You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Donie Kelly <do...@tecnomen.ie> on 2002/12/12 17:14:41 UTC
[OT] RE: Creating a signed SSL certificate with my own CA
Here's a trace of the SSL using CATALINA_OPTS="-Djavax.net.debug=ALL"
It's large so I'd appreciate if somebody who can understand this stuff could
point me in some direction.
Thanks
Donie
Apache Tomcat/4.0.4
12 Dec 16:04:24 [RELAYSTARTUP] [INFO Alarms.144] BACKGOUND_THREADS alarm
has been switched OFF
12 Dec 16:04:24 [LDAP Operator-MESSAGE-STORE] [INFO Alarms.144]
MESSAGE_STORE alarm has been switched OFF
12 Dec 16:04:25 [LDAP Operator-LDAP-CACHE] [INFO Alarms.144] LDAP_CACHES
alarm has been switched OFF
Finalizer, SEND SSL v3.1 ALERT: warning, description = close_notify
Finalizer, WRITE: SSL v3.1 Alert, length = 2
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 00 ...
[read] MD5 and SHA1 hashes: len = 73
0000: 00 33 00 00 00 10 00 00 04 00 00 05 00 00 0A 01 .3..............
0010: 00 80 07 00 C0 03 00 80 00 00 09 06 00 40 00 00 .............@..
0020: 64 00 00 62 00 00 03 00 00 06 02 00 80 04 00 80 d..b............
0030: 00 00 13 00 00 12 00 00 63 78 91 B2 8F 94 4C 65 ........cx....Le
0040: EE F2 AD 21 F5 18 D7 A5 BB ...!.....
HttpProcessor[443][4], READ: SSL v2, contentType = 22, translated length =
65
*** ClientHello, v3.0
RandomCookie: GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 120,
145, 178, 143, 148, 76, 101, 238, 242, 173, 33, 245, 24, 215, 165, 187 }
Session ID: {}
Cipher Suites: { 0, 4, 0, 5, 0, 10, 0, 9, 0, 100, 0, 98, 0, 3, 0, 6, 0, 19,
0, 18, 0, 99 }
Compression Methods: { 0 }
***
%% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching server alias : client
*** ServerHello, v3.0
RandomCookie: GMT: 1022866086 bytes = { 75, 187, 79, 84, 25, 0, 159, 141,
94, 87, 237, 18, 177, 217, 24, 51, 123, 66, 77, 118, 51, 41, 57, 155, 56,
165, 203, 208 }
Session ID: {61, 248, 179, 166, 219, 88, 242, 12, 148, 68, 61, 81, 220,
184, 52, 137, 146, 135, 207, 23, 128, 188, 14, 47, 246, 149, 54, 36, 82, 54,
255, 253}
Cipher Suite: { 0, 19 }
Compression Method: 0
***
Cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=xenia.tecnomen.ie, OU=dad, O=tecnomen, ST=clare, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun DSA Public Key
Parameters:DSA
p: fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80
b6512669
455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
q: 9760508f 15230bcc b292b982 a2eb840b f0581cf5
g: f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b
3d078267
5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a
y:
89fd70d7 22014032 6e0b42d6 50a1a02c 65ee48da c7497916 bd0c9042 e8f6cd36
54bd2e02 4a0af933 0b4135fe fae96972 a50bad43 920ec9ff f48ed90a 4f786f9b
89758fca a48330fa b55340ed b4d3edc2 ee8133ff ba083e46 6bee41cc f47620ee
14d2762a 9f271fd9 6ced97ba e48abe17 286430f1 8dc36dea 5342ca5f ff53abad
Validity: [From: Thu Dec 12 12:20:39 GMT+00:00 2002,
To: Fri Dec 12 12:20:39 GMT+00:00 2003]
Issuer: CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE
SerialNumber: [ 01]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FC 88 B1 F0 C6 7F 17 E0 FC CD B2 14 99 B1 2A AA ..............*.
0010: 8D 67 53 51 .gSQ
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 2C .."............,
0010: E3 AA 0C 2E ....
]
[CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE]
SerialNumber: [ 0 ]
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [MD5withRSA]
Signature:
0000: 5C E5 FB 21 12 2B 68 E9 1F EC 42 B2 C4 B4 1B FE \..!.+h...B.....
0010: FE 8A 44 9F 21 A1 B5 13 F5 74 C7 AC DE D7 F6 19 ..D.!....t......
0020: B2 69 F6 4A 4C 6D FF 34 69 CC 7D F2 C1 7A DC 19 .i.JLm.4i....z..
0030: EF 9C 13 DB 97 9E 03 E2 2B F2 F5 BA 90 45 A6 33 ........+....E.3
0040: 31 E9 02 B6 E7 88 50 5A 42 9D 52 6C 12 59 AA 5D 1.....PZB.Rl.Y.]
0050: BC 65 F0 AD E9 72 48 1C 71 02 D3 EF 71 0A FC E1 .e...rH.q...q...
0060: 45 04 D5 AE 23 2A E7 13 1D 3D B6 CA 5B 4A 75 BC E...#*...=..[Ju.
0070: 81 F2 1B 3D A2 C7 69 77 2D 15 45 CC B7 B8 B3 0D ...=..iw-.E.....
]
chain [1] = [
[
Version: V3
Subject: CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@60a26f
Validity: [From: Thu Dec 12 12:18:29 GMT+00:00 2002,
To: Fri Dec 12 12:18:29 GMT+00:00 2003]
Issuer: CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE
SerialNumber: [ 0 ]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 2C .."............,
0010: E3 AA 0C 2E ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 2C .."............,
0010: E3 AA 0C 2E ....
]
[CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE]
SerialNumber: [ 0 ]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: 4A EC C3 08 97 C3 C9 D3 E4 56 DA C1 11 FF D7 36 J........V.....6
0010: 7D F0 2A E0 C2 B4 D9 86 6E 94 6D 52 50 4C CF E2 ..*.....n.mRPL..
0020: A1 C2 63 F1 95 CE 61 5C 76 4C 6D C0 A9 C5 50 66 ..c...a\vLm...Pf
0030: 1C D1 B3 1D 02 EE B2 EB C0 DC F5 ED B1 32 A1 0F .............2..
0040: F1 94 29 CD 37 11 BC 3B 90 85 BD BE 1F A8 39 44 ..).7..;......9D
0050: 5E BC 1C 6F 21 65 DD 9C 1F 98 0A 07 88 4C F1 CE ^..o!e.......L..
0060: 46 1D 8F 73 40 F5 52 E0 C4 88 A7 00 EA EE 20 E6 F..s@.R....... .
0070: 05 5D A1 3C DF 5D C4 F9 EF 86 8B 3C C9 D6 99 3F .].<.].....<...?
]
***
*** Diffie-Hellman ServerKeyExchange
DH Modulus = { 0, 244, 136, 253, 88, 78, 73, 219, 205, 32, 180, 157, 228,
145, 7, 54, 107, 51, 108, 56, 13, 69, 29, 15, 124, 136, 179, 28, 124, 91,
45, 142, 246, 243, 201, 35, 192, 67, 240, 165, 91,
24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52, 253, 124, 23, 87, 67, 163,
29, 24, 108, 222, 51, 33, 44, 181, 42, 255, 60, 225, 177, 41, 64, 24, 17,
141, 124, 132, 167, 10, 114, 214, 134, 196, 3,
25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10, 80, 155, 2,
70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137, 75, 34, 25, 38,
186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
DH Base = { 2 }
Server DH Public Key = { 62, 89, 155, 129, 104, 55, 141, 77, 209, 130, 52,
11, 217, 217, 202, 16, 69, 80, 115, 88, 62, 149, 1, 16, 171, 253, 12, 73,
89, 239, 153, 44, 101, 44, 30, 24, 9, 12, 188, 14,
191, 74, 147, 189, 81, 187, 6, 45, 193, 35, 110, 30, 84, 55, 144, 102, 85,
64, 179, 93, 78, 66, 21, 165, 32, 254, 29, 126, 24, 117, 169, 33, 237, 30,
221, 19, 168, 206, 29, 216, 120, 170, 121, 96,
186, 50, 111, 30, 203, 71, 238, 60, 185, 23, 115, 71, 89, 54, 138, 115, 199,
97, 114, 139, 132, 125, 243, 18, 66, 138, 0, 82, 115, 108, 93, 67, 99, 252,
88, 101, 214, 103, 33, 27, 74, 116, 244, 79 }
Signed with a DSA or RSA public key
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 2276
0000: 02 00 00 46 03 00 3D F8 B3 A6 4B BB 4F 54 19 00 ...F..=...K.OT..
0010: 9F 8D 5E 57 ED 12 B1 D9 18 33 7B 42 4D 76 33 29 ..^W.....3.BMv3)
0020: 39 9B 38 A5 CB D0 20 3D F8 B3 A6 DB 58 F2 0C 94 9.8... =....X...
0030: 44 3D 51 DC B8 34 89 92 87 CF 17 80 BC 0E 2F F6 D=Q..4......../.
0040: 95 36 24 52 36 FF FD 00 13 00 0B 00 07 56 00 07 .6$R6........V..
0050: 53 00 04 43 30 82 04 3F 30 82 03 A8 A0 03 02 01 S..C0..?0.......
0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 66 31 0B 30 09 06 03 55 04 06 13 02 ...0f1.0...U....
0080: 49 45 31 0E 30 0C 06 03 55 04 08 13 05 63 6C 61 IE1.0...U....cla
0090: 72 65 31 10 30 0E 06 03 55 04 07 13 07 73 68 61 re1.0...U....sha
00A0: 6E 6E 6F 6E 31 11 30 0F 06 03 55 04 0A 13 08 74 nnon1.0...U....t
00B0: 65 63 6E 6F 6D 65 6E 31 0C 30 0A 06 03 55 04 0B ecnomen1.0...U..
00C0: 13 03 64 61 64 31 14 30 12 06 03 55 04 03 13 0B ..dad1.0...U....
00D0: 74 65 63 6E 6F 6D 65 6E 20 63 61 30 1E 17 0D 30 tecnomen ca0...0
00E0: 32 31 32 31 32 31 32 32 30 33 39 5A 17 0D 30 33 21212122039Z..03
00F0: 31 32 31 32 31 32 32 30 33 39 5A 30 5A 31 0B 30 1212122039Z0Z1.0
0100: 09 06 03 55 04 06 13 02 49 45 31 0E 30 0C 06 03 ...U....IE1.0...
0110: 55 04 08 13 05 63 6C 61 72 65 31 11 30 0F 06 03 U....clare1.0...
0120: 55 04 0A 13 08 74 65 63 6E 6F 6D 65 6E 31 0C 30 U....tecnomen1.0
0130: 0A 06 03 55 04 0B 13 03 64 61 64 31 1A 30 18 06 ...U....dad1.0..
0140: 03 55 04 03 13 11 78 65 6E 69 61 2E 74 65 63 6E .U....xenia.tecn
0150: 6F 6D 65 6E 2E 69 65 30 82 01 B8 30 82 01 2C 06 omen.ie0...0..,.
0160: 07 2A 86 48 CE 38 04 01 30 82 01 1F 02 81 81 00 .*.H.8..0.......
0170: FD 7F 53 81 1D 75 12 29 52 DF 4A 9C 2E EC E4 E7 ..S..u.)R.J.....
0180: F6 11 B7 52 3C EF 44 00 C3 1E 3F 80 B6 51 26 69 ...R<.D...?..Q&i
0190: 45 5D 40 22 51 FB 59 3D 8D 58 FA BF C5 F5 BA 30 E]@"Q.Y=.X.....0
01A0: F6 CB 9B 55 6C D7 81 3B 80 1D 34 6F F2 66 60 B7 ...Ul..;..4o.f`.
01B0: 6B 99 50 A5 A4 9F 9F E8 04 7B 10 22 C2 4F BB A9 k.P........".O..
01C0: D7 FE B7 C6 1B F8 3B 57 E7 C6 A8 A6 15 0F 04 FB ......;W........
01D0: 83 F6 D3 C5 1E C3 02 35 54 13 5A 16 91 32 F6 75 .......5T.Z..2.u
01E0: F3 AE 2B 61 D7 2A EF F2 22 03 19 9D D1 48 01 C7 ..+a.*.."....H..
01F0: 02 15 00 97 60 50 8F 15 23 0B CC B2 92 B9 82 A2 ....`P..#.......
0200: EB 84 0B F0 58 1C F5 02 81 81 00 F7 E1 A0 85 D6 ....X...........
0210: 9B 3D DE CB BC AB 5C 36 B8 57 B9 79 94 AF BB FA .=....\6.W.y....
0220: 3A EA 82 F9 57 4C 0B 3D 07 82 67 51 59 57 8E BA :...WL.=..gQYW..
0230: D4 59 4F E6 71 07 10 81 80 B4 49 16 71 23 E8 4C .YO.q.....I.q#.L
0240: 28 16 13 B7 CF 09 32 8C C8 A6 E1 3C 16 7A 8B 54 (.....2....<.z.T
0250: 7C 8D 28 E0 A3 AE 1E 2B B3 A6 75 91 6E A3 7F 0B ..(....+..u.n...
0260: FA 21 35 62 F1 FB 62 7A 01 24 3B CC A4 F1 BE A8 .!5b..bz.$;.....
0270: 51 90 89 A8 83 DF E1 5A E5 9F 06 92 8B 66 5E 80 Q......Z.....f^.
0280: 7B 55 25 64 01 4C 3B FE CF 49 2A 03 81 85 00 02 .U%d.L;..I*.....
0290: 81 81 00 89 FD 70 D7 22 01 40 32 6E 0B 42 D6 50 .....p.".@2n.B.P
02A0: A1 A0 2C 65 EE 48 DA C7 49 79 16 BD 0C 90 42 E8 ..,e.H..Iy....B.
02B0: F6 CD 36 54 BD 2E 02 4A 0A F9 33 0B 41 35 FE FA ..6T...J..3.A5..
02C0: E9 69 72 A5 0B AD 43 92 0E C9 FF F4 8E D9 0A 4F .ir...C........O
02D0: 78 6F 9B 89 75 8F CA A4 83 30 FA B5 53 40 ED B4 xo..u....0..S@..
02E0: D3 ED C2 EE 81 33 FF BA 08 3E 46 6B EE 41 CC F4 .....3...>Fk.A..
02F0: 76 20 EE 14 D2 76 2A 9F 27 1F D9 6C ED 97 BA E4 v ...v*.'..l....
0300: 8A BE 17 28 64 30 F1 8D C3 6D EA 53 42 CA 5F FF ...(d0...m.SB._.
0310: 53 AB AD A3 81 EE 30 81 EB 30 09 06 03 55 1D 13 S.....0..0...U..
0320: 04 02 30 00 30 2C 06 09 60 86 48 01 86 F8 42 01 ..0.0,..`.H...B.
0330: 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E .....OpenSSL Gen
0340: 65 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 erated Certifica
0350: 74 65 30 1D 06 03 55 1D 0E 04 16 04 14 FC 88 B1 te0...U.........
0360: F0 C6 7F 17 E0 FC CD B2 14 99 B1 2A AA 8D 67 53 ...........*..gS
0370: 51 30 81 90 06 03 55 1D 23 04 81 88 30 81 85 80 Q0....U.#...0...
0380: 14 D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 ..."............
0390: 2C E3 AA 0C 2E A1 6A A4 68 30 66 31 0B 30 09 06 ,.....j.h0f1.0..
03A0: 03 55 04 06 13 02 49 45 31 0E 30 0C 06 03 55 04 .U....IE1.0...U.
03B0: 08 13 05 63 6C 61 72 65 31 10 30 0E 06 03 55 04 ...clare1.0...U.
03C0: 07 13 07 73 68 61 6E 6E 6F 6E 31 11 30 0F 06 03 ...shannon1.0...
03D0: 55 04 0A 13 08 74 65 63 6E 6F 6D 65 6E 31 0C 30 U....tecnomen1.0
03E0: 0A 06 03 55 04 0B 13 03 64 61 64 31 14 30 12 06 ...U....dad1.0..
03F0: 03 55 04 03 13 0B 74 65 63 6E 6F 6D 65 6E 20 63 .U....tecnomen c
0400: 61 82 01 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 a...0...*.H.....
0410: 04 05 00 03 81 81 00 5C E5 FB 21 12 2B 68 E9 1F .......\..!.+h..
0420: EC 42 B2 C4 B4 1B FE FE 8A 44 9F 21 A1 B5 13 F5 .B.......D.!....
0430: 74 C7 AC DE D7 F6 19 B2 69 F6 4A 4C 6D FF 34 69 t.......i.JLm.4i
0440: CC 7D F2 C1 7A DC 19 EF 9C 13 DB 97 9E 03 E2 2B ....z..........+
0450: F2 F5 BA 90 45 A6 33 31 E9 02 B6 E7 88 50 5A 42 ....E.31.....PZB
0460: 9D 52 6C 12 59 AA 5D BC 65 F0 AD E9 72 48 1C 71 .Rl.Y.].e...rH.q
0470: 02 D3 EF 71 0A FC E1 45 04 D5 AE 23 2A E7 13 1D ...q...E...#*...
0480: 3D B6 CA 5B 4A 75 BC 81 F2 1B 3D A2 C7 69 77 2D =..[Ju....=..iw-
0490: 15 45 CC B7 B8 B3 0D 00 03 0A 30 82 03 06 30 82 .E........0...0.
04A0: 02 6F A0 03 02 01 02 02 01 00 30 0D 06 09 2A 86 .o........0...*.
04B0: 48 86 F7 0D 01 01 04 05 00 30 66 31 0B 30 09 06 H........0f1.0..
04C0: 03 55 04 06 13 02 49 45 31 0E 30 0C 06 03 55 04 .U....IE1.0...U.
04D0: 08 13 05 63 6C 61 72 65 31 10 30 0E 06 03 55 04 ...clare1.0...U.
04E0: 07 13 07 73 68 61 6E 6E 6F 6E 31 11 30 0F 06 03 ...shannon1.0...
04F0: 55 04 0A 13 08 74 65 63 6E 6F 6D 65 6E 31 0C 30 U....tecnomen1.0
0500: 0A 06 03 55 04 0B 13 03 64 61 64 31 14 30 12 06 ...U....dad1.0..
0510: 03 55 04 03 13 0B 74 65 63 6E 6F 6D 65 6E 20 63 .U....tecnomen c
0520: 61 30 1E 17 0D 30 32 31 32 31 32 31 32 31 38 32 a0...02121212182
0530: 39 5A 17 0D 30 33 31 32 31 32 31 32 31 38 32 39 9Z..031212121829
0540: 5A 30 66 31 0B 30 09 06 03 55 04 06 13 02 49 45 Z0f1.0...U....IE
0550: 31 0E 30 0C 06 03 55 04 08 13 05 63 6C 61 72 65 1.0...U....clare
0560: 31 10 30 0E 06 03 55 04 07 13 07 73 68 61 6E 6E 1.0...U....shann
0570: 6F 6E 31 11 30 0F 06 03 55 04 0A 13 08 74 65 63 on1.0...U....tec
0580: 6E 6F 6D 65 6E 31 0C 30 0A 06 03 55 04 0B 13 03 nomen1.0...U....
0590: 64 61 64 31 14 30 12 06 03 55 04 03 13 0B 74 65 dad1.0...U....te
05A0: 63 6E 6F 6D 65 6E 20 63 61 30 81 9F 30 0D 06 09 cnomen ca0..0...
05B0: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0
05C0: 81 89 02 81 81 00 C9 3D 71 EE 3F 00 3F C4 03 6E .......=q.?.?..n
05D0: D1 7B 4D D2 E5 65 CC 02 44 77 71 77 04 E9 2C 4F ..M..e..Dwqw..,O
05E0: D2 9E 33 64 61 76 0A 38 C2 60 F0 91 33 32 E7 C9 ..3dav.8.`..32..
05F0: 80 31 EC CF BB 04 AA CD 0C 3A B0 EA F7 F3 E0 AE .1.......:......
0600: 54 CC F0 31 C2 63 26 86 18 ED 8A 7A 28 E4 8B B7 T..1.c&....z(...
0610: 08 BE A1 A7 AA 7D 02 98 6F 67 4C 80 E7 06 B5 EF ........ogL.....
0620: 6B 3C F4 F9 B2 45 87 8C FB DD C6 2C 9D 2D A4 8C k<...E.....,.-..
0630: 12 12 4E E7 4C 9C 7C 3E FB 0D 64 D9 B9 43 3A DE ..N.L..>..d..C:.
0640: 3D BD 16 B7 5F 13 02 03 01 00 01 A3 81 C3 30 81 =..._.........0.
0650: C0 30 1D 06 03 55 1D 0E 04 16 04 14 D8 18 22 CF .0...U........".
0660: F1 9D DE E6 0E 83 D3 04 E7 96 09 2C E3 AA 0C 2E ...........,....
0670: 30 81 90 06 03 55 1D 23 04 81 88 30 81 85 80 14 0....U.#...0....
0680: D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 2C .."............,
0690: E3 AA 0C 2E A1 6A A4 68 30 66 31 0B 30 09 06 03 .....j.h0f1.0...
06A0: 55 04 06 13 02 49 45 31 0E 30 0C 06 03 55 04 08 U....IE1.0...U..
06B0: 13 05 63 6C 61 72 65 31 10 30 0E 06 03 55 04 07 ..clare1.0...U..
06C0: 13 07 73 68 61 6E 6E 6F 6E 31 11 30 0F 06 03 55 ..shannon1.0...U
06D0: 04 0A 13 08 74 65 63 6E 6F 6D 65 6E 31 0C 30 0A ....tecnomen1.0.
06E0: 06 03 55 04 0B 13 03 64 61 64 31 14 30 12 06 03 ..U....dad1.0...
06F0: 55 04 03 13 0B 74 65 63 6E 6F 6D 65 6E 20 63 61 U....tecnomen ca
0700: 82 01 00 30 0C 06 03 55 1D 13 04 05 30 03 01 01 ...0...U....0...
0710: FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 .0...*.H........
0720: 03 81 81 00 4A EC C3 08 97 C3 C9 D3 E4 56 DA C1 ....J........V..
0730: 11 FF D7 36 7D F0 2A E0 C2 B4 D9 86 6E 94 6D 52 ...6..*.....n.mR
0740: 50 4C CF E2 A1 C2 63 F1 95 CE 61 5C 76 4C 6D C0 PL....c...a\vLm.
0750: A9 C5 50 66 1C D1 B3 1D 02 EE B2 EB C0 DC F5 ED ..Pf............
0760: B1 32 A1 0F F1 94 29 CD 37 11 BC 3B 90 85 BD BE .2....).7..;....
0770: 1F A8 39 44 5E BC 1C 6F 21 65 DD 9C 1F 98 0A 07 ..9D^..o!e......
0780: 88 4C F1 CE 46 1D 8F 73 40 F5 52 E0 C4 88 A7 00 .L..F..s@.R.....
0790: EA EE 20 E6 05 5D A1 3C DF 5D C4 F9 EF 86 8B 3C .. ..].<.].....<
07A0: C9 D6 99 3F 0C 00 01 38 00 81 00 F4 88 FD 58 4E ...?...8......XN
07B0: 49 DB CD 20 B4 9D E4 91 07 36 6B 33 6C 38 0D 45 I.. .....6k3l8.E
07C0: 1D 0F 7C 88 B3 1C 7C 5B 2D 8E F6 F3 C9 23 C0 43 .......[-....#.C
07D0: F0 A5 5B 18 8D 8E BB 55 8C B8 5D 38 D3 34 FD 7C ..[....U..]8.4..
07E0: 17 57 43 A3 1D 18 6C DE 33 21 2C B5 2A FF 3C E1 .WC...l.3!,.*.<.
07F0: B1 29 40 18 11 8D 7C 84 A7 0A 72 D6 86 C4 03 19 .)@.......r.....
0800: C8 07 29 7A CA 95 0C D9 96 9F AB D0 0A 50 9B 02 ..)z.........P..
0810: 46 D3 08 3D 66 A4 5D 41 9F 9C 7C BD 89 4B 22 19 F..=f.]A.....K".
0820: 26 BA AB A2 5E C3 55 E9 2F 78 C7 00 01 02 00 80 &...^.U./x......
0830: 3E 59 9B 81 68 37 8D 4D D1 82 34 0B D9 D9 CA 10 >Y..h7.M..4.....
0840: 45 50 73 58 3E 95 01 10 AB FD 0C 49 59 EF 99 2C EPsX>......IY..,
0850: 65 2C 1E 18 09 0C BC 0E BF 4A 93 BD 51 BB 06 2D e,.......J..Q..-
0860: C1 23 6E 1E 54 37 90 66 55 40 B3 5D 4E 42 15 A5 .#n.T7.fU@.]NB..
0870: 20 FE 1D 7E 18 75 A9 21 ED 1E DD 13 A8 CE 1D D8 ....u.!........
0880: 78 AA 79 60 BA 32 6F 1E CB 47 EE 3C B9 17 73 47 x.y`.2o..G.<..sG
0890: 59 36 8A 73 C7 61 72 8B 84 7D F3 12 42 8A 00 52 Y6.s.ar.....B..R
08A0: 73 6C 5D 43 63 FC 58 65 D6 67 21 1B 4A 74 F4 4F sl]Cc.Xe.g!.Jt.O
08B0: 00 2E 30 2C 02 14 5C 63 BD 47 6C D0 A1 62 98 1F ..0,..\c.Gl..b..
08C0: FB 4D 5D EA BE 1B AB 2E 42 64 02 14 5B 9E 4D D5 .M].....Bd..[.M.
08D0: 5D 25 49 A0 53 99 2C B8 8B 5F A9 BF 90 B0 24 63 ]%I.S.,.._....$c
08E0: 0E 00 00 00 ....
HttpProcessor[443][4], WRITE: SSL v3.0 Handshake, length = 2276
-----Original Message-----
From: Bodycombe, Andrew [mailto:andrew.bodycombe@siemens.com]
Sent: 12 December 2002 14:58
To: 'Donie Kelly '; ''Tomcat Users List' '
Subject: RE: Creating a signed SSL certificate with my own CA
You can turn SSL debugging by setting the following environment variable
CATALINA_OPTS="-Djavax.net.debug=ALL"
Then, restart tomcat. You will then see much more info in the log.
This might help you to debug your problem.
Andy.
-----Original Message-----
From: Donie Kelly
To: 'Tomcat Users List'
Sent: 12/12/2002 14:11
Subject: RE: Creating a signed SSL certificate with my own CA
Just to clarify, when I try to connect via SSL the SSL Handshake fails.
Donie
-----Original Message-----
From: Donie Kelly [mailto:donie.kelly@tecnomen.ie]
Sent: 12 December 2002 12:08
To: 'Tomcat Users List'
Subject: Creating a signed SSL certificate with my own CA
Hi all
I'm really stuck here and I'd appreciate some help. To summarise, I've
followed the instructions below to generate a CA key so that I can sign
my
own certificates for use with tomcat. The instructions below work and
the
ca.crt and client.crs.der certs that pop out are viewable in IE. If I
import
the CA key it shows the client.crs.der key with the CA above. Everything
looks great.
Then I use the testkeys with tomcat
<Connector
className="org.apache.catalina.connector.http.HttpConnector"
address="192.168.1.4" port="443" enableLookups="true" scheme="https"
secure="true">
<Factory
className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"
keystoreFile="c:\tomcat4.0\conf\testkeys"
keystorePass="changeit" />
</Connector>
Now when I try to connect with SLL from IE it just shows
Cannot find server or DNS Error
What am I doing wrong? Are the certs I am creating suitable for SLL with
Tomcat. I'd really appreciate some help.
Donie
PS: Instructions from
http://www.ddj.com/documents/s=870/ddj0102a/0102a.htm
Certificate Authority
In a nutshell, what I'm suggesting is that you create your own
Certificate
Authority (CA) to sign your keys. This gets complicated because nothing
in
the Java Development Kit or JSSE lets you set up a CA and sign keys. You
have to go elsewhere for tools to do this. I chose to go with the
OpenSSL
toolkit (http://www.openssl.org/) running on Linux. There are toolsets
available from other vendors and platforms, however. If you choose to
use a
different toolset, you will just have to substitute the appropriate
commands; the theory is the same no matter what.
First, you need to generate your CA's key. That key is used to sign all
the
other application keys. The OpenSSL toolkit comes configured to setup a
CA
from whatever directory you start it in. This means that you need to use
all
the CA commands from the same directory. In the sample code, you'll find
the
CA directory that I used to generate the CA key and sign all the
application
keys:
1.Generate the CA key
$ openssl genrsa -rand -des -out ca.key 1024
2.Create a self signed certificate
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
You are prompted for location information for the certificate. Enter
whatever you want, but make sure you enter something for each field:
3.Setup the OpenSSL CA tools
$ mkdir demoCA
$ mkdir demoCA/newcerts
$ touch demoCA/index.txt
$ cp ca.crt demoCA/
$ echo "01" > demoCA/serial
You now can create the client application's key store and export its
public
key so your CA can sign it. You can enter whatever you want for all the
location information, but again make sure you enter something - standard
alphanumeric characters and spaces, but no underscores or other special
characters - for every field:
4.Create a new key store for the client application
$ keytool -keystore testkeys -genkey - alias client
When prompted, enter passphrase for the password to use this keystore
with
the sample applications.
5.Export the client's public key
$ keytool -keystore testkeys -certreq -alias client -file client.crs
6.Sign the client's key with our CA key
$ openssl ca -config /etc/openssl.cnf -in client.crs -out client.crs.pem
-keyfile ca.key -cert ca.crt
At this point, you should have a file called "client.crs.pem," which is
the
signed public key. It needs to be converted to a format suitable for the
JDK's keytool command, and then imported into the testkeys keystore:
7.Convert to DER format
$ openssl x509 -in client.crs.pem -out client.crs.der -outform DER
8.Import CA certificate into client's key store
$ keytool -keystore testkeys -alias jsse_article_ca -import -file ca.crt
9.Import signed key into client's key store
$ keytool -keystore testkeys -alias client -import -file client.crs.der
Step 8 must be completed so that the keytool command agrees to import
the
signed key. While importing the signed key, keytool checks the
signatories
to ensure that their signatures can be validated. They can be validated
if
their public keys are in the key store.
Once you have completed all of these steps, move the testkeys key store
to
the client directory. Start over with step 4 and create a key store for
the
server process. Just substitute "server" everywhere you see "client."
Make
sure you enter something different in one of the location fields
(organizational unit would be a good choice).
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>