I got the following from s_client:
didn't found starttls in server response, try anyway...
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=GB/ST=Foo/L=Bar/O=The University of FooBar/OU=The University of
FooBar/CN=The University of FooBar CA/emailAddress=postmas...@foobar.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
500 Command EHLO unregcognized
read:errno=0
SSL3 alert write:warning:close notify
I presume it worked up until the SMTP protocol started.
It confirms that the certificate I got was self-signed, but then seems to
proceed without issue, so
unfortunately I'm still no wiser as to why my client gets
SSLHandshakeException: Received fatal alert: unknown_ca
On Apr 16, 2013, at 3:51 PM, Chris Hecker chec...@d6.com wrote:
Have you gotten openssl s_client working with it for starters? I always
do that first to make sure things are working.
Chris
On 2013-04-15 22:47, George Francis wrote:
I was able to resolve my previous issue regarding the message 'No
trusted certificate found' but obtaining a self-signed root certificate
from the customer, now I get further through the handshake procedure but
still get an exception during ClientKeyExchange as follows:
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, unknown_ca
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received
fatal alert: unknown_ca
I gather that this is to do with the server certificate being signed by
the organization who owns the cosign server themselves, as opposed to a
trusted 3rd party signing authority. Is that correct? What are the
steps for my client to resolve it?
I'd be very grateful for any advice, as I have spent several days trying
to get this handshake to work.
--
George
--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss