Jim,
Here's how I obtain my keystore files:
1. I have a client certificate information in p12 format. I then
imported it into a keystore file as key entry using sun security tool-
pkcs12import (xws-security).
2. I also have the trusted Key store file that I imported the .pem file
as trusted entry using the keytool utility
3. server (openSSL) requires the client certificate to be sent in. The
client certificate that I send in is signed by the root certificate
which exists on the server. Therefore the client should be trusted
Below is the debug trace:
trigger seeding of SecureRandom
done seeding SecureRandom
JsseJce: Using cipher AES/CBC/NoPadding from provider SunJCE
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1176916508 bytes = { 130, 86, 33, 206, 109, 117, 37,
96, 234, 191, 235, 56, 229, 90, 43, 166, 20, 202, 189, 44, 123, 159, 53,
248, 13, 50, 13, 127 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_NULL_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 67
0000: 01 00 00 3F 03 01 46 26 52 1C 82 56 21 CE 6D 75
...?..F&R..V!.mu
0010: 25 60 EA BF EB 38 E5 5A 2B A6 14 CA BD 2C 7B 9F
%`...8.Z+....,..
0020: 35 F8 0D 32 0D 7F 00 00 18 00 05 00 04 00 2F 00
5..2........../.
0030: 0A 00 13 00 09 00 12 00 03 00 11 00 32 00 01 00
............2...
0040: 02 01 00 ...
main, WRITE: TLSv1 Handshake, length = 67
[write] MD5 and SHA1 hashes: len = 89
0000: 01 03 01 00 30 00 00 00 20 00 00 05 00 00 04 01 ....0...
.......
0010: 00 80 00 00 2F 00 00 0A 07 00 C0 00 00 13 00 00
..../...........
0020: 09 06 00 40 00 00 12 00 00 03 02 00 80 00 00 11
[EMAIL PROTECTED]
0030: 00 00 32 00 00 01 00 00 02 46 26 52 1C 82 56 21
..2......F&R..V!
0040: CE 6D 75 25 60 EA BF EB 38 E5 5A 2B A6 14 CA BD
.mu%`...8.Z+....
0050: 2C 7B 9F 35 F8 0D 32 0D 7F ,..5..2..
main, WRITE: SSLv2 client hello message, length = 89
main, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1176916541 bytes = { 45, 229, 111, 4, 214, 4, 165,
223, 225, 54, 122, 132, 33, 91, 145, 240, 233, 49, 201, 33, 9, 181, 230,
193, 255, 149, 175, 33 }
Session ID: {2, 18, 90, 147, 29, 80, 116, 91, 86, 137, 193, 208, 108,
46, 253, 8, 116, 148, 142, 161, 214, 52, 109, 80, 5, 46, 143, 80, 163,
109, 41, 137}
Cipher Suite: SSL_RSA_WITH_RC4_128_SHA
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 46 26 52 3D 2D E5 6F 04 D6 04
...F..F&R=-.o...
0010: A5 DF E1 36 7A 84 21 5B 91 F0 E9 31 C9 21 09 B5
...6z.![...1.!..
0020: E6 C1 FF 95 AF 21 20 02 12 5A 93 1D 50 74 5B 56 .....!
..Z..Pt[V
0030: 89 C1 D0 6C 2E FD 08 74 94 8E A1 D6 34 6D 50 05
...l...t....4mP.
0040: 2E 8F 50 A3 6D 29 89 00 05 00 ..P.m)....
main, READ: TLSv1 Handshake, length = 1119
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=clldc-s-6132.americas.shell.com
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
9afb9a44 afcf2f0b b3c3f393 e0f85e70 f0ef360f 85ac5da1 ed544578
1f932a01
cc169455 99b2afa2 0018350a ce20c32f 8f690585 bd1c5bf8 7d716371
35f1beaa
046e05d0 6f1de025 d3802157 1feeab55 9dfce57f babafbe5 b66e7553
2038971d
b7b7c4cd 66e65a60 ea1bff9d 52b82b82 f72bcf6a 0ba6d4c5 445345d6
880a775b
Validity: [From: Tue Apr 03 07:59:53 PDT 2007,
To: Thu Apr 02 09:09:53 PDT 2009]
Issuer: CN=root.CRLL7GW1.americas.shell.com
SerialNumber: [ 71243ff9 a5ad8a62]
Certificate Extensions: 4
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DF E4 67 63 0A 25 4B 94 7B 7E 4C CD FC CD 5E 93
..gc.%K...L...^.
0010: E3 EA AC DF ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 49 1C 70 5F 48 41 09 95 DB 37 7B A7 82 B0 6F 92
I.p_HA...7....o.
0010: 4C EA E9 B9 L...
]
]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 5E 20 62 30 FB B1 A4 C6 5D 22 6C 03 B0 04 DB 5C ^
b0....]"l....\
0010: 1E F7 63 0C 12 49 0F D7 5E 60 57 20 40 7A 9F 40 ..c..I..^`W
@z.@
0020: B5 70 17 F3 13 D9 8D 61 BB 2A 01 D0 B3 1F A0 F4
.p.....a.*......
0030: D1 AF 83 DD 44 DF 5E 32 8B C4 E8 50 E3 6E AE F7
....D.^2...P.n..
0040: 35 F4 1D 2F AD 37 CB 4F 20 04 B6 D3 60 55 23 6B 5../.7.O
...`U#k
0050: 47 47 08 23 1F CD C7 5D 06 B0 7D 5D B3 85 11 3D
GG.#...]...]...=
0060: 65 F8 14 D3 31 FE 45 0F A3 43 E8 3D 80 ED D9 B9
e...1.E..C.=....
0070: 79 48 EE 68 13 47 16 02 F1 85 6D 00 D5 06 5C E2
yH.h.G....m...\.
]
chain [1] = [
[
Version: V3
Subject: CN=root.CRLL7GW1.americas.shell.com
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
9e7c1b01 b6cb4c3c 87bc3c8c 515af85b dcdd7449 a3ab89b3 ece41931
b9e061f0
f5d407f6 75d69100 ec1b4248 190c0c37 fdb0220b d29a9b44 fba57e3c
63e0fa12
943c3fb8 b0673e05 30406ebd cd956767 33cc64b1 16d033f2 2dd89e0a
f19b1e7c
36138f89 8b7c4d98 c7dd4d48 37f44b4e 7e6489f6 21c46e41 0118a034
2a5dc6fd
Validity: [From: Mon Feb 12 13:11:30 PST 2007,
To: Sat Feb 11 13:21:30 PST 2012]
Issuer: CN=root.CRLL7GW1.americas.shell.com
SerialNumber: [ 29cc6764 d1050f56]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 49 1C 70 5F 48 41 09 95 DB 37 7B A7 82 B0 6F 92
I.p_HA...7....o.
0010: 4C EA E9 B9 L...
]
]
[2]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 13 62 7E 05 2A 0C 1F 42 AB CC 2F 23 CE 33 06 7C
.b..*..B../#.3..
0010: 65 C5 10 E8 F2 B3 3F 66 86 42 36 FD 5D 6C C4 89
e.....?f.B6.]l..
0020: 55 BB 29 DD 82 71 E8 70 99 9E 72 7C F8 32 7A 6B
U.)..q.p..r..2zk
0030: B0 B6 E5 EF 71 4C 4E 87 B7 07 E4 F9 D7 86 B2 D8
....qLN.........
0040: A6 E4 07 95 9D 89 76 70 D9 CC 55 AE 0D CC B3 CF
......vp..U.....
0050: 03 4D 4B 68 AD AF F0 A8 CD 02 0B 71 30 2D 6D D6
.MKh.......q0-m.
0060: 27 8A 9D 2A 9D 82 AE 44 6E 58 CE A6 AB 22 C2 B0
'..*...DnX..."..
0070: 66 2E 12 D8 0F 7D 86 2F 66 70 91 8B C6 92 B3 AA
f....../fp......
]
***
[read] MD5 and SHA1 hashes: len = 1119
0000: 0B 00 04 5B 00 04 58 00 02 36 30 82 02 32 30 82
...[..X..60..20.
0010: 01 9B A0 03 02 01 02 02 08 71 24 3F F9 A5 AD 8A
.........q$?....
0020: 62 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00
b0...*.H........
0030: 30 2B 31 29 30 27 06 03 55 04 03 0C 20 72 6F 6F 0+1)0'..U...
roo
0040: 74 2E 43 52 4C 4C 37 47 57 31 2E 61 6D 65 72 69
t.CRLL7GW1.ameri
0050: 63 61 73 2E 73 68 65 6C 6C 2E 63 6F 6D 30 1E 17
cas.shell.com0..
0060: 0D 30 37 30 34 30 33 31 34 35 39 35 33 5A 17 0D
.070403145953Z..
0070: 30 39 30 34 30 32 31 36 30 39 35 33 5A 30 2A 31
090402160953Z0*1
0080: 28 30 26 06 03 55 04 03 0C 1F 63 6C 6C 64 63 2D
(0&..U....clldc-
0090: 73 2D 36 31 33 32 2E 61 6D 65 72 69 63 61 73 2E
s-6132.americas.
00A0: 73 68 65 6C 6C 2E 63 6F 6D 30 81 9F 30 0D 06 09
shell.com0..0...
00B0: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30
*.H............0
00C0: 81 89 02 81 81 00 9A FB 9A 44 AF CF 2F 0B B3 C3
.........D../...
00D0: F3 93 E0 F8 5E 70 F0 EF 36 0F 85 AC 5D A1 ED 54
....^p..6...]..T
00E0: 45 78 1F 93 2A 01 CC 16 94 55 99 B2 AF A2 00 18
Ex..*....U......
00F0: 35 0A CE 20 C3 2F 8F 69 05 85 BD 1C 5B F8 7D 71 5..
./.i....[..q
0100: 63 71 35 F1 BE AA 04 6E 05 D0 6F 1D E0 25 D3 80
cq5....n..o..%..
0110: 21 57 1F EE AB 55 9D FC E5 7F BA BA FB E5 B6 6E
!W...U.........n
0120: 75 53 20 38 97 1D B7 B7 C4 CD 66 E6 5A 60 EA 1B uS
8......f.Z`..
0130: FF 9D 52 B8 2B 82 F7 2B CF 6A 0B A6 D4 C5 44 53
..R.+..+.j....DS
0140: 45 D6 88 0A 77 5B 02 03 01 00 01 A3 60 30 5E 30
E...w[......`0^0
0150: 0C 06 03 55 1D 13 01 01 FF 04 02 30 00 30 0E 06
...U.......0.0..
0160: 03 55 1D 0F 01 01 FF 04 04 03 02 05 E0 30 1D 06
.U...........0..
0170: 03 55 1D 0E 04 16 04 14 DF E4 67 63 0A 25 4B 94
.U........gc.%K.
0180: 7B 7E 4C CD FC CD 5E 93 E3 EA AC DF 30 1F 06 03
..L...^.....0...
0190: 55 1D 23 04 18 30 16 80 14 49 1C 70 5F 48 41 09
U.#..0...I.p_HA.
01A0: 95 DB 37 7B A7 82 B0 6F 92 4C EA E9 B9 30 0D 06
..7....o.L...0..
01B0: 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 81 81 00
.*.H............
01C0: 5E 20 62 30 FB B1 A4 C6 5D 22 6C 03 B0 04 DB 5C ^
b0....]"l....\
01D0: 1E F7 63 0C 12 49 0F D7 5E 60 57 20 40 7A 9F 40 ..c..I..^`W
@z.@
01E0: B5 70 17 F3 13 D9 8D 61 BB 2A 01 D0 B3 1F A0 F4
.p.....a.*......
01F0: D1 AF 83 DD 44 DF 5E 32 8B C4 E8 50 E3 6E AE F7
....D.^2...P.n..
0200: 35 F4 1D 2F AD 37 CB 4F 20 04 B6 D3 60 55 23 6B 5../.7.O
...`U#k
0210: 47 47 08 23 1F CD C7 5D 06 B0 7D 5D B3 85 11 3D
GG.#...]...]...=
0220: 65 F8 14 D3 31 FE 45 0F A3 43 E8 3D 80 ED D9 B9
e...1.E..C.=....
0230: 79 48 EE 68 13 47 16 02 F1 85 6D 00 D5 06 5C E2
yH.h.G....m...\.
0240: 00 02 1C 30 82 02 18 30 82 01 81 A0 03 02 01 02
...0...0........
0250: 02 08 29 CC 67 64 D1 05 0F 56 30 0D 06 09 2A 86
..).gd...V0...*.
0260: 48 86 F7 0D 01 01 05 05 00 30 2B 31 29 30 27 06
H........0+1)0'.
0270: 03 55 04 03 13 20 72 6F 6F 74 2E 43 52 4C 4C 37 .U...
root.CRLL7
0280: 47 57 31 2E 61 6D 65 72 69 63 61 73 2E 73 68 65
GW1.americas.she
0290: 6C 6C 2E 63 6F 6D 30 1E 17 0D 30 37 30 32 31 32
ll.com0...070212
02A0: 32 31 31 31 33 30 5A 17 0D 31 32 30 32 31 31 32
211130Z..1202112
02B0: 31 32 31 33 30 5A 30 2B 31 29 30 27 06 03 55 04
12130Z0+1)0'..U.
02C0: 03 13 20 72 6F 6F 74 2E 43 52 4C 4C 37 47 57 31 ..
root.CRLL7GW1
02D0: 2E 61 6D 65 72 69 63 61 73 2E 73 68 65 6C 6C 2E
.americas.shell.
02E0: 63 6F 6D 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D
com0..0...*.H...
02F0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00
.........0......
0300: 9E 7C 1B 01 B6 CB 4C 3C 87 BC 3C 8C 51 5A F8 5B
......L<..<.QZ.[
0310: DC DD 74 49 A3 AB 89 B3 EC E4 19 31 B9 E0 61 F0
..tI.......1..a.
0320: F5 D4 07 F6 75 D6 91 00 EC 1B 42 48 19 0C 0C 37
....u.....BH...7
0330: FD B0 22 0B D2 9A 9B 44 FB A5 7E 3C 63 E0 FA 12
.."....D...<c...
0340: 94 3C 3F B8 B0 67 3E 05 30 40 6E BD CD 95 67 67
.<?..g>[EMAIL PROTECTED]
0350: 33 CC 64 B1 16 D0 33 F2 2D D8 9E 0A F1 9B 1E 7C
3.d...3.-.......
0360: 36 13 8F 89 8B 7C 4D 98 C7 DD 4D 48 37 F4 4B 4E
6.....M...MH7.KN
0370: 7E 64 89 F6 21 C4 6E 41 01 18 A0 34 2A 5D C6 FD
.d..!.nA...4*]..
0380: 02 03 01 00 01 A3 45 30 43 30 12 06 03 55 1D 13
......E0C0...U..
0390: 01 01 FF 04 08 30 06 01 01 FF 02 01 02 30 0E 06
.....0.......0..
03A0: 03 55 1D 0F 01 01 FF 04 04 03 02 02 04 30 1D 06
.U...........0..
03B0: 03 55 1D 0E 04 16 04 14 49 1C 70 5F 48 41 09 95
.U......I.p_HA..
03C0: DB 37 7B A7 82 B0 6F 92 4C EA E9 B9 30 0D 06 09
.7....o.L...0...
03D0: 2A 86 48 86 F7 0D 01 01 05 05 00 03 81 81 00 13
*.H.............
03E0: 62 7E 05 2A 0C 1F 42 AB CC 2F 23 CE 33 06 7C 65
b..*..B../#.3..e
03F0: C5 10 E8 F2 B3 3F 66 86 42 36 FD 5D 6C C4 89 55
.....?f.B6.]l..U
0400: BB 29 DD 82 71 E8 70 99 9E 72 7C F8 32 7A 6B B0
.)..q.p..r..2zk.
0410: B6 E5 EF 71 4C 4E 87 B7 07 E4 F9 D7 86 B2 D8 A6
...qLN..........
0420: E4 07 95 9D 89 76 70 D9 CC 55 AE 0D CC B3 CF 03
.....vp..U......
0430: 4D 4B 68 AD AF F0 A8 CD 02 0B 71 30 2D 6D D6 27
MKh.......q0-m.'
0440: 8A 9D 2A 9D 82 AE 44 6E 58 CE A6 AB 22 C2 B0 66
..*...DnX..."..f
0450: 2E 12 D8 0F 7D 86 2F 66 70 91 8B C6 92 B3 AA ....../fp......
main, READ: TLSv1 Handshake, length = 61
*** CertificateRequest
Cert Types: RSA, DSS, Type-64,
Cert Authorities:
<CN=root.CRLL7GW1.americas.shell.com>
[read] MD5 and SHA1 hashes: len = 57
0000: 0D 00 00 35 03 01 02 40 00 2F 00 2D 30 2B 31 29
[EMAIL PROTECTED]/.-0+1)
0010: 30 27 06 03 55 04 03 13 20 72 6F 6F 74 2E 43 52 0'..U...
root.CR
0020: 4C 4C 37 47 57 31 2E 61 6D 65 72 69 63 61 73 2E
LL7GW1.americas.
0030: 73 68 65 6C 6C 2E 63 6F 6D shell.com
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
***
JsseJCE: Using JSSE internal implementation for cipher
RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 184, 9, 39, 136, 110, 217, 195, 252, 61, 235, 3,
1, 223, 66, 16, 150, 158, 254, 217, 76, 10, 16, 22, 239, 32, 245, 206,
131, 232, 218, 182, 29, 95, 124, 85, 46, 242, 241, 169, 132, 107, 113,
48, 225, 171, 60 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 29 ED A6
.............)..
0010: 69 73 D1 1B 41 2E B5 6A F2 7D 1D 26 48 A1 CB E8
is..A..j...&H...
0020: 59 D3 12 3A 0B 2A 7D 7D FA F3 30 3F C8 33 FF 05
Y..:.*....0?.3..
0030: F1 D9 54 9D 06 93 45 6B 42 6D FB 74 86 E7 9D B6
..T...EkBm.t....
0040: F4 E8 8B D9 D1 83 0D 7A 10 0B B7 CD B9 1A F8 E1
.......z........
0050: EF 4A D7 90 06 30 10 5F FC CF 2A BA 4C D9 AC BA
.J...0._..*.L...
0060: DE A5 DD 12 0C 29 B5 92 CC 04 95 C2 20 26 3F 49 .....)......
&?I
0070: 53 2B 09 BF C9 D4 13 7A 03 52 0D 16 94 23 59 19
S+.....z.R...#Y.
0080: 65 DF B3 8D C5 0E 73 7C 8B 94 AC 5E B6 e.....s....^.
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 B8 09 27 88 6E D9 C3 FC 3D EB 03 01 DF 42
....'.n...=....B
0010: 10 96 9E FE D9 4C 0A 10 16 EF 20 F5 CE 83 E8 DA .....L....
.....
0020: B6 1D 5F 7C 55 2E F2 F1 A9 84 6B 71 30 E1 AB 3C
.._.U.....kq0..<
CONNECTION KEYGEN:
Client Nonce:
0000: 46 26 52 1C 82 56 21 CE 6D 75 25 60 EA BF EB 38
F&R..V!.mu%`...8
0010: E5 5A 2B A6 14 CA BD 2C 7B 9F 35 F8 0D 32 0D 7F
.Z+....,..5..2..
Server Nonce:
0000: 46 26 52 3D 2D E5 6F 04 D6 04 A5 DF E1 36 7A 84
F&R=-.o......6z.
0010: 21 5B 91 F0 E9 31 C9 21 09 B5 E6 C1 FF 95 AF 21
![...1.!.......!
Master Secret:
0000: 41 87 08 E5 88 37 60 1E 66 09 94 D9 FB 18 5B 03
A....7`.f.....[.
0010: C3 51 FE 1C 84 7B E6 FE CA 3A F1 50 BC 8B 63 F4
.Q.......:.P..c.
0020: 37 32 1D A9 26 B5 FF DF 7E 59 54 F7 46 AC 15 6F
72..&....YT.F..o
Client MAC write Secret:
0000: A2 AE 79 4E 46 AB B9 ED A4 2B 8B 6B 3F 95 D8 65
..yNF....+.k?..e
0010: CD 12 C9 FB ....
Server MAC write Secret:
0000: 5A 11 DD D4 F8 E8 58 84 38 49 23 C5 BE 50 26 4A
Z.....X.8I#..P&J
0010: 1C 35 2A 2A .5**
Client write key:
0000: 49 26 A9 08 7D 5A 33 D1 7F AA 91 BB 43 68 6B DC
I&...Z3.....Chk.
Server write key:
0000: D2 73 41 32 84 8F 09 1A 3F F9 F2 57 EA C4 70 85
.sA2....?..W..p.
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data: { 250, 0, 28, 224, 143, 7, 113, 110, 246, 8, 118, 140 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C FA 00 1C E0 8F 07 71 6E F6 08 76 8C
..........qn..v.
Plaintext before ENCRYPTION: len = 36
0000: 14 00 00 0C FA 00 1C E0 8F 07 71 6E F6 08 76 8C
..........qn..v.
0010: 6C 89 0D 5C 7A 89 05 83 4D 24 29 E6 0F 40 30 00
l..\z...M$)[EMAIL PROTECTED]
0020: 0F 39 8D F5 .9..
main, WRITE: TLSv1 Handshake, length = 36
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure
javax.jms.JMSSecurityException: Failed to connect via SSL to
[ssl://clldc-s-6132:7243]: Received fatal alert: handshake_failure
at
com.tibco.tibjms.TibjmsxLinkSSL.connect(TibjmsxLinkSSL.java:429)
at
com.tibco.tibjms.TibjmsConnection._create(TibjmsConnection.java:688)
at
com.tibco.tibjms.TibjmsConnection.<init>(TibjmsConnection.java:1955)
at
com.tibco.tibjms.TibjmsQueueConnection.<init>(TibjmsQueueConnection.java
:37)
at
com.tibco.tibjms.TibjmsxCFImpl._createImpl(TibjmsxCFImpl.java:187)
at
com.tibco.tibjms.TibjmsxCFImpl._createConnection(TibjmsxCFImpl.java:240)
at
com.tibco.tibjms.TibjmsQueueConnectionFactory.createQueueConnection(Tibj
msQueueConnectionFactory.java:79)
at Sender.main(Sender.java:39)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Sansing
Sent: Wednesday, April 18, 2007 8:57 AM
To: openssl-users@openssl.org
Subject: Re: Open SSL server and JSee client
What is the java error?
But in the meantime, since you didn't mention it, there are a few steps
you could verify:
1) Since you are using a local keystore, can I assume that you added the
certificate to it using the keystore command?
2) By 'mutual authentication' do you mean that the server must
authenticate the client's (self-signed) certificate? If so, has it been
added to the server's local certificate file?
3) If the server must authenticate multiple certificates, is it calling
SSL_CTX_use_certificate_chain_file during init?
Later . . . Jim
[EMAIL PROTECTED] wrote:
>
> I have a JSEE client that needs to talk to a server that implements
> openssl 0.9.8d. Mutual authentication is required. Even though I added
> the JVM parameters used to load the client certificate, I keep getting
> handshake failure. Just wonder this is a well known problem and what's
> the appropriate workaround
>
> Below are the JVM parameters :
>
> -Djavax.net.debug=all,data,trustManager
> -Djavax.net.ssl.keyStore=D:\Test\AmberPointAgent2
> -Djavax.net.ssl.keyStorePassword=password
> -Djavax.net.ssl.trustStore=D:\Test\AmberPointAgent
> -Djavax.net.ssl.trustStorePassword=password
> -Dcom.sun.net.ssl.dhKeyExchangeFix=true
>
> Thanks
>
> Lan
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you have
> received it in error, please notify the sender immediately and delete
> the original. Any other use of the email by you is prohibited.
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
This message is for the designated recipient only and may contain privileged,
proprietary, or otherwise private information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the email by you is prohibited.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
