[
https://issues.apache.org/jira/browse/HTTPCLIENT-1578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14207013#comment-14207013
]
Oleg Kalnichevski commented on HTTPCLIENT-1578:
-----------------------------------------------
Works fine for me with HttpClient 4.3.6
{code:java}
CloseableHttpClient client = HttpClients.createDefault();
HttpPost req = new HttpPost("https://stash.kreios.lu/rest/rest/doSomething";);
req.addHeader("Content-type", "application/json");
req.setEntity(new StringEntity("{}"));
CloseableHttpResponse response = client.execute(req);
try {
System.out.println(response.getStatusLine());
} finally {
response.close();
}
{code}
{noformat}
trustStore is: /opt/oracle-jdk-1.7.0.60/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 10:36:00 CEST 2006 until Sat Oct 25 10:36:00 CEST 2036
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/,
OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert
Validation Network
Issuer: [email protected], CN=http://www.valicert.com/,
OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert
Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 00:23:48 CEST 1999 until Wed Jun 26 00:23:48 CEST 2019
adding as trusted cert:
Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For
authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For
authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
Valid from Fri Nov 17 01:00:00 CET 2006 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust,
Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.",
C=US
Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust,
Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.",
C=US
Algorithm: RSA; Serial number: 0x456b5054
Valid from Mon Nov 27 21:23:42 CET 2006 until Fri Nov 27 21:53:42 CET 2026
adding as trusted cert:
Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
Valid from Tue May 26 02:00:00 CEST 2009 until Tue May 26 02:00:00 CEST 2020
adding as trusted cert:
Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A.,
SERIALNUMBER=A82743287, L=Madrid (see current address at
www.camerfirma.com/address), C=EU
Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A.,
SERIALNUMBER=A82743287, L=Madrid (see current address at
www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
Valid from Fri Aug 01 14:31:40 CEST 2008 until Sat Jul 31 14:31:40 CEST 2038
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 2, O=America Online
Inc., C=US
Issuer: CN=America Online Root Certification Authority 2, O=America Online
Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 08:00:00 CEST 2002 until Tue Sep 29 16:08:00 CEST 2037
adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust
AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust
AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 12:44:50 CEST 2000 until Sat May 30 12:44:50 CEST 2020
adding as trusted cert:
Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification
Authority, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification
Authority, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x3ab6508b
Valid from Mon Mar 19 19:33:33 CET 2001 until Wed Mar 17 19:33:33 CET 2021
adding as trusted cert:
Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
Valid from Wed Oct 25 10:32:46 CEST 2006 until Sat Oct 25 10:32:46 CEST 2036
adding as trusted cert:
Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems
CO.,LTD.", C=JP
Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems
CO.,LTD.", C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Wed Jun 06 04:12:32 CEST 2007 until Sat Jun 06 04:12:32 CEST 2037
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Mon Jun 21 06:00:00 CEST 1999 until Sun Jun 21 06:00:00 CEST 2020
adding as trusted cert:
Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services
Inc, OU=www.xrampsecurity.com, C=US
Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services
Inc, OU=www.xrampsecurity.com, C=US
Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad
Valid from Mon Nov 01 18:14:04 CET 2004 until Mon Jan 01 06:37:19 CET 2035
adding as trusted cert:
Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
Valid from Wed Oct 25 10:30:35 CEST 2006 until Sat Oct 25 10:30:35 CEST 2036
adding as trusted cert:
Subject: [email protected], CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape
Town, ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape
Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x123df0e7da2a2247a43889e08aeec967
Valid from Mon Jan 01 01:00:00 CET 1996 until Sat Jan 02 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For
authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For
authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb
Valid from Wed Apr 02 02:00:00 CEST 2008 until Wed Dec 02 00:59:59 CET 2037
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.",
O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.",
O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Thu Aug 13 02:29:00 CEST 1998 until Tue Aug 14 01:59:00 CEST 2018
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 20:46:00 CEST 2000 until Tue May 13 01:59:00 CEST 2025
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd
Valid from Mon Jan 29 01:00:00 CET 1996 until Thu Aug 03 01:59:59 CEST 2028
adding as trusted cert:
Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co.,
Ltd.", C=TW
Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co.,
Ltd.", C=TW
Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d
Valid from Mon Dec 20 03:31:27 CET 2004 until Wed Dec 20 03:31:27 CET 2034
adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Fri Nov 10 01:00:00 CET 2006 until Mon Nov 10 01:00:00 CET 2031
adding as trusted cert:
Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x509
Valid from Fri Nov 24 19:27:00 CET 2006 until Mon Nov 24 19:23:33 CET 2031
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 16:01:00 CEST 2000 until Sun May 18 01:59:00 CEST 2025
adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center,
O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center,
O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 12:29:56 CEST 2008 until Sun Oct 02 01:59:59 CEST 2033
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863def8
Valid from Fri Dec 24 18:50:51 CET 1999 until Tue Jul 24 16:15:12 CEST 2029
adding as trusted cert:
Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC
TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC
TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
Valid from Thu Mar 23 15:10:23 CET 2006 until Wed Dec 31 23:59:59 CET 2025
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 2 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 2 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For
authorized use only", O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For
authorized use only", O="thawte, Inc.", C=US
Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756
Valid from Mon Nov 05 01:00:00 CET 2007 until Tue Jan 19 00:59:59 CET 2038
adding as trusted cert:
Subject: [email protected], CN=Thawte Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x34a4fff630af4ca53c331742a1946675
Valid from Thu Aug 01 02:00:00 CEST 1996 until Sat Jan 02 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche
Telekom AG, C=DE
Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche
Telekom AG, C=DE
Algorithm: RSA; Serial number: 0x26
Valid from Fri Jul 09 14:11:00 CEST 1999 until Wed Jul 10 01:59:00 CEST 2019
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 18:09:40 CEST 1999 until Sat May 25 18:39:40 CEST 2019
adding as trusted cert:
Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Thu Mar 04 06:00:00 CET 2004 until Sun Mar 04 06:00:00 CET 2029
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA,
O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA,
O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
Valid from Wed Mar 22 16:54:28 CET 2006 until Wed Dec 31 23:59:59 CET 2025
adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center,
O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center,
O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 12:40:14 CEST 2008 until Sun Oct 02 01:59:59 CEST 2033
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert
Validation Network
Issuer: [email protected], CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert
Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 02:19:54 CEST 1999 until Wed Jun 26 02:19:54 CEST 2019
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Fri Nov 10 01:00:00 CET 2006 until Mon Nov 10 01:00:00 CET 2031
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB,
C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB,
C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 12:38:31 CEST 2000 until Sat May 30 12:38:31 CEST 2020
adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network,
O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network,
O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 12:48:38 CEST 2000 until Sat May 30 12:48:38 CEST 2020
adding as trusted cert:
Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
Valid from Wed Jul 07 19:05:00 CEST 1999 until Sun Jul 07 01:59:59 CEST 2019
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 18:41:51 CEST 1998 until Wed Aug 22 18:41:51 CEST 2018
adding as trusted cert:
Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A.,
SERIALNUMBER=A82743287, L=Madrid (see current address at
www.camerfirma.com/address), C=EU
Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A.,
SERIALNUMBER=A82743287, L=Madrid (see current address at
www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda
Valid from Fri Aug 01 14:29:50 CEST 2008 until Sat Jul 31 14:29:50 CEST 2038
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Thu Jan 01 01:00:00 CET 2004 until Mon Jan 01 00:59:59 CET 2029
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 06:00:00 CEST 1999 until Sun Jun 21 06:00:00 CEST 2020
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield
Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield
Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 19:39:16 CEST 2004 until Thu Jun 29 19:39:16 CEST 2034
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 1 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 1 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc,
C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc,
C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Fri Nov 10 01:00:00 CET 2006 until Mon Nov 10 01:00:00 CET 2031
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x40000000001154b5ac394
Valid from Tue Sep 01 14:00:00 CEST 1998 until Fri Jan 28 13:00:00 CET 2028
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 3 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 3 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x5c6
Valid from Fri Nov 24 20:11:23 CET 2006 until Mon Nov 24 20:06:44 CET 2031
adding as trusted cert:
Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Algorithm: RSA; Serial number: 0x10020
Valid from Tue Jun 11 12:46:39 CEST 2002 until Fri Jun 11 12:46:39 CEST 2027
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 09:00:00 CET 2006 until Wed Dec 15 09:00:00 CET 2021
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954
Valid from Thu Aug 01 02:00:00 CEST 1996 until Sat Jan 02 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
Valid from Tue Nov 07 20:31:18 CET 2006 until Mon Dec 31 20:40:55 CET 2029
adding as trusted cert:
Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC
Camerfirma SA CIF A82743287, C=EU
Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC
Camerfirma SA CIF A82743287, C=EU
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 18:13:43 CEST 2003 until Wed Sep 30 18:13:44 CEST 2037
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust,
Inc. - for authorized use only", OU=See www.entrust.net/legal-terms,
O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust,
Inc. - for authorized use only", OU=See www.entrust.net/legal-terms,
O="Entrust, Inc.", C=US
Algorithm: RSA; Serial number: 0x4a538c28
Valid from Tue Jul 07 19:25:54 CEST 2009 until Sat Dec 07 18:55:54 CET 2030
adding as trusted cert:
Subject: CN=Class 3P Primary CA, O=Certplus, C=FR
Issuer: CN=Class 3P Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879
Valid from Wed Jul 07 19:10:00 CEST 1999 until Sun Jul 07 01:59:59 CEST 2019
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,
OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,
OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
Valid from Wed Nov 08 01:00:00 CET 2006 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008
VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network,
O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008
VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network,
O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d
Valid from Wed Apr 02 02:00:00 CEST 2008 until Wed Dec 02 00:59:59 CET 2037
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 06:00:00 CEST 2002 until Sat May 21 06:00:00 CEST 2022
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Mon Jan 29 01:00:00 CET 1996 until Thu Aug 03 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority,
O=Unizeto Technologies S.A., C=PL
Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority,
O=Unizeto Technologies S.A., C=PL
Algorithm: RSA; Serial number: 0x444c0
Valid from Wed Oct 22 14:07:37 CEST 2008 until Mon Dec 31 13:07:37 CET 2029
adding as trusted cert:
Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 06:20:49 CEST 2003 until Sat Sep 30 06:20:49 CEST 2023
adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 12:49:13 CEST 2001 until Tue Apr 06 12:49:13 CEST 2021
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group,
Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group,
Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 19:06:20 CEST 2004 until Thu Jun 29 19:06:20 CEST 2034
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email,
OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT,
C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email,
OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT,
C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 19:28:50 CEST 1999 until Tue Jul 09 19:36:58 CEST 2019
adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 20:10:42 CEST 1999 until Tue Jul 09 20:19:22 CEST 2019
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
Valid from Mon Nov 27 01:00:00 CET 2006 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Algorithm: RSA; Serial number: 0x4000000000121585308a2
Valid from Wed Mar 18 11:00:00 CET 2009 until Sun Mar 18 11:00:00 CET 2029
adding as trusted cert:
Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
Algorithm: RSA; Serial number: 0x2
Valid from Tue Oct 26 10:28:58 CEST 2010 until Fri Oct 26 10:28:58 CEST 2040
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007
GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007
GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b
Valid from Mon Nov 05 01:00:00 CET 2007 until Tue Jan 19 00:59:59 CET 2038
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online
Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online
Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 08:00:00 CEST 2002 until Thu Nov 19 21:43:00 CET 2037
adding as trusted cert:
Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
Algorithm: RSA; Serial number: 0x2
Valid from Tue Oct 26 10:38:03 CEST 2010 until Fri Oct 26 10:38:03 CEST 2040
adding as trusted cert:
Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.",
C=JP
Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.",
C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Fri May 29 07:00:39 CEST 2009 until Tue May 29 07:00:39 CEST 2029
adding as trusted cert:
Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte,
L=Durbanville, ST=Western Cape, C=ZA
Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte,
L=Durbanville, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Wed Jan 01 01:00:00 CET 1997 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008
GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008
GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f
Valid from Wed Apr 02 02:00:00 CEST 2008 until Wed Dec 02 00:59:59 CET 2037
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,
OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,
OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3
Valid from Mon Nov 05 01:00:00 CET 2007 until Tue Jan 19 00:59:59 CET 2038
adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 20:31:20 CEST 1999 until Tue Jul 09 20:40:36 CEST 2019
adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST
Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST
Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 20:57:21 CEST 1999 until Mon Jun 24 21:06:30 CEST 2019
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 09:29:40 CEST 2001 until Tue Apr 06 09:29:40 CEST 2021
adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC
TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC
TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 15:38:43 CET 2006 until Wed Dec 31 23:59:59 CET 2025
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1415738371 bytes = { 142, 35, 235, 222, 178, 32, 107, 248,
26, 57, 167, 60, 178, 109, 162, 90, 180, 157, 217, 170, 232, 157, 220, 55, 187,
43, 222, 195 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1,
sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1,
secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1,
secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: stash.kreios.lu]
***
main, WRITE: TLSv1 Handshake, length = 173
main, READ: TLSv1 Handshake, length = 85
*** ServerHello, TLSv1
RandomCookie: GMT: 1135692965 bytes = { 242, 131, 238, 97, 102, 233, 134, 192,
86, 130, 232, 15, 191, 215, 227, 210, 53, 79, 193, 87, 2, 182, 94, 194, 72,
176, 180, 238 }
Session ID: {41, 253, 146, 124, 50, 119, 157, 232, 144, 38, 247, 5, 215, 17,
212, 32, 138, 65, 150, 130, 54, 41, 224, 237, 235, 106, 164, 165, 248, 94, 197,
100}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension server_name, server_name:
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
main, READ: TLSv1 Handshake, length = 2321
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=*.kreios.lu, OU=Domain Control Validated - RapidSSL(R), OU=See
www.rapidssl.com/resources/cps (c)14, OU=GT98629041,
SERIALNUMBER=LwCTQJjJj94odszLnywxXW0AJcv0vdlc
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus:
23565922992085821656930722674965112183458320536346901741114331708503785639426463108571431619105613182196488119836208855587465265465610179045083174249306975271812427161792485472624597025039518033246447498374323638200252524162641503437495928081349851950799743399527064007857635646036352343696154117496116548104357282260574037340166099449496354261574926010855858074464127436108972650175671853440826264843750506782756313148616861172777582404729630762180663489559536616186351192890554184344561240477810886902348997360771924005017873248871558373777928415907947067977840123243076343058099321454343949908455052851461917053327
public exponent: 65537
Validity: [From: Mon Jan 06 00:14:04 CET 2014,
To: Sat Jan 07 19:54:13 CET 2017]
Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
SerialNumber: [ 0fef41]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://rapidssl-ocsp.geotrust.com
,
accessMethod: caIssuers
accessLocation: URIName: http://rapidssl-aia.geotrust.com/rapidssl.crt
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6B 69 3D 6A 18 42 4A DD 8F 02 65 39 FD 35 24 86 ki=j.BJ...e9.5$.
0010: 78 91 16 30 x..0
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://rapidssl-crl.geotrust.com/crls/rapidssl.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 67 65 6F
.%http://www.geo
0010: 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 72 trust.com/resour
0020: 63 65 73 2F 63 70 73 ces/cps
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.kreios.lu
DNSName: kreios.lu
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 75 18 00 32 3C 73 A9 A1 B0 A4 E7 D7 8A B8 2E C1 u..2<s..........
0010: 4E 9D 73 EE N.s.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 79 E8 0C 42 BF AE 82 01 85 52 81 82 1B 57 6F 91 y..B.....R...Wo.
0010: 7B D5 E1 56 09 C6 7A DF 35 76 1B 53 2D 71 5D 14 ...V..z.5v.S-q].
0020: 72 51 87 D4 B5 CA F0 97 9D 7A 9C CF 0E F2 4C F1 rQ.......z....L.
0030: 19 06 DE 86 29 C0 B8 82 38 04 26 B7 0C BA 74 96 ....)...8.&...t.
0040: 02 1F 8D 61 3F 00 BA 7D 00 68 06 A7 49 7C BD D6 ...a?....h..I...
0050: F9 27 EC F4 5D ED 5D 6A D2 29 33 6B C9 F2 80 82 .'..].]j.)3k....
0060: E9 36 7E B7 AB D6 FF F4 1B 09 D8 DE 55 CA 9D C1 .6..........U...
0070: A2 A2 66 D2 DC 8E 59 53 2C 8B 4B 58 3E 1F 0F 19 ..f...YS,.KX>...
0080: 49 61 D2 EA 3A 4A E5 E3 E4 DD 9B 48 6F 6E 20 31 Ia..:J.....Hon 1
0090: CA E3 DF 6E DE 1D 08 EB 14 75 81 06 07 B5 D1 70 ...n.....u.....p
00A0: A5 24 59 0B BA 03 A8 B6 00 43 2E 37 77 0A 5B AF .$Y......C.7w.[.
00B0: B7 7C ED 58 1C A3 CA 0C FE 5E 05 D1 FA 45 A3 99 ...X.....^...E..
00C0: 65 5C 9B B6 9E 2D D9 56 A1 43 C4 5E 84 37 00 CB e\...-.V.C.^.7..
00D0: FD 9C CF E2 BE 70 15 48 A8 50 05 E9 87 1A DD 5F .....p.H.P....._
00E0: D0 F8 42 9E F0 47 A7 AA C3 9F 0B A1 10 EA BA 0E ..B..G..........
00F0: A5 40 EE C8 C2 83 B7 58 90 A4 39 99 BF 70 AB 66 [email protected]
]
chain [1] = [
[
Version: V3
Subject: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus:
25177623426426588132550125218451080465037374253763385069594664996390516327122820009804732518410437841466200602026190775653811606262211330024744533415253065658804469600333697112566893139869278480710101856063907377070241281954361950936190589407992349738968504563083768782249626497805396324086205697290695906640029705073288923885755650556319209257015216085103359829636265775278295669198618016055494382778675954362588901496544858178526707401301199035612812475115850714604573928246891856483139737198313331065128475659082226861581835719707320595915248950066186093729765088283424562125415470588728765078683484272608855281803
public exponent: 65537
Validity: [From: Fri Feb 19 23:45:05 CET 2010,
To: Tue Feb 18 23:45:05 CET 2020]
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
SerialNumber: [ 0236d1]
Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.geotrust.com
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e
0010: B8 CA CC 4E ...N
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.geotrust.com/crls/gtglobal.crl]
]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6B 69 3D 6A 18 42 4A DD 8F 02 65 39 FD 35 24 86 ki=j.BJ...e9.5$.
0010: 78 91 16 30 x..0
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: AB BC BC 0A 5D 18 94 E3 C1 B1 C3 A8 4C 55 D6 BE ....].......LU..
0010: B4 98 F1 EE 3C 1C CD CF F3 24 24 5C 96 03 27 58 ....<....$$\..'X
0020: FC 36 AE A2 2F 8F F1 FE DA 2B 02 C3 33 BD C8 DD .6../....+..3...
0030: 48 22 2B 60 0F A5 03 10 FD 77 F8 D0 ED 96 67 4F H"+`.....w....gO
0040: FD EA 47 20 70 54 DC A9 0C 55 7E E1 96 25 8A D9 ..G pT...U...%..
0050: B5 DA 57 4A BE 8D 8E 49 43 63 A5 6C 4E 27 87 25 ..WJ...ICc.lN'.%
0060: EB 5B 6D FE A2 7F 38 28 E0 36 AB AD 39 A5 A5 62 .[m...8(.6..9..b
0070: C4 B7 5C 58 2C AA 5D 01 60 A6 62 67 A3 C0 C7 62 ..\X,.].`.bg...b
0080: 23 F4 E7 6C 46 EE B5 D3 80 6A 22 13 D2 2D 3F 74 #..lF....j"..-?t
0090: 4F EA AF 8C 5F B4 38 9C DB AE CE AF 84 1E A6 F6 O..._.8.........
00A0: 34 51 59 79 D3 E3 75 DC BC D7 F3 73 DF 92 EC D2 4QYy..u....s....
00B0: 20 59 6F 9C FB 95 F8 92 76 18 0A 7C 0F 2C A6 CA Yo.....v....,..
00C0: DE 8A 62 7B D8 F3 CE 5F 68 BD 8F 3E C1 74 BB 15 ..b...._h..>.t..
00D0: 72 3A 16 83 A9 0B E6 4D 99 9C D8 57 EC A8 01 51 r:.....M...W...Q
00E0: C7 6F 57 34 5E AB 4A 2C 42 F6 4F 1C 89 78 DE 26 .oW4^.J,B.O..x.&
00F0: 4E F5 6F 93 4C 15 6B 27 56 4D 00 54 6C 7A B7 B7 N.o.L.k'VM.Tlz..
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus:
27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953
public exponent: 65537
Validity: [From: Tue May 21 06:00:00 CEST 2002,
To: Sat May 21 06:00:00 CEST 2022]
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
SerialNumber: [ 023456]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e
0010: B8 CA CC 4E ...N
]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e
0010: B8 CA CC 4E ...N
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 35 E3 29 6A E5 2F 5D 54 8E 29 50 94 9F 99 1A 14 5.)j./]T.)P.....
0010: E4 8F 78 2A 62 94 A2 27 67 9E D0 CF 1A 5E 47 E9 ..x*b..'g....^G.
0020: C1 B2 A4 CF DD 41 1A 05 4E 9B 4B EE 4A 6F 55 52 .....A..N.K.JoUR
0030: B3 24 A1 37 0A EB 64 76 2A 2E 2C F3 FD 3B 75 90 .$.7..dv*.,..;u.
0040: BF FA 71 D8 C7 3D 37 D2 B5 05 95 62 B9 A6 DE 89 ..q..=7....b....
0050: 3D 36 7B 38 77 48 97 AC A6 20 8F 2E A6 C9 0C C2 =6.8wH... ......
0060: B2 99 45 00 C7 CE 11 51 22 22 E0 A5 EA B6 15 48 ..E....Q"".....H
0070: 09 64 EA 5E 4F 74 F7 05 3E C7 8A 52 0C DB 15 B4 .d.^Ot..>..R....
0080: BD 6D 9B E5 C6 B1 54 68 A9 E3 69 90 B6 9A A5 0F .m....Th..i.....
0090: B8 B9 3F 20 7D AE 4A B5 B8 9C E4 1D B6 AB E6 94 ..? ..J.........
00A0: A5 C1 C7 83 AD DB F5 27 87 0E 04 6C D5 FF DD A0 .......'...l....
00B0: 5D ED 87 52 B7 2B 15 02 AE 39 A6 6A 74 E9 DA C4 ]..R.+...9.jt...
00C0: E7 BC 4D 34 1E A9 5C 4D 33 5F 92 09 2F 88 66 5D ..M4..\M3_../.f]
00D0: 77 97 C7 1D 76 13 A9 D5 E5 F1 16 09 11 35 D5 AC w...v........5..
00E0: DB 24 71 70 2C 98 56 0B D9 17 B4 D1 E3 51 2B 5E .$qp,.V......Q+^
00F0: 75 E8 D5 D0 DC 4F 34 ED C2 05 66 80 A1 CB E6 33 u....O4...f....3
]
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 08 FD BB CC A6 E4 14 57 12 4E EF 2A 26 3A .........W.N.*&:
0010: 21 11 D6 DA B9 DC 1A 93 71 D6 82 FC BD 08 22 14 !.......q.....".
0020: 01 66 6A 10 C5 57 83 D3 23 7F CD 5B DF F5 0C 0F .fj..W..#..[....
CONNECTION KEYGEN:
Client Nonce:
0000: 54 62 74 03 8E 23 EB DE B2 20 6B F8 1A 39 A7 3C Tbt..#... k..9.<
0010: B2 6D A2 5A B4 9D D9 AA E8 9D DC 37 BB 2B DE C3 .m.Z.......7.+..
Server Nonce:
0000: 44 B1 4D A5 F2 83 EE 61 66 E9 86 C0 56 82 E8 0F D.M....af...V...
0010: BF D7 E3 D2 35 4F C1 57 02 B6 5E C2 48 B0 B4 EE ....5O.W..^.H...
Master Secret:
0000: D5 C4 35 01 37 2C BD A3 E5 5E D8 30 2D 59 42 5D ..5.7,...^.0-YB]
0010: DE 1F 3E 2B CD 41 C1 80 A5 90 69 78 6F 46 80 5D ..>+.A....ixoF.]
0020: D6 22 5D 79 EA 1C 62 9A A7 70 34 71 A7 9B 57 83 ."]y..b..p4q..W.
Client MAC write Secret:
0000: 05 87 A9 7F 8A AB D0 62 3B 86 1F 50 B9 B8 AD 77 .......b;..P...w
0010: A4 42 43 41 .BCA
Server MAC write Secret:
0000: 9F C7 4E 83 92 2F CA 41 11 C0 F5 C6 91 0F 1E E5 ..N../.A........
0010: BE 14 76 7E ..v.
Client write key:
0000: 4C A6 82 DB C3 70 53 C3 67 D1 0B 5C 25 52 82 80 L....pS.g..\%R..
Server write key:
0000: F0 D9 67 FA 17 D9 23 F9 46 3D 70 76 28 E0 F2 5D ..g...#.F=pv(..]
Client write IV:
0000: 78 15 E2 F7 5B 14 2D 17 D0 87 7E 8F B7 77 20 9F x...[.-......w .
Server write IV:
0000: 25 31 49 47 7D C4 8A 4C 50 47 16 92 17 32 68 6D %1IG...LPG...2hm
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 253, 15, 232, 72, 128, 43, 126, 32, 99, 227, 122, 46 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data: { 75, 88, 57, 157, 73, 113, 196, 161, 149, 247, 56, 211 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
[DEBUG] wire - http-outgoing-0 >> "POST /rest/rest/doSomething HTTP/1.1[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Content-type: application/json[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Content-Length: 2[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Host: stash.kreios.lu[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.3.5 (java
1.5)[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "{}"
main, WRITE: TLSv1 Application Data, length = 240
main, READ: TLSv1 Application Data, length = 32
main, READ: TLSv1 Application Data, length = 432
[DEBUG] wire - http-outgoing-0 << "HTTP/1.1 404 Not Found[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "server: Apache-Coyote/1.1[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-arequestid: @1S7W3NIx1299x28813x0[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-asen: SEN-2988886[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-xss-protection: 1; mode=block[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-frame-options: SAMEORIGIN[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-content-type-options: nosniff[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "content-type:
text/html;charset=UTF-8[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "content-language: en-US[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "transfer-encoding: chunked[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "content-encoding: gzip[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "Vary: Accept-Encoding[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "date: Tue, 11 Nov 2014 20:39:31 GMT[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "connection: close[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "[\r][\n]"
HTTP/1.1 404 Not Found
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT: warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 32
main, called closeSocket(selfInitiated)
{noformat}
> Regression between v4.1 and v4.1.1 regarding validation of SSL certificates
> for servers with multiple VirtualHost serving HTTPS
> -------------------------------------------------------------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1578
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1578
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Reporter: Richard Comblen
>
> We have a service provider hosting a web application (Atlassian Stash) behind
> https proxy. The server hosting this proxy hosts other VirtualHosts using
> https.
> We have a client application (Jenkins) submitting POST requests to that
> application using the httpclient library.
> We realized that starting with version 4.1.1 of the library, we get an SSL
> exception related to hostname verification.
> I've created a minimal example hosted on GitHub:
> https://github.com/rcomblen/HttpClientRegressionTest
> Debugging, you will see that the only certificate retrieved by the SSLSocket
> object corresponds to atlashost.eu (the hosting provider) and not *.kreios.lu
> (our own certificate).
> It seems the library behaves like the openssl command line if you miss the
> -servername argument:
> {code}
> $ openssl s_client -connect stash.kreios.lu:443 2>/dev/null | grep subject
> subject=/description=p7VPQDLL2DWTo7A5/C=PL/ST=Gdansk/L=Gniew/O=Damian
> Nowak/CN=*.atlashost.eu/[email protected]
> $ openssl s_client -connect stash.kreios.lu:443 -servername stash.kreios.lu
> 2>/dev/null | grep subject
> subject=/serialNumber=LwCTQJjJj94odszLnywxXW0AJcv0vdlc/OU=GT98629041/OU=See
> www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated -
> RapidSSL(R)/CN=*.kreios.lu
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
