t3s not working on a java app client - Weblogic

This is a discussion on t3s not working on a java app client - Weblogic ; Hi! I'm having a problem with secure t3 protocol (t3s). My java client is accessing an EJB resided in WLS 7.0 (SP2). Everything works fine on non secure connection (t3), but I'm not able to configure the server in a ...

+ Reply to Thread
Results 1 to 17 of 17

Thread: t3s not working on a java app client

  1. t3s not working on a java app client

    Hi!

    I'm having a problem with secure t3 protocol (t3s). My java client is
    accessing an EJB resided in WLS 7.0 (SP2). Everything works fine on non
    secure connection (t3), but I'm not able to configure the server in a way
    that would enable the secure connection.

    Even the PING is not working on a secure connection:

    The command:

    "java -cp
    C:\bea\weblogic700\server\lib\weblogic.jar -Dweblogic.security.SSL.ignoreHos
    tnameVerification=true -Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\we bl
    ogic700\server\lib\cacerts -Dssl.debug=true weblogic.Admin -url
    t3s://localhost:7002 -username user -password pass PING 5"

    results the following error message:

    "Failed to connect to t3s://localhost:7002 due to: [t3s://localhost:7002:
    Destina
    tion unreachable; nested exception is:
    java.io.IOException: Write Channel Closed, possible SSL handshaking
    or t
    rust failure; No available router to destination]"

    The ssl.debug log is in the end of this message.

    I'm using the default certificate that comes with WLS installation.

    Web applications works fine when using HTTPS.

    I've searched through old messages concerning this problem, but I haven't
    found a solution. Any help would be appreciated.


    Regards,

    Jukka


    Here's the log:

    ####<22.1.2004 16:56:16 EET>
    <> <000000> SSLSocket>
    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000> Muxing>
    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>
    <5909941 readRecord()>
    ####<22.1.2004 16:56:16 EET>
    <> <000000>
    <5909941 received SSL_20_RECORD>
    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>
    <5909941 readRecord()>
    ####<22.1.2004 16:56:16 EET>
    <> <000000>
    <5909941 received ALERT>
    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    at com.certicom.tls.record.alert.Alert.(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleA lertMessages(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown
    Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown
    Source)
    at
    com.certicom.net.ssl.CerticomContextWrapper.forceH andshakeOnAcceptedSocket(U
    nknown Source)
    at weblogic.t3.srvr.SSLListenThread$1.execute(SSLList enThread.java:399)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThrea d.java:213)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.ja va:189)
    ####<22.1.2004 16:56:16 EET>
    <> <000000>
    com.certicom.tls.record.alert.Alert@6ee691>
    ####<22.1.2004 16:56:16 EET>
    <> <000000>

    ####<22.1.2004 16:56:16 EET>
    <> <000000>



  2. Re: t3s not working on a java app client

    Turn on ssl debugging in the server too. That may give an indication
    of the problem. Otherwise, please open a BEA support case for this issue.

    Add to the command to startup up the wls server:

    -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true

    Thanks, -tm

    "Jukka" wrote in message
    news:400fe9ba$1@newsgroups.bea.com...
    > Hi!
    >
    > I'm having a problem with secure t3 protocol (t3s). My java client is
    > accessing an EJB resided in WLS 7.0 (SP2). Everything works fine on non
    > secure connection (t3), but I'm not able to configure the server in a way
    > that would enable the secure connection.
    >
    > Even the PING is not working on a secure connection:
    >
    > The command:
    >
    > "java -cp
    >

    C:\bea\weblogic700\server\lib\weblogic.jar -Dweblogic.security.SSL.ignoreHos
    >

    tnameVerification=true -Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\we bl
    > ogic700\server\lib\cacerts -Dssl.debug=true weblogic.Admin -url
    > t3s://localhost:7002 -username user -password pass PING 5"
    >
    > results the following error message:
    >
    > "Failed to connect to t3s://localhost:7002 due to: [t3s://localhost:7002:
    > Destina
    > tion unreachable; nested exception is:
    > java.io.IOException: Write Channel Closed, possible SSL

    handshaking
    > or t
    > rust failure; No available router to destination]"
    >
    > The ssl.debug log is in the end of this message.
    >
    > I'm using the default certificate that comes with WLS installation.
    >
    > Web applications works fine when using HTTPS.
    >
    > I've searched through old messages concerning this problem, but I haven't
    > found a solution. Any help would be appreciated.
    >
    >
    > Regards,
    >
    > Jukka
    >
    >
    > Here's the log:
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000> > SSLSocket>
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000> > Muxing>
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    > <5909941 readRecord()>
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    > <5909941 received SSL_20_RECORD>
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    > <5909941 readRecord()>
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    > <5909941 received ALERT>
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    42>
    > java.lang.Throwable: Stack trace
    > at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    > at com.certicom.tls.record.alert.Alert.(Unknown Source)
    > at com.certicom.tls.record.alert.AlertHandler.handleA lertMessages(Unknown
    > Source)
    > at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown Source)
    > at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    > at com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown
    > Source)
    > at
    > com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown
    > Source)
    > at
    >

    com.certicom.net.ssl.CerticomContextWrapper.forceH andshakeOnAcceptedSocket(U
    > nknown Source)
    > at weblogic.t3.srvr.SSLListenThread$1.execute(SSLList enThread.java:399)
    > at weblogic.kernel.ExecuteThread.execute(ExecuteThrea d.java:213)
    > at weblogic.kernel.ExecuteThread.run(ExecuteThread.ja va:189)
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    > > com.certicom.tls.record.alert.Alert@6ee691>
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    > ####<22.1.2004 16:56:16 EET>
    > <> <000000>
    >
    >




  3. Re: t3s not working on a java app client


    Actually the log looks like it did came from the server, and it indicates that
    the client did not trust the server's identity certificate. Make sure you are
    using the demo certificate, and try setting both ssl debug flags on the client:

    -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true

    The client debug output should list its trusted certificates, and give more info
    about why the server certificate was rejected.

    Pavel.

    "tm" wrote:
    >Turn on ssl debugging in the server too. That may give an indication
    >of the problem. Otherwise, please open a BEA support case for this issue.
    >
    >Add to the command to startup up the wls server:
    >
    >-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    >
    >Thanks, -tm
    >
    >"Jukka" wrote in message
    >news:400fe9ba$1@newsgroups.bea.com...
    >> Hi!
    >>
    >> I'm having a problem with secure t3 protocol (t3s). My java client

    >is
    >> accessing an EJB resided in WLS 7.0 (SP2). Everything works fine on

    >non
    >> secure connection (t3), but I'm not able to configure the server in

    >a way
    >> that would enable the secure connection.
    >>
    >> Even the PING is not working on a secure connection:
    >>
    >> The command:
    >>
    >> "java -cp
    >>

    >C:\bea\weblogic700\server\lib\weblogic.jar -Dweblogic.security.SSL.ignoreHos
    >>

    >tnameVerification=true -Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\we bl
    >> ogic700\server\lib\cacerts -Dssl.debug=true weblogic.Admin -url
    >> t3s://localhost:7002 -username user -password pass PING 5"
    >>
    >> results the following error message:
    >>
    >> "Failed to connect to t3s://localhost:7002 due to: [t3s://localhost:7002:
    >> Destina
    >> tion unreachable; nested exception is:
    >> java.io.IOException: Write Channel Closed, possible SSL

    >handshaking
    >> or t
    >> rust failure; No available router to destination]"
    >>
    >> The ssl.debug log is in the end of this message.
    >>
    >> I'm using the default certificate that comes with WLS installation.
    >>
    >> Web applications works fine when using HTTPS.
    >>
    >> I've searched through old messages concerning this problem, but I haven't
    >> found a solution. Any help would be appreciated.
    >>
    >>
    >> Regards,
    >>
    >> Jukka
    >>
    >>
    >> Here's the log:
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >JSSE
    >> SSLSocket>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >will be
    >> Muxing>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >> <5909941 readRecord()>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >> <5909941 received SSL_20_RECORD>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >> <5909941 readRecord()>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >> <5909941 received ALERT>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >Type:
    >42>
    >> java.lang.Throwable: Stack trace
    >> at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    >> at com.certicom.tls.record.alert.Alert.(Unknown Source)
    >> at com.certicom.tls.record.alert.AlertHandler.handleA lertMessages(Unknown
    >> Source)
    >> at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown Source)
    >> at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    >> at com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown
    >> Source)
    >> at
    >> com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown
    >> Source)
    >> at
    >>

    >com.certicom.net.ssl.CerticomContextWrapper.forceH andshakeOnAcceptedSocket(U
    >> nknown Source)
    >> at weblogic.t3.srvr.SSLListenThread$1.execute(SSLList enThread.java:399)
    >> at weblogic.kernel.ExecuteThread.execute(ExecuteThrea d.java:213)
    >> at weblogic.kernel.ExecuteThread.run(ExecuteThread.ja va:189)
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >> >> com.certicom.tls.record.alert.Alert@6ee691>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >> ####<22.1.2004 16:56:16 EET>
    >> <> <000000>
    >>
    >>

    >
    >



  4. Re: t3s not working on a java app client




  5. Re: t3s not working on a java app client


    If you are using the demo certificate, be sure to define the following system property
    on your Java client:
    -Dweblogic.security.TrustKeyStore=DemoTrust

    -Dan


    "Pavel" wrote:
    >
    >Actually the log looks like it did came from the server, and it indicates
    >that
    >the client did not trust the server's identity certificate. Make sure
    >you are
    >using the demo certificate, and try setting both ssl debug flags on the
    >client:
    >
    >-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    >
    >The client debug output should list its trusted certificates, and give
    >more info
    >about why the server certificate was rejected.
    >
    >Pavel.
    >
    >"tm" wrote:
    >>Turn on ssl debugging in the server too. That may give an indication
    >>of the problem. Otherwise, please open a BEA support case for this

    >issue.
    >>
    >>Add to the command to startup up the wls server:
    >>
    >>-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    >>
    >>Thanks, -tm
    >>
    >>"Jukka" wrote in

    >message
    >>news:400fe9ba$1@newsgroups.bea.com...
    >>> Hi!
    >>>
    >>> I'm having a problem with secure t3 protocol (t3s). My java client

    >>is
    >>> accessing an EJB resided in WLS 7.0 (SP2). Everything works fine on

    >>non
    >>> secure connection (t3), but I'm not able to configure the server in

    >>a way
    >>> that would enable the secure connection.
    >>>
    >>> Even the PING is not working on a secure connection:
    >>>
    >>> The command:
    >>>
    >>> "java -cp
    >>>

    >>C:\bea\weblogic700\server\lib\weblogic.jar -Dweblogic.security.SSL.ignoreHos
    >>>

    >>tnameVerification=true -Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\we bl
    >>> ogic700\server\lib\cacerts -Dssl.debug=true weblogic.Admin -url
    >>> t3s://localhost:7002 -username user -password pass PING 5"
    >>>
    >>> results the following error message:
    >>>
    >>> "Failed to connect to t3s://localhost:7002 due to: [t3s://localhost:7002:
    >>> Destina
    >>> tion unreachable; nested exception is:
    >>> java.io.IOException: Write Channel Closed, possible SSL

    >>handshaking
    >>> or t
    >>> rust failure; No available router to destination]"
    >>>
    >>> The ssl.debug log is in the end of this message.
    >>>
    >>> I'm using the default certificate that comes with WLS installation.
    >>>
    >>> Web applications works fine when using HTTPS.
    >>>
    >>> I've searched through old messages concerning this problem, but I

    >haven't
    >>> found a solution. Any help would be appreciated.
    >>>
    >>>
    >>> Regards,
    >>>
    >>> Jukka
    >>>
    >>>
    >>> Here's the log:
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>JSSE
    >>> SSLSocket>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>will be
    >>> Muxing>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>> <5909941 readRecord()>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>> <5909941 received SSL_20_RECORD>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>> <5909941 readRecord()>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>> <5909941 received ALERT>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>Type:
    >>42>
    >>> java.lang.Throwable: Stack trace
    >>> at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    >>> at com.certicom.tls.record.alert.Alert.(Unknown Source)
    >>> at com.certicom.tls.record.alert.AlertHandler.handleA lertMessages(Unknown
    >>> Source)
    >>> at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown Source)
    >>> at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    >>> at com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown
    >>> Source)
    >>> at
    >>> com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown
    >>> Source)
    >>> at
    >>>

    >>com.certicom.net.ssl.CerticomContextWrapper.forceH andshakeOnAcceptedSocket(U
    >>> nknown Source)
    >>> at weblogic.t3.srvr.SSLListenThread$1.execute(SSLList enThread.java:399)
    >>> at weblogic.kernel.ExecuteThread.execute(ExecuteThrea d.java:213)
    >>> at weblogic.kernel.ExecuteThread.run(ExecuteThread.ja va:189)
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>> >>> com.certicom.tls.record.alert.Alert@6ee691>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>> ####<22.1.2004 16:56:16 EET>
    >>> <> <000000>
    >>>
    >>>

    >>
    >>

    >



  6. Re: t3s not working on a java app client

    I think this switch only works for WLS 8.1, not for 7.0.
    SSL configuration was reworked in 8.1 since it was so difficult in 7.0.

    -tm

    "Dan Branley" wrote in message
    news:401013c4$3@newsgroups.bea.com...
    >
    > If you are using the demo certificate, be sure to define the following

    system property
    > on your Java client:
    > -Dweblogic.security.TrustKeyStore=DemoTrust
    >
    > -Dan
    >
    >
    > "Pavel" wrote:
    > >
    > >Actually the log looks like it did came from the server, and it indicates
    > >that
    > >the client did not trust the server's identity certificate. Make sure
    > >you are
    > >using the demo certificate, and try setting both ssl debug flags on the
    > >client:
    > >
    > >-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    > >
    > >The client debug output should list its trusted certificates, and give
    > >more info
    > >about why the server certificate was rejected.
    > >
    > >Pavel.
    > >
    > >"tm" wrote:
    > >>Turn on ssl debugging in the server too. That may give an indication
    > >>of the problem. Otherwise, please open a BEA support case for this

    > >issue.
    > >>
    > >>Add to the command to startup up the wls server:
    > >>
    > >>-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    > >>
    > >>Thanks, -tm
    > >>
    > >>"Jukka" wrote in

    > >message
    > >>news:400fe9ba$1@newsgroups.bea.com...
    > >>> Hi!
    > >>>
    > >>> I'm having a problem with secure t3 protocol (t3s). My java client
    > >>is
    > >>> accessing an EJB resided in WLS 7.0 (SP2). Everything works fine on
    > >>non
    > >>> secure connection (t3), but I'm not able to configure the server in
    > >>a way
    > >>> that would enable the secure connection.
    > >>>
    > >>> Even the PING is not working on a secure connection:
    > >>>
    > >>> The command:
    > >>>
    > >>> "java -cp
    > >>>

    >
    >>C:\bea\weblogic700\server\lib\weblogic.jar -Dweblogic.security.SSL.ignoreH

    os
    > >>>

    >
    >>tnameVerification=true -Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\we

    bl
    > >>> ogic700\server\lib\cacerts -Dssl.debug=true weblogic.Admin -url
    > >>> t3s://localhost:7002 -username user -password pass PING 5"
    > >>>
    > >>> results the following error message:
    > >>>
    > >>> "Failed to connect to t3s://localhost:7002 due to:

    [t3s://localhost:7002:
    > >>> Destina
    > >>> tion unreachable; nested exception is:
    > >>> java.io.IOException: Write Channel Closed, possible SSL
    > >>handshaking
    > >>> or t
    > >>> rust failure; No available router to destination]"
    > >>>
    > >>> The ssl.debug log is in the end of this message.
    > >>>
    > >>> I'm using the default certificate that comes with WLS installation.
    > >>>
    > >>> Web applications works fine when using HTTPS.
    > >>>
    > >>> I've searched through old messages concerning this problem, but I

    > >haven't
    > >>> found a solution. Any help would be appreciated.
    > >>>
    > >>>
    > >>> Regards,
    > >>>
    > >>> Jukka
    > >>>
    > >>>
    > >>> Here's the log:
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <> <000000> > >>JSSE
    > >>> SSLSocket>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <> <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <> <000000> > >>will be
    > >>> Muxing>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <> <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>> <5909941 readRecord()>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>> <5909941 received SSL_20_RECORD>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>> <5909941 readRecord()>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>> <5909941 received ALERT>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>> > >>Type:
    > >>42>
    > >>> java.lang.Throwable: Stack trace
    > >>> at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    > >>> at com.certicom.tls.record.alert.Alert.(Unknown Source)
    > >>> at

    com.certicom.tls.record.alert.AlertHandler.handleA lertMessages(Unknown
    > >>> Source)
    > >>> at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown

    Source)
    > >>> at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    > >>> at

    com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknown
    > >>> Source)
    > >>> at
    > >>>

    com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Unknown
    > >>> Source)
    > >>> at
    > >>>

    >
    >>com.certicom.net.ssl.CerticomContextWrapper.forceH andshakeOnAcceptedSocket

    (U
    > >>> nknown Source)
    > >>> at

    weblogic.t3.srvr.SSLListenThread$1.execute(SSLList enThread.java:399)
    > >>> at weblogic.kernel.ExecuteThread.execute(ExecuteThrea d.java:213)
    > >>> at weblogic.kernel.ExecuteThread.run(ExecuteThread.ja va:189)
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>> > >>> com.certicom.tls.record.alert.Alert@6ee691>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>> ####<22.1.2004 16:56:16 EET>
    > >>> <>

    <000000>
    > >>>
    > >>>
    > >>
    > >>

    > >

    >




  7. Re: t3s not working on a java app client (long debug listing included)

    Hi!

    Ok, I checked that I am using the demo certificate (Server Certificate File
    Name: democert.pem) and turned the debug flags on. Log in the end of this
    message (sorry about the huge size). I noticed two "key phrases":

    "Certificate chain is incomplete"

    and

    "A corrupt or unuseable certificate was received."

    Can you make something out of it?

    Thank you for your help.

    Regards,

    Jukka


    <000000> algori
    thm ECDSA, class java.security.Signature>
    <000000> algorithm
    SHA1withDSA, class java.security.Signature using provider SUN version 1.2>
    <000000> algorithm
    MD5withRSA, class java.security.Signature using provider SunRsaSign version
    1.0
    >

    <000000> algorithm
    SHA1withRSA, class java.security.Signature using provider SunRsaSign
    version 1.
    0>
    <000000> algorithm
    MD2withRSA, class java.security.Signature using provider SunRsaSign version
    1.0
    >

    <000000> algorithm
    SHA, class java.security.MessageDigest using provider SUN version 1.2>
    <000000> algorithm
    MD5, class java.security.MessageDigest using provider SUN version 1.2>
    <000000> algori
    thm NullMac, class javax.crypto.Mac>
    <000000> algori
    thm HmacSHA1, class javax.crypto.Mac>
    <000000> algori
    thm HmacMD5, class javax.crypto.Mac>
    <000000> algori
    thm DES/CBC/NoPadding, class javax.crypto.Cipher>
    <000000> algori
    thm DESede/CBC/NoPadding, class javax.crypto.Cipher>
    <000000> algori
    thm DESede/ECB/NoPadding, class javax.crypto.Cipher>
    <000000> algori
    thm RC4, class javax.crypto.Cipher>
    <000000> algori
    thm RSA/ECB/PKCS1Padding, class javax.crypto.Cipher>
    <000000> algori
    thm RSA/ECB/NoPadding, class javax.crypto.Cipher>
    <000000> algori
    thm Anonymous, class javax.crypto.KeyAgreement>
    <000000> algori
    thm ECDH, class javax.crypto.KeyAgreement>
    <000000> algori
    thm DiffieHellman, class javax.crypto.KeyAgreement>
    <000000> algori
    thm RSA, class javax.crypto.KeyAgreement>
    <000000> < provider[0] - SUN>
    <000000> < SUN (DSA
    key/pa
    rameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509
    certifi
    cates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP,
    Collect
    ion CertStores)>
    <000000> < provider[1] -
    SunRsaSi
    gn>
    <000000> < SUN's
    provider
    for RSA signatures>
    <000000> java.security.Sig
    nature | USEHARDWIRED>
    <000000> java.security.Messa
    geDigest | USEJCE | SUN version 1.2>
    <000000> javax.crypto.Cipher
    | USEHARDWIRED>
    <000000> java.securit
    y.Signature | USEJCE | SunRsaSign version 1.0>
    <000000> javax.crypto.KeyAgr
    eement | USEHARDWIRED>
    <000000> javax
    ..crypto.Cipher | USEHARDWIRED>
    <000000> | ja
    vax.crypto.Cipher | USEHARDWIRED>
    <000000> javax.cry
    pto.KeyAgreement | USEHARDWIRED>
    <000000> java.securi
    ty.Signature | USEJCE | SunRsaSign version 1.0>
    <000000> | ja
    vax.crypto.Cipher | USEHARDWIRED>
    <000000> javax
    ..crypto.Cipher | USEHARDWIRED>
    <000000> java.securi
    ty.Signature | USEJCE | SUN version 1.2>
    <000000> javax.crypto.Ma
    c | USEHARDWIRED>
    <000000> java.security.Messa
    geDigest | USEJCE | SUN version 1.2>
    <000000> javax.crypto.M
    ac | USEHARDWIRED>
    <000000> java.securit
    y.Signature | USEJCE | SunRsaSign version 1.0>
    <000000> | ja
    vax.crypto.Cipher | USEHARDWIRED>
    <000000> javax.crypto.
    KeyAgreement | USEHARDWIRED>
    <000000> javax.crypto.Ma
    c | USEHARDWIRED>
    <000000> javax.crypto.KeyAg
    reement | USEHARDWIRED>
    <000000> = f
    alse>
    <000000> some SS
    L = false>
    <000000> is
    USEHARDWIRED>
    <000000>
    <000000> false>
    <000000> found>

    <000000> Certicom S
    SL license found>
    <000000> expor
    t limited>

    *************************************************
    Note: I haven't configured the following line, it's like that in default
    *************************************************

    <000000> C:\XXXXXX\XXXXXX\XXXX\security\cacerts>
    <000000> [
    Version: V3
    Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
    Freemai
    l CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    ST=W
    estern Cape, C=ZA
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@3c37f4
    Validity: [From: Mon Jan 01 02:00:00 EET 1996,
    To: Fri Jan 01 01:59:59 EET 2021]
    Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
    Freemail
    CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    ST=We
    stern Cape, C=ZA
    SerialNumber: [ 00]

    Certificate Extensions: 1
    [1]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: C7 EC 92 7E 4E F8 F5 96 A5 67 62 2A A4 F0 4D 11 ....N....gb*..M.
    0010: 60 D0 6F 8D 60 58 61 AC 26 BB 52 35 5C 08 CF 30 `.o.`Xa.&.R5\..0
    0020: FB A8 4A 96 8A 1F 62 42 23 8C 17 0F F4 BA 64 9C ..J...bB#.....d.
    0030: 17 AC 47 29 DF 9D 98 5E D2 6C 60 71 5C A2 AC DC ..G)...^.l`q\...
    0040: 79 E3 E7 6E 00 47 1F B5 0D 28 E8 02 9D E4 9A FD y..n.G...(......
    0050: 13 F4 A6 D9 7C B1 F8 DC 5F 23 26 09 91 80 73 D0 ........_#&...s.
    0060: 14 1B DE 43 A9 83 25 F2 E6 9C 2F 15 CA FE A6 AB ...C..%.../.....
    0070: 8A 07 75 8B 0C DD 51 84 6B E4 F8 D1 CE 77 A2 81 ..u...Q.k....w..

    ]>
    <000000> [
    Version: V3
    Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic
    CA,
    OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    ST=Western
    Cape, C=ZA
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@1f7896f
    Validity: [From: Mon Jan 01 02:00:00 EET 1996,
    To: Fri Jan 01 01:59:59 EET 2021]
    Issuer: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic
    CA, O
    U=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    ST=Western
    Cape, C=ZA
    SerialNumber: [ 00]

    Certificate Extensions: 1
    [1]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 2D E2 99 6B B0 3D 7A 89 D7 59 A2 94 01 1F 2B DD -..k.=z..Y....+.
    0010: 12 4B 53 C2 AD 7F AA A7 00 5C 91 40 57 25 4A 38 .KS......\.@W%J8
    0020: AA 84 70 B9 D9 80 0F A5 7B 5C FB 73 C6 BD D7 8A ..p......\.s....
    0030: 61 5C 03 E3 2D 27 A8 17 E0 84 85 42 DC 5E 9B C6 a\..-'.....B.^..
    0040: B7 B2 6D BB 74 AF E4 3F CB A7 B7 B0 E0 5D BE 78 ..m.t..?.....].x
    0050: 83 25 94 D2 DB 81 0F 79 07 6D 4F F4 39 15 5A 52 .%.....y.mO.9.ZR
    0060: 01 7B DE 32 D6 4D 38 F6 12 5C 06 50 DF 05 5B BD ...2.M8..\.P..[.
    0070: 14 4B A1 DF 29 BA 3B 41 8D F7 63 56 A1 DF 22 B1 .K..).;A..cV..".

    ]>
    <000000> [
    Version: V3
    Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
    O=Baltimore
    , C=IE
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: com.sun.rsajca.JSA_RSAPublicKey@9ab0
    Validity: [From: Wed May 17 17:01:00 EEST 2000,
    To: Sun May 18 02:59:00 EEST 2025]
    Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
    O=Baltimore,
    C=IE
    SerialNumber: [ 020000bf]

    Certificate Extensions: 4
    [1]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: C8 41 34 5C 15 15 04 E5 40 F2 D1 AB 9A 6F 24 92 .A4\....@....o$.
    0010: 7A 87 42 5A z.BZ
    ]
    ]

    [2]: ObjectId: 2.5.29.15 Criticality=true
    KeyUsage [
    Key_CertSign
    Crl_Sign
    ]

    [3]: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
    [1.3.6.1.5.5.7.3.3]]

    [4]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:3
    ]

    ]
    Algorithm: [SHA1withRSA]
    Signature:
    0000: 52 74 AA 95 4B 22 8C C7 3D 96 A4 FE 5D FA 2F B5 Rt..K"..=...]./.
    0010: BC EB F0 0B E9 56 38 1D D1 6D 0D A1 BC 68 8B F0 .....V8..m...h..
    0020: C5 80 A5 24 34 FD F2 96 18 11 86 A1 36 F5 37 E7 ...$4.......6.7.
    0030: 54 40 D5 64 1F C3 5F 70 42 6B 2D 39 C7 9E 52 05 T@.d.._pBk-9..R.
    0040: CE E7 6A 72 D2 8D 72 3F 47 50 83 AB C7 8D 25 C9 ..jr..r?GP....%.
    0050: B0 E3 A7 53 16 95 A6 6A 53 EA 18 9D 8F 78 A9 77 ...S...jS....x.w
    0060: 77 1A F9 B4 97 47 59 88 27 28 B5 CA E1 2E D7 3E w....GY.'(.....>
    0070: 0E A2 0D B8 22 44 03 E3 D1 63 B0 41 3A A1 F5 A4 ...."D...c.A:...
    0080: 2D F7 76 1E 04 54 99 78 32 40 D7 2B 7C 4D BA A6 -.v..T.x2@.+.M..
    0090: 9C B0 79 6E 07 BE 8C EC EE D7 38 69 5B C1 0C 56 ..yn......8i[..V
    00A0: 68 9F FE EB D1 E1 C8 88 F9 F2 CD 7F BE 85 B4 44 h..............D
    00B0: 67 00 50 3E F4 26 03 64 EA 77 7D E8 5E 3E 1C 37 g.P>.&.d.w..^>.7
    00C0: 47 C8 D6 EA A4 F3 36 3C 97 C2 39 72 05 94 19 25 G.....6<..9r...%
    00D0: C3 D7 37 41 0F C1 1F 87 8A FD AA BE E9 B1 64 57 ..7A..........dW
    00E0: E4 DB 92 A1 CF E1 49 E8 3B 1F 91 13 5A C3 8F D9 ......I.;...Z...
    00F0: 25 58 49 80 47 0F C6 03 AE AC E3 BF B7 C0 AA 2A %XI.G..........*

    ]>
    <000000> [
    Version: V1
    Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
    Inc."
    , C=US
    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

    Key: com.sun.rsajca.JSA_RSAPublicKey@13b625b
    Validity: [From: Mon Jan 29 02:00:00 EET 1996,
    To: Thu Jan 08 01:59:59 EET 2004]
    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
    Inc.",
    C=US
    SerialNumber: [ e49efdf3 3ae80ecf a5113e19 a4240232]

    ]
    Algorithm: [MD2withRSA]
    Signature:
    0000: 61 70 EC 2F 3F 9E FD 2B E6 68 54 21 B0 67 79 08 ap./?..+.hT!.gy.
    0010: 0C 20 96 31 8A 0D 7A BE B6 26 DF 79 2C 22 69 49 . .1..z..&.y,"iI
    0020: 36 E3 97 77 62 61 A2 32 D7 7A 54 21 36 BA 02 C9 6..wba.2.zT!6...
    0030: 34 E7 25 DA 44 35 B0 D2 5C 80 5D B3 94 F8 F9 AC 4.%.D5..\.].....
    0040: EE A4 60 75 2A 1F 95 49 23 B1 4A 7C F4 B3 47 72 ..`u*..I#.J...Gr
    0050: 21 5B 7E 97 AB 54 AC 62 E7 5D EC AE 9B D2 C9 B2 ![...T.b.]......
    0060: 24 FB 82 AD E9 67 15 4B BA AA A6 F0 97 A0 F6 B0 $....g.K........
    0070: 97 57 00 C8 0C 3C 09 A0 82 04 BA 41 DA F7 99 A4 .W...<.....A....

    ]>
    <000000> [
    Version: V1
    Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
    Inc.", O
    =GTE Corporation, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@84aa02
    Validity: [From: Thu Aug 13 03:29:00 EEST 1998,
    To: Tue Aug 14 02:59:00 EEST 2018]
    Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
    Inc.", O=
    GTE Corporation, C=US
    SerialNumber: [ 01a5]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 6D EB 1B 09 E9 5E D9 51 DB 67 22 61 A4 2A 3C 48 m....^.Q.g"a.* 0010: 77 E3 A0 7C A6 DE 73 A2 14 03 85 3D FB AB 0E 30 w.....s....=...0
    0020: C5 83 16 33 81 13 08 9E 7B 34 4E DF 40 C8 74 D7 ...3.....4N.@.t.
    0030: B9 7D DC F4 76 55 7D 9B 63 54 18 E9 F0 EA F3 5C ....vU..cT.....\
    0040: B1 D9 8B 42 1E B9 C0 95 4E BA FA D5 E2 7C F5 68 ...B....N......h
    0050: 61 BF 8E EC 05 97 5F 5B B0 D7 A3 85 34 C4 24 A7 a....._[....4.$.
    0060: 0D 0F 95 93 EF CB 94 D8 9E 1F 9D 5C 85 6D C7 AA ...........\.m..
    0070: AE 4F 1F 22 B5 CD 95 AD BA A7 CC F9 AB 0B 7A 7F .O."..........z.

    ]>
    <000000> [
    Version: V3
    Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
    Premium
    CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    ST=Wes
    tern Cape, C=ZA
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@189acb5
    Validity: [From: Mon Jan 01 02:00:00 EET 1996,
    To: Fri Jan 01 01:59:59 EET 2021]
    Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
    Premium C
    A, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    ST=West
    ern Cape, C=ZA
    SerialNumber: [ 00]

    Certificate Extensions: 1
    [1]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 69 36 89 F7 34 2A 33 72 2F 6D 3B D4 22 B2 B8 6F i6..4*3r/m;."..o
    0010: 9A C5 36 66 0E 1B 3C A1 B1 75 5A E6 FD 35 D3 F8 ..6f..<..uZ..5..
    0020: A8 F2 07 6F 85 67 8E DE 2B B9 E2 17 B0 3A A0 F0 ...o.g..+....:..
    0030: 0E A2 00 9A DF F3 14 15 6E BB C8 85 5A 98 80 F9 ........n...Z...
    0040: FF BE 74 1D 3D F3 FE 30 25 D1 37 34 67 FA A5 71 ..t.=..0%.74g..q
    0050: 79 30 61 29 72 C0 E0 2C 4C FB 56 E4 3A A8 6F E5 y0a)r..,L.V.:.o.
    0060: 32 59 52 DB 75 28 50 59 0C F8 0B 19 E4 AC D9 AF 2YR.u(PY........
    0070: 96 8D 2F 50 DB 07 C3 EA 1F AB 33 E0 F5 2B 31 89 ../P......3..+1.

    ]>
    <000000> [
    Version: V3
    Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
    OU=Certifi
    cation Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
    Cape,
    C=ZA
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@19f90e3
    Validity: [From: Thu Aug 01 03:00:00 EEST 1996,
    To: Fri Jan 01 01:59:59 EET 2021]
    Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
    OU=Certific
    ation Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
    Cape, C
    =ZA
    SerialNumber: [ 01]

    Certificate Extensions: 1
    [1]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
    0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
    0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
    0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 .zu...NN.@...2t.
    0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
    0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
    0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
    0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG

    ]>
    <000000> [
    Version: V1
    Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
    Inc."
    , C=US
    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

    Key: com.sun.rsajca.JSA_RSAPublicKey@e13e7b
    Validity: [From: Mon Jan 29 02:00:00 EET 1996,
    To: Sat Jan 01 01:59:59 EET 2000]
    Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
    Inc.",
    C=US
    SerialNumber: [ 02a60000 01]

    ]
    Algorithm: [MD2withRSA]
    Signature:
    0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
    0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
    0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
    0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
    0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
    0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
    0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
    0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.

    ]>
    <000000> [
    Version: V3
    Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: com.sun.rsajca.JSA_RSAPublicKey@1cd2197
    Validity: [From: Fri May 12 21:46:00 EEST 2000,
    To: Tue May 13 02:59:00 EEST 2025]
    Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
    SerialNumber: [ 020000b9]

    Certificate Extensions: 3
    [1]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:
    0010: B5 04 4D F0 ..M.
    ]
    ]

    [2]: ObjectId: 2.5.29.15 Criticality=true
    KeyUsage [
    Key_CertSign
    Crl_Sign
    ]

    [3]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:3
    ]

    ]
    Algorithm: [SHA1withRSA]
    Signature:
    0000: 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 ..]..oQhB....O'%
    0010: 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 ....d.-.0......)
    0020: 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 ).y?v...#....X..
    0030: 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C ap..aj........0.
    0040: D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 ...%..@O....8.7.
    0050: 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 O..h1.L...t..u^.
    0060: 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE H..p..\..y......
    0070: 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A e.......R79...1z
    0080: 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D ...*.....E..<^..
    0090: 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 .........N..Km.p
    00A0: 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B mk.c.d..........
    00B0: B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E ..P.s.......2...
    00C0: 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 .......5...>0.z.
    00D0: 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D 3=.e.....b.GD,.]
    00E0: BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E ...2.G.8.....2j.
    00F0: B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 ..<.......$B.c9.

    ]>
    <000000> [
    Version: V1
    Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
    Inc."
    , C=US
    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

    Key: com.sun.rsajca.JSA_RSAPublicKey@5878d2
    Validity: [From: Mon Jan 29 02:00:00 EET 1996,
    To: Wed Jan 08 01:59:59 EET 2020]
    Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
    Inc.",
    C=US
    SerialNumber: [ 325033cf 50d156f3 5c81ad65 5c4fc825]

    ]
    Algorithm: [MD2withRSA]
    Signature:
    0000: 4B 44 66 60 68 64 E4 98 1B F3 B0 72 E6 95 89 7C KDf`hd.....r....
    0010: DD 7B B3 95 C0 1D 2E D8 D8 19 D0 2D 34 3D C6 50 ...........-4=.P
    0020: 9A 10 86 8C AA 3F 3B A8 04 FC 37 52 95 C3 D9 C9 .....?;...7R....
    0030: DB CD F2 86 06 C4 B1 1B F0 82 88 30 42 8E 17 50 ...........0B..P
    0040: 1C 64 7A B8 3E 99 49 74 97 FC AC 02 43 FB 96 0C .dz.>.It....C...
    0050: 56 04 25 0C 7C 7C 87 9D 24 A7 D8 F0 32 29 B5 A4 V.%.....$...2)..
    0060: DF 5D A2 4C C5 16 32 A8 42 F6 45 A6 B6 36 B9 E0 .].L..2.B.E..6..
    0070: BF 65 36 93 C2 D2 D7 6B DC DE 59 D6 A2 35 F8 45 .e6....k..Y..5.E

    ]>
    <000000> [
    Version: V1
    Subject: OU=Secure Server Certification Authority, O="RSA Data Security,
    Inc."
    , C=US
    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

    Key: com.sun.rsajca.JSA_RSAPublicKey@15b55bc
    Validity: [From: Wed Nov 09 02:00:00 EET 1994,
    To: Fri Jan 08 01:59:59 EET 2010]
    Issuer: OU=Secure Server Certification Authority, O="RSA Data Security,
    Inc.",
    C=US
    SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]

    ]
    Algorithm: [MD2withRSA]
    Signature:
    0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
    0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
    0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
    0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
    0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
    0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
    0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
    0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P

    ]>
    <000000> [
    Version: V3
    Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server
    CA,
    OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
    ST=West
    ern Cape, C=ZA
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@159d87f
    Validity: [From: Thu Aug 01 03:00:00 EEST 1996,
    To: Fri Jan 01 01:59:59 EET 2021]
    Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server
    CA, O
    U=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
    ST=Weste
    rn Cape, C=ZA
    SerialNumber: [ 01]

    Certificate Extensions: 1
    [1]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 26 48 2C 16 C2 58 FA E8 16 74 0C AA AA 5F 54 3F &H,..X...t..._T?
    0010: F2 D7 C9 78 60 5E 5E 6E 37 63 22 77 36 7E B2 17 ...x`^^n7c"w6...
    0020: C4 34 B9 F5 08 85 FC C9 01 38 FF 4D BE F2 16 42 .4.......8.M...B
    0030: 43 E7 BB 5A 46 FB C1 C6 11 1F F1 4A B0 28 46 C9 C..ZF......J.(F.
    0040: C3 C4 42 7D BC FA AB 59 6E D5 B7 51 88 11 E3 A4 ..B....Yn..Q....
    0050: 85 19 6B 82 4C A4 0C 12 AD E9 A4 AE 3F F1 C3 49 ..k.L.......?..I
    0060: 65 9A 8C C5 C8 3E 25 B7 94 99 BB 92 32 71 07 F0 e....>%.....2q..
    0070: 86 5E ED 50 27 A6 0D A6 23 F9 BB CB A6 07 14 42 .^.P'...#......B

    ]>
    <000000> [
    Version: V1
    Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@1949f78
    Validity: [From: Sat Feb 24 01:01:00 EET 1996,
    To: Fri Feb 24 01:59:00 EET 2006]
    Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
    SerialNumber: [ 01a3]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 12 B3 75 C6 5F 1D E1 61 55 80 00 D4 81 4B 7B 31 ..u._..aU....K.1
    0010: 0F 23 63 E7 3D F3 03 F9 F4 36 A8 BB D9 E3 A5 97 .#c.=....6......
    0020: 4D EA 2B 29 E0 D6 6A 73 81 E6 C0 89 A3 D3 F1 E0 M.+)..js........
    0030: A5 A5 22 37 9A 63 C2 48 20 B4 DB 72 E3 C8 F6 D9 .."7.c.H ..r....
    0040: 7C BE B1 AF 53 DA 14 B4 21 B8 D6 D5 96 E3 FE 4E ....S...!......N
    0050: 0C 59 62 B6 9A 4A F9 42 DD 8C 6F 81 A9 71 FF F4 .Yb..J.B..o..q..
    0060: 0A 72 6D 6D 44 0E 9D F3 74 74 A8 D5 34 49 E9 5E .rmmD...tt..4I.^
    0070: 9E E9 B4 7A E1 E5 5A 1F 84 30 9C D3 9F A5 25 D8 ...z..Z..0....%.

    ]>
    <000000> [
    Version: V3
    Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.",
    O=GTE
    Corporation, C=US
    Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

    Key: com.sun.rsajca.JSA_RSAPublicKey@196de29
    Validity: [From: Fri Aug 14 17:50:00 EEST 1998,
    To: Thu Aug 15 02:59:00 EEST 2013]
    Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.",
    O=GTE C
    orporation, C=US
    SerialNumber: [ 01b6]

    Certificate Extensions: 4
    [1]: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 76 0A 49 21 38 4C 9F DE F8 C4 49 C7 71 71 91 9D v.I!8L....I.qq..
    ]
    ]

    [2]: ObjectId: 2.5.29.32 Criticality=false
    CertificatePolicies [
    [CertificatePolicyId: [1.2.840.113763.1.2.1.3]
    [] ]
    ]

    [3]: ObjectId: 2.5.29.15 Criticality=true
    KeyUsage [
    Key_CertSign
    Crl_Sign
    ]

    [4]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:5
    ]

    ]
    Algorithm: [SHA1withRSA]
    Signature:
    0000: 41 3A D4 18 5B DA B8 DE 21 1C E1 8E 09 E5 F1 68 A:..[...!......h
    0010: 34 FF DE 96 F4 07 F5 A7 3C F3 AC 4A B1 9B FA 92 4.......<..J....
    0020: FA 9B ED E6 32 21 AA 4A 76 C5 DC 4F 38 E5 DF D5 ....2!.Jv..O8...
    0030: 86 E4 D5 C8 76 7D 98 D7 B1 CD 8F 4D B5 91 23 6C ....v......M..#l
    0040: 8B 8A EB EA 7C EF 14 94 C4 C6 F0 1F 4A 2D 32 71 ............J-2q
    0050: 63 2B 63 91 26 02 09 B6 80 1D ED E2 CC B8 7F DB c+c.&...........
    0060: 87 63 C8 E1 D0 6C 26 B1 35 1D 40 66 10 1B CD 95 .c...l&.5.@f....
    0070: 54 18 33 61 EC 13 4F DA 13 F7 99 AF 3E D0 CF 8E T.3a..O.....>...
    0080: A6 72 A2 B3 C3 05 9A C9 27 7D 92 CC 7E 52 8D B3 .r......'....R..
    0090: AB 70 6D 9E 89 9F 4D EB 1A 75 C2 98 AA D5 02 16 .pm...M..u......
    00A0: D7 0C 8A BF 25 E4 EB 2D BC 98 E9 58 38 19 7C B9 ....%..-...X8...
    00B0: 37 FE DB E2 99 08 73 06 C7 97 83 6A 7D 10 01 2F 7.....s....j.../
    00C0: 32 B9 17 05 4A 65 E6 2F CE BE 5E 53 A6 82 E9 9A 2...Je./..^S....
    00D0: 53 0A 84 74 2D 83 CA C8 94 16 76 5F 94 61 28 F0 S..t-.....v_.a(.
    00E0: 85 A7 39 BB D7 8B D9 A8 B2 13 1D 54 09 34 24 7D ..9........T.4$.
    00F0: 20 81 7D 66 7E A2 90 74 5C 10 C6 BD EC AB 1B C2 ..f...t\.......

    ]>
    <000000> [
    Version: V1
    Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
    Inc."
    , C=US
    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

    Key: com.sun.rsajca.JSA_RSAPublicKey@1d382ab
    Validity: [From: Mon Jan 29 02:00:00 EET 1996,
    To: Thu Jan 08 01:59:59 EET 2004]
    Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
    Inc.",
    C=US
    SerialNumber: [ ba5ac94c 053b92d6 a7b6df4e d053920d]

    ]
    Algorithm: [MD2withRSA]
    Signature:
    0000: B6 00 1F 93 57 A4 07 A7 40 CE 65 40 3F 55 5E ED ....W...@.e@?U^.
    0010: EF FA 54 49 A5 30 D6 21 7C 61 87 EE 83 93 0B BF ..TI.0.!.a......
    0020: B4 33 F2 98 AC 9F 06 BF 4E A8 CE 14 81 4C CB 04 .3......N....L..
    0030: 4E 58 C3 CF 5F EE 7C D7 9A 6F CB 41 8A B7 7F 81 NX.._....o.A....
    0040: B8 FF 84 61 C6 27 43 65 1D 0C EC B1 00 0A DD 1B ...a.'Ce........
    0050: A4 BB C7 78 20 28 B2 A2 DD 36 95 2E E1 54 4F BF ...x (...6...TO.
    0060: 60 B9 77 68 11 99 23 E8 EA 52 E8 AA 00 4E 67 4E `.wh..#..R...NgN
    0070: BB 90 B5 45 9B 46 EB 8E 16 EF C4 33 5B 33 3D D5 ...E.F.....3[3=.

    ]>
    <000000> appli
    ed>
    <000000> SSLSocket>

    <000000>
    ext(ctx): 26426059>
    <000000> Mux
    ing>
    <000000>
    text(is): 16322634>
    <000000>
    <000000>
    lse>
    <000000> false>

    <000000>
    lse>
    <000000> <15167987
    readRecord()>
    <000000> <15167987 received
    HANDSHA
    KE>
    <000000> ServerH
    ello>
    <000000>
    lse>
    <000000> false>

    <000000>
    lse>
    <000000> <15167987
    readRecord()>
    <000000> <15167987 received
    HANDSHA
    KE>
    <000000> Certifi
    cate>
    <000000> valid
    ation checks: localhost>
    <000000> valid
    ateErr = 20>
    <000000> < cert[0] = [
    [
    Version: V3
    Subject: EMAILADDRESS=support@bea.com, CN=weblogic.bea.com, O=BEA
    WebLogic, L=
    San Francisco, ST=California, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@b2e752
    Validity: [From: Fri Nov 01 22:02:23 EET 2002,
    To: Sun Oct 15 23:02:23 EEST 2006]
    Issuer: EMAILADDRESS=support@bea.com, CN=Demo Certificate Authority
    Constraint
    s, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
    SerialNumber: [ 21]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 5E D1 96 8E 01 C8 14 B0 62 16 93 2A 47 38 CF D8 ^.......b..*G8..
    0010: 71 EF 75 BC 27 DF 33 0B F8 D5 07 09 36 8D 45 DF q.u.'.3.....6.E.
    0020: 2F 27 2C F7 68 9C 8F 2B 10 13 16 07 65 3F 1F 45 /',.h..+....e?.E
    0030: 56 9F 62 D8 28 44 E9 86 25 19 8D 0D CB 36 C3 8B V.b.(D..%....6..

    ]>
    <000000> 20>
    <000000> inco
    mplete>
    <000000> untr
    usted>
    <000000> returns
    : 20>
    <000000> CERT
    _CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
    <000000> com.certicom.t
    ls.record.alert.Alert@170ec24 Severity: 2 Type: 42
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    at com.certicom.tls.record.alert.Alert.(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.hand
    le(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    sage(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    sages(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    at
    com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknow
    n Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Un
    known Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
    at java.io.BufferedOutputStream.flush(Unknown Source)
    at java.io.DataOutputStream.flush(Unknown Source)
    at
    weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConn ection.java:275)
    at
    weblogic.rjvm.t3.T3SJVMConnection.createConnection (T3SJVMConnection.j
    ava:83)
    at weblogic.rjvm.Protocol.createConnection(Protocol.j ava:231)
    at
    weblogic.rjvm.ConnectionManager.findOrCreateConnec tion(ConnectionMana
    ger.java:1272)
    at
    weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:418)

    at
    weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:300)

    at
    weblogic.rjvm.RJVMManager.findOrCreateRemoteIntern al(RJVMManager.java
    :234)
    at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager .java:191)
    at
    weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer( RJVMFinder.java:203
    )
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:169)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    tialContextFactoryDelegate.java:323)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    tialContextFactoryDelegate.java:221)
    at
    weblogic.jndi.WLInitialContextFactory.getInitialCo ntext(WLInitialCont
    extFactory.java:149)
    at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.(Unknown Source)

    >

    <000000> 0 le
    ngth = 2>
    <000000>
    <000000> handshak
    e, stack trace follows
    javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or
    unusea
    ble certificate was received.
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.f ireException(Unknow
    n Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.f ireAlertSent(Unknow
    n Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.hand
    le(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    sage(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    sages(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    at
    com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknow
    n Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Un
    known Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
    at java.io.BufferedOutputStream.flush(Unknown Source)
    at java.io.DataOutputStream.flush(Unknown Source)
    at
    weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConn ection.java:275)
    at
    weblogic.rjvm.t3.T3SJVMConnection.createConnection (T3SJVMConnection.j
    ava:83)
    at weblogic.rjvm.Protocol.createConnection(Protocol.j ava:231)
    at
    weblogic.rjvm.ConnectionManager.findOrCreateConnec tion(ConnectionMana
    ger.java:1272)
    at
    weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:418)

    at
    weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:300)

    at
    weblogic.rjvm.RJVMManager.findOrCreateRemoteIntern al(RJVMManager.java
    :234)
    at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager .java:191)
    at
    weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer( RJVMFinder.java:203
    )
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:169)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    tialContextFactoryDelegate.java:323)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    tialContextFactoryDelegate.java:221)
    at
    weblogic.jndi.WLInitialContextFactory.getInitialCo ntext(WLInitialCont
    extFactory.java:149)
    at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.(Unknown Source)

    >

    <000000> com.certicom.t
    ls.record.alert.Alert@15b4ad2 Severity: 2 Type: 40
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    at com.certicom.tls.record.alert.Alert.(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    sage(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    sages(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    at
    com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknow
    n Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Un
    known Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
    at java.io.BufferedOutputStream.flush(Unknown Source)
    at java.io.DataOutputStream.flush(Unknown Source)
    at
    weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConn ection.java:275)
    at
    weblogic.rjvm.t3.T3SJVMConnection.createConnection (T3SJVMConnection.j
    ava:83)
    at weblogic.rjvm.Protocol.createConnection(Protocol.j ava:231)
    at
    weblogic.rjvm.ConnectionManager.findOrCreateConnec tion(ConnectionMana
    ger.java:1272)
    at
    weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:418)

    at
    weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:300)

    at
    weblogic.rjvm.RJVMManager.findOrCreateRemoteIntern al(RJVMManager.java
    :234)
    at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager .java:191)
    at
    weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer( RJVMFinder.java:203
    )
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:169)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    tialContextFactoryDelegate.java:323)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    tialContextFactoryDelegate.java:221)
    at
    weblogic.jndi.WLInitialContextFactory.getInitialCo ntext(WLInitialCont
    extFactory.java:149)
    at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.(Unknown Source)
    >

    javax.naming.CommunicationException. Root exception is
    java.net.ConnectExceptio
    n: t3s://localhost:7002: Destination unreachable; nested exception is:
    java.io.IOException: Write Channel Closed, possible SSL handshaking
    or t
    rust failure; No available router to destination
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:180)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    tialContextFactoryDelegate.java:323)
    at
    weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    tialContextFactoryDelegate.java:221)
    at
    weblogic.jndi.WLInitialContextFactory.getInitialCo ntext(WLInitialCont
    extFactory.java:149)
    at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.(Unknown Source)



    "Pavel" wrote in message
    news:400ff941$1@newsgroups.bea.com...
    >
    > Actually the log looks like it did came from the server, and it indicates

    that
    > the client did not trust the server's identity certificate. Make sure you

    are
    > using the demo certificate, and try setting both ssl debug flags on the

    client:
    >
    > -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    >
    > The client debug output should list its trusted certificates, and give

    more info
    > about why the server certificate was rejected.



  8. Re: t3s not working on a java app client (long debug listing included)


    The log shows that the server identity certificate was issued by the Demo Certificate
    Authority, but the client's trust does not include this CA. Looks like the trusted
    CAs came from the JDK cacerts keystore. Use command line property to specify weblogic's
    cacerts keystore on the client:

    -Dweblogic.security.SSL.trustedCAKeyStore=

    Pavel.


    "Jukka" wrote:
    >Hi!
    >
    >Ok, I checked that I am using the demo certificate (Server Certificate
    >File
    >Name: democert.pem) and turned the debug flags on. Log in the end of
    >this
    >message (sorry about the huge size). I noticed two "key phrases":
    >
    >"Certificate chain is incomplete"
    >
    >and
    >
    >"A corrupt or unuseable certificate was received."
    >
    >Can you make something out of it?
    >
    >Thank you for your help.
    >
    >Regards,
    >
    >Jukka
    >
    >
    > <000000> >for
    >algori
    >thm ECDSA, class java.security.Signature>
    > <000000> >algorithm
    > SHA1withDSA, class java.security.Signature using provider SUN version
    >1.2>
    > <000000> >algorithm
    > MD5withRSA, class java.security.Signature using provider SunRsaSign
    >version
    >1.0
    >>

    > <000000> >algorithm
    > SHA1withRSA, class java.security.Signature using provider SunRsaSign
    >version 1.
    >0>
    > <000000> >algorithm
    > MD2withRSA, class java.security.Signature using provider SunRsaSign
    >version
    >1.0
    >>

    > <000000> >algorithm
    > SHA, class java.security.MessageDigest using provider SUN version 1.2>
    > <000000> >algorithm
    > MD5, class java.security.MessageDigest using provider SUN version 1.2>
    > <000000> >for
    >algori
    >thm NullMac, class javax.crypto.Mac>
    > <000000> >for
    >algori
    >thm HmacSHA1, class javax.crypto.Mac>
    > <000000> >for
    >algori
    >thm HmacMD5, class javax.crypto.Mac>
    > <000000> >for
    >algori
    >thm DES/CBC/NoPadding, class javax.crypto.Cipher>
    > <000000> >for
    >algori
    >thm DESede/CBC/NoPadding, class javax.crypto.Cipher>
    > <000000> >for
    >algori
    >thm DESede/ECB/NoPadding, class javax.crypto.Cipher>
    > <000000> >for
    >algori
    >thm RC4, class javax.crypto.Cipher>
    > <000000> >for
    >algori
    >thm RSA/ECB/PKCS1Padding, class javax.crypto.Cipher>
    > <000000> >for
    >algori
    >thm RSA/ECB/NoPadding, class javax.crypto.Cipher>
    > <000000> >for
    >algori
    >thm Anonymous, class javax.crypto.KeyAgreement>
    > <000000> >for
    >algori
    >thm ECDH, class javax.crypto.KeyAgreement>
    > <000000> >for
    >algori
    >thm DiffieHellman, class javax.crypto.KeyAgreement>
    > <000000> >for
    >algori
    >thm RSA, class javax.crypto.KeyAgreement>
    > <000000> < provider[0]
    >- SUN>
    > <000000> < SUN
    >(DSA
    >key/pa
    >rameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509
    >certifi
    >cates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP,
    >Collect
    >ion CertStores)>
    > <000000> < provider[1]
    >-
    >SunRsaSi
    >gn>
    > <000000> < SUN's
    >provider
    >for RSA signatures>
    > <000000> >java.security.Sig
    >nature | USEHARDWIRED>
    > <000000> >java.security.Messa
    >geDigest | USEJCE | SUN version 1.2>
    > <000000> >javax.crypto.Cipher
    > | USEHARDWIRED>
    > <000000> >java.securit
    >y.Signature | USEJCE | SunRsaSign version 1.0>
    > <000000> >javax.crypto.KeyAgr
    >eement | USEHARDWIRED>
    > <000000> >|
    >javax
    >.crypto.Cipher | USEHARDWIRED>
    > <000000> >| ja
    >vax.crypto.Cipher | USEHARDWIRED>
    > <000000> >|
    >javax.cry
    >pto.KeyAgreement | USEHARDWIRED>
    > <000000> >java.securi
    >ty.Signature | USEJCE | SunRsaSign version 1.0>
    > <000000> >| ja
    >vax.crypto.Cipher | USEHARDWIRED>
    > <000000> >|
    >javax
    >.crypto.Cipher | USEHARDWIRED>
    > <000000> >java.securi
    >ty.Signature | USEJCE | SUN version 1.2>
    > <000000> >javax.crypto.Ma
    >c | USEHARDWIRED>
    > <000000> >java.security.Messa
    >geDigest | USEJCE | SUN version 1.2>
    > <000000> >javax.crypto.M
    >ac | USEHARDWIRED>
    > <000000> >java.securit
    >y.Signature | USEJCE | SunRsaSign version 1.0>
    > <000000> >| ja
    >vax.crypto.Cipher | USEHARDWIRED>
    > <000000> >javax.crypto.
    >KeyAgreement | USEHARDWIRED>
    > <000000> >javax.crypto.Ma
    >c | USEHARDWIRED>
    > <000000> >javax.crypto.KeyAg
    >reement | USEHARDWIRED>
    > <000000> >SSL
    >= f
    >alse>
    > <000000> >for
    >some SS
    >L = false>
    > <000000> >for RSA
    >is
    >USEHARDWIRED>
    > <000000>
    > <000000> >=
    >false>
    > <000000> >found>
    >
    > <000000> >Certicom S
    >SL license found>
    > <000000> >is
    >expor
    >t limited>
    >
    >*************************************************
    >Note: I haven't configured the following line, it's like that in default
    >*************************************************
    >
    > <000000> >C:\XXXXXX\XXXXXX\XXXX\security\cacerts>
    > <000000> >[
    > Version: V3
    > Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
    >Freemai
    >l CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape
    >Town,
    >ST=W
    >estern Cape, C=ZA
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@3c37f4
    > Validity: [From: Mon Jan 01 02:00:00 EET 1996,
    > To: Fri Jan 01 01:59:59 EET 2021]
    > Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
    >Freemail
    > CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape
    >Town,
    >ST=We
    >stern Cape, C=ZA
    > SerialNumber: [ 00]
    >
    >Certificate Extensions: 1
    >[1]: ObjectId: 2.5.29.19 Criticality=true
    >BasicConstraints:[
    >CA:true
    >PathLen:2147483647
    >]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: C7 EC 92 7E 4E F8 F5 96 A5 67 62 2A A4 F0 4D 11 ....N....gb*..M.
    >0010: 60 D0 6F 8D 60 58 61 AC 26 BB 52 35 5C 08 CF 30 `.o.`Xa.&.R5\..0
    >0020: FB A8 4A 96 8A 1F 62 42 23 8C 17 0F F4 BA 64 9C ..J...bB#.....d.
    >0030: 17 AC 47 29 DF 9D 98 5E D2 6C 60 71 5C A2 AC DC ..G)...^.l`q\...
    >0040: 79 E3 E7 6E 00 47 1F B5 0D 28 E8 02 9D E4 9A FD y..n.G...(......
    >0050: 13 F4 A6 D9 7C B1 F8 DC 5F 23 26 09 91 80 73 D0 ........_#&...s.
    >0060: 14 1B DE 43 A9 83 25 F2 E6 9C 2F 15 CA FE A6 AB ...C..%.../.....
    >0070: 8A 07 75 8B 0C DD 51 84 6B E4 F8 D1 CE 77 A2 81 ..u...Q.k....w..
    >
    >]>
    > <000000> >[
    > Version: V3
    > Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
    >Basic
    >CA,
    >OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    >ST=Western
    > Cape, C=ZA
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@1f7896f
    > Validity: [From: Mon Jan 01 02:00:00 EET 1996,
    > To: Fri Jan 01 01:59:59 EET 2021]
    > Issuer: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
    >Basic
    >CA, O
    >U=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    >ST=Western
    >Cape, C=ZA
    > SerialNumber: [ 00]
    >
    >Certificate Extensions: 1
    >[1]: ObjectId: 2.5.29.19 Criticality=true
    >BasicConstraints:[
    >CA:true
    >PathLen:2147483647
    >]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: 2D E2 99 6B B0 3D 7A 89 D7 59 A2 94 01 1F 2B DD -..k.=z..Y....+.
    >0010: 12 4B 53 C2 AD 7F AA A7 00 5C 91 40 57 25 4A 38 .KS......\.@W%J8
    >0020: AA 84 70 B9 D9 80 0F A5 7B 5C FB 73 C6 BD D7 8A ..p......\.s....
    >0030: 61 5C 03 E3 2D 27 A8 17 E0 84 85 42 DC 5E 9B C6 a\..-'.....B.^..
    >0040: B7 B2 6D BB 74 AF E4 3F CB A7 B7 B0 E0 5D BE 78 ..m.t..?.....].x
    >0050: 83 25 94 D2 DB 81 0F 79 07 6D 4F F4 39 15 5A 52 .%.....y.mO.9.ZR
    >0060: 01 7B DE 32 D6 4D 38 F6 12 5C 06 50 DF 05 5B BD ...2.M8..\.P..[.
    >0070: 14 4B A1 DF 29 BA 3B 41 8D F7 63 56 A1 DF 22 B1 .K..).;A..cV..".
    >
    >]>
    > <000000> >[
    > Version: V3
    > Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
    >O=Baltimore
    >, C=IE
    > Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@9ab0
    > Validity: [From: Wed May 17 17:01:00 EEST 2000,
    > To: Sun May 18 02:59:00 EEST 2025]
    > Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
    >O=Baltimore,
    > C=IE
    > SerialNumber: [ 020000bf]
    >
    >Certificate Extensions: 4
    >[1]: ObjectId: 2.5.29.14 Criticality=false
    >SubjectKeyIdentifier [
    >KeyIdentifier [
    >0000: C8 41 34 5C 15 15 04 E5 40 F2 D1 AB 9A 6F 24 92 .A4\....@....o$.
    >0010: 7A 87 42 5A z.BZ
    >]
    >]
    >
    >[2]: ObjectId: 2.5.29.15 Criticality=true
    >KeyUsage [
    > Key_CertSign
    > Crl_Sign
    >]
    >
    >[3]: ObjectId: 2.5.29.37 Criticality=false
    >ExtendedKeyUsages [
    >[1.3.6.1.5.5.7.3.3]]
    >
    >[4]: ObjectId: 2.5.29.19 Criticality=true
    >BasicConstraints:[
    >CA:true
    >PathLen:3
    >]
    >
    >]
    > Algorithm: [SHA1withRSA]
    > Signature:
    >0000: 52 74 AA 95 4B 22 8C C7 3D 96 A4 FE 5D FA 2F B5 Rt..K"..=...]./.
    >0010: BC EB F0 0B E9 56 38 1D D1 6D 0D A1 BC 68 8B F0 .....V8..m...h..
    >0020: C5 80 A5 24 34 FD F2 96 18 11 86 A1 36 F5 37 E7 ...$4.......6.7.
    >0030: 54 40 D5 64 1F C3 5F 70 42 6B 2D 39 C7 9E 52 05 T@.d.._pBk-9..R.
    >0040: CE E7 6A 72 D2 8D 72 3F 47 50 83 AB C7 8D 25 C9 ..jr..r?GP....%.
    >0050: B0 E3 A7 53 16 95 A6 6A 53 EA 18 9D 8F 78 A9 77 ...S...jS....x.w
    >0060: 77 1A F9 B4 97 47 59 88 27 28 B5 CA E1 2E D7 3E w....GY.'(.....>
    >0070: 0E A2 0D B8 22 44 03 E3 D1 63 B0 41 3A A1 F5 A4 ...."D...c.A:...
    >0080: 2D F7 76 1E 04 54 99 78 32 40 D7 2B 7C 4D BA A6 -.v..T.x2@.+.M..
    >0090: 9C B0 79 6E 07 BE 8C EC EE D7 38 69 5B C1 0C 56 ..yn......8i[..V
    >00A0: 68 9F FE EB D1 E1 C8 88 F9 F2 CD 7F BE 85 B4 44 h..............D
    >00B0: 67 00 50 3E F4 26 03 64 EA 77 7D E8 5E 3E 1C 37 g.P>.&.d.w..^>.7
    >00C0: 47 C8 D6 EA A4 F3 36 3C 97 C2 39 72 05 94 19 25 G.....6<..9r...%
    >00D0: C3 D7 37 41 0F C1 1F 87 8A FD AA BE E9 B1 64 57 ..7A..........dW
    >00E0: E4 DB 92 A1 CF E1 49 E8 3B 1F 91 13 5A C3 8F D9 ......I.;...Z...
    >00F0: 25 58 49 80 47 0F C6 03 AE AC E3 BF B7 C0 AA 2A %XI.G..........*
    >
    >]>
    > <000000> >[
    > Version: V1
    > Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
    >Inc."
    >, C=US
    > Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@13b625b
    > Validity: [From: Mon Jan 29 02:00:00 EET 1996,
    > To: Thu Jan 08 01:59:59 EET 2004]
    > Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
    >Inc.",
    > C=US
    > SerialNumber: [ e49efdf3 3ae80ecf a5113e19 a4240232]
    >
    >]
    > Algorithm: [MD2withRSA]
    > Signature:
    >0000: 61 70 EC 2F 3F 9E FD 2B E6 68 54 21 B0 67 79 08 ap./?..+.hT!.gy.
    >0010: 0C 20 96 31 8A 0D 7A BE B6 26 DF 79 2C 22 69 49 . .1..z..&.y,"iI
    >0020: 36 E3 97 77 62 61 A2 32 D7 7A 54 21 36 BA 02 C9 6..wba.2.zT!6...
    >0030: 34 E7 25 DA 44 35 B0 D2 5C 80 5D B3 94 F8 F9 AC 4.%.D5..\.].....
    >0040: EE A4 60 75 2A 1F 95 49 23 B1 4A 7C F4 B3 47 72 ..`u*..I#.J...Gr
    >0050: 21 5B 7E 97 AB 54 AC 62 E7 5D EC AE 9B D2 C9 B2 ![...T.b.]......
    >0060: 24 FB 82 AD E9 67 15 4B BA AA A6 F0 97 A0 F6 B0 $....g.K........
    >0070: 97 57 00 C8 0C 3C 09 A0 82 04 BA 41 DA F7 99 A4 .W...<.....A....
    >
    >]>
    > <000000> >[
    > Version: V1
    > Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
    >Inc.", O
    >=GTE Corporation, C=US
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@84aa02
    > Validity: [From: Thu Aug 13 03:29:00 EEST 1998,
    > To: Tue Aug 14 02:59:00 EEST 2018]
    > Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
    >Inc.", O=
    >GTE Corporation, C=US
    > SerialNumber: [ 01a5]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: 6D EB 1B 09 E9 5E D9 51 DB 67 22 61 A4 2A 3C 48 m....^.Q.g"a.* >0010: 77 E3 A0 7C A6 DE 73 A2 14 03 85 3D FB AB 0E 30 w.....s....=...0
    >0020: C5 83 16 33 81 13 08 9E 7B 34 4E DF 40 C8 74 D7 ...3.....4N.@.t.
    >0030: B9 7D DC F4 76 55 7D 9B 63 54 18 E9 F0 EA F3 5C ....vU..cT.....\
    >0040: B1 D9 8B 42 1E B9 C0 95 4E BA FA D5 E2 7C F5 68 ...B....N......h
    >0050: 61 BF 8E EC 05 97 5F 5B B0 D7 A3 85 34 C4 24 A7 a....._[....4.$.
    >0060: 0D 0F 95 93 EF CB 94 D8 9E 1F 9D 5C 85 6D C7 AA ...........\.m..
    >0070: AE 4F 1F 22 B5 CD 95 AD BA A7 CC F9 AB 0B 7A 7F .O."..........z.
    >
    >]>
    > <000000> >[
    > Version: V3
    > Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
    >Premium
    >CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    >ST=Wes
    >tern Cape, C=ZA
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@189acb5
    > Validity: [From: Mon Jan 01 02:00:00 EET 1996,
    > To: Fri Jan 01 01:59:59 EET 2021]
    > Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
    >Premium C
    >A, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
    >ST=West
    >ern Cape, C=ZA
    > SerialNumber: [ 00]
    >
    >Certificate Extensions: 1
    >[1]: ObjectId: 2.5.29.19 Criticality=true
    >BasicConstraints:[
    >CA:true
    >PathLen:2147483647
    >]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: 69 36 89 F7 34 2A 33 72 2F 6D 3B D4 22 B2 B8 6F i6..4*3r/m;."..o
    >0010: 9A C5 36 66 0E 1B 3C A1 B1 75 5A E6 FD 35 D3 F8 ..6f..<..uZ..5..
    >0020: A8 F2 07 6F 85 67 8E DE 2B B9 E2 17 B0 3A A0 F0 ...o.g..+....:..
    >0030: 0E A2 00 9A DF F3 14 15 6E BB C8 85 5A 98 80 F9 ........n...Z...
    >0040: FF BE 74 1D 3D F3 FE 30 25 D1 37 34 67 FA A5 71 ..t.=..0%.74g..q
    >0050: 79 30 61 29 72 C0 E0 2C 4C FB 56 E4 3A A8 6F E5 y0a)r..,L.V.:.o.
    >0060: 32 59 52 DB 75 28 50 59 0C F8 0B 19 E4 AC D9 AF 2YR.u(PY........
    >0070: 96 8D 2F 50 DB 07 C3 EA 1F AB 33 E0 F5 2B 31 89 ../P......3..+1.
    >
    >]>
    > <000000> >[
    > Version: V3
    > Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
    >OU=Certifi
    >cation Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
    >Cape,
    >C=ZA
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@19f90e3
    > Validity: [From: Thu Aug 01 03:00:00 EEST 1996,
    > To: Fri Jan 01 01:59:59 EET 2021]
    > Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
    >OU=Certific
    >ation Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
    >Cape, C
    >=ZA
    > SerialNumber: [ 01]
    >
    >Certificate Extensions: 1
    >[1]: ObjectId: 2.5.29.19 Criticality=true
    >BasicConstraints:[
    >CA:true
    >PathLen:2147483647
    >]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
    >0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
    >0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
    >0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 .zu...NN.@...2t.
    >0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
    >0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<...
    >....
    >0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
    >0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
    >
    >]>
    > <000000> >[
    > Version: V1
    > Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
    >Inc."
    >, C=US
    > Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@e13e7b
    > Validity: [From: Mon Jan 29 02:00:00 EET 1996,
    > To: Sat Jan 01 01:59:59 EET 2000]
    > Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
    >Inc.",
    > C=US
    > SerialNumber: [ 02a60000 01]
    >
    >]
    > Algorithm: [MD2withRSA]
    > Signature:
    >0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
    >0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
    >0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
    >0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
    >0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
    >0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
    >0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
    >0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.
    >
    >]>
    > <000000> >[
    > Version: V3
    > Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
    >C=IE
    > Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@1cd2197
    > Validity: [From: Fri May 12 21:46:00 EEST 2000,
    > To: Tue May 13 02:59:00 EEST 2025]
    > Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
    > SerialNumber: [ 020000b9]
    >
    >Certificate Extensions: 3
    >[1]: ObjectId: 2.5.29.14 Criticality=false
    >SubjectKeyIdentifier [
    >KeyIdentifier [
    >0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:
    >0010: B5 04 4D F0 ..M.
    >]
    >]
    >
    >[2]: ObjectId: 2.5.29.15 Criticality=true
    >KeyUsage [
    > Key_CertSign
    > Crl_Sign
    >]
    >
    >[3]: ObjectId: 2.5.29.19 Criticality=true
    >BasicConstraints:[
    >CA:true
    >PathLen:3
    >]
    >
    >]
    > Algorithm: [SHA1withRSA]
    > Signature:
    >0000: 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 ..]..oQhB....O'%
    >0010: 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 ....d.-.0......)
    >0020: 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 ).y?v...#....X..
    >0030: 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C ap..aj........0.
    >0040: D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 ...%..@O....8.7.
    >0050: 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 O..h1.L...t..u^.
    >0060: 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE H..p..\..y......
    >0070: 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A e.......R79...1z
    >0080: 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D ...*.....E..<^..
    >0090: 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 .........N..Km.p
    >00A0: 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B mk.c.d..........
    >00B0: B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E ..P.s.......2...
    >00C0: 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 .......5...>0.z.
    >00D0: 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D 3=.e.....b.GD,.]
    >00E0: BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E ...2.G.8.....2j.
    >00F0: B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 ..<.......$B.c9.
    >
    >]>
    > <000000> >[
    > Version: V1
    > Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
    >Inc."
    >, C=US
    > Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@5878d2
    > Validity: [From: Mon Jan 29 02:00:00 EET 1996,
    > To: Wed Jan 08 01:59:59 EET 2020]
    > Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
    >Inc.",
    > C=US
    > SerialNumber: [ 325033cf 50d156f3 5c81ad65 5c4fc825]
    >
    >]
    > Algorithm: [MD2withRSA]
    > Signature:
    >0000: 4B 44 66 60 68 64 E4 98 1B F3 B0 72 E6 95 89 7C KDf`hd.....r....
    >0010: DD 7B B3 95 C0 1D 2E D8 D8 19 D0 2D 34 3D C6 50 ...........-4=.P
    >0020: 9A 10 86 8C AA 3F 3B A8 04 FC 37 52 95 C3 D9 C9 .....?;...7R....
    >0030: DB CD F2 86 06 C4 B1 1B F0 82 88 30 42 8E 17 50 ...........0B..P
    >0040: 1C 64 7A B8 3E 99 49 74 97 FC AC 02 43 FB 96 0C .dz.>.It....C...
    >0050: 56 04 25 0C 7C 7C 87 9D 24 A7 D8 F0 32 29 B5 A4 V.%.....$...2)..
    >0060: DF 5D A2 4C C5 16 32 A8 42 F6 45 A6 B6 36 B9 E0 .].L..2.B.E..6..
    >0070: BF 65 36 93 C2 D2 D7 6B DC DE 59 D6 A2 35 F8 45 .e6....k..Y..5.E
    >
    >]>
    > <000000> >[
    > Version: V1
    > Subject: OU=Secure Server Certification Authority, O="RSA Data Security,
    >Inc."
    >, C=US
    > Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@15b55bc
    > Validity: [From: Wed Nov 09 02:00:00 EET 1994,
    > To: Fri Jan 08 01:59:59 EET 2010]
    > Issuer: OU=Secure Server Certification Authority, O="RSA Data Security,
    >Inc.",
    > C=US
    > SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]
    >
    >]
    > Algorithm: [MD2withRSA]
    > Signature:
    >0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
    >0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
    >0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
    >0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
    >0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
    >0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
    >0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
    >0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P
    >
    >]>
    > <000000> >[
    > Version: V3
    > Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium
    >Server
    >CA,
    >OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
    >ST=West
    >ern Cape, C=ZA
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@159d87f
    > Validity: [From: Thu Aug 01 03:00:00 EEST 1996,
    > To: Fri Jan 01 01:59:59 EET 2021]
    > Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server
    >CA, O
    >U=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
    >ST=Weste
    >rn Cape, C=ZA
    > SerialNumber: [ 01]
    >
    >Certificate Extensions: 1
    >[1]: ObjectId: 2.5.29.19 Criticality=true
    >BasicConstraints:[
    >CA:true
    >PathLen:2147483647
    >]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: 26 48 2C 16 C2 58 FA E8 16 74 0C AA AA 5F 54 3F &H,..X...t..._T?
    >0010: F2 D7 C9 78 60 5E 5E 6E 37 63 22 77 36 7E B2 17 ...x`^^n7c"w6...
    >0020: C4 34 B9 F5 08 85 FC C9 01 38 FF 4D BE F2 16 42 .4.......8.M...B
    >0030: 43 E7 BB 5A 46 FB C1 C6 11 1F F1 4A B0 28 46 C9 C..ZF......J.(F.
    >0040: C3 C4 42 7D BC FA AB 59 6E D5 B7 51 88 11 E3 A4 ..B....Yn..Q....
    >0050: 85 19 6B 82 4C A4 0C 12 AD E9 A4 AE 3F F1 C3 49 ..k.L.......?..I
    >0060: 65 9A 8C C5 C8 3E 25 B7 94 99 BB 92 32 71 07 F0 e....>%.....2q..
    >0070: 86 5E ED 50 27 A6 0D A6 23 F9 BB CB A6 07 14 42 .^.P'...#......B
    >
    >]>
    > <000000> >[
    > Version: V1
    > Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@1949f78
    > Validity: [From: Sat Feb 24 01:01:00 EET 1996,
    > To: Fri Feb 24 01:59:00 EET 2006]
    > Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
    > SerialNumber: [ 01a3]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: 12 B3 75 C6 5F 1D E1 61 55 80 00 D4 81 4B 7B 31 ..u._..aU....K.1
    >0010: 0F 23 63 E7 3D F3 03 F9 F4 36 A8 BB D9 E3 A5 97 .#c.=....6......
    >0020: 4D EA 2B 29 E0 D6 6A 73 81 E6 C0 89 A3 D3 F1 E0 M.+)..js........
    >0030: A5 A5 22 37 9A 63 C2 48 20 B4 DB 72 E3 C8 F6 D9 .."7.c.H ..r....
    >0040: 7C BE B1 AF 53 DA 14 B4 21 B8 D6 D5 96 E3 FE 4E ....S...!......N
    >0050: 0C 59 62 B6 9A 4A F9 42 DD 8C 6F 81 A9 71 FF F4 .Yb..J.B..o..q..
    >0060: 0A 72 6D 6D 44 0E 9D F3 74 74 A8 D5 34 49 E9 5E .rmmD...tt..4I.^
    >0070: 9E E9 B4 7A E1 E5 5A 1F 84 30 9C D3 9F A5 25 D8 ...z..Z..0....%.
    >
    >]>
    > <000000> >[
    > Version: V3
    > Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.",
    >O=GTE
    >Corporation, C=US
    > Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@196de29
    > Validity: [From: Fri Aug 14 17:50:00 EEST 1998,
    > To: Thu Aug 15 02:59:00 EEST 2013]
    > Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.",
    >O=GTE C
    >orporation, C=US
    > SerialNumber: [ 01b6]
    >
    >Certificate Extensions: 4
    >[1]: ObjectId: 2.5.29.14 Criticality=false
    >SubjectKeyIdentifier [
    >KeyIdentifier [
    >0000: 76 0A 49 21 38 4C 9F DE F8 C4 49 C7 71 71 91 9D v.I!8L....I.qq..
    >]
    >]
    >
    >[2]: ObjectId: 2.5.29.32 Criticality=false
    >CertificatePolicies [
    > [CertificatePolicyId: [1.2.840.113763.1.2.1.3]
    >[] ]
    >]
    >
    >[3]: ObjectId: 2.5.29.15 Criticality=true
    >KeyUsage [
    > Key_CertSign
    > Crl_Sign
    >]
    >
    >[4]: ObjectId: 2.5.29.19 Criticality=true
    >BasicConstraints:[
    >CA:true
    >PathLen:5
    >]
    >
    >]
    > Algorithm: [SHA1withRSA]
    > Signature:
    >0000: 41 3A D4 18 5B DA B8 DE 21 1C E1 8E 09 E5 F1 68 A:..[...!......h
    >0010: 34 FF DE 96 F4 07 F5 A7 3C F3 AC 4A B1 9B FA 92 4.......<..J....
    >0020: FA 9B ED E6 32 21 AA 4A 76 C5 DC 4F 38 E5 DF D5 ....2!.Jv..O8...
    >0030: 86 E4 D5 C8 76 7D 98 D7 B1 CD 8F 4D B5 91 23 6C ....v......M..#l
    >0040: 8B 8A EB EA 7C EF 14 94 C4 C6 F0 1F 4A 2D 32 71 ............J-2q
    >0050: 63 2B 63 91 26 02 09 B6 80 1D ED E2 CC B8 7F DB c+c.&...........
    >0060: 87 63 C8 E1 D0 6C 26 B1 35 1D 40 66 10 1B CD 95 .c...l&.5.@f....
    >0070: 54 18 33 61 EC 13 4F DA 13 F7 99 AF 3E D0 CF 8E T.3a..O.....>...
    >0080: A6 72 A2 B3 C3 05 9A C9 27 7D 92 CC 7E 52 8D B3 .r......'....R..
    >0090: AB 70 6D 9E 89 9F 4D EB 1A 75 C2 98 AA D5 02 16 .pm...M..u......
    >00A0: D7 0C 8A BF 25 E4 EB 2D BC 98 E9 58 38 19 7C B9 ....%..-...X8...
    >00B0: 37 FE DB E2 99 08 73 06 C7 97 83 6A 7D 10 01 2F 7.....s....j.../
    >00C0: 32 B9 17 05 4A 65 E6 2F CE BE 5E 53 A6 82 E9 9A 2...Je./..^S....
    >00D0: 53 0A 84 74 2D 83 CA C8 94 16 76 5F 94 61 28 F0 S..t-.....v_.a(.
    >00E0: 85 A7 39 BB D7 8B D9 A8 B2 13 1D 54 09 34 24 7D ..9........T.4$.
    >00F0: 20 81 7D 66 7E A2 90 74 5C 10 C6 BD EC AB 1B C2 ..f...t\.......
    >
    >]>
    > <000000> >[
    > Version: V1
    > Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
    >Inc."
    >, C=US
    > Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@1d382ab
    > Validity: [From: Mon Jan 29 02:00:00 EET 1996,
    > To: Thu Jan 08 01:59:59 EET 2004]
    > Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
    >Inc.",
    > C=US
    > SerialNumber: [ ba5ac94c 053b92d6 a7b6df4e d053920d]
    >
    >]
    > Algorithm: [MD2withRSA]
    > Signature:
    >0000: B6 00 1F 93 57 A4 07 A7 40 CE 65 40 3F 55 5E ED ....W...@.e@?U^.
    >0010: EF FA 54 49 A5 30 D6 21 7C 61 87 EE 83 93 0B BF ..TI.0.!.a......
    >0020: B4 33 F2 98 AC 9F 06 BF 4E A8 CE 14 81 4C CB 04 .3......N....L..
    >0030: 4E 58 C3 CF 5F EE 7C D7 9A 6F CB 41 8A B7 7F 81 NX.._....o.A....
    >0040: B8 FF 84 61 C6 27 43 65 1D 0C EC B1 00 0A DD 1B ...a.'Ce........
    >0050: A4 BB C7 78 20 28 B2 A2 DD 36 95 2E E1 54 4F BF ...x (...6...TO.
    >0060: 60 B9 77 68 11 99 23 E8 EA 52 E8 AA 00 4E 67 4E `.wh..#..R...NgN
    >0070: BB 90 B5 45 9B 46 EB 8E 16 EF C4 33 5B 33 3D D5 ...E.F.....3[3=.
    >
    >]>
    > <000000> >appli
    >ed>
    > <000000> >SSLSocket>
    >
    > <000000>
    > >ext(ctx): 26426059>
    > <000000> >NOT be
    >Mux
    >ing>
    > <000000>
    > >text(is): 16322634>
    > <000000>
    > <000000>
    > >lse>
    > <000000> >false>
    >
    > <000000>
    > >lse>
    > <000000> <15167987
    >readRecord()>
    > <000000> <15167987 received
    >HANDSHA
    >KE>
    > <000000> >ServerH
    >ello>
    > <000000>
    > >lse>
    > <000000> >false>
    >
    > <000000>
    > >lse>
    > <000000> <15167987
    >readRecord()>
    > <000000> <15167987 received
    >HANDSHA
    >KE>
    > <000000> >Certifi
    >cate>
    > <000000> >valid
    >ation checks: localhost>
    > <000000> >valid
    >ateErr = 20>
    > <000000> < cert[0] = [
    >[
    > Version: V3
    > Subject: EMAILADDRESS=support@bea.com, CN=weblogic.bea.com, O=BEA
    >WebLogic, L=
    >San Francisco, ST=California, C=US
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@b2e752
    > Validity: [From: Fri Nov 01 22:02:23 EET 2002,
    > To: Sun Oct 15 23:02:23 EEST 2006]
    > Issuer: EMAILADDRESS=support@bea.com, CN=Demo Certificate Authority
    >Constraint
    >s, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
    > SerialNumber: [ 21]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: 5E D1 96 8E 01 C8 14 B0 62 16 93 2A 47 38 CF D8 ^.......b..*G8..
    >0010: 71 EF 75 BC 27 DF 33 0B F8 D5 07 09 36 8D 45 DF q.u.'.3.....6.E.
    >0020: 2F 27 2C F7 68 9C 8F 2B 10 13 16 07 65 3F 1F 45 /',.h..+....e?.E
    >0030: 56 9F 62 D8 28 44 E9 86 25 19 8D 0D CB 36 C3 8B V.b.(D..%....6..
    >
    >]>
    > <000000> >=
    >20>
    > <000000> >is
    >inco
    >mplete>
    > <000000> >is
    >untr
    >usted>
    > <000000> >returns
    >: 20>
    > <000000> >CERT
    >_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
    > <000000> >com.certicom.t
    >ls.record.alert.Alert@170ec24 Severity: 2 Type: 42
    >java.lang.Throwable: Stack trace
    > at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    > at com.certicom.tls.record.alert.Alert.(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    >Source)
    > at
    >com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.hand
    >le(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    >sage(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    >sages(Unknown Source)
    > at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown
    >Source)
    > at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    > at
    >com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknow
    >n Source)
    > at
    >com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Un
    >known Source)
    > at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
    > at java.io.BufferedOutputStream.flush(Unknown Source)
    > at java.io.DataOutputStream.flush(Unknown Source)
    > at
    >weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConn ection.java:275)
    > at
    >weblogic.rjvm.t3.T3SJVMConnection.createConnection (T3SJVMConnection.j
    >ava:83)
    > at weblogic.rjvm.Protocol.createConnection(Protocol.j ava:231)
    > at
    >weblogic.rjvm.ConnectionManager.findOrCreateConnec tion(ConnectionMana
    >ger.java:1272)
    > at
    >weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:418)
    >
    > at
    >weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:300)
    >
    > at
    >weblogic.rjvm.RJVMManager.findOrCreateRemoteIntern al(RJVMManager.java
    >:234)
    > at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager .java:191)
    > at
    >weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer( RJVMFinder.java:203
    >)
    > at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:169)
    > at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    > at
    >weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    >tialContextFactoryDelegate.java:323)
    > at
    >weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    >tialContextFactoryDelegate.java:221)
    > at
    >weblogic.jndi.WLInitialContextFactory.getInitialCo ntext(WLInitialCont
    >extFactory.java:149)
    > at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
    > at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
    > at javax.naming.InitialContext.init(Unknown Source)
    > at javax.naming.InitialContext.(Unknown Source)
    >
    >>

    > <000000> >=
    >0 le
    >ngth = 2>
    > <000000>
    > <000000> >handshak
    >e, stack trace follows
    >javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt
    >or
    >unusea
    >ble certificate was received.
    > at
    >com.certicom.tls.interfaceimpl.TLSConnectionImpl.f ireException(Unknow
    >n Source)
    > at
    >com.certicom.tls.interfaceimpl.TLSConnectionImpl.f ireAlertSent(Unknow
    >n Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    >Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    >Source)
    > at
    >com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.hand
    >le(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    >sage(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    >sages(Unknown Source)
    > at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown
    >Source)
    > at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    > at
    >com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknow
    >n Source)
    > at
    >com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Un
    >known Source)
    > at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
    > at java.io.BufferedOutputStream.flush(Unknown Source)
    > at java.io.DataOutputStream.flush(Unknown Source)
    > at
    >weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConn ection.java:275)
    > at
    >weblogic.rjvm.t3.T3SJVMConnection.createConnection (T3SJVMConnection.j
    >ava:83)
    > at weblogic.rjvm.Protocol.createConnection(Protocol.j ava:231)
    > at
    >weblogic.rjvm.ConnectionManager.findOrCreateConnec tion(ConnectionMana
    >ger.java:1272)
    > at
    >weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:418)
    >
    > at
    >weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:300)
    >
    > at
    >weblogic.rjvm.RJVMManager.findOrCreateRemoteIntern al(RJVMManager.java
    >:234)
    > at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager .java:191)
    > at
    >weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer( RJVMFinder.java:203
    >)
    > at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:169)
    > at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    > at
    >weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    >tialContextFactoryDelegate.java:323)
    > at
    >weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    >tialContextFactoryDelegate.java:221)
    > at
    >weblogic.jndi.WLInitialContextFactory.getInitialCo ntext(WLInitialCont
    >extFactory.java:149)
    > at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
    > at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
    > at javax.naming.InitialContext.init(Unknown Source)
    > at javax.naming.InitialContext.(Unknown Source)
    >
    >>

    > <000000> >com.certicom.t
    >ls.record.alert.Alert@15b4ad2 Severity: 2 Type: 40
    >java.lang.Throwable: Stack trace
    > at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    > at com.certicom.tls.record.alert.Alert.(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    >Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    >sage(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    >sages(Unknown Source)
    > at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown
    >Source)
    > at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    > at
    >com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknow
    >n Source)
    > at
    >com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Un
    >known Source)
    > at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    > at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
    > at java.io.BufferedOutputStream.flush(Unknown Source)
    > at java.io.DataOutputStream.flush(Unknown Source)
    > at
    >weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConn ection.java:275)
    > at
    >weblogic.rjvm.t3.T3SJVMConnection.createConnection (T3SJVMConnection.j
    >ava:83)
    > at weblogic.rjvm.Protocol.createConnection(Protocol.j ava:231)
    > at
    >weblogic.rjvm.ConnectionManager.findOrCreateConnec tion(ConnectionMana
    >ger.java:1272)
    > at
    >weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:418)
    >
    > at
    >weblogic.rjvm.ConnectionManager.bootstrap(Connecti onManager.java:300)
    >
    > at
    >weblogic.rjvm.RJVMManager.findOrCreateRemoteIntern al(RJVMManager.java
    >:234)
    > at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager .java:191)
    > at
    >weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer( RJVMFinder.java:203
    >)
    > at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:169)
    > at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    > at
    >weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    >tialContextFactoryDelegate.java:323)
    > at
    >weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    >tialContextFactoryDelegate.java:221)
    > at
    >weblogic.jndi.WLInitialContextFactory.getInitialCo ntext(WLInitialCont
    >extFactory.java:149)
    > at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
    > at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
    > at javax.naming.InitialContext.init(Unknown Source)
    > at javax.naming.InitialContext.(Unknown Source)
    >>

    >javax.naming.CommunicationException. Root exception is
    >java.net.ConnectExceptio
    >n: t3s://localhost:7002: Destination unreachable; nested exception is:
    > java.io.IOException: Write Channel Closed, possible SSL handshaking
    >or t
    >rust failure; No available router to destination
    > at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.j ava:180)
    > at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL .java:262)
    > at
    >weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    >tialContextFactoryDelegate.java:323)
    > at
    >weblogic.jndi.WLInitialContextFactoryDelegate.getI nitialContext(WLIni
    >tialContextFactoryDelegate.java:221)
    > at
    >weblogic.jndi.WLInitialContextFactory.getInitialCo ntext(WLInitialCont
    >extFactory.java:149)
    > at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
    > at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
    > at javax.naming.InitialContext.init(Unknown Source)
    > at javax.naming.InitialContext.(Unknown Source)
    >
    >
    >
    >"Pavel" wrote in message
    >news:400ff941$1@newsgroups.bea.com...
    >>
    >> Actually the log looks like it did came from the server, and it indicates

    >that
    >> the client did not trust the server's identity certificate. Make sure

    >you
    >are
    >> using the demo certificate, and try setting both ssl debug flags on

    >the
    >client:
    >>
    >> -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    >>
    >> The client debug output should list its trusted certificates, and give

    >more info
    >> about why the server certificate was rejected.

    >



  9. Re: t3s not working on a java app client (long debug listing included)

    Ok, I did as you adviced (thanks for help btw and set that command line
    property on my client as follows:

    -Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\we blogic700\server\lib\cace
    rts

    It still complaints about the certificate (this listing comes from the
    client):

    ************************************************** ******************

    <000000> found>

    <000000> Certicom S
    SL license found>
    <000000> expor
    t limited>
    <000000> C:\b
    ea\weblogic700\server\lib\cacerts>
    ************************************************** *********************

    So the trusted CAs should be ok?


    ************************************************** ********************
    <000000> appli
    ed>
    <000000> SSLSocket>

    <000000>
    ext(ctx): 27041558>
    <000000> Mux
    ing>
    <000000>
    text(is): 26252165>
    <000000>
    <000000>
    lse>
    <000000> false>

    <000000>
    lse>
    <000000> <22091943
    readRecord()>
    <000000> <22091943 received
    HANDSHA
    KE>
    <000000> ServerH
    ello>
    <000000>
    lse>
    <000000> false>

    <000000>
    lse>
    <000000> <22091943
    readRecord()>
    <000000> <22091943 received
    HANDSHA
    KE>
    <000000> Certifi
    cate>
    <000000> valid
    ation checks: localhost>
    <000000> valid
    ateErr = 1>
    <000000> < cert[0] = [
    [
    Version: V3
    Subject: EMAILADDRESS=support@bea.com, CN=weblogic.bea.com, O=BEA
    WebLogic, L=
    San Francisco, ST=California, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@91a4fb
    Validity: [From: Fri Nov 01 22:02:23 EET 2002,
    To: Sun Oct 15 23:02:23 EEST 2006]
    Issuer: EMAILADDRESS=support@bea.com, CN=Demo Certificate Authority
    Constraint
    s, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
    SerialNumber: [ 21]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 5E D1 96 8E 01 C8 14 B0 62 16 93 2A 47 38 CF D8 ^.......b..*G8..
    0010: 71 EF 75 BC 27 DF 33 0B F8 D5 07 09 36 8D 45 DF q.u.'.3.....6.E.
    0020: 2F 27 2C F7 68 9C 8F 2B 10 13 16 07 65 3F 1F 45 /',.h..+....e?.E
    0030: 56 9F 62 D8 28 44 E9 86 25 19 8D 0D CB 36 C3 8B V.b.(D..%....6..

    ]>
    <000000> < cert[1] = [
    [
    Version: V3
    Subject: EMAILADDRESS=support@bea.com, CN=Demo Certificate Authority
    Constrain
    ts, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

    Key: com.sun.rsajca.JSA_RSAPublicKey@1a3b359
    Validity: [From: Fri Nov 01 22:02:22 EET 2002,
    To: Mon Oct 16 23:02:22 EEST 2006]
    Issuer: EMAILADDRESS=support@bea.com, CN=Demo Certificate Authority
    Constraint
    s, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
    SerialNumber: [ 00]

    Certificate Extensions: 1
    [1]: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:1
    ]

    ]
    Algorithm: [MD5withRSA]
    Signature:
    0000: 83 57 9E 88 D3 32 26 A9 37 6A 04 B4 31 3B 40 08 .W...2&.7j..1;@.
    0010: 24 C1 1E 04 6D 77 64 86 14 98 1B 70 36 17 08 29 $...mwd....p6..)
    0020: C5 CC 63 40 7C 24 3D 06 1B 60 5F D0 23 18 A1 F9 ..c@.$=..`_.#...
    0030: C5 B1 1E 6B 43 1E 4D 09 54 2C 65 B8 06 8C F6 4E ...kC.M.T,e....N

    ]>
    <000000>
    <000000> inva
    lid>
    <000000> returns
    : 1>
    <000000> CERT_
    CHAIN_INVALID>
    <000000> com.certicom.t
    ls.record.alert.Alert@1e6978d Severity: 2 Type: 42
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    at com.certicom.tls.record.alert.Alert.(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    Source)
    at
    com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.hand
    le(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    sage(Unknown Source)
    at
    com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    sages(Unknown Source)
    at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    at
    com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknow
    n Source)
    at
    com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Un
    known Source)
    at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    ************************************************** ***************

    The next log is from server startup:

    ************************************************** ***************

    <26.1.2004 12:28:00 EET> <000000>
    <26.1.2004 12:28:00 EET> <000000>
    <26.1.2004 12:28:01 EET> <000000> limi
    ted>
    <26.1.2004 12:28:01 EET> <000000>

    >

    <26.1.2004 12:28:01 EET> <000000> priv
    ate key>
    <26.1.2004 12:28:01 EET> <000000>
    R)>
    <26.1.2004 12:28:01 EET> <000000>
    ): key alias: null>
    <26.1.2004 12:28:01 EET> <000000> SSL
    Server PrivateKey>
    <26.1.2004 12:28:01 EET> <000000>
    ()>
    <26.1.2004 12:28:01 EET> <000000> successfully lo
    aded>
    <26.1.2004 12:28:01 EET> <000000>
    R)>
    <26.1.2004 12:28:01 EET> <000000> CAs
    from TrustedCAFile: trusted-ca.pem>
    <26.1.2004 12:28:01 EET> <000000> trust
    ed CA file trusted-ca.pem>
    <26.1.2004 12:28:01 EET> <000000> CAs
    from default key store: C:/bea/weblogic700/server\lib\cacerts>
    ************************************************** *************************


    Is there some configuration setting etc. that I've missed or what? The WLS
    installation is default installation so I haven't configured anything.

    Next is from the config.xml that indicates my SSL related (default)
    settings.

    ListenPort="7002" Name="wls_server70"
    ServerCertificateChainFileName="ca.pem"
    ServerCertificateFileName="democert.pem"
    ServerKeyFileName="demokey.pem"/>


    What could be the problem here?

    Regards,

    Jukka


    "Pavel" wrote in message
    news:401141fb@newsgroups.bea.com...
    >
    > The log shows that the server identity certificate was issued by the Demo

    Certificate
    > Authority, but the client's trust does not include this CA. Looks like the

    trusted
    > CAs came from the JDK cacerts keystore. Use command line property to

    specify weblogic's
    > cacerts keystore on the client:
    >
    > -Dweblogic.security.SSL.trustedCAKeyStore=



  10. Re: t3s not working on a java app client (long debug listing included)


    The log shows that this fixed the original problem, i.e. the client is now able
    to build the chain (cert[0], cert[1]). However, the chain validation still fails.
    I suspect the reason is that you have jsse classes in your classpath in front
    of weblogic.jar, probably in the JDK ext folder. JSSE classes conflict with the
    certicom ssl implementation used by weblogic. Try to move the jsse.jar behind
    weblogic.jar in the classpath.

    Pavel.

    "Jukka" wrote:
    >Ok, I did as you adviced (thanks for help btw and set that command
    >line
    >property on my client as follows:
    >
    >-Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\we blogic700\server\lib\cace
    >rts
    >
    >It still complaints about the certificate (this listing comes from the
    >client):
    >
    >************************************************** ******************
    >
    > <000000> >found>
    >
    > <000000> >Certicom S
    >SL license found>
    > <000000> >is
    >expor
    >t limited>
    > <000000> >C:\b
    >ea\weblogic700\server\lib\cacerts>
    >************************************************** *********************
    >
    >So the trusted CAs should be ok?
    >
    >
    >************************************************** ********************
    > <000000> >appli
    >ed>
    > <000000> >SSLSocket>
    >
    > <000000>
    > >ext(ctx): 27041558>
    > <000000> >NOT be
    >Mux
    >ing>
    > <000000>
    > >text(is): 26252165>
    > <000000>
    > <000000>
    > >lse>
    > <000000> >false>
    >
    > <000000>
    > >lse>
    > <000000> <22091943
    >readRecord()>
    > <000000> <22091943 received
    >HANDSHA
    >KE>
    > <000000> >ServerH
    >ello>
    > <000000>
    > >lse>
    > <000000> >false>
    >
    > <000000>
    > >lse>
    > <000000> <22091943
    >readRecord()>
    > <000000> <22091943 received
    >HANDSHA
    >KE>
    > <000000> >Certifi
    >cate>
    > <000000> >valid
    >ation checks: localhost>
    > <000000> >valid
    >ateErr = 1>
    > <000000> < cert[0] = [
    >[
    > Version: V3
    > Subject: EMAILADDRESS=support@bea.com, CN=weblogic.bea.com, O=BEA
    >WebLogic, L=
    >San Francisco, ST=California, C=US
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@91a4fb
    > Validity: [From: Fri Nov 01 22:02:23 EET 2002,
    > To: Sun Oct 15 23:02:23 EEST 2006]
    > Issuer: EMAILADDRESS=support@bea.com, CN=Demo Certificate Authority
    >Constraint
    >s, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
    > SerialNumber: [ 21]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: 5E D1 96 8E 01 C8 14 B0 62 16 93 2A 47 38 CF D8 ^.......b..*G8..
    >0010: 71 EF 75 BC 27 DF 33 0B F8 D5 07 09 36 8D 45 DF q.u.'.3.....6.E.
    >0020: 2F 27 2C F7 68 9C 8F 2B 10 13 16 07 65 3F 1F 45 /',.h..+....e?.E
    >0030: 56 9F 62 D8 28 44 E9 86 25 19 8D 0D CB 36 C3 8B V.b.(D..%....6..
    >
    >]>
    > <000000> < cert[1] = [
    >[
    > Version: V3
    > Subject: EMAILADDRESS=support@bea.com, CN=Demo Certificate Authority
    >Constrain
    >ts, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
    > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    >
    > Key: com.sun.rsajca.JSA_RSAPublicKey@1a3b359
    > Validity: [From: Fri Nov 01 22:02:22 EET 2002,
    > To: Mon Oct 16 23:02:22 EEST 2006]
    > Issuer: EMAILADDRESS=support@bea.com, CN=Demo Certificate Authority
    >Constraint
    >s, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
    > SerialNumber: [ 00]
    >
    >Certificate Extensions: 1
    >[1]: ObjectId: 2.5.29.19 Criticality=true
    >BasicConstraints:[
    >CA:true
    >PathLen:1
    >]
    >
    >]
    > Algorithm: [MD5withRSA]
    > Signature:
    >0000: 83 57 9E 88 D3 32 26 A9 37 6A 04 B4 31 3B 40 08 .W...2&.7j..1;@.
    >0010: 24 C1 1E 04 6D 77 64 86 14 98 1B 70 36 17 08 29 $...mwd....p6..)
    >0020: C5 CC 63 40 7C 24 3D 06 1B 60 5F D0 23 18 A1 F9 ..c@.$=..`_.#...
    >0030: C5 B1 1E 6B 43 1E 4D 09 54 2C 65 B8 06 8C F6 4E ...kC.M.T,e....N
    >
    >]>
    > <000000> >= 1>
    > <000000> >is
    >inva
    >lid>
    > <000000> >returns
    >: 1>
    > <000000> >CERT_
    >CHAIN_INVALID>
    > <000000> >com.certicom.t
    >ls.record.alert.Alert@1e6978d Severity: 2 Type: 42
    >java.lang.Throwable: Stack trace
    > at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:245)
    > at com.certicom.tls.record.alert.Alert.(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .fireAlert(Unknown
    >Source)
    > at
    >com.certicom.tls.record.handshake.ClientStateRecei vedServerHello.hand
    >le(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    >sage(Unknown Source)
    > at
    >com.certicom.tls.record.handshake.HandshakeHandler .handleHandshakeMes
    >sages(Unknown Source)
    > at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown
    >Source)
    > at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    > at
    >com.certicom.tls.record.ReadHandler.readUntilHands hakeComplete(Unknow
    >n Source)
    > at
    >com.certicom.tls.interfaceimpl.TLSConnectionImpl.c ompleteHandshake(Un
    >known Source)
    > at com.certicom.tls.record.WriteHandler.write(Unknown Source)
    >************************************************** ***************
    >
    >The next log is from server startup:
    >
    >************************************************** ***************
    >
    ><26.1.2004 12:28:00 EET> <000000>
    ><26.1.2004 12:28:00 EET> <000000> >found>
    ><26.1.2004 12:28:01 EET> <000000> >export
    >limi
    >ted>
    ><26.1.2004 12:28:01 EET> <000000>
    >
    >>

    ><26.1.2004 12:28:01 EET> <000000> >server
    >priv
    >ate key>
    ><26.1.2004 12:28:01 EET> <000000>
    > >R)>
    ><26.1.2004 12:28:01 EET> <000000>
    > >): key alias: null>
    ><26.1.2004 12:28:01 EET> <000000> >for
    >SSL
    > Server PrivateKey>
    ><26.1.2004 12:28:01 EET> <000000>
    > >()>
    ><26.1.2004 12:28:01 EET> <000000> >successfully lo
    >aded>
    ><26.1.2004 12:28:01 EET> <000000>
    > >R)>
    ><26.1.2004 12:28:01 EET> <000000> >trusted
    >CAs
    > from TrustedCAFile: trusted-ca.pem>
    ><26.1.2004 12:28:01 EET> <000000> >trust
    >ed CA file trusted-ca.pem>
    ><26.1.2004 12:28:01 EET> <000000> >trusted
    >CAs
    > from default key store: C:/bea/weblogic700/server\lib\cacerts>
    >************************************************** *************************
    >
    >
    >Is there some configuration setting etc. that I've missed or what? The
    >WLS
    >installation is default installation so I haven't configured anything.
    >
    >Next is from the config.xml that indicates my SSL related (default)
    >settings.
    >
    > > ListenPort="7002" Name="wls_server70"
    > ServerCertificateChainFileName="ca.pem"
    > ServerCertificateFileName="democert.pem"
    >ServerKeyFileName="demokey.pem"/>
    >
    >
    >What could be the problem here?
    >
    >Regards,
    >
    >Jukka
    >
    >
    >"Pavel" wrote in message
    >news:401141fb@newsgroups.bea.com...
    >>
    >> The log shows that the server identity certificate was issued by the

    >Demo
    >Certificate
    >> Authority, but the client's trust does not include this CA. Looks like

    >the
    >trusted
    >> CAs came from the JDK cacerts keystore. Use command line property to

    >specify weblogic's
    >> cacerts keystore on the client:
    >>
    >> -Dweblogic.security.SSL.trustedCAKeyStore=

    >



  11. Re: t3s not working on a java app client (long debug listing included)

    I haven't explicitly included jsse.jar in my classpath. However, I did empty
    the classpath explicitly and included weblogic.jar first. I still receive
    the same error message. Strange, I'd say. Any ideas on this?

    Regards,

    Jukka


    "Pavel" wrote in message
    news:4015559b$1@newsgroups.bea.com...
    >
    > The log shows that this fixed the original problem, i.e. the client is now

    able
    > to build the chain (cert[0], cert[1]). However, the chain validation still

    fails.
    > I suspect the reason is that you have jsse classes in your classpath in

    front
    > of weblogic.jar, probably in the JDK ext folder. JSSE classes conflict

    with the
    > certicom ssl implementation used by weblogic. Try to move the jsse.jar

    behind
    > weblogic.jar in the classpath.



  12. Re: t3s not working on a java app client (long debug listing included)


    Have you checked the JDK ext folder? Are you running on JDK 1.4. JSSE is included
    with 1.4 in its jre/lib folder.
    You can test whether jsse.jar is in the jdk classpath, by clearing the CLASSPATH
    env variable and running: javap javax.security.cert.X509Certificate

    Pavel.

    "Jukka" wrote:
    >I haven't explicitly included jsse.jar in my classpath. However, I did
    >empty
    >the classpath explicitly and included weblogic.jar first. I still receive
    >the same error message. Strange, I'd say. Any ideas on this?
    >
    >Regards,
    >
    >Jukka
    >
    >
    >"Pavel" wrote in message
    >news:4015559b$1@newsgroups.bea.com...
    >>
    >> The log shows that this fixed the original problem, i.e. the client

    >is now
    >able
    >> to build the chain (cert[0], cert[1]). However, the chain validation

    >still
    >fails.
    >> I suspect the reason is that you have jsse classes in your classpath

    >in
    >front
    >> of weblogic.jar, probably in the JDK ext folder. JSSE classes conflict

    >with the
    >> certicom ssl implementation used by weblogic. Try to move the jsse.jar

    >behind
    >> weblogic.jar in the classpath.

    >



  13. Re: t3s not working on a java app client (long debug listing included)

    Yes, I'm using JRE1.4.1_02, but the jsse.jar seems not to be in my
    classpath, because I get the following message when I run that command you
    provided.

    "Class 'javax.security.cert.X509Certificate' not found"

    When I added weblogic.jar to my classpath, it (the javap command) worked as
    it is supposed to.

    Regards,

    Jukka

    "Pavel" wrote in message
    news:4017e15d$1@newsgroups.bea.com...
    >
    > Have you checked the JDK ext folder? Are you running on JDK 1.4. JSSE is

    included
    > with 1.4 in its jre/lib folder.
    > You can test whether jsse.jar is in the jdk classpath, by clearing the

    CLASSPATH
    > env variable and running: javap javax.security.cert.X509Certificate
    >
    > Pavel.
    >
    > "Jukka" wrote:
    > >I haven't explicitly included jsse.jar in my classpath. However, I did
    > >empty
    > >the classpath explicitly and included weblogic.jar first. I still receive
    > >the same error message. Strange, I'd say. Any ideas on this?



  14. Re: t3s not working on a java app client (long debug listing included)


    The error you are getting matches the error you would see with the jdk1.4.1 and
    the jsse.jar in its jre/lib directory. This issue is listed here:
    http://e-docs.bea.com/wls/docs70/not...s.html#1135756

    To exhaust this you can try the following: check the class name spelling, and
    confirm that you are running javap command on the same jvm you run your client
    in case you have multiple jvms installed, or search jdk folder for jsse.jar, and
    make sure it is not there. Or try runnining the client on jdk1.3 without jsse
    installed and see if the problem goes away.

    If this proves this to be a different issue, I'd suggest opening a support case.

    Pavel.

    "Jukka" wrote:
    >Yes, I'm using JRE1.4.1_02, but the jsse.jar seems not to be in my
    >classpath, because I get the following message when I run that command
    >you
    >provided.
    >
    >"Class 'javax.security.cert.X509Certificate' not found"
    >
    >When I added weblogic.jar to my classpath, it (the javap command) worked
    >as
    >it is supposed to.
    >
    >Regards,
    >
    >Jukka
    >
    >"Pavel" wrote in message
    >news:4017e15d$1@newsgroups.bea.com...
    >>
    >> Have you checked the JDK ext folder? Are you running on JDK 1.4. JSSE

    >is
    >included
    >> with 1.4 in its jre/lib folder.
    >> You can test whether jsse.jar is in the jdk classpath, by clearing

    >the
    >CLASSPATH
    >> env variable and running: javap javax.security.cert.X509Certificate
    >>
    >> Pavel.
    >>
    >> "Jukka" wrote:
    >> >I haven't explicitly included jsse.jar in my classpath. However, I

    >did
    >> >empty
    >> >the classpath explicitly and included weblogic.jar first. I still

    >receive
    >> >the same error message. Strange, I'd say. Any ideas on this?

    >



  15. Re: t3s not working on a java app client (long debug listing included)

    Indeed, now it works!! Great!! I really appreciate your help!

    Regards,

    Jukka


    "Pavel" wrote in message
    news:40198047$1@newsgroups.bea.com...
    >
    > The error you are getting matches the error you would see with the

    jdk1.4.1 and
    > the jsse.jar in its jre/lib directory. This issue is listed here:
    > http://e-docs.bea.com/wls/docs70/not...s.html#1135756
    >
    > To exhaust this you can try the following: check the class name spelling,

    and
    > confirm that you are running javap command on the same jvm you run your

    client
    > in case you have multiple jvms installed, or search jdk folder for

    jsse.jar, and
    > make sure it is not there. Or try runnining the client on jdk1.3 without

    jsse
    > installed and see if the problem goes away.



  16. Re: t3s not working on a java app client (long debug listing included)

    Hi,
    I have the same problem still. I am running this command on JDK1.3. Here's my command & the output:
    ===========================
    [www@iserv47 www]$ /opt/bea/jrockit70sp5_131_10/bin/java -classpath /opt/bea/weblogic700/server/lib/weblogic.jar weblogic.Admin -url https://ushhints-mt.merck.com:8143 -username admin PING
    Enter the password for user admin assword

    Failed to connect to https://ushhints-mt.merck.com:8143: Destination unreachable; nested exception is:
    java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure; No available router to destination
    [www@iserv47 www]$
    =========================================

    the only jsse.jar is in the dir - weblogic700/workshop/jdk1.4/jre/lib/jsse.jar. Could this be affecting somehow?

    Anybody has any ideas??

    Thanks
    ~s

  17. Re: t3s not working on a java app client (long debug listing included)

    See http://e-docs.bea.com/wls/docs70/sec...l.html#1187931 for info on how to configure trust of weblogic.Admin client. Make sure its trusted certificates include certificate of the CA that issued the server identity certificate.
    Also read the section about hostname verification.
    If this does not help try running with ssl debug on:
    -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
    This should output more info about the error.

    Pavel.