I'm trying set up ssl between api and applications. I have problem when I'm calling from my application to api, I'm getting error like :
SEVERE: Servlet.service() for servlet [spring] in context with path [/panel] threw exception [Request processing failed; nested exception is org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://localhost:8442/acquirer/list":Remote host closed connection during handshake; nested exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake] with root cause java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.read(InputRecord.java:482) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
Im deploying this two applications on two TomcatServers, and i set up server.xml like :
"Connector SSLEnabled="true" clientAuth="true" keystoreFile="/home/user/foobar.jks" keystorePass="foobarpwd" maxThreads="200" port="8442" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS" truststoreFile="/home/user/cacerts.jks" truststorePass="cacertspassword" />"
This is my rest client configuration:
@Configuration
@PropertySource("classpath:config/local/general.properties")
public class RestClientConfig {
@Bean
public RestOperations restOperations(
ClientHttpRequestFactory clientHttpRequestFactory) throws Exception {
return new RestTemplate(clientHttpRequestFactory);
}
@Bean
public ClientHttpRequestFactory clientHttpRequestFactory(
HttpClient httpClient) {
return new HttpComponentsClientHttpRequestFactory(httpClient);
}
@Bean
public HttpClient httpClient(@Value("${general.file}") String file,
@Value("${general.pass}") String password) throws Exception {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File(file));
try {
trustStore.load(instream, password.toCharArray());
} finally {
instream.close();
}
SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy())
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, new String[] { "TLSv1.2" }, null,
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
return HttpClients.custom().setSSLSocketFactory(sslsf).build();
}
@Bean
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
return new PropertySourcesPlaceholderConfigurer();
}
}
And my application controller:
@Autowired
private RestOperations rest;
@PostAuthorize("hasRole('aml_list')")
@RequestMapping(value = "/stoplist/list", method = RequestMethod.GET)
public String list(Model model, RedirectAttributes redirectAttributes) {
/* RestTemplate restTemplate = new RestTemplate();*/
ResponseEntity<StopList[]> responseStopList = rest
.getForEntity(url+GET_STOPLISTS, StopList[].class);
List<StopList> stopLists = Arrays.asList(responseStopList.getBody());
model.addAttribute("stopLists", stopLists);
model.addAttribute("statuses", stopListStatusService.getStatuses());
return "stoplist/list";
}
EDIT
this is error from ssl debug :
%% Initialized: [Session-9, SSL_NULL_WITH_NULL_NULL]
%% Negotiating: [Session-9, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1408468126 bytes = { 213, 173, 54, 198, 230, 202, 88, 97, 42, 79, 55, 119, 27, 142, 36, 43, 5, 57, 253, 199, 137, 16, 164, 33, 194, 23, 252, 3 }
Session ID: {84, 244, 133, 158, 1, 1, 80, 172, 43, 10, 200, 86, 210, 114, 88, 27, 242, 234, 134, 225, 250, 214, 117, 123, 89, 40, 52, 19, 31, 91, 230, 129}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=foobar.local.fr, OU=, O=Foobar, L=Paris, ST=IDF, C=FR
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 17873551704376252621337066011438935731124982380679074888239258718242577693980084871866038232161226183921086977872807171065830795558330050407051853909732539234554754775108738484107242320735591123804732670161140517056979030086644607856320823576544389615077121469346683515875104747974711156392280172179419943495119552151583926507974150548314632573554027715990421707711488843523976072146829151024198771388277399530062433472768889300935152050876683397212438756572717739782391714122195446777117318453876489612393844963820051354739631536150436678179552902391707261272184131867669573522118129274210625207071457186558022151991
public exponent: 65537
Validity: [From: Mon Feb 23 12:26:20 CET 2015,
To: Tue Feb 23 12:26:20 CET 2016]
Issuer: CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7B 92 19 78 54 BF C0 91 76 18 4F CC A9 7B D0 1A ...xT...v.O.....
0010: 9C 48 F0 81 .H..
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CD 5A 11 D4 98 CC F4 55 27 B9 E1 9A C9 14 71 C3 .Z.....U'.....q.
0010: DC 9F 89 BA ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 01 1A 67 6A 0D D7 EF 9A 60 67 69 C7 50 93 25 31 ..gj....`gi.P.%1
0010: 66 F8 D1 7D 66 75 83 3D 29 DD 1B E9 E1 DF 48 D8 f...fu.=).....H.
0020: A5 D4 17 A7 4F 69 EE 39 07 01 0B 35 DF 4E 74 D7 ....Oi.9...5.Nt.
0030: E0 4D 9E F3 7D C4 5C D5 DA 65 69 1D 3F 79 4B 74 .M....\..ei.?yKt
0040: F5 2E 08 60 19 49 FB 34 FC B0 9F 7A FE D9 90 B2 ...`.I.4...z....
0050: 23 54 BA 72 56 BF EF 9A 0A 12 AC 86 0C B5 33 59 #T.rV.........3Y
0060: 45 4B 83 18 AA 35 C2 57 9D 0E 5B A7 CC F2 96 C6 EK...5.W..[.....
0070: DC 31 90 48 AC F8 F7 A5 E3 7E 8F 3E 20 D8 FD D6 .1.H.......> ...
]
chain [1] = [
[
Version: V3
Subject: CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 132055603310135333411301099149735722826599739048731080337866687250103025949282308877267022109690660707037152463921069014922135852771504050695844341544688717938327356933934545820945319090747289855270772215356209398740817770957350808711390501453687472411397460457910637293666746671504077301555960094739796556333
public exponent: 65537
Validity: [From: Mon Feb 23 12:23:13 CET 2015,
To: Thu Feb 20 12:23:13 CET 2025]
Issuer: CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR
SerialNumber: [ f9a84ec8 f01a7af8]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7B 92 19 78 54 BF C0 91 76 18 4F CC A9 7B D0 1A ...xT...v.O.....
0010: 9C 48 F0 81 .H..
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7B 92 19 78 54 BF C0 91 76 18 4F CC A9 7B D0 1A ...xT...v.O.....
0010: 9C 48 F0 81 .H..
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 4D DF D0 84 62 3A A5 99 F0 7D 23 2E D8 32 E1 44 M...b:....#..2.D
0010: 6A 3C 1B 24 AF B2 E6 0D 2B E1 3B 90 FC 4B 0D 06 j<.$....+.;..K..
0020: AA B1 BD ED 34 70 4C 29 DA 3A 76 FF 3B 85 25 41 ....4pL).:v.;.%A
0030: D9 CE D8 49 29 92 8A 36 FE DB 38 90 D7 63 41 FF ...I)..6..8..cA.
0040: 8D CC AF D1 D8 B0 66 6E 16 47 56 2B 4B 5E F4 2B ......fn.GV+K^.+
0050: 5B 8B 29 29 01 DA 66 9B 6E 8C 4B 9B D7 1E 75 9E [.))..f.n.K...u.
0060: B2 6D CC 6D AD CD 86 07 3A DF B3 A9 F6 C6 90 BC .m.m....:.......
0070: 1A 56 E3 3E 54 C5 8F 73 F1 84 0A E2 AA 96 4C 6E .V.>T..s......Ln
]
***
*** ECDH ServerKeyExchange
Server key: SunPKCS11-NSS EC public key, 256 bits (id 29, session object)
public x coord: 88435682761360727668194059877849397390548163708826164579762901608773423450627
public y coord: 66727023089976500019857755203147735124035589358912185715028197516428368367793
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR>
*** ServerHelloDone
http-nio-8442-exec-8, WRITE: TLSv1 Handshake, length = 1971
http-nio-8442-exec-9, READ: TLSv1 Handshake, length = 77
*** Certificate chain
***
http-nio-8442-exec-9, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
%% Invalidated: [Session-9, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
http-nio-8442-exec-9, SEND TLSv1 ALERT: fatal, description = bad_certificate
http-nio-8442-exec-9, WRITE: TLSv1 Alert, length = 2
http-nio-8442-exec-9, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain
http-nio-8442-exec-9, called closeOutbound()
http-nio-8442-exec-9, closeOutboundInternal()
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
http-nio-8442-exec-10, READ: TLSv1 Handshake, length = 119
*** ClientHello, TLSv1
RandomCookie: GMT: 1408468126 bytes = { 140, 238, 242, 169, 199, 232, 110, 52, 67, 214, 225, 196, 198, 99, 236, 1, 68, 152, 109, 110, 113, 6, 233, 2, 69, 240, 208, 221 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-10, SSL_NULL_WITH_NULL_NULL]
%% Negotiating: [Session-10, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1408468126 bytes = { 205, 178, 45, 169, 223, 69, 94, 152, 51, 114, 181, 108, 18, 137, 103, 55, 100, 39, 58, 8, 134, 98, 112, 102, 169, 126, 76, 194 }
Session ID: {84, 244, 133, 158, 69, 174, 112, 189, 82, 122, 239, 129, 39, 38, 254, 129, 167, 192, 98, 131, 238, 149, 190, 202, 133, 156, 118, 178, 254, 72, 149, 195}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=foobar.local.fr, OU=, O=Foobar, L=Paris, ST=IDF, C=FR
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 17873551704376252621337066011438935731124982380679074888239258718242577693980084871866038232161226183921086977872807171065830795558330050407051853909732539234554754775108738484107242320735591123804732670161140517056979030086644607856320823576544389615077121469346683515875104747974711156392280172179419943495119552151583926507974150548314632573554027715990421707711488843523976072146829151024198771388277399530062433472768889300935152050876683397212438756572717739782391714122195446777117318453876489612393844963820051354739631536150436678179552902391707261272184131867669573522118129274210625207071457186558022151991
public exponent: 65537
Validity: [From: Mon Feb 23 12:26:20 CET 2015,
To: Tue Feb 23 12:26:20 CET 2016]
Issuer: CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7B 92 19 78 54 BF C0 91 76 18 4F CC A9 7B D0 1A ...xT...v.O.....
0010: 9C 48 F0 81 .H..
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CD 5A 11 D4 98 CC F4 55 27 B9 E1 9A C9 14 71 C3 .Z.....U'.....q.
0010: DC 9F 89 BA ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 01 1A 67 6A 0D D7 EF 9A 60 67 69 C7 50 93 25 31 ..gj....`gi.P.%1
0010: 66 F8 D1 7D 66 75 83 3D 29 DD 1B E9 E1 DF 48 D8 f...fu.=).....H.
0020: A5 D4 17 A7 4F 69 EE 39 07 01 0B 35 DF 4E 74 D7 ....Oi.9...5.Nt.
0030: E0 4D 9E F3 7D C4 5C D5 DA 65 69 1D 3F 79 4B 74 .M....\..ei.?yKt
0040: F5 2E 08 60 19 49 FB 34 FC B0 9F 7A FE D9 90 B2 ...`.I.4...z....
0050: 23 54 BA 72 56 BF EF 9A 0A 12 AC 86 0C B5 33 59 #T.rV.........3Y
0060: 45 4B 83 18 AA 35 C2 57 9D 0E 5B A7 CC F2 96 C6 EK...5.W..[.....
0070: DC 31 90 48 AC F8 F7 A5 E3 7E 8F 3E 20 D8 FD D6 .1.H.......> ...
]
chain [1] = [
[
Version: V3
Subject: CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 132055603310135333411301099149735722826599739048731080337866687250103025949282308877267022109690660707037152463921069014922135852771504050695844341544688717938327356933934545820945319090747289855270772215356209398740817770957350808711390501453687472411397460457910637293666746671504077301555960094739796556333
public exponent: 65537
Validity: [From: Mon Feb 23 12:23:13 CET 2015,
To: Thu Feb 20 12:23:13 CET 2025]
Issuer: CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR
SerialNumber: [ f9a84ec8 f01a7af8]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7B 92 19 78 54 BF C0 91 76 18 4F CC A9 7B D0 1A ...xT...v.O.....
0010: 9C 48 F0 81 .H..
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7B 92 19 78 54 BF C0 91 76 18 4F CC A9 7B D0 1A ...xT...v.O.....
0010: 9C 48 F0 81 .H..
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 4D DF D0 84 62 3A A5 99 F0 7D 23 2E D8 32 E1 44 M...b:....#..2.D
0010: 6A 3C 1B 24 AF B2 E6 0D 2B E1 3B 90 FC 4B 0D 06 j<.$....+.;..K..
0020: AA B1 BD ED 34 70 4C 29 DA 3A 76 FF 3B 85 25 41 ....4pL).:v.;.%A
0030: D9 CE D8 49 29 92 8A 36 FE DB 38 90 D7 63 41 FF ...I)..6..8..cA.
0040: 8D CC AF D1 D8 B0 66 6E 16 47 56 2B 4B 5E F4 2B ......fn.GV+K^.+
0050: 5B 8B 29 29 01 DA 66 9B 6E 8C 4B 9B D7 1E 75 9E [.))..f.n.K...u.
0060: B2 6D CC 6D AD CD 86 07 3A DF B3 A9 F6 C6 90 BC .m.m....:.......
0070: 1A 56 E3 3E 54 C5 8F 73 F1 84 0A E2 AA 96 4C 6E .V.>T..s......Ln
]
***
*** ECDH ServerKeyExchange
Server key: SunPKCS11-NSS EC public key, 256 bits (id 31, session object)
public x coord: 82317176627777400080969427008122698876038266920719544030054872275465766936879
public y coord: 102586726315109152054956448913654086854678931679594542226797455269716243817047
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR>
*** ServerHelloDone
http-nio-8442-exec-10, WRITE: TLSv1 Handshake, length = 1971
http-nio-8442-exec-1, READ: TLSv1 Handshake, length = 77
*** Certificate chain
***
http-nio-8442-exec-1, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
%% Invalidated: [Session-10, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
http-nio-8442-exec-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
http-nio-8442-exec-1, WRITE: TLSv1 Alert, length = 2
http-nio-8442-exec-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain
http-nio-8442-exec-1, called closeOutbound()
http-nio-8442-exec-1, closeOutboundInternal()
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
http-nio-8442-exec-2, READ: TLSv1 Handshake, length = 119
*** ClientHello, TLSv1
RandomCookie: GMT: 1408468135 bytes = { 215, 211, 227, 248, 124, 218, 223, 106, 143, 229, 116, 69, 89, 6, 97, 37, 100, 254, 95, 156, 211, 212, 75, 221, 198, 218, 194, 133 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-11, SSL_NULL_WITH_NULL_NULL]
%% Negotiating: [Session-11, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1408468135 bytes = { 235, 122, 54, 29, 155, 253, 113, 171, 1, 157, 182, 247, 112, 3, 136, 0, 154, 235, 43, 179, 46, 105, 46, 102, 69, 245, 132, 137 }
Session ID: {84, 244, 133, 167, 21, 195, 55, 72, 178, 78, 129, 190, 51, 97, 203, 61, 138, 53, 77, 62, 19, 63, 47, 128, 36, 243, 139, 163, 51, 138, 105, 103}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=foobar.local.fr, OU=, O=Foobar, L=Paris, ST=IDF, C=FR
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 17873551704376252621337066011438935731124982380679074888239258718242577693980084871866038232161226183921086977872807171065830795558330050407051853909732539234554754775108738484107242320735591123804732670161140517056979030086644607856320823576544389615077121469346683515875104747974711156392280172179419943495119552151583926507974150548314632573554027715990421707711488843523976072146829151024198771388277399530062433472768889300935152050876683397212438756572717739782391714122195446777117318453876489612393844963820051354739631536150436678179552902391707261272184131867669573522118129274210625207071457186558022151991
public exponent: 65537
Validity: [From: Mon Feb 23 12:26:20 CET 2015,
To: Tue Feb 23 12:26:20 CET 2016]
Issuer: CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7B 92 19 78 54 BF C0 91 76 18 4F CC A9 7B D0 1A ...xT...v.O.....
0010: 9C 48 F0 81 .H..
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CD 5A 11 D4 98 CC F4 55 27 B9 E1 9A C9 14 71 C3 .Z.....U'.....q.
0010: DC 9F 89 BA ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 01 1A 67 6A 0D D7 EF 9A 60 67 69 C7 50 93 25 31 ..gj....`gi.P.%1
0010: 66 F8 D1 7D 66 75 83 3D 29 DD 1B E9 E1 DF 48 D8 f...fu.=).....H.
0020: A5 D4 17 A7 4F 69 EE 39 07 01 0B 35 DF 4E 74 D7 ....Oi.9...5.Nt.
0030: E0 4D 9E F3 7D C4 5C D5 DA 65 69 1D 3F 79 4B 74 .M....\..ei.?yKt
0040: F5 2E 08 60 19 49 FB 34 FC B0 9F 7A FE D9 90 B2 ...`.I.4...z....
0050: 23 54 BA 72 56 BF EF 9A 0A 12 AC 86 0C B5 33 59 #T.rV.........3Y
0060: 45 4B 83 18 AA 35 C2 57 9D 0E 5B A7 CC F2 96 C6 EK...5.W..[.....
0070: DC 31 90 48 AC F8 F7 A5 E3 7E 8F 3E 20 D8 FD D6 .1.H.......> ...
]
chain [1] = [
[
Version: V3
Subject: CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 132055603310135333411301099149735722826599739048731080337866687250103025949282308877267022109690660707037152463921069014922135852771504050695844341544688717938327356933934545820945319090747289855270772215356209398740817770957350808711390501453687472411397460457910637293666746671504077301555960094739796556333
public exponent: 65537
Validity: [From: Mon Feb 23 12:23:13 CET 2015,
To: Thu Feb 20 12:23:13 CET 2025]
Issuer: CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR
SerialNumber: [ f9a84ec8 f01a7af8]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7B 92 19 78 54 BF C0 91 76 18 4F CC A9 7B D0 1A ...xT...v.O.....
0010: 9C 48 F0 81 .H..
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7B 92 19 78 54 BF C0 91 76 18 4F CC A9 7B D0 1A ...xT...v.O.....
0010: 9C 48 F0 81 .H..
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 4D DF D0 84 62 3A A5 99 F0 7D 23 2E D8 32 E1 44 M...b:....#..2.D
0010: 6A 3C 1B 24 AF B2 E6 0D 2B E1 3B 90 FC 4B 0D 06 j<.$....+.;..K..
0020: AA B1 BD ED 34 70 4C 29 DA 3A 76 FF 3B 85 25 41 ....4pL).:v.;.%A
0030: D9 CE D8 49 29 92 8A 36 FE DB 38 90 D7 63 41 FF ...I)..6..8..cA.
0040: 8D CC AF D1 D8 B0 66 6E 16 47 56 2B 4B 5E F4 2B ......fn.GV+K^.+
0050: 5B 8B 29 29 01 DA 66 9B 6E 8C 4B 9B D7 1E 75 9E [.))..f.n.K...u.
0060: B2 6D CC 6D AD CD 86 07 3A DF B3 A9 F6 C6 90 BC .m.m....:.......
0070: 1A 56 E3 3E 54 C5 8F 73 F1 84 0A E2 AA 96 4C 6E .V.>T..s......Ln
]
***
*** ECDH ServerKeyExchange
Server key: SunPKCS11-NSS EC public key, 256 bits (id 33, session object)
public x coord: 5547972569743189789375895400251466149348298431651377498612140625475720275323
public y coord: 68697457441334072138138225562240897704355234359447787660082646450870248690425
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=*.local.fr, O=FoobarCA, L=Paris, ST=IDF, C=FR>
*** ServerHelloDone
http-nio-8442-exec-2, WRITE: TLSv1 Handshake, length = 1971
http-nio-8442-exec-4, READ: TLSv1 Handshake, length = 77
*** Certificate chain
***
http-nio-8442-exec-4, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
%% Invalidated: [Session-11, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
http-nio-8442-exec-4, SEND TLSv1 ALERT: fatal, description = bad_certificate
http-nio-8442-exec-4, WRITE: TLSv1 Alert, length = 2
http-nio-8442-exec-4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain
http-nio-8442-exec-4, called closeOutbound()
http-nio-8442-exec-4, closeOutboundInternal()
http-nio-8442-ClientPoller-0, called closeOutbound()
http-nio-8442-ClientPoller-0, closeOutboundInternal()
http-nio-8442-ClientPoller-0, SEND TLSv1.2 ALERT: warning, description = close_notify
http-nio-8442-ClientPoller-0, WRITE: TLSv1.2 Alert, length = 48
Someone can help me ? How to fix it ? and How can I send certificate with http request?
Aucun commentaire:
Enregistrer un commentaire