Hi, Griffin,
If you point the "not-yet-commons-ssl" Ping utility at your server, it might shed some light on the SSL problems. Like so: ------------------------- java -jar not-yet-commons-ssl-0.3.7.jar -t myserver.com:443 ------------------------- It's documented here: http://juliusdavies.ca/commons-ssl/utilities.html ------------------------- "Ping" Utility Attempts "HEAD / HTTP/1.1" Request This utility is very handy because it can get you the server's public certificate even if your client certificate is bad (so even though the SSL handshake fails). And unlike "openssl s_client", this utility can bind against any IP address available. $Name: commons-ssl-0_3_7 $ compiled=[EST:2006-11-20/17:42:26.000] Usage: java -jar commons-ssl.jar [options] Options: (*=required) * -t --target [hostname[:port]] default port=443 -b --bind [hostname[:port]] default port=0 "ANY" -r --proxy [hostname[:port]] default port=80 -tm --trust-cert [path to trust material] *.{pem, der, crt, jks} -km --client-cert [path to client's private key] *.{jks, pkcs12, pkcs8} -cc --cert-chain [path to cert chain if using pkcs8/OpenSSL key] -p --password [client cert password] Example: java -jar commons-ssl.jar -t cucbc.com:443 -km ./client.pfx -p `cat ./pass.txt` ------------------------- And here's some example output: $ java -jar not-yet-commons-ssl-0.3.7.jar -t localhost:8443 Cipher: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ================================================================================ Writing: ================================================================================ HEAD / HTTP/1.1 Host: localhost Reading: ================================================================================ HTTP/1.1 200 OK Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Fri, 09 Mar 2007 17:46:51 GMT Server: Apache-Coyote/1.1 Server Certificate for: [localhost:8443] ================================================================================ myserver.com Valid: 2007/Mar/09 - 2007/Jun/07 s: CN=myserver.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown i: self-signed -----BEGIN CERTIFICATE----- MIIDFzCCAtUCBEXxnWUwCwYHKoZIzjgEAwUAMHExEDAOBgNVBAYTB1Vua25vd24x EDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vu a25vd24xEDAOBgNVBAsTB1Vua25vd24xFTATBgNVBAMTDG15c2VydmVyLmNvbTAe Fw0wNzAzMDkxNzQ2MTNaFw0wNzA2MDcxNzQ2MTNaMHExEDAOBgNVBAYTB1Vua25v d24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoT B1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xFTATBgNVBAMTDG15c2VydmVyLmNv bTCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3Ujzv RADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSf n+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq 7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yr XDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88J MozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf 4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQClsjJ/+ND9dgWncrgSomKtEMDm /6mTJwqhftphxhgcjHFuYrLv7O4uUDJGlisQZgGx9sMuK3sMDIKHf7nHZa86I3GE jCrVZwYWyrSoumHc6mowlt5DeW1NyYaJAtumg2AdULB8Hf2aKELYTSrjuJWD4biC kNYoCJEJNWwfHBbfTTALBgcqhkjOOAQDBQADLwAwLAIUTWIfWnIQuxuWYdm/xOoE JEnoqKwCFBqF6IVWCdrRwnz/yt8teno+XHGf -----END CERTIFICATE----- javax.net.ssl.SSLException: hostname in certificate didn't match: <localhost> != <myserver.com> at org.apache.commons.ssl.HostnameVerifier$AbstractVerifier.check(HostnameVerifier.java:415) at org.apache.commons.ssl.HostnameVerifier$1.check(HostnameVerifier.java:119) at org.apache.commons.ssl.HostnameVerifier$AbstractVerifier.check(HostnameVerifier.java:325) at org.apache.commons.ssl.HostnameVerifier$AbstractVerifier.check(HostnameVerifier.java:257) at org.apache.commons.ssl.Ping.testHostname(Ping.java:383) at org.apache.commons.ssl.Ping.main(Ping.java:281) sun.security.validator.ValidatorException: No trusted certificate found at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304) at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107) at sun.security.validator.Validator.validate(Validator.java:202) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275) at org.apache.commons.ssl.Java14.checkTrusted(Java14.java:255) at org.apache.commons.ssl.JavaImpl.testTrust(JavaImpl.java:266) at org.apache.commons.ssl.Ping.testTrust(Ping.java:364) at org.apache.commons.ssl.Ping.main(Ping.java:280) -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
