This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes Client certificate not getting passed to remote server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Client certificate not getting passed to remote server" Watch "Client certificate not getting passed to remote server" New topic
Author

Client certificate not getting passed to remote server

Cindy Jones
Ranch Hand

Joined: Oct 08, 2002
Posts: 66
I am trying to connect to a server that requries mutual authentication.
My trust store has the server's certificate as well as the root verisign certificate that it was signed with.
My keystore has the client certificate and the private key.

Using this keystore and trust store I am able to successfully connect to the external server from one of my servers.

However the remote server responds with "This page requires a client certificate" when I send the request using the same keystore and trust store from a different server.
command line:
java -Djavax.net.debug=ssl -classpath $JAVA_CLASSPATH -Djavax.net.ssl.keyStore=/test/client.keystore -Djavax.net.ssl.keyStorePassword=aaaaa123 -Djavax.net.ssl.trustStore=/test/cacerts -Djavax.net.ssl.trustStorePassword=aaaaa123 SimpleTest


On turning on ssl debugging I do not see any exceptions, everything seems to be working as expected.

What can I do to troubleshoot this?

Thanks!
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
... and trust store from a different server.


I don't understand this statement. If the server certificates are signed by verisign, then all your client needs to authenticate the server is verisign's root certificate in your truststore. Similarly, if the server wants your client to authenticate, then it will send a list of the DNs of CA it trusts. Your client certificate must be signed by one of those CAs. Finally, you should be able to see this happening in the debug trace, so I don't know what you mean when you say that the trace looks normal. Can you post the trace?


Nice to meet you.
Cindy Jones
Ranch Hand

Joined: Oct 08, 2002
Posts: 66
I am not able to post the full response since javaranch does not allow some characters

use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : /home/me/blisstest/bliss_client.jks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : blissclient
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=bhnast.support@bhnetwork.com, CN=BHN AST, T=Programmer, OU="Security Phrase - A2Ac3r+!", OU=Company - Networks, OU="www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)99", OU=Data Center, O=bliss Prepaid Solutions
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 159083502905030151121815193434458327732755021954926293287213887144734015985753874634497177274890469016118777572135081036056959705422717347732896794605673253022032843859535368174521566522144970943678518746234483395580415777422046844054419780497758704849691466370760437535873407753858501123458045858366788329597
public exponent: 65537
Validity: [From: Wed Mar 05 16:00:00 PST 2008,
To: Fri Mar 06 15:59:59 PST 2009]
Issuer: CN=bliss Prepaid Solutions CA, OU=Class 2 OnSite Individual Subscriber CA, OU=Terms of use at https://www.verisign.com/rpa (c)06, OU=VeriSign Trust Network, O=bliss Prepaid Solutions, C=US
SerialNumber: [ 769ed3a8 a02a78a4 5ba2ce46 e974f444]

Certificate Extensions: 5
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://onsitecrl.verisign.com/blissPrepaidSolutionsDataCenter/LatestCRL.crl]
]]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]

[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa

]] ]
]

[5]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]

]
trustStore is: /usr/jdk1.5.0_16/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:

...
...

init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
main, setSoTimeout(0) called
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1225329643 bytes = { 230, 13, 112, 174, 70, 5, 218, 138, 122, 53, 180, 124, 223, 168, 57, 89, 157, 9, 57, 219, 4, 246, 15, 98, 132, 42, 10, 180 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 79
main, WRITE: SSLv2 client hello message, length = 107
main, READ: TLSv1 Handshake, length = 2630
*** ServerHello, TLSv1
RandomCookie: GMT: 1225329941 bytes = { 27, 15, 87, 194, 55, 192, 178, 148, 2, 67, 20, 78, 137, 181, 168, 149, 50, 11, 81, 176, 251, 60, 17, 107, 218, 242, 100, 120 }
Session ID: {217, 37, 0, 0, 15, 44, 250, 248, 190, 226, 46, 124, 77, 222, 115, 63, 214, 177, 87, 211, 20, 182, 252, 212, 149, 202, 7, 90, 124, 59, 120, 16}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain

***
Found trusted certificate:
[
[
Version: V1
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: Sun RSA public key, 1024 bits
modulus: 141400322044550516865173371773024584879899609644618927642375342633349057300960400037232334924701046781298765077061770383151646234219179990772047200045837817821582483532549791304588064624083040538534190301571832597441704620988055765289140138246856927863523873759538652326729606982847841094220861282830980236711
public exponent: 65537
Validity: [From: Sun Jan 28 16:00:00 PST 1996,
To: Tue Aug 01 16:59:59 PDT 2028]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 70bae41d 10d92934 b638ca7b 03ccbabf]

]
Algorithm: [MD2withRSA]
Signature:
0000: BB 4C 12 2B CF 2C 26 00 4F 14 13 DD A6 FB FC 0A .L.+.,&.O.......
0010: 11 84 8C F3 28 1C 67 92 2F 7C B6 C5 FA DF F0 E8 ....(.g./.......
0020: 95 BC 1D 8F 6C 2C A8 51 CC 73 D8 A4 C0 53 F0 4E ....l,.Q.s...S.N
0030: D6 26 C0 76 01 57 81 92 5E 21 F1 D1 B1 FF E7 D0 .&.v.W..^!......
0040: 21 58 CD 69 17 E3 44 1C 9C 19 44 39 89 5C DC 9C !X.i..D...D9.\..
0050: 00 0F 56 8D 02 99 ED A2 90 45 4C E4 BB 10 A4 3D ..V......EL....=
0060: F0 32 03 0E F1 CE F8 E8 C9 51 8C E6 62 9F E6 9F .2.......Q..b...
0070: C0 7D B7 72 9C C9 36 3A 6B 9F 4E A8 FF 64 0D 64 ...r..6:k.N..d.d

]
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 252, 68, 170, 44, 43, 136, 152, 251, 183, 132, 177, 131, 92, 222, 71, 163, 93, 51, 203, 177, 158, 98, 135, 151, 103, 153, 198, 117, 174, 242, 152, 184, 255, 144, 66, 156, 213, 154, 153, 12, 76, 222, 222, 53, 8, 41 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 FC 44 AA 2C 2B 88 98 FB B7 84 B1 83 5C DE ...D.,+.......\.
0010: 47 A3 5D 33 CB B1 9E 62 87 97 67 99 C6 75 AE F2 G.]3...b..g..u..
0020: 98 B8 FF 90 42 9C D5 9A 99 0C 4C DE DE 35 08 29 ....B.....L..5.)
CONNECTION KEYGEN:
Client Nonce:
0000: 49 09 0C EB E6 0D 70 AE 46 05 DA 8A 7A 35 B4 7C I.....p.F...z5..
0010: DF A8 39 59 9D 09 39 DB 04 F6 0F 62 84 2A 0A B4 ..9Y..9....b.*..
Server Nonce:
0000: 49 09 0D 15 1B 0F 57 C2 37 C0 B2 94 02 43 14 4E I.....W.7....C.N
0010: 89 B5 A8 95 32 0B 51 B0 FB 3C 11 6B DA F2 64 78 ....2.Q..<.k..dx
Master Secret:
0000: E4 93 E4 B9 0D D3 D0 72 C1 49 0C 5A A9 89 A4 68 .......r.I.Z...h
0010: 42 CF 47 5A 12 76 29 87 80 A0 96 26 3D C3 C2 51 B.GZ.v)....&=..Q
0020: B8 5B D3 8D E6 F2 23 6E 16 AE E1 D4 DA 80 CA D6 .[....#n........
Client MAC write Secret:
0000: DB C4 C6 CC 9A 27 1A E4 66 AB 05 3F A5 96 59 BD .....'..f..?..Y.
Server MAC write Secret:
0000: 89 37 61 85 B7 16 36 99 2A 6F 45 C2 2D 60 A7 09 .7a...6.*oE.-`..
Client write key:
0000: A1 45 0A E6 B1 BA 45 39 69 7C F9 B2 0E 8A B4 93 .E....E9i.......
Server write key:
0000: C4 20 7F 4C B1 25 E7 C6 45 D5 B0 C1 3E 79 99 EA . .L.%..E...>y..
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 222, 50, 148, 179, 147, 210, 51, 205, 180, 243, 1, 109 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 243, 109, 86, 19, 193, 240, 155, 134, 163, 242, 231, 199 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, WRITE: TLSv1 Application Data, length = 360
main, READ: TLSv1 Handshake, length = 20
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 33556
*** ClientHello, TLSv1
RandomCookie: GMT: 1225329644 bytes = { 172, 186, 75, 77, 132, 166, 226, 196, 89, 109, 235, 186, 123, 48, 220, 231, 213, 79, 199, 142, 5, 36, 0, 147, 221, 105, 173, 241 }
Session ID: {217, 37, 0, 0, 15, 44, 250, 248, 190, 226, 46, 124, 77, 222, 115, 63, 214, 177, 87, 211, 20, 182, 252, 212, 149, 202, 7, 90, 124, 59, 120, 16}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 127
main, READ: TLSv1 Handshake, length = 5735
*** ServerHello, TLSv1
RandomCookie: GMT: 1225329942 bytes = { 200, 227, 224, 199, 19, 24, 225, 42, 176, 149, 35, 249, 41, 94, 218, 6, 163, 75, 113, 83, 94, 3, 47, 118, 234, 130, 146, 99 }
Session ID: {115, 29, 0, 0, 188, 62, 198, 143, 135, 84, 158, 243, 220, 143, 51, 140, 26, 31, 156, 159, 192, 226, 20, 76, 199, 134, 11, 69, 250, 57, 217, 214}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=a2a.wildcardsystems.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Systems, O=Wildcard Systems Inc., L=Sunrise, ST=Florida, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus: 144409453760146712806406338921954802637474902316763486890494738800226098047178148438733660649715098015098107832781949133842065968986926563471349491187971428185895281373789225816134527175306510546759796226355362570413089130592466580294786515028129399623805929299483497542047678971322172857899213432470997427529
public exponent: 65537
Validity: [From: Sun Jan 07 16:00:00 PST 2007,
To: Fri Jan 29 15:59:59 PST 2010]
Issuer: CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 4758f97c ec032f2a 84394b57 24e101ac]

Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C 30 5A 30 58 30 56 16 09 .b0`.^.\0Z0X0V..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 4B 6B B9 28 96 06 0C BB .+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07 8B 21 05 18 30 26 16 24 .R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 31 sign.com/vslogo1
0060: 2E 67 69 66 .gif


[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6F EC AF A0 DD 8A A4 EF F5 2A 10 67 2D 3F 55 82 o........*.g-?U.
0010: BC D7 EF 25 ...%
]

]

[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRSecure-crl.verisign.com/SVRSecure2005.crl]
]]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa

]] ]
]

[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.verisign.com, accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://SVRSecure-aia.verisign.com/SVRSecure2005-aia.cer]
]

[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
...
...

chain [1] = [
[
Version: V3
Subject: CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 18905729229464742433949840178165285210788629616064305164260843170201977241822595607598003983710482114887504542420063531704226365322091550579034120400511694538047325464426047959412241672706076731441028369861556999479337863789783838582999151810376013650218058341794419022809268802993425241541430009002110553726612125414429934927217253337526656605550620555845061032537869588361121949241772361851996536275260212221084778605793422355009443918198903890623415507477268041766919150091887619618794603091993360 637671933766441597921249204891707900552776893415739395596650548462810104696585021566385762017523199762687187467514321
public exponent: 65537
Validity: [From: Tue Jan 18 16:00:00 PST 2005,
To: Sun Jan 18 15:59:59 PST 2015]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 75337d9a b0e1233b ae2d7de4 469162d4]

Certificate Extensions: 8
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6F EC AF A0 DD 8A A4 EF F5 2A 10 67 2D 3F 55 82 o........*.g-?U.
0010: BC D7 EF 25 ...%
]
]

[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US]
SerialNumber: [ 70bae41d 10d92934 b638ca7b 03ccbabf]
]

[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=Class3CA2048-1-45]]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.verisign.com/pca3.crl]
]]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

[7]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa

]] ]
]

[8]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: C3 7E 08 46 5D 91 36 CF 67 DC D7 A7 AF AF B8 22 ...F].6.g......"
0010: C3 8B 04 74 D3 B1 60 BC E6 FE B7 44 12 81 5B 31 ...t..`....D..[1
0020: 73 14 63 56 C6 72 2E D1 1A 03 43 5C 38 0A 50 4A s.cV.r....C\8.PJ
0030: 4D CD DA B6 19 A8 F4 99 0D AF E3 F7 D8 F1 75 28 M.............u(
0040: 65 F6 6A FE 9B F4 BD 52 D9 3F CB DA 16 CB A5 9E e.j....R.?......
0050: 2E 8E 66 52 78 3D 26 FA FE 94 36 88 4A 95 5E 2A ..fRx=&...6.J.^*
0060: 4C 19 EF 6E FA 82 3F 2D 03 EF D6 28 B3 37 18 CF L..n..?-...(.7..
0070: 42 B2 34 21 64 47 D3 20 6B 3A 4C DC E6 03 90 0C B.4!dG. k:L.....

]
***
Found trusted certificate:
[
[
Version: V1
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: Sun RSA public key, 1024 bits
modulus: 141400322044550516865173371773024584879899609644618927642375342633349057300960400037232334924701046781298765077061770383151646234219179990772047200045837817821582483532549791304588064624083040538534190301571832597441704620988055765289140138246856927863523873759538652326729606982847841094220861282830980236711
public exponent: 65537
Validity: [From: Sun Jan 28 16:00:00 PST 1996,
To: Tue Aug 01 16:59:59 PDT 2028]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ 70bae41d 10d92934 b638ca7b 03ccbabf]

]
Algorithm: [MD2withRSA]
Signature:
0000: BB 4C 12 2B CF 2C 26 00 4F 14 13 DD A6 FB FC 0A .L.+.,&.O.......
0010: 11 84 8C F3 28 1C 67 92 2F 7C B6 C5 FA DF F0 E8 ....(.g./.......
0020: 95 BC 1D 8F 6C 2C A8 51 CC 73 D8 A4 C0 53 F0 4E ....l,.Q.s...S.N
0030: D6 26 C0 76 01 57 81 92 5E 21 F1 D1 B1 FF E7 D0 .&.v.W..^!......
0040: 21 58 CD 69 17 E3 44 1C 9C 19 44 39 89 5C DC 9C !X.i..D...D9.\..
0050: 00 0F 56 8D 02 99 ED A2 90 45 4C E4 BB 10 A4 3D ..V......EL....=
0060: F0 32 03 0E F1 CE F8 E8 C9 51 8C E6 62 9F E6 9F .2.......Q..b...
0070: C0 7D B7 72 9C C9 36 3A 6B 9F 4E A8 FF 64 0D 64 ...r..6:k.N..d.d

]
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<CN=First Data Digital Certificates Inc. Certification Authority, O=First Data Digital Certificates Inc., C=US>
<EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU>
<CN=GTE CyberTrust Root, O=GTE Corporation, C=US>
<CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US>
<CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, ST=Hungary, C=HU>
<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
<CN=GTE CyberTrust Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>
<CN=NetLock Expressz (Class C) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU>
<CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp.>
<CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 129, 11, 142, 186, 112, 168, 112, 221, 179, 50, 103, 31, 168, 62, 4, 165, 34, 219, 237, 81, 199, 166, 105, 58, 31, 122, 71, 189, 84, 158, 93, 13, 212, 15, 247, 128, 110, 247, 13, 119, 33, 232, 13, 13, 96, 186 }
main, WRITE: TLSv1 Handshake, length = 157
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 81 0B 8E BA 70 A8 70 DD B3 32 67 1F A8 3E ......p.p..2g..>
0010: 04 A5 22 DB ED 51 C7 A6 69 3A 1F 7A 47 BD 54 9E .."..Q..i:.zG.T.
0020: 5D 0D D4 0F F7 80 6E F7 0D 77 21 E8 0D 0D 60 BA ].....n..w!...`.
CONNECTION KEYGEN:
Client Nonce:
0000: 49 09 0C EC AC BA 4B 4D 84 A6 E2 C4 59 6D EB BA I.....KM....Ym..
0010: 7B 30 DC E7 D5 4F C7 8E 05 24 00 93 DD 69 AD F1 .0...O...$...i..
Server Nonce:
0000: 49 09 0D 16 C8 E3 E0 C7 13 18 E1 2A B0 95 23 F9 I..........*..#.
0010: 29 5E DA 06 A3 4B 71 53 5E 03 2F 76 EA 82 92 63 )^...KqS^./v...c
Master Secret:
0000: 05 C8 3B 7D 25 B9 1B 21 B8 95 E1 35 B4 FF 2C 63 ..;.%..!...5..,c
0010: B8 66 4E 6A BF 21 97 0A B3 D0 34 76 C8 0C 99 FB .fNj.!....4v....
0020: FC 7A 15 F8 42 75 5C D7 08 3F 75 2D 64 9F 8C FE .z..Bu\..?u-d...
Client MAC write Secret:
0000: 5F F2 7A BD 8E E8 45 A8 C8 44 B8 96 09 82 D0 FA _.z...E..D......
Server MAC write Secret:
0000: CF F8 64 30 2B 46 A0 AA 9F 7C 45 6D 94 E4 3D 68 ..d0+F....Em..=h
Client write key:
0000: 09 6A 49 DF 6D 90 62 87 E0 13 94 CB E9 22 0B D6 .jI.m.b......"..
Server write key:
0000: 0E 18 A0 D3 6F EA 90 C4 2C C0 0F AF 0E 81 97 E6 ....o...,.......
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 17
*** Finished
verify_data: { 190, 93, 186, 81, 17, 226, 46, 68, 214, 3, 49, 109 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 17
main, READ: TLSv1 Handshake, length = 32
*** Finished
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Client certificate not getting passed to remote server
 
Similar Threads
JaxWs https and certificates
Applets, SSL Sockets, and Certificates
regarding signature algorithm??
Tomcat SSL .Enabling Client authentication with tomcat
Client Certificate not presented when using Sun JDK