Hi,
I have a small piece of code to connect to an FTP server:
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("<file path>")), "<store passwd>".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, "<store passwd>".toCharArray());
FTPSClient ftp = new FTPSClient();
ftp.setKeyManager(kmf.getKeyManagers()[0]);
ftp.setTrustManager(TrustManagerUtils.getAcceptAllTrustManager());
ftp.setControlKeepAliveTimeout(60000);
ftp.connect(prop(FTP_URL), Integer.parseInt(prop(FTP_PORT)));
This is working perfectly fine with a staging environment, but is throwing handshake failure while connecting to production. Here is the log when connecting to production:
***
found key for : 1
chain [0] = [
[
Version: V3
Subject: CN=ws.ecotronyx.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=IT, O=EcoTronyx, L=Arlington, ST=Texas, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 23622180285453153446198365536571374158612683923934787005204990555111776765178053937430323245818057812314894394978442662187334792435618193315716116055520309459258253968060907455738757254717701914518237036253352549881562587568246080399255302022291172544212716999576993154195658072959914387846152861830269580865857590356962787214430710504388866311242113041132419108048921338806959893473437953435017350388861478961920770449782580672400330731558840352683798187705044123087192799797163720573878192409327411398586220984726297029880573344176976697841968979237402489308160999218825917064852829885690733184378433884852552509459
public exponent: 65537
Validity: [From: Thu Dec 12 05:30:00 IST 2013,
To: Wed Dec 13 05:29:59 IST 2017]
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 5bdbdeb3 c47dc1cf 93691dee 3f8e5946]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
,
accessMethod: caIssuers
accessLocation: URIName: http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0D 44 5C 16 53 44 C1 82 7E 1D 20 AB 25 F4 01 63 .D\.SD.... .%..c
0010: D8 BE 79 A5 ..y.
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: ws.ecotronyx.com
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 2D FA 49 BD 5F 10 04 95 08 65 E3 86 67 7F FC 3F -.I._....e..g..?
0010: ED 28 C0 D5 2D DB E8 A7 1A 77 E2 B1 83 DA 89 4F .(..-....w.....O
0020: B4 D5 9A F6 82 8B 7E 12 89 37 A5 1F 16 E6 84 00 .........7......
0030: 28 D2 56 E5 01 20 E6 D7 4E EC 3A 52 18 54 02 7D (.V.. ..N.:R.T..
0040: AC 7B E1 9E 28 96 9D 7D F5 D9 60 0C 83 21 A7 05 ....(.....`..!..
0050: 34 C3 76 AB A6 19 FC D2 16 B1 79 D8 AF AB 79 7B 4.v.......y...y.
0060: 53 AD 73 CD 08 F4 A4 CF 35 8B B9 B9 85 03 0D A7 S.s.....5.......
0070: 3F 78 72 D6 D0 A9 6F 99 1B 3D A5 15 EF 3C 72 A5 ?xr...o..=...<r.
0080: C2 90 8D 2A 77 B7 C1 4F 15 2B BF A8 74 0F F5 0E ...*w..O.+..t...
0090: 53 72 B1 32 A4 F5 82 B0 51 6B 9B E5 9D 98 A9 DF Sr.2....Qk......
00A0: 35 E7 06 00 62 2B 02 67 A4 A4 59 76 36 CC 4C 5C 5...b+.g..Yv6.L\
00B0: 4C DB 8F ED B9 6F D7 3E 99 AD F6 8C C3 BF 2C 81 L....o.>......,.
00C0: 8F E5 4D 4D 74 6A BD 6B 54 CB 1A A3 6A EA 60 1D ..MMtj.kT...j.`.
00D0: 33 CF 2A B2 7E CB 3C EB 86 26 1D A3 94 78 70 3E 3.*...<..&...xp>
00E0: BF A6 AE FC A8 68 1F AD FA D5 C4 2E F6 5C 15 C3 .....h.......\..
00F0: CE 6F 47 8C 6E 61 8F 7A 26 B4 97 E0 E0 90 75 4F .oG.na.z&.....uO
]
***
adding as trusted cert:
Subject: CN=ws.ecotronyx.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=IT, O=EcoTronyx, L=Arlington, ST=Texas, C=US
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x5bdbdeb3c47dc1cf93691dee3f8e5946
Valid from Thu Dec 12 05:30:00 IST 2013 until Wed Dec 13 05:29:59 IST 2017
adding as trusted cert:
Subject: CN=services.smartmetertexas.net, OU=Terms of use at www.verisign.com/rpa (c)05, O=IBM Corporation, L=ARMONK, ST=New York, C=US
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x1a589978473e9e553634368c9e4f19fb
Valid from Tue Jan 03 05:30:00 IST 2012 until Tue Mar 04 05:29:59 IST 2014
adding as trusted cert:
Subject: CN=ws.ecotronyx.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=IT, O=EcoTronyx, L=Arlington, ST=Texas, C=US
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3672d954d4897eafe2623e2cc0997d98
Valid from Fri Jan 10 05:30:00 IST 2014 until Wed Dec 13 05:29:59 IST 2017
adding as trusted cert:
Subject: CN=prasad.bhavana@in.pega.com
Issuer: CN=Communications Server
Algorithm: RSA; Serial number: 0x-51a59f9f98a871adf3b
Valid from Fri Aug 23 12:20:47 IST 2013 until Wed Feb 19 12:20:47 IST 2014
adding as trusted cert:
Subject: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6ecc7aa5a7032009b8cebcf4e952d491
Valid from Mon Feb 08 05:30:00 IST 2010 until Sat Feb 08 05:29:59 IST 2020
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
Valid from Wed Nov 08 05:30:00 IST 2006 until Mon Nov 08 05:29:59 IST 2021
trigger seeding of SecureRandom
done seeding SecureRandom
220 Service ready for new user.
AUTH TLS
234 Security exchange completed.
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1372774358 bytes = { 85, 69, 45, 128, 25, 228, 61, 176, 206, 114, 38, 130, 188, 52, 129, 20, 124, 38, 233, 242, 1, 217, 184, 79, 206, 92, 66, 53 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
main, WRITE: TLSv1 Handshake, length = 163
main, READ: TLSv1 Handshake, length = 12072
*** ServerHello, TLSv1
RandomCookie: GMT: 1372774359 bytes = { 202, 193, 130, 160, 211, 248, 245, 38, 197, 133, 198, 32, 111, 218, 238, 100, 68, 50, 27, 38, 221, 73, 59, 57, 1, 55, 225, 241 }
Session ID: {82, 211, 224, 215, 60, 152, 11, 114, 215, 183, 254, 210, 234, 27, 142, 249, 22, 15, 243, 152, 105, 190, 10, 164, 105, 1, 161, 253, 163, 163, 174, 202}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=ftp.smartmetertexas.biz, OU=Terms of use at www.verisign.com/rpa (c)05, O=IBM Corporation, L=Armonk, ST=New York, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 17999795942705812262490279869468999691870430720891131326083557057639994768666734586589653282310210929038735172678298025881624879808983781201758981892133889740077835477636867564847981993131167741903443270681109007550212617073239899905427871081212336855789729612132653220612353487306342948592324842235278237212940402216320516375278414146287949345551973661300541356569215352697376915544189293502933018483752288406362376741644129100629996534134620808659144202244979162841969500861167671474331489933201451612446403711500337917646925277428650780742478992511750909954232836483736219570730224589406120564456046292769007931067
public exponent: 65537
Validity: [From: Wed Dec 28 05:30:00 IST 2011,
To: Wed Feb 26 05:29:59 IST 2014]
Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 66e03ed7 e6d2b015 2439a5a7 093f967f]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C 30 5A 30 58 30 56 16 09 .b0`.^.\0Z0X0V..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 4B 6B B9 28 96 06 0C BB .+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07 8B 21 05 18 30 26 16 24 .R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 31 sign.com/vslogo1
0060: 2E 67 69 66 .gif
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
,
accessMethod: caIssuers
accessLocation: URIName: http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0D 44 5C 16 53 44 C1 82 7E 1D 20 AB 25 F4 01 63 .D\.SD.... .%..c
0010: D8 BE 79 A5 ..y.
]
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
]] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 28 F7 0B 47 E7 D3 3A E6 70 A7 C3 1C 34 BA C2 8E (..G..:.p...4...
0010: A0 E9 30 FA 9A 82 94 7A E4 9E 6D C0 59 81 DD 2F ..0....z..m.Y../
0020: 2B 6C F6 D8 5E FA A1 12 7D 13 FC 1E 80 BD 21 55 +l..^.........!U
0030: B8 C1 FA 4A D6 3A 32 A8 2B 9C 9D 58 1A 1A 36 8E ...J.:2.+..X..6.
0040: 76 89 24 E5 DB 74 18 AA 3F 01 EA 2B 83 8C 3E 5B v.$..t..?..+..>[
0050: D8 CC EE AB 4A 57 BD 7B 8E 72 90 31 8E A4 91 80 ....JW...r.1....
0060: CB E5 83 35 88 1F C3 5D 2E F3 16 C9 36 A9 78 7A ...5...]....6.xz
0070: C3 64 E0 6F 95 C3 46 9B C7 E1 53 CF 7F E4 70 60 .d.o..F...S...p`
0080: 08 D0 18 96 95 28 EC 8F 63 34 CD 18 CB 80 BF C5 .....(..c4......
0090: 41 84 8C C9 A7 26 59 C2 4B 24 39 0F 32 2A EB A9 A....&Y.K$9.2*..
00A0: A6 6D 0C 12 D6 45 91 3C 57 70 C6 1B 5A 75 F2 C8 .m...E.<Wp..Zu..
00B0: 85 0D BE 93 11 A7 82 EC 29 54 21 54 10 38 6E E4 ........)T!T.8n.
00C0: B5 D9 0C 4C EC CE 58 15 7E 5F 87 63 C0 C7 74 AB ...L..X.._.c..t.
00D0: 7A 40 29 81 E3 4C 3A FD 20 60 79 FD 64 C5 8C F1 z@)..L:. `y.d...
00E0: BB B6 72 52 0E D1 D2 23 78 5A 0E 3A 80 DA E0 B3 ..rR...#xZ.:....
00F0: AB C5 BA D1 16 B8 7C CE A4 22 DA 7F EA 3F DE F4 ........."...?..
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 22411005463250430768975544771537504086091970713231457803700379366569155476314174242006108670275412015194990074334376939117850507339258912911174466278726261292301706146623597749961375316532369938119367454499998455155250760140317157482677834768763563366601909054978280443303435267557756819033927794566052512042789618460853713088346872602867464728237477437347292544343177126323293366631209826201863631131895103855437912324646836590500848819646405403630792258555949496866715911534884767019353100747150607575477690907495603868598549383145813123895282542223759660320452802819748399481784306009874185637437390748951415552527
public exponent: 65537
Validity: [From: Mon Feb 08 05:30:00 IST 2010,
To: Sat Feb 08 05:29:59 IST 2020]
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 6ecc7aa5 a7032009 b8cebcf4 e952d491]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
0060: 67 69 66 gif
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7F D3 65 A7 C2 DD EC BB F0 30 09 F3 43 39 FA 02 ..e......0..C9..
0010: AF 33 31 33 .313
]
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.verisign.com/pca3-g5.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 1E 1A 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 0...https://www.
0010: 76 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 verisign.com/rpa
]] ]
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=VeriSignMPKI-2-6
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0D 44 5C 16 53 44 C1 82 7E 1D 20 AB 25 F4 01 63 .D\.SD.... .%..c
0010: D8 BE 79 A5 ..y.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 0C 83 24 EF DD C3 0C D9 58 9C FE 36 B6 EB 8A 80 ..$.....X..6....
0010: 4B D1 A3 F7 9D F3 CC 53 EF 82 9E A3 A1 E6 97 C1 K......S........
0020: 58 9D 75 6C E0 1D 1B 4C FA D1 C1 2D 05 C0 EA 6E X.ul...L...-...n
0030: B2 22 70 55 D9 20 33 40 33 07 C2 65 83 FA 8F 43 ."pU. 3@3..e...C
0040: 37 9B EA 0E 9A 6C 70 EE F6 9C 80 3B D9 37 F4 7A 7....lp....;.7.z
0050: 6D EC D0 18 7D 49 4A CA 99 C7 19 28 A2 BE D8 77 m....IJ....(...w
0060: 24 F7 85 26 86 6D 87 05 40 41 67 D1 27 3A ED DC $..&.m..@Ag.':..
0070: 48 1D 22 CD 0B 0B 8B BC F4 B1 7B FD B4 99 A8 E9 H.".............
0080: 76 2A E1 1A 2D 87 6E 74 D3 88 DD 1E 22 C6 DF 16 v*..-.nt...."...
0090: B6 2B 82 14 0A 94 5C F2 50 EC AF CE FF 62 37 0D .+....\.P....b7.
00A0: AD 65 D3 06 41 53 ED 02 14 C8 B5 58 28 A1 AC E0 .e..AS.....X(...
00B0: 5B EC B3 7F 95 4A FB 03 C8 AD 26 DB E6 66 78 12 [....J....&..fx.
00C0: 4A D9 9F 42 FB E1 98 E6 42 83 9B 8F 8F 67 24 E8 J..B....B....g$.
00D0: 61 19 B5 DD CD B5 0B 26 05 8E C3 6E C4 C8 75 B8 a......&...n..u.
00E0: 46 CF E2 18 06 5E A9 AE A8 81 9A 47 16 DE 0C 28 F....^.....G...(
00F0: 6C 25 27 B9 DE B7 84 58 C6 1F 38 1E A4 C4 CB 66 l%'....X..8....f
]
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=webservice.bigdataenergy.com, OU=Domain Control Validated, O=webservice.bigdataenergy.com>
<CN=www.taraenergy.com, O=www.taraenergy.com, OU=Domain Control Validated, C=US>
<CN=Hyrum Ward, OU=ERCOT Enterprise, OU=DUNS Number - 957877905, OU=MP - CENTERPOINT ENERGY HOUSTON ELECTRIC LLC (TDSP), OU=EmployeeID - 0092290CNP, O="Electric Reliability Council of Texas, Inc.">
<CN=inbtldb16.dom.com, OU=IT, O="Dominion Resources Services, Inc.", L=Richmond, ST=Virginia, C=US>
<CN=app.my-frontieronline.net, OU=Domain Control Validated, O=app.my-frontieronline.net>
<CN=www.streamenergy.net, O="Stream Gas Electric, Ltd.", L=Dallas, ST=Texas, C=US>
<CN=ftps.startexpower.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=startexpower, O=startexpower, L=Houston, ST=Texas, C=US>
<CN=smart.brilliantenergy.us, OU=COMODO SSL, OU=Domain Control Validated>
<CN=sftpout.utilitiesbp.com, OU=Vertex, O=Vertex Business Services, L=Richardson, ST=Texas, C=US>
<CN=*.smartgridcis.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=GT66751078, O=*.smartgridcis.com, C=US, SERIALNUMBER=vq7akgNAvcde8dPw9b4pDICYx0JcVD1K>
<CN=ftp.smartmetertexas.biz, OU=Terms of use at www.verisign.com/rpa (c)05, O=IBM Corporation, L=Armonk, ST=New York, C=US>
<CN=ftp.nationspower.com, OU=Domain Control Validated, O=ftp.nationspower.com>
<CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US>
<CN=smt.ambitenergy.com, OU=Domain Control Validated>
<CN=smt.ambitenergy.com, OU=Domain Control Validated, O=smt.ambitenergy.com>
<CN=Gregory Angst, OU=ERCOT Enterprise, OU=DUNS Number - 957877905, OU=MP - CENTERPOINT ENERGY HOUSTON ELECTRIC LLC (TDSP), OU=EmployeeID - 00012883CNP, O="Electric Reliability Council of Texas, Inc.">
<CN=daniel, O=Internet Widgits Pty Ltd, ST=Some-State, C=US>
<CN=PortalDTS>
<CN=USSJCCOM001PRD, OU=IT, O=Noble Americas Energy Solutions LLC, L=San Diego, ST=California, C=US>
<CN=smt.gdfsuezna.com, OU=Domain Control Validated, O=smt.gdfsuezna.com>
<CN=smt.eccircle.com, OU=Domain Control Validated>
<CN=gesvr5007.gexaenergy.com, OU=Domain Control Validated, O=gesvr5007.gexaenergy.com>
<CN=*.txmkt.txu.com, OU=TXUE, O=TXU Energy Retail Company LLC, L=Irving, ST=Texas, C=US>
<CN=esg.energyservicesgroup.net, OU=Web Ops, O="Energy Services Group, Inc.", L=Rockland, ST=Massachusetts, C=US>
<CN=OJRPLDB16.DOM.COM, OU=IT, O="Dominion Resources Services, Inc.", L=Richmond, ST=Virginia, C=US>
<CN=*.txmkt.txu.com, O=TXU Energy Retail Company LLC, L=Irving, ST=Texas, C=US>
<CN=smt.reliant.com, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=smt.reliant.com>
<CN=*.edfenergyservices.com, OU=IT, O="EDF Trading North America, LLC", L=Houston, ST=Texas, C=US>
<CN=DBServer64bit>
<CN=app.my-frontieronline.net, OU=Domain Control Validated>
<CN=hosams.greenmountain.com, OU=Domain Control Validated>
<CN=www.taraenergy.com, OU=Domain Control Validated, C=US>
<CN=*.isigma.net, OU=Comodo PremiumSSL Wildcard, OU="iSIGMA, INC.", O="iSIGMA, INC.", STREET=3327 Montreal Station, L=Atlanta, ST=GA, OID.2.5.4.17=30084, C=US>
<CN=ojrpldb16.dom.com, OU=IT, O="Dominion Resources Services, Inc.", L=Richmond, ST=Virginia, C=US>
<CN=gescsmt.gesc.com, OU=Domain Control Validated, O=gescsmt.gesc.com>
<CN=dfw.streamenergy.net, OU=Domain Control Validated, O=dfw.streamenergy.net>
<CN=*.epway.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)10, OU=GT47442034, O=*.epway.com, C=US, SERIALNUMBER=7xXov6ZRn5lMpl7jz9jxUkDdCQ-mx5cE>
<CN=pkoswal-lt.COR.com, C=US>
<CN=smtxp.txu.com, OU=TXU Energy, O="TXU Corp", L=Dallas, ST=Texas, C=US>
<CN=Mahesh, OU=Gate, O=IGate, L=NEW, ST=NR, C=USA>
<C=US, ST=TX, L=, OU=SMT, O=IBM, CN=prdwpg02>
<CN=*.wolve.com, OU=Wolverine Trading LLC, O=Wolverine Trading LLC, L=Chicago, ST=Illinois, C=US>
<CN=ftp.asp.ec-power.net, OU=ftp.asp, O="EC Power International, Inc.", L=Houston, ST=Texas, C=US>
<CN=webservice.bigdataenergy.com, OU=Domain Control Validated>
<EMAILADDRESS=admin@bigdataenergy.com.com, CN=webservice.bigdataenergy.com, OU=Applications, O=Big Data Energy Services, L=Houston, ST=Texas, C=US.>
<CN=*.edfenergyservices.com, O="EDF Trading North America, LLC", L=Houston, ST=Texas, C=US>
<CN=www.v247power.com, OU=Service, O=V247 Power Corporation, L=Houston, ST=Texas, C=US, SERIALNUMBER=801587538, OID.1.3.6.1.4.1.311.60.2.1.2=Texas, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization>
<CN=sm.penstarpower.com, OU=Dallas, O="Penstar Power, LLC", L=Richardson, ST=TX, C=US>
<CN=*.txmkt.txu.com, O=TXU Energy Retail Company LLC, L=Irving, ST=Texas, C=US>
<CN=9.79.208.38, OU=AMS, O=IBM, L=Dallas, ST=TX, OID.2.5.4.17=75201, C=US>
<CN=cpe-76-183-49-84.tx.res.rr.com, OU=ibm, O=ibm, L=dallas, ST=texas, C=us>
<CN=EWORLEY-E6410, OU=TPS, O=LOCAL, L=ARLINGTON, ST=TX, C=US>
<CN=*.atmstransport.com, OU=Domain Control Validated, O=*.atmstransport.com>
<CN=ext1.dfw1.dataparadigm.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)13, OU=GT30636467, SERIALNUMBER=UIFQlHE9v28NoAq0Asy7Y/YROdJtgDii>
<CN=ojrpldb16.dom.com, OU=IT, O="Dominion Resources Services, Inc.", L=Richmond, ST=Virginia, C=US>
<CN=gesvr5007.gexaenergy.com, OU=Domain Control Validated>
<CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US>
<CN=app.trieagleenergy.com, OU=Domain Control Validated, O=app.trieagleenergy.com>
<CN=smtxp.txu.com, OU=TXU Energy, O=TXU Corp, L=Dallas, ST=Texas, C=US>
<CN=cevmrev03q.dom.com, OU=IT, O="Dominion Resources Services, Inc.", L=Richmond, ST=Virginia, C=US>
<CN=LPCFTLWIN7SMT, OU=Terms of use at www.verisign.com/rpa (c)05, OU=IT, O="Liberty Power Corp., LLC", L=Fort Lauderdale, ST=Florida, C=US>
<CN=oxyb2b-stg.oxy.com, OU=OSI, O=Occidental Petroleum Corporation, L=Los Angeles, ST=California, C=US>
<CN=*.txmkt.txu.com, OU=TXUE, O=TXU Energy Retail Company LLC, L=Irving, ST=Texas, C=US>
<CN=ftp.asp.ec-power.net, O="EC Power International, Inc.", L=Houston, ST=Texas, C=US>
<CN=houmxlap013d.mxenergy.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Data Acquisition, O=MXenergy, L=HOUSTON, ST=Texas, C=US>
<CN=*.smartgridcis.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)12, OU=GT66751078, SERIALNUMBER=YSsm-ZWpV/t3VuUjraVYFmZtsTysfPu1>
<EMAILADDRESS=gaurav.agrawal@trusmartenergy.com, CN=sp.trusmartenergy.com, OU=DPI ENERGY LLC, O=DPI ENERGY LLC, L=Dallas, ST=Texas, C=US>
<CN=smartmeters.infiniteenergy.com, OU=Domain Control Validated, O=smartmeters.infiniteenergy.com>
<CN=*.epway.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)13, OU=GT47442034, SERIALNUMBER=1SM7LARVZ91PvIhRy0AIRAbzhcne4lZF>
<CN=smt.eccircle.com, OU=Domain Control Validated, O=smt.eccircle.com>
<CN=transactions.sparkenergy.com, OU=Domain Control Validated - QuickSSL(R), OU=See www.geotrust.com/resources/cps (c)10, OU=GT68923678, O=transactions.sparkenergy.com, C=US, SERIALNUMBER=n3O1qo2xt0F5ydx7Dj/BM6oph2A4y3VI>
<CN=gesvr5007.gexaenergy.com, OU=Domain Control Validated, O=gesvr5007.gexaenergy.com>
<CN=spgenergy.com, OU=Domain Control Validated>
<CN=gdfsuezna.com, OU=Domain Control Validated - QuickSSL(R), OU=See www.geotrust.com/resources/cps (c)10, OU=GT30780854, O=gdfsuezna.com, C=US, SERIALNUMBER=P00OU6lVovPVm4ZDGPfEml6kL2pv5ECb>
<CN=*.smartgridcis.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)13, OU=GT66751078, SERIALNUMBER=rmIOSrEBHyx8brePxLvmlMZ7vJzXzpd9>
<CN=transactions.sparkenergy.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=GT68923678, O=transactions.sparkenergy.com, C=US, SERIALNUMBER=3b4agsKiywcX9XiT0MBXmv2Fg9xgweDh>
<CN=MMSIPPS.constellation.com, OU=IT Retail Ops Data Integration, O=Exelon Corp., L=Chicago, ST=Illinois, C=US>
<CN=ws.ecotronyx.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=IT, O=EcoTronyx, L=Arlington, ST=Texas, C=US>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 269
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 35 52 4F 9E 6A 05 64 CB A2 51 44 BC 81 14 ..5RO.j.d..QD...
0010: 80 DB 0B 2B 8F E7 0D A0 74 6F 3B 76 CD B3 72 CB ...+....to;v..r.
0020: 5C 3C F3 F4 7E D9 EF BC ED 6D 2A AF 62 91 CD A6 \<.......m*.b...
CONNECTION KEYGEN:
Client Nonce:
0000: 52 D3 E0 D6 55 45 2D 80 19 E4 3D B0 CE 72 26 82 R...UE-...=..r&.
0010: BC 34 81 14 7C 26 E9 F2 01 D9 B8 4F CE 5C 42 35 .4...&.....O.\B5
Server Nonce:
0000: 52 D3 E0 D7 CA C1 82 A0 D3 F8 F5 26 C5 85 C6 20 R..........&...
0010: 6F DA EE 64 44 32 1B 26 DD 49 3B 39 01 37 E1 F1 o..dD2.&.I;9.7..
Master Secret:
0000: 7E D3 EF 52 43 75 57 15 41 4B 4F 16 B5 ED 31 2B ...RCuW.AKO...1+
0010: 0E EA C3 E4 9F 99 5F 0A CB DC AE A0 20 91 B2 9D ......_..... ...
0020: 88 04 BF 86 36 07 CA 9A 8F 67 05 32 18 CB 84 57 ....6....g.2...W
Client MAC write Secret:
0000: C9 3D F2 CA 18 50 7D A3 41 CE 06 24 2B 71 E0 F8 .=...P..A..$+q..
0010: 9C 6F 00 77 .o.w
Server MAC write Secret:
0000: B5 AD BC 03 A9 8F A7 68 79 63 E3 62 CA D6 82 F3 .......hyc.b....
0010: F6 17 C1 86 ....
Client write key:
0000: 71 51 12 C7 7F 7A 28 DD 54 0B E2 BA EE FB 55 A3 qQ...z(.T.....U.
Server write key:
0000: 10 7E 6F A0 BF 64 C3 24 21 48 1F 9C 35 AC 55 F5 ..o..d.$!H..5.U.
Client write IV:
0000: C4 42 FA D2 69 B8 7D 46 09 5C 1B 57 D5 B5 E6 7B .B..i..F.\.W....
Server write IV:
0000: E3 DD 78 1D B6 EF 7B 88 D2 05 CC 3D 59 8C D6 22 ..x........=Y.."
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 147, 154, 152, 3, 30, 35, 92, 223, 243, 52, 190, 173 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:269)
at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:211)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:183)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:203)
at com.ecotronyx.SMTFileClient.<init>(SMTFileClient.java:100)
at com.ecotronyx.SMTFileClient.main(SMTFileClient.java:37)
Jan 13, 2014 6:19:27 PM com.ecotronyx.SMTFileClient <init>
INFO: Could not connect to server.
Jan 13, 2014 6:19:27 PM com.ecotronyx.SMTFileClient <init>
INFO: Could not connect to server.
Jan 13, 2014 6:19:27 PM com.ecotronyx.SMTFileClient download
INFO: SMTFileClient get file request for correlation ID:007923311IntervalData20131231104906035.lse.001.8305623801000.asc
Jan 13, 2014 6:19:27 PM com.ecotronyx.SMTFileClient download
INFO: SMTFileClient get file request for correlation ID:007923311IntervalData20131231104906035.lse.001.8305623801000.asc
Exception in thread "main" java.lang.NullPointerException
at org.apache.commons.net.SocketClient.getRemoteAddress(SocketClient.java:658)
at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:789)
at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:600)
at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:759)
at org.apache.commons.net.ftp.FTPClient.listNames(FTPClient.java:2825)
at org.apache.commons.net.ftp.FTPClient.listNames(FTPClient.java:2876)
at com.ecotronyx.SMTFileClient.download(SMTFileClient.java:158)
at com.ecotronyx.SMTFileClient.main(SMTFileClient.java:39)
Just an FYI, I have downloaded unlimited strength jars and copied them over to Java7/Jre/security directory. Am I missing something else? Please suggest