Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

handshake_failure while invoking an https URL which requires a client cert

843811Feb 2 2004 — edited Feb 10 2004
Good afternoon,

I've been trying to invoke a https URL from a Web Server which requires a client certificate to be sent. I've been able to call many other https URLs using JSSE with no problem. The only issue here is that the server requires the client to present a digital certificate and I don't really see many help on this issue on the Internet.

Here is my code:

---------------------------------------------------------------

/*
* @(#)SSLSocketClientWithClientAuth.java 1.5 01/05/10
*
* Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* -Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* -Redistribution in binary form must reproduct the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any
* kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
* WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
* EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
* DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
* RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
* ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
* FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
* SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
* THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that Software is not designed, licensed or
* intended for use in the design, construction, operation or
* maintenance of any nuclear facility.
*/

package pt.bcp.cidadebcp.sibs;


import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import java.security.cert.*;
import java.security.KeyStore;
import com.sun.net.ssl.*;

/*
* This example shows how to set up a key manager to do client
* authentication if required by server.
*
* This program assumes that the client is not inside a firewall.
* The application can be modified to connect to a server outside
* the firewall by following SSLSocketClientWithTunneling.java.
*/
public class SSLTest {

public static void main(String[] args) throws Exception {
String host = null;
int port = -1;
String path = null;
String clientCertificateFile = null;
for (int i = 0; i < args.length; i++)
System.out.println(args);

if (args.length < 4) {
System.out.println(
"USAGE: java SSLTest " +
"host port requestedfilepath clientcertificatefile");
System.exit(-1);
}

try {
host = args[0];
port = Integer.parseInt(args[1]);
path = args[2];
clientCertificateFile = args[3];
} catch (IllegalArgumentException e) {
System.out.println("USAGE: java SSLTest " +
"host port requestedfilepath clientcertificatefile");
System.exit(-1);
}

try {

/*
* Set up a key manager for client authentication
* if asked by the server. Use the implementation's
* default TrustStore and secureRandom routines.
*/
SSLSocketFactory factory = null;
try {
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certInputStream = new FileInputStream(clientCertificateFile);
Certificate cert = cf.generateCertificate(certInputStream);

ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
ks.load(null, null);
ks.setCertificateEntry("testcert", cert);

kmf.init(ks, null);
ctx.init(kmf.getKeyManagers(), null, null);

factory = ctx.getSocketFactory();
} catch (Exception e) {
throw new IOException(e.getMessage());
}

SSLSocket socket = (SSLSocket)factory.createSocket(host, port);


/*
* send http request
*
* See SSLSocketClient.java for more information about why
* there is a forced handshake here when using PrintWriters.
*/
socket.startHandshake();

PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
out.println("POST " + host + path + " HTTP/1.1");
out.println("Host:" + host);
out.println();
out.flush();

/*
* Make sure there were no surprises
*/
if (out.checkError())
System.out.println(
"SSLTest: java.io.PrintWriter error");
else
System.out.println("********************No error received!");

/* read response */
BufferedReader in = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));

String inputLine;

System.out.println("*****************************************************Before writing response to console");
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
System.out.println("*****************************************************After writing response to console");

in.close();
out.close();
socket.close();

} catch (Exception e) {
e.printStackTrace();
}
}
}


---------------------------------------------------------------

Here is the command I use to launch it:

java %JARGS% -Djavax.net.debug=help,ssl,handshake,data,trustmanager -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol pt.bcp.cidadebcp.sibs.SSLTest cer.pnet.multibanco.pt 443 "/pvtn?A030=M001&A001=1266&C007=123&C013=&A061=12313&A105=9782" "properties/pt/bcp/cidadebcp/sibs/clientcert.cer"

---------------------------------------------------------------

And here is the detailed SSL log:

cer.pnet.multibanco.pt

443

/pvtn?A030=M001&A001=1266&C007=123&C013=&A061=12313&A105=9782

properties/pt/bcp/cidadebcp/sibs/clientcert.cer

trustStore is: D:\java\jdk\jre\lib\security\cacerts

trustStore type is : jks

init truststore

adding as trusted cert: [
[
Version: V3
Subject: CN=MULTICERT-CA 01, O=MULTICERT-CA, C=pt
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@297b0b
Validity: [From: Fri May 17 15:27:00 BST 2002,
To: Thu Feb 23 23:59:00 GMT 2006]
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
SerialNumber: [ 02000280 ]

Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 93 28 43 00 64 D1 BE 2B A9 6E 40 D4 30 67 8F 2E .(C.d..+.n@.0g..

0010: 71 05 EC A4 q...

]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[CN=GTE CyberTrust Root, O=GTE Corporation, C=US]
SerialNumber: [ 01a3]
]

[3]: ObjectId: 2.5.29.32 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 4D 30 4B 30 49 06 0A 2A 86 48 86 F8 63 01 02 .M0K0I..*.H..c..

0010: 01 05 30 3B 30 39 06 08 2B 06 01 05 05 07 02 01 ..0;09..+.......

0020: 16 2D 68 74 74 70 3A 2F 2F 77 77 77 2E 70 75 62 .-http://www.pub

0030: 6C 69 63 2D 74 72 75 73 74 2E 63 6F 6D 2F 43 50 lic-trust.com/CP

0040: 53 2F 4F 6D 6E 69 52 6F 6F 74 2E 68 74 6D 6C S/OmniRoot.html



[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 3E 30 3C 30 3A A0 38 A0 36 86 34 68 74 74 70 .>0<0:.8.6.4http

0010: 3A 2F 2F 77 77 77 2E 70 75 62 6C 69 63 2D 74 72 ://www.public-tr

0020: 75 73 74 2E 63 6F 6D 2F 63 67 69 2D 62 69 6E 2F ust.com/cgi-bin/

0030: 43 52 4C 2F 32 30 30 36 2F 63 64 70 2E 63 72 6C CRL/2006/cdp.crl



[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

[6]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Fri May 17 15:27:56 BST 2002, To: Sun May 18 00:59:00 BST 2003]

[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 6C D2 55 75 D4 1A 54 6F 41 C8 6E 78 44 21 EC FF l.Uu..ToA.nxD!..

0010: 5D F0 BD 85 00 79 17 86 E8 86 5A E7 9C 67 BB 10 ]....y....Z..g..

0020: 22 B7 37 BA 29 BC C4 C2 FD 8B 28 10 7D 02 59 9C ".7.).....(...Y.

0030: 0E 1F A5 EC 78 74 FE 17 A1 18 BB F5 CC A9 87 DE ....xt..........

0040: 22 F7 A4 C2 E5 AA DB 6D 2E 34 F7 A6 01 12 A0 56 "......m.4.....V

0050: 93 1A 48 3F A8 79 DD 41 FA 5F 4A 41 85 41 6D 42 ..H?.y.A._JA.AmB

0060: DF A2 D0 3A 72 11 F1 8B A0 CC F8 70 D3 91 A9 84 ...:r......p....

0070: 4E CA 5B 1E 89 6C AC E4 CC B1 72 8D 16 43 6D 7C N.[..l....r..Cm.


]

adding as trusted cert: [
[
Version: V3
Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@60bc08
Validity: [From: Fri Aug 20 01:16:28 BST 1999,
To: Thu Feb 23 07:00:00 GMT 2006]
Issuer: CN=Root SGC Authority
SerialNumber: [ 8fb2adb5 3a9056a5 11d35694 7cedeec0 ]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 06 30 04 03 02 07 80 ..0.....



[2]: ObjectId: 2.5.29.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 41 30 3F 80 10 0D 27 29 E4 05 2A 97 B4 77 58 .A0?...')..*..wX

0010: 35 47 93 2D 06 B8 A1 1F 30 1D 31 1B 30 19 06 03 5G.-....0.1.0...

0020: 55 04 03 13 12 52 6F 6F 74 20 53 47 43 20 41 75 U....Root SGC Au

0030: 74 68 6F 72 69 74 79 82 0A 20 9D 11 D1 0E 7F 7B thority.. ......

0040: 85 74 80 .t.



[3]: ObjectId: 2.5.29.37 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 19 30 17 06 0A 2B 06 01 04 01 82 37 0A 03 03 ..0...+.....7...

0010: 06 09 60 86 48 01 86 F8 42 04 01 ..`.H...B..



]
Algorithm: [MD5withRSA]
Signature:
0000: 79 88 C9 E3 3C 4F E3 33 C7 1A 94 A8 D4 80 74 45 y...
0010: E2 19 92 4C F4 68 78 09 48 E4 37 CC AD 8E FF E0 ...L.hx.H.7.....

0020: A5 B3 9F 28 DE EA 78 4F FC B3 7D 00 BD 36 2F EB ...(..xO.....6/.

0030: 8A B0 B0 9E B0 83 D1 0E CF 41 B9 69 7C 7B 0D A2 .........A.i....

0040: FF 1F 31 33 37 06 07 91 1C 37 1F 93 21 B6 F3 0F ..137....7..!...

0050: 24 C6 06 68 60 51 6A E5 ED F9 40 39 87 B2 59 B4 $..h`Qj...@9..Y.

0060: 41 26 6C 11 F9 9B F2 61 29 B7 33 2C 2D AE 31 7C A&l....a).3,-.1.

0070: B4 2D 3C 78 22 1F DA FD 10 8E B2 AC 8B 0E 93 6B .-
0080: BF 52 F4 51 A9 83 9B 8C 08 6D D8 6D C5 83 7D 48 .R.Q.....m.m...H

0090: 55 60 D2 0C 4C 1B 8B 66 35 8D 54 1A 03 FF 08 81 U`..L..f5.T.....

00A0: B5 DF E0 B5 61 02 FC 80 5C 03 B6 E7 7C D4 96 0E ....a...\.......

00B0: D9 21 3C 07 1D 07 F6 7C D2 98 3C 02 24 F9 A0 55 .!<.......<.$..U

00C0: 5C 85 5B 3D 53 E5 50 C9 42 D6 49 1F 3F E5 DB 88 \.[=S.P.B.I.?...

00D0: 77 FD 98 71 9A BA 28 8A AF 98 92 D7 21 6E F5 57 w..q..(.....!n.W

00E0: 6A 27 B4 2B 17 89 54 8A 24 DC F9 4D 47 11 24 F3 j'.+..T.$..MG.$.

00F0: EE 99 98 18 2D 4F D1 48 2C 8F EA 23 A9 22 21 94 ....-O.H,..#."!.


]

adding as trusted cert: [
[
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a0d5d
Validity: [From: Mon Jan 29 00:00:00 GMT 1996,
To: Fri Dec 31 23:59:59 GMT 1999]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 02a60000 01]

]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........

0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...

0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........

0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..

0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A

0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....

0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..

0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.


]

adding as trusted cert: [
[
Version: V3
Subject: CN=devsal, OU=Millennium BCP, O=Banco Comercial Portugues, L=Lisboa, ST=Lisboa, C=PT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@2470b8
Validity: [From: Tue Nov 18 19:36:47 GMT 2003,
To: Fri Oct 15 18:39:09 BST 2004]
Issuer: CN=devwfw01, O=Cidadebcp, C=US
SerialNumber: [ 16a577be 00000000 001d]

Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 0D 30 82 01 09 30 81 AC 06 08 2B 06 01 ....0...0....+..

0010: 05 05 07 30 02 86 81 9F 6C 64 61 70 3A 2F 2F 2F ...0....ldap:


0020: 43 4E 3D 64 65 76 77 66 77 30 31 2C 43 4E 3D 41 CN=devwfw01,CN=A

0030: 49 41 2C 43 4E 3D 50 75 62 6C 69 63 25 32 30 4B IA,CN=Public%20K

0040: 65 79 25 32 30 53 65 72 76 69 63 65 73 2C 43 4E ey%20Services,CN

0050: 3D 53 65 72 76 69 63 65 73 2C 43 4E 3D 43 6F 6E =Services,CN=Con

0060: 66 69 67 75 72 61 74 69 6F 6E 2C 44 43 3D 64 6F figuration,DC=do

0070: 6D 2C 44 43 3D 64 65 76 63 69 64 2C 44 43 3D 70 m,DC=devcid,DC=p

0080: 74 3F 63 41 43 65 72 74 69 66 69 63 61 74 65 3F t?cACertificate?

0090: 62 61 73 65 3F 6F 62 6A 65 63 74 63 6C 61 73 73 base?objectclass

00A0: 3D 63 65 72 74 69 66 69 63 61 74 69 6F 6E 41 75 =certificationAu

00B0: 74 68 6F 72 69 74 79 30 58 06 08 2B 06 01 05 05 thority0X..+....

00C0: 07 30 02 86 4C 68 74 74 70 3A 2F 2F 64 65 76 77 .0..Lhttp://devw

00D0: 66 77 30 31 2E 64 6F 6D 2E 64 65 76 63 69 64 2E fw01.dom.devcid.

00E0: 70 74 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F 64 65 pt/CertEnroll/de

00F0: 76 77 66 77 30 31 2E 64 6F 6D 2E 64 65 76 63 69 vwfw01.dom.devci

0100: 64 2E 70 74 5F 64 65 76 77 66 77 30 31 2E 63 72 d.pt_devwfw01.cr

0110: 74 t



[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB 54 B9 94 D2 32 4F 43 F4 F2 8D 30 2C 64 BC E2 .T...2OC...0,d..

0010: E6 E8 0E B3 ....

]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A5 92 FA AC B2 45 FF F4 88 AF 2A A4 C4 50 9F D5 .....E....*..P..

0010: 4C 3A D0 5F L:._

]

[CN=devwfw01, O=Cidadebcp, C=US]
SerialNumber: [ 47b7d182 bdec6da3 4dbd3450 e158e2ee ]
]

[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 01 30 81 FE 30 81 BE A0 81 BB A0 81 B8 ....0..0........

0010: 86 81 B5 6C 64 61 70 3A 2F 2F 2F 43 4E 3D 64 65 ...ldap:
CN=de

0020: 76 77 66 77 30 31 2C 43 4E 3D 64 65 76 77 66 77 vwfw01,CN=devwfw

0030: 30 31 2C 43 4E 3D 43 44 50 2C 43 4E 3D 50 75 62 01,CN=CDP,CN=Pub

0040: 6C 69 63 25 32 30 4B 65 79 25 32 30 53 65 72 76 lic%20Key%20Serv

0050: 69 63 65 73 2C 43 4E 3D 53 65 72 76 69 63 65 73 ices,CN=Services

0060: 2C 43 4E 3D 43 6F 6E 66 69 67 75 72 61 74 69 6F ,CN=Configuratio

0070: 6E 2C 44 43 3D 64 6F 6D 2C 44 43 3D 64 65 76 63 n,DC=dom,DC=devc

0080: 69 64 2C 44 43 3D 70 74 3F 63 65 72 74 69 66 69 id,DC=pt?certifi

0090: 63 61 74 65 52 65 76 6F 63 61 74 69 6F 6E 4C 69 cateRevocationLi

00A0: 73 74 3F 62 61 73 65 3F 6F 62 6A 65 63 74 63 6C st?base?objectcl

00B0: 61 73 73 3D 63 52 4C 44 69 73 74 72 69 62 75 74 ass=cRLDistribut

00C0: 69 6F 6E 50 6F 69 6E 74 30 3B A0 39 A0 37 86 35 ionPoint0;.9.7.5

00D0: 68 74 74 70 3A 2F 2F 64 65 76 77 66 77 30 31 2E devwfw01.

00E0: 64 6F 6D 2E 64 65 76 63 69 64 2E 70 74 2F 43 65 dom.devcid.pt/Ce

00F0: 72 74 45 6E 72 6F 6C 6C 2F 64 65 76 77 66 77 30 rtEnroll/devwfw0

0100: 31 2E 63 72 6C 1.crl



[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]

[6]: ObjectId: 2.5.29.37 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0...+.......



]
Algorithm: [SHA1withRSA]
Signature:
0000: 69 49 1C 2D 68 8F 8C 21 DB CD B7 1E A1 62 17 97 iI.-h..!.....b..

0010: A4 76 8C A1 E0 BD B7 D1 C8 B9 30 68 52 6C 19 AE .v........0hRl..

0020: 7D D0 9B DC BA 05 8A CB B9 0D EE 32 94 FF 47 5F ...........2..G_

0030: 7F 47 E9 89 D0 ED DA DD 25 93 E4 67 86 52 D9 91 .G......%..g.R..


]

adding as trusted cert: [
[
Version: V3
Subject: CN=ONI Corporate CA, OU=Oniway, L=Lisboa, ST=Lisboa, C=PT, EmailAddress=onicorporate.ca@oni.pt
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@3caecd
Validity: [From: Wed Dec 05 19:47:57 GMT 2001,
To: Fri Dec 05 19:55:29 GMT 2003]
Issuer: CN=ONI Corporate CA, OU=Oniway, L=Lisboa, ST=Lisboa, C=PT, EmailAddress=onicorporate.ca@oni.pt
SerialNumber: [ 5d72e649 99af8f81 452c4eb8 726fb7bf ]

Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 06 1E 04 00 43 00 41 .....C.A



[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 80 C9 8E D9 E3 26 A0 59 28 C2 4F 1A 95 E4 03 35 .....&.Y(.O....5

0010: 9D 6B 13 E8 .k..

]
]

[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 09 30 82 01 05 30 81 C0 A0 81 BD A0 81 ....0...0.......

0010: BA 86 81 B7 6C 64 61 70 3A 2F 2F 2F 43 4E 3D 4F ....ldap:
CN=O

0020: 4E 49 25 32 30 43 6F 72 70 6F 72 61 74 65 25 32 NI%20Corporate%2

0030: 30 43 41 2C 43 4E 3D 4E 44 43 41 4C 52 30 31 2C 0CA,CN=NDCALR01,

0040: 43 4E 3D 43 44 50 2C 43 4E 3D 50 75 62 6C 69 63 CN=CDP,CN=Public

0050: 25 32 30 4B 65 79 25 32 30 53 65 72 76 69 63 65 %20Key%20Service

0060: 73 2C 43 4E 3D 53 65 72 76 69 63 65 73 2C 43 4E s,CN=Services,CN

0070: 3D 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 2C 44 =Configuration,D

0080: 43 3D 6F 6E 69 2C 44 43 3D 70 74 3F 63 65 72 74 C=oni,DC=pt?cert

0090: 69 66 69 63 61 74 65 52 65 76 6F 63 61 74 69 6F ificateRevocatio

00A0: 6E 4C 69 73 74 3F 62 61 73 65 3F 6F 62 6A 65 63 nList?base?objec

00B0: 74 63 6C 61 73 73 3D 63 52 4C 44 69 73 74 72 69 tclass=cRLDistri

00C0: 62 75 74 69 6F 6E 50 6F 69 6E 74 30 40 A0 3E A0 butionPoint0@.>.

00D0: 3C 86 3A 68 74 74 70 3A 2F 2F 6E 64 63 61 6C 72 <.:http://ndcalr

00E0: 30 31 2E 6F 6E 69 2E 70 74 2F 43 65 72 74 45 6E 01.oni.pt/CertEn

00F0: 72 6F 6C 6C 2F 4F 4E 49 25 32 30 43 6F 72 70 6F roll/ONI%20Corpo

0100: 72 61 74 65 25 32 30 43 41 2E 63 72 6C rate%20CA.crl



[4]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Non_repudiation
Key_CertSign
Crl_Sign
]

[5]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 03 02 01 00 .....



[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: AF 8F A5 ED 31 08 DA 63 52 BE B4 9F 54 FE EA 1B ....1..cR...T...

0010: D2 E2 42 D9 B2 F1 62 67 38 B9 E0 CA 1E 4C B4 EB ..B...bg8....L..

0020: 01 50 A0 AF 42 69 31 14 52 C7 34 D4 E2 80 11 88 .P..Bi1.R.4.....

0030: E3 7D 68 99 8B 7A 83 AE 1F 34 D1 11 83 C0 57 1C ..h..z...4....W.


]

adding as trusted cert: [
[
Version: V1
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@784386
Validity: [From: Mon Jan 29 00:00:00 GMT 1996,
To: Wed Aug 02 00:59:59 BST 2028]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 70bae41d 10d92934 b638ca7b 03ccbabf ]

]
Algorithm: [MD2withRSA]
Signature:
0000: BB 4C 12 2B CF 2C 26 00 4F 14 13 DD A6 FB FC 0A .L.+.,&.O.......

0010: 11 84 8C F3 28 1C 67 92 2F 7C B6 C5 FA DF F0 E8 ....(.g./.......

0020: 95 BC 1D 8F 6C 2C A8 51 CC 73 D8 A4 C0 53 F0 4E ....l,.Q.s...S.N

0030: D6 26 C0 76 01 57 81 92 5E 21 F1 D1 B1 FF E7 D0 .&.v.W..^!......

0040: 21 58 CD 69 17 E3 44 1C 9C 19 44 39 89 5C DC 9C !X.i..D...D9.\..

0050: 00 0F 56 8D 02 99 ED A2 90 45 4C E4 BB 10 A4 3D ..V......EL....=

0060: F0 32 03 0E F1 CE F8 E8 C9 51 8C E6 62 9F E6 9F .2.......Q..b...

0070: C0 7D B7 72 9C C9 36 3A 6B 9F 4E A8 FF 64 0D 64 ...r..6:k.N..d.d


]

adding as trusted cert: [
[
Version: V3
Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@194a4e
Validity: [From: Thu Apr 17 01:00:00 BST 1997,
To: Tue Oct 25 00:59:59 BST 2011]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 254b8a85 3842cce3 58f8c5dd ae226ea4 ]

Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
]

[2]: ObjectId: 2.5.29.32 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 3D 30 3B 30 39 06 0B 60 86 48 01 86 F8 45 01 .=0;09..`.H...E.

0010: 07 01 01 30 2A 30 28 06 08 2B 06 01 05 05 07 02 ...0*0(..+......

0020: 01 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 ...https://www.v

0030: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 erisign.com/CPS



[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2A 30 28 30 26 A0 24 A0 22 86 20 68 74 74 70 .*0(0&.$.". http

0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.

0020: 63 6F 6D 2F 70 63 61 33 2E 63 72 6C com/pca3.crl



[4]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]

[5]: ObjectId: 2.5.29.37 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 06 08 2B 06 01 05 05 07 03 01 06 08 .-0+..+.........

0010: 2B 06 01 05 05 07 03 02 06 09 60 86 48 01 86 F8 +.........`.H...

0020: 42 04 01 06 0A 60 86 48 01 86 F8 45 01 08 01 B....`.H...E...



[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:0
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 08 01 EC E4 68 94 03 42 F1 73 F1 23 A2 3A DE E9 ....h..B.s.#.:..

0010: F1 DA C6 54 C4 23 3E 86 EA CF 6A 3A 33 AB EA 9C ...T.#>...j:3...

0020: 04 14 07 36 06 0B F9 88 6F D5 13 EE 29 2B C3 E4 ...6....o...)+..

0030: 72 8D 44 ED D1 AC 20 09 2D E1 F6 E1 19 05 38 B0 r.D... .-.....8.

0040: 3D 0F 9F 7F F8 9E 02 DC 86 02 86 61 4E 26 5F 5E =..........aN&_^

0050: 9F 92 1E 0C 24 A4 F5 D0 70 13 CF 26 C3 43 3D 49 ....$...p..&.C=I

0060: 1D 9E 82 2E 52 5F BC 3E C6 66 29 01 8E 4E 92 2C ....R_.>.f)..N.,

0070: BC 46 75 03 82 AC 73 E9 D9 7E 0B 67 EF 54 52 1A .Fu...s....g.TR.


]

adding as trusted cert: [
[
Version: V1
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@5d56d5
Validity: [From: Mon Jan 29 00:00:00 GMT 1996,
To: Tue Jan 07 23:59:59 GMT 2020]
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 325033cf 50d156f3 5c81ad65 5c4fc825 ]

]
Algorithm: [MD2withRSA]
Signature:
0000: 4B 44 66 60 68 64 E4 98 1B F3 B0 72 E6 95 89 7C KDf`hd.....r....

0010: DD 7B B3 95 C0 1D 2E D8 D8 19 D0 2D 34 3D C6 50 ...........-4=.P

0020: 9A 10 86 8C AA 3F 3B A8 04 FC 37 52 95 C3 D9 C9 .....?;...7R....

0030: DB CD F2 86 06 C4 B1 1B F0 82 88 30 42 8E 17 50 ...........0B..P

0040: 1C 64 7A B8 3E 99 49 74 97 FC AC 02 43 FB 96 0C .dz.>.It....C...

0050: 56 04 25 0C 7C 7C 87 9D 24 A7 D8 F0 32 29 B5 A4 V.%.....$...2)..

0060: DF 5D A2 4C C5 16 32 A8 42 F6 45 A6 B6 36 B9 E0 .].L..2.B.E..6..

0070: BF 65 36 93 C2 D2 D7 6B DC DE 59 D6 A2 35 F8 45 .e6....k..Y..5.E


]

adding as trusted cert: [
[
Version: V3
Subject: EmailAddress=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@6fd552
Validity: [From: Mon Jan 01 00:00:00 GMT 1996,
To: Thu Dec 31 23:59:59 GMT 2020]
Issuer: EmailAddress=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 0 ]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 2D E2 99 6B B0 3D 7A 89 D7 59 A2 94 01 1F 2B DD -..k.=z..Y....+.

0010: 12 4B 53 C2 AD 7F AA A7 00 5C 91 40 57 25 4A 38 .KS......\.@W%J8

0020: AA 84 70 B9 D9 80 0F A5 7B 5C FB 73 C6 BD D7 8A ..p......\.s....

0030: 61 5C 03 E3 2D 27 A8 17 E0 84 85 42 DC 5E 9B C6 a\..-'.....B.^..

0040: B7 B2 6D BB 74 AF E4 3F CB A7 B7 B0 E0 5D BE 78 ..m.t..?.....].x

0050: 83 25 94 D2 DB 81 0F 79 07 6D 4F F4 39 15 5A 52 .%.....y.mO.9.ZR

0060: 01 7B DE 32 D6 4D 38 F6 12 5C 06 50 DF 05 5B BD ...2.M8..\.P..[.

0070: 14 4B A1 DF 29 BA 3B 41 8D F7 63 56 A1 DF 22 B1 .K..).;A..cV..".


]

adding as trusted cert: [
[
Version: V3
Subject: EmailAddress=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@1dfbff
Validity: [From: Mon Jan 01 00:00:00 GMT 1996,
To: Thu Dec 31 23:59:59 GMT 2020]
Issuer: EmailAddress=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 0 ]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [MD5withRSA]
Signature:
0000: C7 EC 92 7E 4E F8 F5 96 A5 67 62 2A A4 F0 4D 11 ....N....gb*..M.

0010: 60 D0 6F 8D 60 58 61 AC 26 BB 52 35 5C 08 CF 30 `.o.`Xa.&.R5\..0

0020: FB A8 4A 96 8A 1F 62 42 23 8C 17 0F F4 BA 64 9C ..J...bB#.....d.

0030: 17 AC 47 29 DF 9D 98 5E D2 6C 60 71 5C A2 AC DC ..G)...^.l`q\...

0040: 79 E3 E7 6E 00 47 1F B5 0D 28 E8 02 9D E4 9A FD y..n.G...(......

0050: 13 F4 A6 D9 7C B1 F8 DC 5F 23 26 09 91 80 73 D0 ........_#&...s.

0060: 14 1B DE 43 A9 83 25 F2 E6 9C 2F 15 CA FE A6 AB ...C..%.../.....

0070: 8A 07 75 8B 0C DD 51 84 6B E4 F8 D1 CE 77 A2 81 ..u...Q.k....w..


]

adding as trusted cert: [
[
Version: V1
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@b4b2f
Validity: [From: Mon Jan 29 00:00:00 GMT 1996,
To: Wed Jan 07 23:59:59 GMT 2004]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ e49efdf3 3ae80ecf a5113e19 a4240232 ]

]
Algorithm: [MD2withRSA]
Signature:
0000: 61 70 EC 2F 3F 9E FD 2B E6 68 54 21 B0 67 79 08 ap./?..+.hT!.gy.

0010: 0C 20 96 31 8A 0D 7A BE B6 26 DF 79 2C 22 69 49 . .1..z..&.y,"iI

0020: 36 E3 97 77 62 61 A2 32 D7 7A 54 21 36 BA 02 C9 6..wba.2.zT!6...

0030: 34 E7 25 DA 44 35 B0 D2 5C 80 5D B3 94 F8 F9 AC 4.%.D5..\.].....

0040: EE A4 60 75 2A 1F 95 49 23 B1 4A 7C F4 B3 47 72 ..`u*..I#.J...Gr

0050: 21 5B 7E 97 AB 54 AC 62 E7 5D EC AE 9B D2 C9 B2 ![...T.b.]......

0060: 24 FB 82 AD E9 67 15 4B BA AA A6 F0 97 A0 F6 B0 $....g.K........

0070: 97 57 00 C8 0C 3C 09 A0 82 04 BA 41 DA F7 99 A4 .W...<.....A....


]

adding as trusted cert: [
[
Version: V3
Subject: CN=ONI Corporate CA, OU=Oniway, L=Lisboa, ST=Lisboa, C=PT, EmailAddress=onicorporate.ca@oni.pt
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@750159
Validity: [From: Wed Dec 05 19:47:57 GMT 2001,
To: Fri Dec 05 19:55:29 GMT 2003]
Issuer: CN=ONI Corporate CA, OU=Oniway, L=Lisboa, ST=Lisboa, C=PT, EmailAddress=onicorporate.ca@oni.pt
SerialNumber: [ 5d72e649 99af8f81 452c4eb8 726fb7bf ]

Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 06 1E 04 00 43 00 41 .....C.A



[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 80 C9 8E D9 E3 26 A0 59 28 C2 4F 1A 95 E4 03 35 .....&.Y(.O....5

0010: 9D 6B 13 E8 .k..

]
]

[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 09 30 82 01 05 30 81 C0 A0 81 BD A0 81 ....0...0.......

0010: BA 86 81 B7 6C 64 61 70 3A 2F 2F 2F 43 4E 3D 4F ....ldap:
CN=O

0020: 4E 49 25 32 30 43 6F 72 70 6F 72 61 74 65 25 32 NI%20Corporate%2

0030: 30 43 41 2C 43 4E 3D 4E 44 43 41 4C 52 30 31 2C 0CA,CN=NDCALR01,

0040: 43 4E 3D 43 44 50 2C 43 4E 3D 50 75 62 6C 69 63 CN=CDP,CN=Public

0050: 25 32 30 4B 65 79 25 32 30 53 65 72 76 69 63 65 %20Key%20Service

0060: 73 2C 43 4E 3D 53 65 72 76 69 63 65 73 2C 43 4E s,CN=Services,CN

0070: 3D 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 2C 44 =Configuration,D

0080: 43 3D 6F 6E 69 2C 44 43 3D 70 74 3F 63 65 72 74 C=oni,DC=pt?cert

0090: 69 66 69 63 61 74 65 52 65 76 6F 63 61 74 69 6F ificateRevocatio

00A0: 6E 4C 69 73 74 3F 62 61 73 65 3F 6F 62 6A 65 63 nList?base?objec

00B0: 74 63 6C 61 73 73 3D 63 52 4C 44 69 73 74 72 69 tclass=cRLDistri

00C0: 62 75 74 69 6F 6E 50 6F 69 6E 74 30 40 A0 3E A0 butionPoint0@.>.

00D0: 3C 86 3A 68 74 74 70 3A 2F 2F 6E 64 63 61 6C 72 <.:http://ndcalr

00E0: 30 31 2E 6F 6E 69 2E 70 74 2F 43 65 72 74 45 6E 01.oni.pt/CertEn

00F0: 72 6F 6C 6C 2F 4F 4E 49 25 32 30 43 6F 72 70 6F roll/ONI%20Corpo

0100: 72 61 74 65 25 32 30 43 41 2E 63 72 6C rate%20CA.crl



[4]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Non_repudiation
Key_CertSign
Crl_Sign
]

[5]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 03 02 01 00 .....



[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: AF 8F A5 ED 31 08 DA 63 52 BE B4 9F 54 FE EA 1B ....1..cR...T...

0010: D2 E2 42 D9 B2 F1 62 67 38 B9 E0 CA 1E 4C B4 EB ..B...bg8....L..

0020: 01 50 A0 AF 42 69 31 14 52 C7 34 D4 E2 80 11 88 .P..Bi1.R.4.....

0030: E3 7D 68 99 8B 7A 83 AE 1F 34 D1 11 83 C0 57 1C ..h..z...4....W.


]

adding as trusted c
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 9 2004
Added on Feb 2 2004
#java-secure-socket-extension-jsse
2 comments
553 views