my dog learned polymorphism*
The moose likes Security and the fly likes handshake between sap xi & tomcat over https. no trusted certificate found Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "handshake between sap xi & tomcat over https. no trusted certificate found" Watch "handshake between sap xi & tomcat over https. no trusted certificate found" New topic
Author

handshake between sap xi & tomcat over https. no trusted certificate found

sanjay patel
Greenhorn

Joined: Sep 28, 2007
Posts: 8
I have a webservice which is hosted on sap xi server. My class in tomcat will call it over https protocol. For that, tomcat needs to import the xi certificate. I did it in cacerts which resides in jre's lib/security directory. Still, it doesn't work. But the strange thing is, if i write the stand alone class, and use the same cacerts file, it works.

// For standalone class
System.setProperty("javax.net.ssl.trustStore", "C:\\certs\\cacerts");

//For class which is in tomcat
System.setProperty("javax.net.ssl.trustStore", <cacerts file path> ;
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

I am getting the following exception :

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
org.apache.axis.client.Call.invokeEngine(Call.java:2784)
org.apache.axis.client.Call.invoke(Call.java:2767)
org.apache.axis.client.Call.invoke(Call.java:2443)
org.apache.axis.client.Call.invoke(Call.java:2366)
org.apache.axis.client.Call.invoke(Call.java:1812)
com.reliant.ws.xi.client.Os_getDocumentRequestBindingStub.os_getDocumentRequest(Os_getDocumentRequestBindingStub.java:164)
com.reliant.ws.xi.client.BillFetchClient.fetchContent(BillFetchClient.java:83)
org.apache.jsp.en_005fUS.EBillViewer.EBillWSCall_jsp._jspService(EBillWSCall_jsp.java:56)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
Ernest Friedman-Hill
author and iconoclast
Marshal

Joined: Jul 08, 2003
Posts: 24184
    
  34

Hi,

Welcome to JavaRanch!

First, a bit of business: you may not have read our naming policy on the way in. It requires that you use a full, real (sounding) first and last name for your display name. No random extra are required nor acceptable. You can change your display name here. Thanks!


[Jess in Action][AskingGoodQuestions]
sanjay patel
Greenhorn

Joined: Sep 28, 2007
Posts: 8
name changed..........
now can i expect a reply/solution ?
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
can you configure Tomcat to start the jvm with -Djavax.net.debug=ssl? This will generate voluminous output which, if you are lucky, will help you find the problem. Feel free to post the output here.


Nice to meet you.
sanjay patel
Greenhorn

Joined: Sep 28, 2007
Posts: 8
Thanks buddy,

It was really very helpful. The problem was the certificate was invalid. I got the new valid certificate, And I think, I got rid of "No certificate found exception". But now i am facing another exception :

On the JSP, I am getting following exception :
Server Error
org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
javax.xml.parsers.SAXParser.parse(Unknown Source)
org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
org.apache.axis.client.Call.invokeEngine(Call.java:2784)
org.apache.axis.client.Call.invoke(Call.java:2767)
org.apache.axis.client.Call.invoke(Call.java:2443)
org.apache.axis.client.Call.invoke(Call.java:2366)
org.apache.axis.client.Call.invoke(Call.java:1812)
com.reliant.ws.xi.client.Os_getDocumentRequestBindingStub.os_getDocumentRequest(Os_getDocumentRequestBindingStub.java:164)
com.reliant.ws.xi.client.BillFetchClient.fetchContent(BillFetchClient.java:105)
org.apache.jsp.en_005fUS.EBillViewer.EBillWSCall_jsp._jspService(EBillWSCall_jsp.java:56)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)


And in the tomcat, logs are as following :

setSoTimeout(60000) called
http-6443-Processor24, READ: TLSv1 Handshake, length = 115
*** ClientHello, TLSv1
RandomCookie: GMT: 1191369002 bytes = { 196, 16, 186, 107, 222, 206, 178, 91, 17, 210, 245, 193, 15, 226, 9, 220, 221, 205, 49, 88, 211, 253, 238, 18, 17, 147, 80, 30 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x36, Unknown 0x0:0x37, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x30, Unknown 0x0:0x31, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DH_DSS_WITH_DES_CBC_SHA, SSL_DH_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, SSL_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA]
Compression Methods: { 0 }
***
%% Created: [Session-40, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1191368752 bytes = { 200, 13, 37, 217, 169, 155, 45, 136, 34, 249, 189, 120, 199, 92, 52, 99, 81, 144, 69, 138, 129, 156, 102, 227, 69, 26, 105, 248 }
Session ID: {71, 3, 216, 49, 246, 113, 241, 198, 156, 71, 215, 168, 89, 27, 84, 52, 238, 66, 201, 177, 175, 148, 242, 88, 2, 223, 126, 26, 218, 252, 99, 186}
Cipher Suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
***
Cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=Sukrit Khera, OU=Reliant, O=Reliant, L=Houston, ST=Texas, C=TX
Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

Key: Sun DSA Public Key
Parameters SA
p: fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
q: 9760508f 15230bcc b292b982 a2eb840b f0581cf5
g: f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a

y:
46c0cfec 389eb664 f6ea9733 9487ef63 bc40c6af 9fbdebe5 7f8e6b37 7171837f
608071ad 201467ca e2ef249d ba3f95ce 80d850de 5eb70503 60f62dac 1f4f3bce
4505d8b0 66fd51bd f242cc53 56ef3015 d06bf6b4 56ce86c6 9f921e23 60469253
4d91eed7 70df96c8 ed8facdb 7db6507d 95d6c5be 91b33a55 204c475e a013a343

Validity: [From: Thu Aug 23 11:26:37 CDT 2007,
To: Wed Nov 21 10:26:37 CST 2007]
Issuer: CN=Sukrit Khera, OU=Reliant, O=Reliant, L=Houston, ST=Texas, C=TX
SerialNumber: [ 46cdb53d]

]
Algorithm: [SHA1withDSA]
Signature:
0000: 30 2C 02 14 5B D5 20 1F 95 B7 15 40 AF D8 E3 F1 0,..[. ....@....
0010: 81 19 9F C2 11 68 4F E4 02 14 4A DC A5 69 AD AF .....hO...J..i..
0020: 8C 7D 54 F9 E6 B8 CF 6E 9C 9E B1 4A C8 1E ..T....n...J..

]
***
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 244, 136, 253, 88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56, 13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35, 192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52, 253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255, 60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134, 196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10, 80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137, 75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
DH Base: { 2 }
Server DH Public Key: { 97, 184, 159, 212, 225, 211, 102, 243, 247, 3, 150, 47, 124, 220, 10, 76, 201, 100, 170, 230, 230, 164, 219, 76, 41, 209, 58, 244, 9, 162, 93, 89, 226, 28, 90, 79, 75, 180, 234, 11, 222, 167, 251, 52, 175, 133, 67, 69, 48, 93, 86, 76, 169, 136, 237, 164, 229, 181, 218, 218, 63, 146, 80, 83, 40, 174, 5, 110, 160, 14, 203, 141, 154, 49, 23, 15, 231, 94, 51, 144, 147, 203, 157, 140, 195, 191, 0, 6, 78, 27, 225, 187, 245, 148, 249, 152, 80, 74, 178, 33, 32, 54, 128, 120, 52, 66, 127, 214, 16, 107, 149, 144, 174, 68, 49, 152, 242, 192, 114, 79, 104, 160, 225, 52, 226, 171, 72, 62 }
Signed with a DSA or RSA public key
*** ServerHelloDone
http-6443-Processor24, WRITE: TLSv1 Handshake, length = 1183
http-6443-Processor24, READ: TLSv1 Handshake, length = 134
*** ClientDiffieHellmanPublic
DH Public key: { 187, 172, 93, 14, 216, 242, 72, 98, 95, 36, 116, 130, 136, 204, 59, 234, 248, 159, 156, 173, 199, 205, 52, 44, 126, 245, 104, 8, 31, 8, 32, 177, 54, 91, 181, 38, 226, 195, 232, 220, 69, 225, 86, 67, 144, 16, 120, 149, 171, 174, 205, 211, 71, 121, 198, 30, 187, 216, 220, 128, 107, 252, 104, 114, 152, 227, 63, 182, 24, 123, 113, 135, 37, 141, 207, 19, 67, 12, 155, 251, 18, 47, 29, 186, 81, 10, 111, 133, 70, 221, 4, 43, 135, 108, 85, 22, 188, 152, 211, 105, 102, 171, 101, 28, 120, 248, 196, 58, 175, 80, 131, 146, 120, 104, 45, 239, 73, 96, 37, 134, 191, 228, 69, 75, 200, 118, 67, 133 }
SESSION KEYGEN:
PreMaster Secret:
0000: 49 A7 D8 D2 CA 83 A2 92 50 27 C0 71 42 86 36 1C I.......P'.qB.6.
0010: 7C C9 74 AB 90 25 42 CF 5F 08 0A BC F4 EB F3 6D ..t..%B._......m
0020: 33 95 AD 55 99 F3 29 E7 E5 C9 93 D9 71 7C 42 9E 3..U..).....q.B.
0030: 2B 66 61 2E 7E 4C 41 09 22 FE 6E 50 C5 FE 5B 44 +fa..LA.".nP..[D
0040: 35 BE FA 58 C0 D4 27 A9 BA 83 95 9B 0D 53 AE 17 5..X..'......S..
0050: 89 81 66 0B 92 E9 A6 97 EA 85 B8 23 50 21 B7 14 ..f........#P!..
0060: 83 26 55 1E AB B6 0D F8 93 B2 7B 0A 58 BC A9 A9 .&U.........X...
0070: EB 9D 7E 40 4F 42 15 23 74 2D 9B BC 02 4C 4F 9D ...@OB.#t-...LO.
CONNECTION KEYGEN:
Client Nonce:
0000: 47 03 D9 2A C4 10 BA 6B DE CE B2 5B 11 D2 F5 C1 G..*...k...[....
0010: 0F E2 09 DC DD CD 31 58 D3 FD EE 12 11 93 50 1E ......1X......P.
Server Nonce:
0000: 47 03 D8 30 C8 0D 25 D9 A9 9B 2D 88 22 F9 BD 78 G..0..%...-."..x
0010: C7 5C 34 63 51 90 45 8A 81 9C 66 E3 45 1A 69 F8 .\4cQ.E...f.E.i.
Master Secret:
0000: 49 9F 1E 4A 0F D5 A4 53 D9 B4 C8 E6 49 FA AC 72 I..J...S....I..r
0010: 4D B7 96 3C 7D 50 22 D8 A2 40 32 B6 54 36 89 63 M..<.P"..@2.T6.c
0020: 01 21 41 CA 01 DB B3 4C B4 C0 49 7A DA FE F9 DC .!A....L..Iz....
Client MAC write Secret:
0000: 16 68 FC 93 C1 1A DC 11 09 9D A9 10 19 53 FD D3 .h...........S..
0010: 19 99 EB D3 ....
Server MAC write Secret:
0000: 22 BE 6B 6F B7 E5 E8 87 A3 BF 0C 0E 65 61 47 DD ".ko........eaG.
0010: 80 54 2E 99 .T..
Client write key:
0000: A5 8E 31 5C 21 F4 02 3A 9E 0A 36 EA B0 91 38 FE ..1\!..:..6...8.
0010: 6E B4 C7 32 00 36 E3 3E n..2.6.>
Server write key:
0000: 13 7C E8 E6 6E 95 EE ED 8E EA 15 E2 6D 3C 65 10 ....n.......m<e.
0010: 5F 45 1B 7B 03 24 6B AD _E...$k.
Client write IV:
0000: C0 48 8C B6 2B 7D 22 B9 .H..+.".
Server write IV:
0000: 11 97 AF 59 E5 F3 C6 FA ...Y....
http-6443-Processor24, READ: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
http-6443-Processor24, READ: TLSv1 Handshake, length = 40
*** Finished
verify_data: { 211, 11, 40, 247, 90, 11, 221, 233, 126, 171, 69, 44 }
***
http-6443-Processor24, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
*** Finished
verify_data: { 161, 62, 149, 230, 115, 142, 15, 92, 209, 121, 56, 34 }
***
http-6443-Processor24, WRITE: TLSv1 Handshake, length = 40
%% Cached server session: [Session-40, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
http-6443-Processor24, READ: TLSv1 Application Data, length = 416
http-6443-Processor24, READ: TLSv1 Application Data, length = 344
%% Invalidated: [Session-40, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
setSoTimeout(1000) called
*** HelloRequest (empty)
http-6443-Processor24, WRITE: TLSv1 Handshake, length = 32
http-6443-Processor24, READ: TLSv1 Handshake, length = 168
*** ClientHello, TLSv1
RandomCookie: GMT: 1191369003 bytes = { 50, 222, 217, 139, 197, 155, 142, 122, 170, 64, 197, 13, 187, 77, 236, 142, 39, 66, 174, 91, 212, 158, 83, 225, 113, 39, 83, 1 }
Session ID: {71, 3, 216, 49, 246, 113, 241, 198, 156, 71, 215, 168, 89, 27, 84, 52, 238, 66, 201, 177, 175, 148, 242, 88, 2, 223, 126, 26, 218, 252, 99, 186}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x36, Unknown 0x0:0x37, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x30, Unknown 0x0:0x31, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DH_DSS_WITH_DES_CBC_SHA, SSL_DH_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, SSL_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA]
Compression Methods: { 0 }
***
%% Created: [Session-41, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1191368753 bytes = { 247, 203, 127, 157, 82, 121, 195, 241, 40, 242, 189, 105, 153, 130, 71, 97, 52, 127, 220, 220, 79, 70, 28, 175, 88, 16, 162, 95 }
Session ID: {71, 3, 216, 49, 29, 70, 80, 239, 249, 46, 219, 247, 247, 146, 220, 226, 220, 78, 238, 149, 237, 160, 182, 31, 112, 186, 167, 71, 246, 42, 127, 103}
Cipher Suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Compression Method: 0
***
Cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=Sukrit Khera, OU=Reliant, O=Reliant, L=Houston, ST=Texas, C=TX
Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

Key: Sun DSA Public Key
Parameters SA
p: fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669
455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
q: 9760508f 15230bcc b292b982 a2eb840b f0581cf5
g: f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267
5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a

y:
46c0cfec 389eb664 f6ea9733 9487ef63 bc40c6af 9fbdebe5 7f8e6b37 7171837f
608071ad 201467ca e2ef249d ba3f95ce 80d850de 5eb70503 60f62dac 1f4f3bce
4505d8b0 66fd51bd f242cc53 56ef3015 d06bf6b4 56ce86c6 9f921e23 60469253
4d91eed7 70df96c8 ed8facdb 7db6507d 95d6c5be 91b33a55 204c475e a013a343

Validity: [From: Thu Aug 23 11:26:37 CDT 2007,
To: Wed Nov 21 10:26:37 CST 2007]
Issuer: CN=Sukrit Khera, OU=Reliant, O=Reliant, L=Houston, ST=Texas, C=TX
SerialNumber: [ 46cdb53d]

]
Algorithm: [SHA1withDSA]
Signature:
0000: 30 2C 02 14 5B D5 20 1F 95 B7 15 40 AF D8 E3 F1 0,..[. ....@....
0010: 81 19 9F C2 11 68 4F E4 02 14 4A DC A5 69 AD AF .....hO...J..i..
0020: 8C 7D 54 F9 E6 B8 CF 6E 9C 9E B1 4A C8 1E ..T....n...J..

]
***
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 244, 136, 253, 88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56, 13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35, 192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52, 253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255, 60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134, 196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10, 80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137, 75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
DH Base: { 2 }
Server DH Public Key: { 234, 100, 116, 209, 132, 201, 1, 108, 90, 9, 71, 197, 146, 96, 184, 146, 124, 225, 190, 207, 80, 151, 205, 187, 125, 135, 30, 116, 184, 56, 234, 66, 188, 121, 117, 186, 2, 65, 158, 227, 225, 1, 174, 151, 40, 218, 142, 169, 214, 16, 226, 248, 61, 209, 185, 6, 62, 202, 11, 31, 174, 92, 182, 7, 251, 193, 123, 152, 144, 71, 80, 12, 79, 151, 55, 69, 21, 241, 136, 211, 135, 61, 5, 70, 126, 254, 60, 234, 119, 206, 53, 245, 171, 249, 168, 253, 53, 147, 192, 40, 56, 142, 116, 93, 252, 253, 185, 177, 158, 89, 202, 33, 201, 148, 56, 135, 227, 117, 87, 114, 91, 158, 40, 132, 175, 101, 225, 23 }
Signed with a DSA or RSA public key
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=Sukrit Khera, OU=Reliant, O=Reliant, L=Houston, ST=Texas, C=TX>
<CN=xidsslcert, OU=IT, O=Reliant Energy, L=Houston, ST=Texas, C=US>
<CN=xidsslcert, OU=IT, O=Reliant Energy, L=Houston, ST=Texas, C=US>
<CN=localhost>
*** ServerHelloDone
http-6443-Processor24, WRITE: TLSv1 Handshake, length = 1568
http-6443-Processor24, READ: TLSv1 Handshake, length = 792
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=xidsslcert, OU=IT, O=Reliant Energy, L=Houston, ST=Texas, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
8b5afe97 b25c92f2 c260fff0 99bea762 9ec73c55 8d41d8f9 4271f756 f31ae8d4
323818c6 a4d72319 a0c60bcc 384e8a70 67b59d5a 200ef31f 19686695 7de7c2c4
c694f995 549762b7 5cec7437 062e094c 0c224652 fea37a69 2417487c 03f92194
5ee6ffe1 5ba5cd9e f15a932b 3b7ed1b0 8cde0661 685d8b61 8c950f78 6e640803
Validity: [From: Wed Oct 03 11:07:00 CDT 2007,
To: Sat Oct 03 11:07:00 CDT 2009]
Issuer: CN=xidsslcert, OU=IT, O=Reliant Energy, L=Houston, ST=Texas, C=US
SerialNumber: [ 92f61660]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D9 F1 54 4E 60 F0 21 A0 2C 81 C9 57 F9 EF 24 97 ..TN`.!.,..W..$.
0010: 84 4D A4 04 .M..
]
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 5A B8 9A 3D 58 28 E4 CD CB C3 F7 66 C8 2A 49 79 Z..=X(.....f.*Iy
0010: 3B 61 8B 16 3A 2F EB 20 B0 1A E1 51 CB ED 6E 51 ;a..:/. ...Q..nQ
0020: 18 17 6D 62 8A 61 05 BC 76 1B D4 9D 7F ED EB 69 ..mb.a..v......i
0030: 6A AE 35 83 35 91 C0 B6 B4 4B BE 78 1E 0F F1 34 j.5.5....K.x...4
0040: 97 57 5F 7D 2D BC 4D DA 8E CD A7 D0 34 C0 C4 51 .W_.-.M.....4..Q
0050: D8 7B F6 0A 66 67 6A BC 55 67 9F E1 39 F0 AD A8 ....fgj.Ug..9...
0060: A2 01 FB 7A 58 CE 8F 86 CF 87 81 B8 15 49 E2 31 ...zX........I.1
0070: C4 0D 79 A1 E4 02 FF 69 C2 38 E7 AC F5 56 1D B6 ..y....i.8...V..

]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=xidsslcert, OU=IT, O=Reliant Energy, L=Houston, ST=Texas, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
8b5afe97 b25c92f2 c260fff0 99bea762 9ec73c55 8d41d8f9 4271f756 f31ae8d4
323818c6 a4d72319 a0c60bcc 384e8a70 67b59d5a 200ef31f 19686695 7de7c2c4
c694f995 549762b7 5cec7437 062e094c 0c224652 fea37a69 2417487c 03f92194
5ee6ffe1 5ba5cd9e f15a932b 3b7ed1b0 8cde0661 685d8b61 8c950f78 6e640803
Validity: [From: Wed Oct 03 11:07:00 CDT 2007,
To: Sat Oct 03 11:07:00 CDT 2009]
Issuer: CN=xidsslcert, OU=IT, O=Reliant Energy, L=Houston, ST=Texas, C=US
SerialNumber: [ 92f61660]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D9 F1 54 4E 60 F0 21 A0 2C 81 C9 57 F9 EF 24 97 ..TN`.!.,..W..$.
0010: 84 4D A4 04 .M..
]
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 5A B8 9A 3D 58 28 E4 CD CB C3 F7 66 C8 2A 49 79 Z..=X(.....f.*Iy
0010: 3B 61 8B 16 3A 2F EB 20 B0 1A E1 51 CB ED 6E 51 ;a..:/. ...Q..nQ
0020: 18 17 6D 62 8A 61 05 BC 76 1B D4 9D 7F ED EB 69 ..mb.a..v......i
0030: 6A AE 35 83 35 91 C0 B6 B4 4B BE 78 1E 0F F1 34 j.5.5....K.x...4
0040: 97 57 5F 7D 2D BC 4D DA 8E CD A7 D0 34 C0 C4 51 .W_.-.M.....4..Q
0050: D8 7B F6 0A 66 67 6A BC 55 67 9F E1 39 F0 AD A8 ....fgj.Ug..9...
0060: A2 01 FB 7A 58 CE 8F 86 CF 87 81 B8 15 49 E2 31 ...zX........I.1
0070: C4 0D 79 A1 E4 02 FF 69 C2 38 E7 AC F5 56 1D B6 ..y....i.8...V..

]
*** ClientDiffieHellmanPublic
DH Public key: { 105, 149, 232, 226, 94, 15, 21, 244, 199, 39, 200, 61, 215, 170, 178, 117, 11, 89, 246, 84, 184, 77, 133, 177, 165, 175, 167, 118, 207, 111, 201, 22, 92, 36, 230, 229, 13, 230, 105, 116, 25, 49, 223, 252, 222, 189, 126, 104, 202, 249, 142, 33, 244, 210, 138, 79, 114, 112, 31, 225, 200, 219, 160, 127, 216, 243, 235, 117, 243, 33, 67, 148, 147, 212, 238, 83, 50, 248, 237, 12, 110, 236, 40, 50, 20, 76, 250, 137, 26, 226, 19, 42, 46, 240, 197, 209, 78, 235, 132, 91, 148, 35, 82, 227, 118, 182, 250, 110, 239, 54, 146, 94, 208, 240, 186, 25, 56, 187, 192, 57, 186, 158, 8, 46, 113, 5, 71, 218 }
SESSION KEYGEN:
PreMaster Secret:
0000: 94 66 6F BE B6 90 E7 7D EC 27 92 11 0C A7 99 64 .fo......'.....d
0010: CE CC 12 5C 12 96 B7 8F 07 41 43 F0 78 75 83 E1 ...\.....AC.xu..
0020: 9E 7B A9 A8 1A 5D 34 34 23 24 E5 7A 4B 83 DE BF .....]44#$.zK...
0030: 28 66 0A 32 E2 EB FA 92 DF 49 A6 42 E2 C1 FD 18 (f.2.....I.B....
0040: 4C 26 EB 3B DB C3 6C B0 34 19 02 6C BB 5B F8 A2 L&.;..l.4..l.[..
0050: 8B E9 E6 D5 43 E6 4E 12 BC EB 05 D4 47 E9 24 0B ....C.N.....G.$.
0060: 28 49 84 C0 3E FD 9E 56 9F 2A 92 65 B7 9B 59 4A (I..>..V.*.e..YJ
0070: 37 EE 00 61 B9 73 49 B8 A8 4A 93 6F 76 3A E0 24 7..a.sI..J.ov:.$
CONNECTION KEYGEN:
Client Nonce:
0000: 47 03 D9 2B 32 DE D9 8B C5 9B 8E 7A AA 40 C5 0D G..+2......z.@..
0010: BB 4D EC 8E 27 42 AE 5B D4 9E 53 E1 71 27 53 01 .M..'B.[..S.q'S.
Server Nonce:
0000: 47 03 D8 31 F7 CB 7F 9D 52 79 C3 F1 28 F2 BD 69 G..1....Ry..(..i
0010: 99 82 47 61 34 7F DC DC 4F 46 1C AF 58 10 A2 5F ..Ga4...OF..X.._
Master Secret:
0000: BF C7 77 37 B7 B7 21 5B 8D 6F 52 39 8B 49 16 4E ..w7..![.oR9.I.N
0010: 09 6E 7B 8A 98 EC 5B 53 A9 09 33 8B F0 71 2A 96 .n....[S..3..q*.
0020: 73 6D 39 DD BF B4 71 BC 70 7E DF 07 01 B0 53 02 sm9...q.p.....S.
Client MAC write Secret:
0000: 93 F0 DB 50 22 A3 26 17 BA E1 DD 03 38 31 B0 C5 ...P".&.....81..
0010: 17 CF 81 CE ....
Server MAC write Secret:
0000: 8B 2B C0 24 2F 7B EE 27 38 DD 38 F8 A0 E7 60 9A .+.$/..'8.8...`.
0010: A7 32 5B D4 .2[.
Client write key:
0000: 93 6A 62 AC A0 6A F2 2B A6 98 D5 F1 E3 4E C1 AF .jb..j.+.....N..
0010: BF F0 8F BD 7A 63 65 FF ....zce.
Server write key:
0000: 3F D7 90 CA CF E5 19 FD AC F2 B2 B4 31 7F 54 3B ?...........1.T;
0010: 11 E3 24 51 0D 0F BF F7 ..$Q....
Client write IV:
0000: 98 EA 72 A4 07 2C 58 5F ..r..,X_
Server write IV:
0000: AD 85 14 0C 50 BA D1 52 ....P..R
http-6443-Processor24, READ: TLSv1 Handshake, length = 160
*** CertificateVerify
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
http-6443-Processor24, READ: TLSv1 Change Cipher Spec, length = 24
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
http-6443-Processor24, READ: TLSv1 Handshake, length = 40
*** Finished
verify_data: { 101, 170, 20, 59, 12, 25, 179, 131, 10, 46, 184, 145 }
***
http-6443-Processor24, WRITE: TLSv1 Change Cipher Spec, length = 24
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
*** Finished
verify_data: { 197, 255, 11, 236, 139, 118, 31, 171, 167, 86, 37, 103 }
***
http-6443-Processor24, WRITE: TLSv1 Handshake, length = 40
%% Cached server session: [Session-41, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA]
http-6443-Processor24, handling exception: java.net.SocketTimeoutException: Read timed out
setSoTimeout(60000) called
http-6443-Processor24, WRITE: TLSv1 Application Data, length = 1336
http-6443-Processor24, called close()
http-6443-Processor24, called closeInternal(true)
http-6443-Processor24, SEND TLSv1 ALERT: warning, description = close_notify
http-6443-Processor24, WRITE: TLSv1 Alert, length = 24

Any idea ?
Again Thanks for the reply.
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
sanjay,
my apologies, I thought I'd replied a few days ago.

It is hard to say what's going wrong. It looks like everything goes okay, the initial handshake occurs, then a re-handshake happens, then the client successfully authenticates, the secure connection is setup and the server is waiting for the client to send something, presumably the GET request or whatever. The server waits 1 second, gets nothing, and times out and then closes the connection. The problem is maybe on the client side.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: handshake between sap xi & tomcat over https. no trusted certificate found