PathLen: undefined

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://se.symcb.com/se.crl]

]]

[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [2.16.840.1.113733.1.7.54]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: <snip>

], PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.2

qualifier: <snip>

]] ]

]

[6]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

2.16.840.1.113730.4.1

]

[7]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

DigitalSignature

Key_Encipherment

]

[8]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

DNSName: ws.payconnexion.com

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

chain [1] = [

[

Version: V3

Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: <snip>

public exponent: 65537

Validity: [From: Sun Feb 07 18:00:00 CST 2010,

To: Fri Feb 07 17:59:59 CST 2020]

SerialNumber: [ <snip>]

Certificate Extensions: 10

[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false

Extension unknown: DER encoded OCTET string =

<snip>

[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://ocsp.verisign.com

]

[3]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

<snip>]

]

[4]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

CA:true

PathLen:0

]

[5]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://crl.verisign.com/pca3-g5.crl]

]]

[6]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: <snip>

], PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.2

qualifier: <snip>

]] ]

]

[7]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

2.16.840.1.113730.4.1

2.16.840.1.113733.1.8.1

]

[8]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

Key_CertSign

Crl_Sign

]

[9]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

CN=VeriSignMPKI-2-7

]

[10]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

<snip>]

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

chain [2] = [

[

Version: V3

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: <snip>

public exponent: 65537

Validity: [From: Tue Nov 07 18:00:00 CST 2006,

To: Sun Nov 07 17:59:59 CST 2021]

Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

SerialNumber: [<snip>]

Certificate Extensions: 8

[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false

Extension unknown: DER encoded OCTET string =

<snip>

[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://ocsp.verisign.com

]

[3]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

CA:true

PathLen:2147483647

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://crl.verisign.com/pca3.crl]

]]

[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [2.5.29.32.0]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: <snip>

]] ]

]

[6]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

codeSigning

2.16.840.1.113730.4.1

2.16.840.1.113733.1.8.1

]

[7]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

Key_CertSign

Crl_Sign

]

[8]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

<snip>]

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

***

Found trusted certificate:

[

Version: V3

Subject: CN=ws.payconnexion.com, OU=PayConnexion, O=JPMorgan Chase, L=New York, ST=New York, C=US

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: public exponent: 65537

Validity: [From: Sun Apr 20 19:00:00 CDT 2014,

To: Tue Jun 02 18:59:59 CDT 2015]

Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

SerialNumber: [ <snip>]

Certificate Extensions: 8

[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://se.symcd.com

accessMethod: caIssuers

accessLocation: URIName: http://se.symcb.com/se.crt

]

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

<snip>]

]

[3]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

CA:false

PathLen: undefined

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://se.symcb.com/se.crl]

]]

[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [2.16.840.1.113733.1.7.54]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: <snip>

], PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.2

qualifier: <snip>

]] ]

]

[6]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

2.16.840.1.113730.4.1

]

[7]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

DigitalSignature

Key_Encipherment

]

[8]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

DNSName: ws.payconnexion.com

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

ajp-bio-8014-exec-7, READ: TLSv1 Handshake, length = 13

*** CertificateRequest

Cert Types: RSA, DSS

Cert Authorities:

<Empty>

*** ServerHelloDone

matching alias: 1

*** Certificate chain

chain [0] = [

[

Version: V3

Subject: CN=*.payments.austintexas.gov, O=City of Austin, L=Austin, ST=Texas, C=US

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

<snip>public exponent: 65537

Validity: [From: Mon Aug 11 12:39:37 CDT 2014,

To: Thu Sep 01 18:34:24 CDT 2016]

SerialNumber: [<snip>]

Certificate Extensions: 9

[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://ocsp.entrust.net

accessMethod: caIssuers

accessLocation: URIName: http://aia.entrust.net/2048-l1c.cer

]

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

<snip>]

]

[3]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

CA:false

PathLen: undefined

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://crl.entrust.net/level1c.crl]

]]

[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [1.2.840.113533.7.75.2]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: <snip>

]] ]

[CertificatePolicyId: [2.23.140.1.2.2]

[] ]

]

[6]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

]

[7]: ObjectId: 2.5.29.15 Criticality=false

KeyUsage [

DigitalSignature

Key_Encipherment

]

[8]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

DNSName: *.payments.austintexas.gov

DNSName: payments.austintexas.gov

]

[9]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

<snip>]

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

chain [1] = [

[

Version: V3

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: <snip>

public exponent: 65537

Validity: [From: Fri Nov 11 09:40:40 CST 2011,

To: Thu Nov 11 20:51:17 CST 2021]

SerialNumber: [<snip>]

Certificate Extensions: 7

[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

[

accessMethod: ocsp

accessLocation: URIName: http://ocsp.entrust.net

]

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

<snip>]

]

[3]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

CA:true

PathLen:0

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

[DistributionPoint:

[URIName: http://crl.entrust.net/2048ca.crl]

]]

[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

[CertificatePolicyId: [2.5.29.32.0]

[PolicyQualifierInfo: [

qualifierID: 1.3.6.1.5.5.7.2.1

qualifier: <snip>

]] ]

]

[6]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

Key_CertSign

Crl_Sign

]

[7]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

<snip>]

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

chain [2] = [

[

Version: V3

Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits

modulus: <snip>public exponent: 65537

Validity: [From: Fri Dec 24 11:50:51 CST 1999,

To: Tue Jul 24 09:15:12 CDT 2029]

SerialNumber: [<snip>]

Certificate Extensions: 3

[1]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

CA:true

PathLen:2147483647

]

[2]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

Key_CertSign

Crl_Sign

]

[3]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

<snip>]

]

Algorithm: [SHA1withRSA]

Signature:

<snip>

]

***

*** ClientKeyExchange, RSA PreMasterSecret, TLSv1

ajp-bio-8014-exec-7, WRITE: TLSv1 Handshake, length = 3970

SESSION KEYGEN:

PreMaster Secret:

<snip>

CONNECTION KEYGEN:

Client Nonce:

<snip>

Server Nonce:

<snip>

Master Secret:

<snip>

Client MAC write Secret:

<snip>

Server MAC write Secret:

<snip>

Client write key:

<snip>

Server write key:

<snip>

Client write IV:

<snip>

Server write IV:

<snip>

*** CertificateVerify

ajp-bio-8014-exec-7, WRITE: TLSv1 Handshake, length = 262

ajp-bio-8014-exec-7, WRITE: TLSv1 Change Cipher Spec, length = 1

*** Finished

verify_data: { 51, 254, 40, 56, 247, 218, 130, 183, 112, 239, 95, 4 }

***

ajp-bio-8014-exec-7, WRITE: TLSv1 Handshake, length = 48

ajp-bio-8014-exec-7, READ: TLSv1 Change Cipher Spec, length = 1

ajp-bio-8014-exec-7, READ: TLSv1 Handshake, length = 48

*** Finished

verify_data: { 89, 182, 137, 178, 177, 31, 27, 115, 151, 90, 169, 49 }

***

%% Cached client session: [Session-5, TLS_RSA_WITH_AES_256_CBC_SHA]

ajp-bio-8014-exec-7, setSoTimeout(60000) called

ajp-bio-8014-exec-7, WRITE: TLSv1 Application Data, length = 1520

ajp-bio-8014-exec-7, READ: TLSv1 Application Data, length = 128

Jan 23, 2015 13:15:38 PM Information [ajp-bio-8014-exec-7] - HTTP request completed {Status Code=500 ,Time taken=1302 ms}

ajp-bio-8014-exec-7, READ: TLSv1 Application Data, length = 256

ajp-bio-8014-exec-7, READ: TLSv1 Alert, length = 32

ajp-bio-8014-exec-7, RECV TLSv1 ALERT: warning, close_notify

ajp-bio-8014-exec-7, called closeInternal(false)

ajp-bio-8014-exec-7, SEND TLSv1 ALERT: warning, description = close_notify

ajp-bio-8014-exec-7, WRITE: TLSv1 Alert, length = 32

ajp-bio-8014-exec-7, called closeSocket(selfInitiated)

ajp-bio-8014-exec-7, called close()

ajp-bio-8014-exec-7, called closeInternal(true)

This post has been answered by 2845823 on Jan 27 2015

Jump to Answer

Locked Post

New comments cannot be posted to this locked post.

Locked on Feb 24 2015

Added on Jan 23 2015

#java-technologies-for-web-services

1 comment

1,731 views