You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Cédric Chantepie (JIRA)" <ji...@apache.org> on 2012/11/16 22:35:12 UTC
[jira] [Created] (HTTPCLIENT-1262) Weird SSL issue (PKIX path
building failed) [www.popcornopolis.com]
Cédric Chantepie created HTTPCLIENT-1262:
--------------------------------------------
Summary: Weird SSL issue (PKIX path building failed) [www.popcornopolis.com]
Key: HTTPCLIENT-1262
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient
Affects Versions: 3.1 Final
Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
Reporter: Cédric Chantepie
Priority: Blocker
Try to request some HTTPS websites, we get 'PKIX path building failed' error.
Seems it's about intermediate/chain certificate.
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at Test.main(Test.java:22)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Cédric Chantepie (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499490#comment-13499490 ]
Cédric Chantepie commented on HTTPCLIENT-1262:
----------------------------------------------
Thanks for your advices. Best.
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski updated HTTPCLIENT-1262:
------------------------------------------
Priority: Trivial (was: Blocker)
Please provide a complete SSL debug log of the session [1] and your SSL configuration.
Oleg
[1] http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Sebb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499576#comment-13499576 ]
Sebb commented on HTTPCLIENT-1262:
----------------------------------
I may be missing something here, but browsers have their own lists of CAs, which may not be the same as the CAs used by the Java installation.
In which case maybe the problem is that Java does not have the required CA?
Similarly for wget and curl.
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Cédric Chantepie (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cédric Chantepie updated HTTPCLIENT-1262:
-----------------------------------------
Component/s: HttpAuth
Summary: Weird SSL issue (peer not authenticated) [www.popcornopolis.com] (was: Weird SSL issue (PKIX path building failed) [www.popcornopolis.com])
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Blocker
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Cédric Chantepie (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499452#comment-13499452 ]
Cédric Chantepie commented on HTTPCLIENT-1262:
----------------------------------------------
FYI wget also has trouble with those kind of sites, whereas curl 'accepts' it, like https://github.com/AsyncHttpClient/async-http-client .
Following is SSL debug log:
adding as trusted cert:
Subject: CN=Secure Global CA, O=SecureTrust Corporation, C=US
Issuer: CN=Secure Global CA, O=SecureTrust Corporation, C=US
Algorithm: RSA; Serial number: 0x75622a4e8d48a894df413c8f0f8eaa5
Valid from Tue Nov 07 20:42:28 CET 2006 until Mon Dec 31 20:52:06 CET 2029
adding as trusted cert:
Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 01:00:00 CET 1996 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=Buypass Class 2 CA 1, O=Buypass AS-983163327, C=NO
Issuer: CN=Buypass Class 2 CA 1, O=Buypass AS-983163327, C=NO
Algorithm: RSA; Serial number: 0x1
Valid from Fri Oct 13 12:25:09 CEST 2006 until Thu Oct 13 12:25:09 CEST 2016
adding as trusted cert:
Subject: CN=Belgium Root CA2, C=BE
Issuer: CN=Belgium Root CA2, C=BE
Algorithm: RSA; Serial number: 0x2affbe9fa2f0e987
Valid from Thu Oct 04 12:00:00 CEST 2007 until Wed Dec 15 09:00:00 CET 2021
adding as trusted cert:
Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Thu Aug 01 02:00:00 CEST 1996 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: OU=Trustis FPS Root CA, O=Trustis Limited, C=GB
Issuer: OU=Trustis FPS Root CA, O=Trustis Limited, C=GB
Algorithm: RSA; Serial number: 0x1b1fadb620f924d3366bf7c7f18ca059
Valid from Tue Dec 23 13:14:06 CET 2003 until Sun Jan 21 12:36:54 CET 2024
adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 12:44:50 CEST 2000 until Sat May 30 12:44:50 CEST 2020
adding as trusted cert:
Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Algorithm: RSA; Serial number: 0x1
Valid from Sun Sep 17 21:46:36 CEST 2006 until Wed Sep 17 21:46:36 CEST 2036
adding as trusted cert:
Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x3ab6508b
Valid from Mon Mar 19 19:33:33 CET 2001 until Wed Mar 17 19:33:33 CET 2021
adding as trusted cert:
Subject: CN=Echoworx Root CA2, OU=Certification Services, O=Echoworx Corporation, L=Toronto, ST=Ontario, C=CA
Issuer: CN=Echoworx Root CA2, OU=Certification Services, O=Echoworx Corporation, L=Toronto, ST=Ontario, C=CA
Algorithm: RSA; Serial number: 0x0
Valid from Thu Oct 06 12:49:13 CEST 2005 until Mon Oct 07 12:49:13 CEST 2030
adding as trusted cert:
Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
Algorithm: EC; Serial number: 0x7497258ac73f7a54
Valid from Fri Jan 29 15:20:24 CET 2010 until Mon Dec 31 15:20:24 CET 2040
adding as trusted cert:
Subject: CN=SecureSign RootCA11, O="Japan Certification Services, Inc.", C=JP
Issuer: CN=SecureSign RootCA11, O="Japan Certification Services, Inc.", C=JP
Algorithm: RSA; Serial number: 0x1
Valid from Wed Apr 08 06:56:47 CEST 2009 until Sun Apr 08 06:56:47 CEST 2029
adding as trusted cert:
Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad
Valid from Mon Nov 01 18:14:04 CET 2004 until Mon Jan 01 06:37:19 CET 2035
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Mon Jun 21 06:00:00 CEST 1999 until Sun Jun 21 06:00:00 CEST 2020
adding as trusted cert:
Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x7777062726a9b17c
Valid from Fri Jan 29 15:06:06 CET 2010 until Tue Dec 31 15:06:06 CET 2030
adding as trusted cert:
Subject: CN=AdminCA-CD-T01, OU=Certification Authorities, OU=Services, O=admin, C=CH
Issuer: CN=AdminCA-CD-T01, OU=Certification Authorities, OU=Services, O=admin, C=CH
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jan 25 14:36:19 CET 2006 until Mon Jan 25 13:36:19 CET 2016
adding as trusted cert:
Subject: CN=UCA Root, O=UniTrust, C=CN
Issuer: CN=UCA Root, O=UniTrust, C=CN
Algorithm: RSA; Serial number: 0x9
Valid from Thu Jan 01 01:00:00 CET 2004 until Mon Dec 31 01:00:00 CET 2029
adding as trusted cert:
Subject: CN=Cisco Root CA 2048, O=Cisco Systems
Issuer: CN=Cisco Root CA 2048, O=Cisco Systems
Algorithm: RSA; Serial number: 0x5ff87b282b54dc8d42a315b568c9adff
Valid from Fri May 14 22:17:12 CEST 2004 until Mon May 14 22:25:42 CEST 2029
adding as trusted cert:
Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x123df0e7da2a2247a43889e08aeec967
Valid from Mon Jan 01 01:00:00 CET 1996 until Sat Jan 02 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=A-Trust-nQual-03, OU=A-Trust-nQual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT
Issuer: CN=A-Trust-nQual-03, OU=A-Trust-nQual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT
Algorithm: RSA; Serial number: 0x16c1e
Valid from Thu Aug 18 00:00:00 CEST 2005 until Tue Aug 18 00:00:00 CEST 2015
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA III, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA III, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x632500010002148d331502e46cf4
Valid from Wed Sep 09 10:15:27 CEST 2009 until Tue Jan 01 00:59:59 CET 2030
adding as trusted cert:
Subject: CN=Juur-SK, O=AS Sertifitseerimiskeskus, C=EE, EMAILADDRESS=pki@sk.ee
Issuer: CN=Juur-SK, O=AS Sertifitseerimiskeskus, C=EE, EMAILADDRESS=pki@sk.ee
Algorithm: RSA; Serial number: 0x3b8e4bfc
Valid from Thu Aug 30 16:23:01 CEST 2001 until Fri Aug 26 16:23:01 CEST 2016
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 20:46:00 CEST 2000 until Tue May 13 01:59:00 CEST 2025
adding as trusted cert:
Subject: CN=T?B?TAK UEKAE K?k Sertifika Hizmet Sa?lay?c?s? - S?r?m 3, OU=Kamu Sertifikasyon Merkezi, OU=Ulusal Elektronik ve Kriptoloji Ara?t?rma Enstit?s? - UEKAE, O=T?rkiye Bilimsel ve Teknolojik Ara?t?rma Kurumu - T?B?TAK, L=Gebze - Kocaeli, C=TR
Issuer: CN=T?B?TAK UEKAE K?k Sertifika Hizmet Sa?lay?c?s? - S?r?m 3, OU=Kamu Sertifikasyon Merkezi, OU=Ulusal Elektronik ve Kriptoloji Ara?t?rma Enstit?s? - UEKAE, O=T?rkiye Bilimsel ve Teknolojik Ara?t?rma Kurumu - T?B?TAK, L=Gebze - Kocaeli, C=TR
Algorithm: RSA; Serial number: 0x11
Valid from Fri Aug 24 13:37:07 CEST 2007 until Mon Aug 21 13:37:07 CEST 2017
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd
Valid from Mon Jan 29 01:00:00 CET 1996 until Thu Aug 03 01:59:59 CEST 2028
adding as trusted cert:
Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d
Valid from Mon Dec 20 03:31:27 CET 2004 until Wed Dec 20 03:31:27 CET 2034
adding as trusted cert:
Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU
Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU
Algorithm: RSA; Serial number: 0x69
Valid from Thu Feb 25 15:10:22 CET 1999 until Wed Feb 20 15:10:22 CET 2019
adding as trusted cert:
Subject: CN=Buypass Class 3 CA 1, O=Buypass AS-983163327, C=NO
Issuer: CN=Buypass Class 3 CA 1, O=Buypass AS-983163327, C=NO
Algorithm: RSA; Serial number: 0x2
Valid from Mon May 09 16:13:03 CEST 2005 until Sat May 09 16:13:03 CEST 2015
adding as trusted cert:
Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x509
Valid from Fri Nov 24 19:27:00 CET 2006 until Mon Nov 24 19:23:33 CET 2031
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863def8
Valid from Fri Dec 24 18:50:51 CET 1999 until Tue Jul 24 16:15:12 CEST 2029
adding as trusted cert:
Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
Valid from Thu Mar 23 15:10:23 CET 2006 until Wed Dec 31 23:59:59 CET 2025
adding as trusted cert:
Subject: CN=Trusted Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=Trusted Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Thu Jan 01 01:00:00 CET 2004 until Mon Jan 01 00:59:59 CET 2029
adding as trusted cert:
Subject: EMAILADDRESS=ca@SwissSign.com, CN=SwissSign CA (RSA IK May 6 1999 18:00:58), O=SwissSign, C=CH
Issuer: EMAILADDRESS=ca@SwissSign.com, CN=SwissSign CA (RSA IK May 6 1999 18:00:58), O=SwissSign, C=CH
Algorithm: RSA; Serial number: 0x610c279ab773df2
Valid from Mon Nov 27 00:27:41 CET 2000 until Thu Nov 27 00:27:41 CET 2031
adding as trusted cert:
Subject: CN=DST Root CA X4, O=Digital Signature Trust Co.
Issuer: CN=DST Root CA X4, O=Digital Signature Trust Co.
Algorithm: RSA; Serial number: 0xd01e46500000298c0000000200000002
Valid from Wed Sep 13 08:22:50 CEST 2000 until Sun Sep 13 08:22:50 CEST 2020
adding as trusted cert:
Subject: O=(c) 2005 T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., L=ANKARA, C=TR, CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?
Issuer: O=(c) 2005 T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?., L=ANKARA, C=TR, CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?
Algorithm: RSA; Serial number: 0x1
Valid from Fri May 13 12:27:17 CEST 2005 until Sun Mar 22 11:27:17 CET 2015
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=Izenpe.com, O=IZENPE S.A., C=ES
Issuer: CN=Izenpe.com, O=IZENPE S.A., C=ES
Algorithm: RSA; Serial number: 0x6e846272f1f0a8fd1845ce369f6d5
Valid from Thu Dec 13 14:08:27 CET 2007 until Sun Dec 13 09:27:25 CET 2037
adding as trusted cert:
Subject: CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x4e812d8a8265e00b02ee3e350246e53d
Valid from Fri Dec 01 01:00:00 CET 2006 until Tue Jan 01 00:59:59 CET 2030
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Mon Jan 29 01:00:00 CET 1996 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: OU=RSA Security 2048 V3, O=RSA Security Inc
Issuer: OU=RSA Security 2048 V3, O=RSA Security Inc
Algorithm: RSA; Serial number: 0xa0101010000027c0000000a00000002
Valid from Thu Feb 22 21:39:23 CET 2001 until Sun Feb 22 21:39:23 CET 2026
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
Valid from Wed Mar 22 16:54:28 CET 2006 until Wed Dec 31 23:59:59 CET 2025
adding as trusted cert:
Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Thu Aug 01 02:00:00 CEST 1996 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN
Issuer: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN
Algorithm: RSA; Serial number: 0x489f0001
Valid from Tue Aug 31 09:11:25 CEST 2010 until Sat Aug 31 09:11:25 CEST 2030
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Fri Nov 10 01:00:00 CET 2006 until Mon Nov 10 01:00:00 CET 2031
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 02:19:54 CEST 1999 until Wed Jun 26 02:19:54 CEST 2019
adding as trusted cert:
Subject: CN=A-Trust-Qual-02, OU=A-Trust-Qual-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT
Issuer: CN=A-Trust-Qual-02, OU=A-Trust-Qual-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT
Algorithm: RSA; Serial number: 0xe248
Valid from Fri Dec 03 00:00:00 CET 2004 until Wed Dec 03 00:00:00 CET 2014
adding as trusted cert:
Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
Valid from Wed Jul 07 19:05:00 CEST 1999 until Sun Jul 07 01:59:59 CEST 2019
adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 12:48:38 CEST 2000 until Sat May 30 12:48:38 CEST 2020
adding as trusted cert:
Subject: CN=NetLock Arany (Class Gold) F?tan?s?tv?ny, OU=Tan?s?tv?nykiad?k (Certification Services), O=NetLock Kft., L=Budapest, C=HU
Issuer: CN=NetLock Arany (Class Gold) F?tan?s?tv?ny, OU=Tan?s?tv?nykiad?k (Certification Services), O=NetLock Kft., L=Budapest, C=HU
Algorithm: RSA; Serial number: 0x49412ce40010
Valid from Thu Dec 11 16:08:21 CET 2008 until Wed Dec 06 16:08:21 CET 2028
adding as trusted cert:
Subject: CN=A-Trust-nQual-01, OU=A-Trust-nQual-01, O=A-Trust, C=AT
Issuer: CN=A-Trust-nQual-01, OU=A-Trust-nQual-01, O=A-Trust, C=AT
Algorithm: RSA; Serial number: 0xe242
Valid from Wed Dec 01 00:00:00 CET 2004 until Mon Dec 01 00:00:00 CET 2014
adding as trusted cert:
Subject: CN=KISA RootCA 1, OU=Korea Certification Authority Central, O=KISA, C=KR
Issuer: CN=KISA RootCA 1, OU=Korea Certification Authority Central, O=KISA, C=KR
Algorithm: RSA; Serial number: 0x4
Valid from Wed Aug 24 10:05:46 CEST 2005 until Sun Aug 24 10:05:46 CEST 2025
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 18:41:51 CEST 1998 until Wed Aug 22 18:41:51 CEST 2018
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 06:00:00 CEST 1999 until Sun Jun 21 06:00:00 CEST 2020
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 19:39:16 CEST 2004 until Thu Jun 29 19:39:16 CEST 2034
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US
Issuer: CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US
Algorithm: RSA; Serial number: 0x2
Valid from Tue Apr 25 23:40:36 CEST 2006 until Fri Feb 09 22:40:36 CET 2035
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Fri Nov 10 01:00:00 CET 2006 until Mon Nov 10 01:00:00 CET 2031
adding as trusted cert:
Subject: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
Issuer: CN=CertiNomis, OU=AC Racine - Root CA, O=CertiNomis, C=FR
Algorithm: RSA; Serial number: 0x30303030393733373537333836303030
Valid from Thu Nov 09 01:00:00 CET 2000 until Fri Nov 09 01:00:00 CET 2012
adding as trusted cert:
Subject: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA CLASE3 Certification Authority, OU=IPS CA CLASE3 Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Issuer: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA CLASE3 Certification Authority, OU=IPS CA CLASE3 Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Algorithm: RSA; Serial number: 0x0
Valid from Mon Dec 31 12:19:31 CET 2001 until Mon Dec 29 12:19:31 CET 2025
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 3 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 3 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 02:22:33 CEST 1999 until Wed Jun 26 02:22:33 CEST 2019
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x40000000001154b5ac394
Valid from Tue Sep 01 14:00:00 CEST 1998 until Fri Jan 28 13:00:00 CET 2028
adding as trusted cert:
Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x5c6
Valid from Fri Nov 24 20:11:23 CET 2006 until Mon Nov 24 20:06:44 CET 2031
adding as trusted cert:
Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x4005b253a01a46435009818f121076ec
Valid from Mon Jan 01 01:00:00 CET 1996 until Sat Jan 02 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Algorithm: RSA; Serial number: 0x10020
Valid from Tue Jun 11 12:46:39 CEST 2002 until Fri Jun 11 12:46:39 CEST 2027
adding as trusted cert:
Subject: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA Timestamping Certification Authority, OU=IPS CA Timestamping Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Issuer: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA Timestamping Certification Authority, OU=IPS CA Timestamping Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Algorithm: RSA; Serial number: 0x0
Valid from Mon Dec 31 12:26:43 CET 2001 until Mon Dec 29 12:26:43 CET 2025
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 09:00:00 CET 2006 until Wed Dec 15 09:00:00 CET 2021
adding as trusted cert:
Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, ST=Hungary, C=HU
Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, ST=Hungary, C=HU
Algorithm: RSA; Serial number: 0x103
Valid from Thu Feb 25 00:14:47 CET 1999 until Wed Feb 20 00:14:47 CET 2019
adding as trusted cert:
Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954
Valid from Thu Aug 01 02:00:00 CEST 1996 until Sat Jan 02 00:59:59 CET 2021
adding as trusted cert:
Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0xd8e1512e1acbb778d38e324df8c30f2
Valid from Mon Jan 01 01:00:00 CET 1996 until Sat Jan 02 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 18:13:43 CEST 2003 until Wed Sep 30 18:13:44 CEST 2037
adding as trusted cert:
Subject: CN=AOL Time Warner Root Certification Authority 1, OU=America Online Inc., O=AOL Time Warner Inc., C=US
Issuer: CN=AOL Time Warner Root Certification Authority 1, OU=America Online Inc., O=AOL Time Warner Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Wed May 29 08:00:00 CEST 2002 until Fri Nov 20 16:03:00 CET 2037
adding as trusted cert:
Subject: CN=A-Trust-Qual-01, OU=A-Trust-Qual-01, O=A-Trust Ges. f?r Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT
Issuer: CN=A-Trust-Qual-01, OU=A-Trust-Qual-01, O=A-Trust Ges. f?r Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT
Algorithm: RSA; Serial number: 0xe243
Valid from Wed Dec 01 00:00:00 CET 2004 until Mon Dec 01 00:00:00 CET 2014
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xaba1e006232e8b436265d1f7ccd8966
Valid from Mon Jan 29 01:00:00 CET 1996 until Thu Aug 03 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=Wells Fargo Root Certificate Authority, OU=Wells Fargo Certification Authority, O=Wells Fargo, C=US
Issuer: CN=Wells Fargo Root Certificate Authority, OU=Wells Fargo Certification Authority, O=Wells Fargo, C=US
Algorithm: RSA; Serial number: 0x39e4979e
Valid from Wed Oct 11 18:41:28 CEST 2000 until Thu Jan 14 17:41:28 CET 2021
adding as trusted cert:
Subject: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK
Issuer: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK
Algorithm: RSA; Serial number: 0x3e8
Valid from Thu May 15 07:13:14 CEST 2003 until Mon May 15 06:52:29 CEST 2023
adding as trusted cert:
Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 01:00:00 CET 1996 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: OU=FNMT Clase 2 CA, O=FNMT, C=ES
Issuer: OU=FNMT Clase 2 CA, O=FNMT, C=ES
Algorithm: RSA; Serial number: 0x36f11b19
Valid from Thu Mar 18 15:56:19 CET 1999 until Mon Mar 18 16:26:19 CET 2019
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
Valid from Wed Nov 08 01:00:00 CET 2006 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 06:00:00 CEST 2002 until Sat May 21 06:00:00 CEST 2022
adding as trusted cert:
Subject: CN=Admin-Root-CA, OU=Certification Authorities, OU=Services, O=admin, C=ch
Issuer: CN=Admin-Root-CA, OU=Certification Authorities, OU=Services, O=admin, C=ch
Algorithm: RSA; Serial number: 0x3bf381d0
Valid from Thu Nov 15 09:51:07 CET 2001 until Wed Nov 10 08:51:07 CET 2021
adding as trusted cert:
Subject: EMAILADDRESS=info@a-cert.at, CN=A-CERT ADVANCED, OU=A-CERT Certification Service, O=ARGE DATEN - Austrian Society for Data Protection, L=Vienna, ST=Austria, C=AT
Issuer: EMAILADDRESS=info@a-cert.at, CN=A-CERT ADVANCED, OU=A-CERT Certification Service, O=ARGE DATEN - Austrian Society for Data Protection, L=Vienna, ST=Austria, C=AT
Algorithm: RSA; Serial number: 0x0
Valid from Sat Oct 23 16:14:14 CEST 2004 until Sun Oct 23 16:14:14 CEST 2011
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Mon Jan 29 01:00:00 CET 1996 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 12:49:13 CEST 2001 until Tue Apr 06 12:49:13 CEST 2021
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 19:06:20 CEST 2004 until Thu Jun 29 19:06:20 CEST 2034
adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 20:10:42 CEST 1999 until Tue Jul 09 20:19:22 CEST 2019
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 19:28:50 CEST 1999 until Tue Jul 09 19:36:58 CEST 2019
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
Valid from Mon Nov 27 01:00:00 CET 2006 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=KISA RootCA 3, OU=Korea Certification Authority Central, O=KISA, C=KR
Issuer: CN=KISA RootCA 3, OU=Korea Certification Authority Central, O=KISA, C=KR
Algorithm: RSA; Serial number: 0x2
Valid from Fri Nov 19 07:39:51 CET 2004 until Wed Nov 19 07:39:51 CET 2014
adding as trusted cert:
Subject: CN=CA Disig, O=Disig a.s., L=Bratislava, C=SK
Issuer: CN=CA Disig, O=Disig a.s., L=Bratislava, C=SK
Algorithm: RSA; Serial number: 0x1
Valid from Wed Mar 22 02:39:34 CET 2006 until Tue Mar 22 02:39:34 CET 2016
adding as trusted cert:
Subject: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Algorithm: RSA; Serial number: 0x5c0b855c0be75941df57cc3f7f9da836
Valid from Thu Aug 18 14:06:20 CEST 2005 until Tue Aug 19 00:06:20 CEST 2025
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 08:00:00 CEST 2002 until Thu Nov 19 21:43:00 CET 2037
adding as trusted cert:
Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Fri May 29 07:00:39 CEST 2009 until Tue May 29 07:00:39 CEST 2029
adding as trusted cert:
Subject: CN=WellsSecure Public Root Certificate Authority, OU=Wells Fargo Bank NA, O=Wells Fargo WellsSecure, C=US
Issuer: CN=WellsSecure Public Root Certificate Authority, OU=Wells Fargo Bank NA, O=Wells Fargo WellsSecure, C=US
Algorithm: RSA; Serial number: 0x1
Valid from Thu Dec 13 18:07:54 CET 2007 until Wed Dec 14 01:07:54 CET 2022
adding as trusted cert:
Subject: CN=DST Root CA X3, O=Digital Signature Trust Co.
Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co.
Algorithm: RSA; Serial number: 0x44afb080d6a327ba893039862ef8406b
Valid from Sat Sep 30 23:12:19 CEST 2000 until Thu Sep 30 16:01:15 CEST 2021
adding as trusted cert:
Subject: CN=UTN-USERFirst-Network Applications, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Network Applications, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336304bc03377
Valid from Fri Jul 09 20:48:39 CEST 1999 until Tue Jul 09 20:57:49 CEST 2019
adding as trusted cert:
Subject: O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?. (c) Aral?k 2007, L=Ankara, C=TR, CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?
Issuer: O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?. (c) Aral?k 2007, L=Ankara, C=TR, CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?
Algorithm: RSA; Serial number: 0x1
Valid from Tue Dec 25 19:37:19 CET 2007 until Fri Dec 22 19:37:19 CET 2017
adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 20:31:20 CEST 1999 until Tue Jul 09 20:40:36 CEST 2019
adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 20:57:21 CEST 1999 until Mon Jun 24 21:06:30 CEST 2019
adding as trusted cert:
Subject: CN=Common Policy, OU=FBCA, O=U.S. Government, C=us
Issuer: CN=Common Policy, OU=FBCA, O=U.S. Government, C=us
Algorithm: RSA; Serial number: 0x293647aae38aac864a2356f2cab761af
Valid from Mon Oct 15 17:58:00 CEST 2007 until Fri Oct 15 18:08:00 CEST 2027
adding as trusted cert:
Subject: CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x4a4700010002e5a05dd63f0051bf
Valid from Thu Jan 12 15:41:57 CET 2006 until Wed Dec 31 23:59:59 CET 2025
adding as trusted cert:
Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
Algorithm: RSA; Serial number: 0x2d
Valid from Sun Sep 17 21:46:37 CEST 2006 until Wed Sep 17 21:46:36 CEST 2036
adding as trusted cert:
Subject: CN=VeriSign Class 4 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 4 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xeca0a78b6e756a01cfc47ccc2f945ed7
Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 10:36:00 CEST 2006 until Sat Oct 25 10:36:00 CEST 2036
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x20000000000d678b79405
Valid from Tue Sep 01 14:00:00 CEST 1998 until Tue Jan 28 13:00:00 CET 2014
adding as trusted cert:
Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US
Issuer: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US
Algorithm: RSA; Serial number: 0x5
Valid from Mon Dec 13 16:00:10 CET 2004 until Wed Dec 05 16:00:10 CET 2029
adding as trusted cert:
Subject: CN=AddTrust Public CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Public CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 12:41:50 CEST 2000 until Sat May 30 12:41:50 CEST 2020
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 00:23:48 CEST 1999 until Wed Jun 26 00:23:48 CEST 2019
adding as trusted cert:
Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
Valid from Fri Nov 17 01:00:00 CET 2006 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=DST ACES CA X6, OU=DST ACES, O=Digital Signature Trust, C=US
Issuer: CN=DST ACES CA X6, OU=DST ACES, O=Digital Signature Trust, C=US
Algorithm: RSA; Serial number: 0xd5e990ad69db778ecd807563b8615d9
Valid from Thu Nov 20 22:19:58 CET 2003 until Mon Nov 20 22:19:58 CET 2017
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
Algorithm: RSA; Serial number: 0x456b5054
Valid from Mon Nov 27 21:23:42 CET 2006 until Fri Nov 27 21:53:42 CET 2026
adding as trusted cert:
Subject: CN=Federal Common Policy CA, OU=FPKI, O=U.S. Government, C=US
Issuer: CN=Federal Common Policy CA, OU=FPKI, O=U.S. Government, C=US
Algorithm: RSA; Serial number: 0x130
Valid from Wed Dec 01 17:45:27 CET 2010 until Sun Dec 01 17:45:27 CET 2030
adding as trusted cert:
Subject: OU=ApplicationCA, O=Japanese Government, C=JP
Issuer: OU=ApplicationCA, O=Japanese Government, C=JP
Algorithm: RSA; Serial number: 0x31
Valid from Wed Dec 12 16:00:00 CET 2007 until Tue Dec 12 16:00:00 CET 2017
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 08:00:00 CEST 2002 until Tue Sep 29 16:08:00 CEST 2037
adding as trusted cert:
Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
Valid from Wed Oct 25 10:32:46 CEST 2006 until Sat Oct 25 10:32:46 CEST 2036
adding as trusted cert:
Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Wed Jun 06 04:12:32 CEST 2007 until Sat Jun 06 04:12:32 CEST 2037
adding as trusted cert:
Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
Valid from Wed Oct 25 10:30:35 CEST 2006 until Sat Oct 25 10:30:35 CEST 2036
adding as trusted cert:
Subject: CN=TDC OCES CA, O=TDC, C=DK
Issuer: CN=TDC OCES CA, O=TDC, C=DK
Algorithm: RSA; Serial number: 0x3e48bdc4
Valid from Tue Feb 11 09:39:30 CET 2003 until Wed Feb 11 10:09:30 CET 2037
adding as trusted cert:
Subject: CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Issuer: CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 18:14:18 CEST 2003 until Wed Sep 30 18:14:18 CEST 2037
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Thu Aug 13 02:29:00 CEST 1998 until Tue Aug 14 01:59:00 CEST 2018
adding as trusted cert:
Subject: CN=Secure Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=Secure Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Thu Jan 01 01:00:00 CET 2004 until Mon Jan 01 00:59:59 CET 2029
adding as trusted cert:
Subject: EMAILADDRESS=info@netlock.hu, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU
Issuer: EMAILADDRESS=info@netlock.hu, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU
Algorithm: RSA; Serial number: 0x7b
Valid from Sun Mar 30 03:47:11 CEST 2003 until Thu Dec 15 02:47:11 CET 2022
adding as trusted cert:
Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 01 02:00:00 CEST 2009 until Fri Jan 01 00:59:59 CET 2038
adding as trusted cert:
Subject: OU=TDC Internet Root CA, O=TDC Internet, C=DK
Issuer: OU=TDC Internet Root CA, O=TDC Internet, C=DK
Algorithm: RSA; Serial number: 0x3acca54c
Valid from Thu Apr 05 18:33:17 CEST 2001 until Mon Apr 05 19:03:17 CEST 2021
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Mon Jan 29 01:00:00 CET 1996 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=AOL Time Warner Root Certification Authority 2, OU=America Online Inc., O=AOL Time Warner Inc., C=US
Issuer: CN=AOL Time Warner Root Certification Authority 2, OU=America Online Inc., O=AOL Time Warner Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Wed May 29 08:00:00 CEST 2002 until Tue Sep 29 01:43:00 CEST 2037
adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Fri Nov 10 01:00:00 CET 2006 until Mon Nov 10 01:00:00 CET 2031
adding as trusted cert:
Subject: CN=Apple Root Certificate Authority, OU=Apple Computer Certificate Authority, O="Apple Computer, Inc.", C=US
Issuer: CN=Apple Root Certificate Authority, OU=Apple Computer Certificate Authority, O="Apple Computer, Inc.", C=US
Algorithm: RSA; Serial number: 0x1
Valid from Thu Feb 10 01:18:14 CET 2005 until Mon Feb 10 01:18:14 CET 2025
adding as trusted cert:
Subject: CN=ECA Root CA, OU=ECA, O=U.S. Government, C=US
Issuer: CN=ECA Root CA, OU=ECA, O=U.S. Government, C=US
Algorithm: RSA; Serial number: 0xe
Valid from Mon Jun 14 12:20:09 CEST 2004 until Thu Jun 14 12:20:09 CEST 2040
adding as trusted cert:
Subject: CN=DoD CLASS 3 Root CA, OU=PKI, OU=DoD, O=U.S. Government, C=US
Issuer: CN=DoD CLASS 3 Root CA, OU=PKI, OU=DoD, O=U.S. Government, C=US
Algorithm: RSA; Serial number: 0x4
Valid from Fri May 19 15:13:00 CEST 2000 until Thu May 14 15:13:00 CEST 2020
adding as trusted cert:
Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756
Valid from Mon Nov 05 01:00:00 CET 2007 until Tue Jan 19 00:59:59 CET 2038
adding as trusted cert:
Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x34a4fff630af4ca53c331742a1946675
Valid from Thu Aug 01 02:00:00 CEST 1996 until Sat Jan 02 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=KMD-CA Kvalificeret Person, OU=KMD-CA, O=KMD, C=DK
Issuer: CN=KMD-CA Kvalificeret Person, OU=KMD-CA, O=KMD, C=DK
Algorithm: RSA; Serial number: 0x3a1b0405
Valid from Wed Nov 22 00:24:59 CET 2000 until Mon Nov 23 00:24:59 CET 2015
adding as trusted cert:
Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
Algorithm: RSA; Serial number: 0x26
Valid from Fri Jul 09 14:11:00 CEST 1999 until Wed Jul 10 01:59:00 CEST 2019
adding as trusted cert:
Subject: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA CLASEA3 Certification Authority, OU=IPS CA CLASEA3 Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Issuer: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA CLASEA3 Certification Authority, OU=IPS CA CLASEA3 Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Algorithm: RSA; Serial number: 0x0
Valid from Mon Dec 31 12:23:59 CET 2001 until Mon Dec 29 12:23:59 CET 2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 18:09:40 CEST 1999 until Sat May 25 18:39:40 CEST 2019
adding as trusted cert:
Subject: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA CLASE1 Certification Authority, OU=IPS CA CLASE1 Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Issuer: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA CLASE1 Certification Authority, OU=IPS CA CLASE1 Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Algorithm: RSA; Serial number: 0x0
Valid from Mon Dec 31 12:11:03 CET 2001 until Mon Dec 29 12:11:03 CET 2025
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 12:38:31 CEST 2000 until Sat May 30 12:38:31 CEST 2020
adding as trusted cert:
Subject: CN=Visa eCommerce Root, OU=Visa International Service Association, O=VISA, C=US
Issuer: CN=Visa eCommerce Root, OU=Visa International Service Association, O=VISA, C=US
Algorithm: RSA; Serial number: 0x1386354d1d3f06f2c1f96505d5901c62
Valid from Wed Jun 26 04:18:36 CEST 2002 until Fri Jun 24 02:16:12 CEST 2022
adding as trusted cert:
Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU
Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU
Algorithm: RSA; Serial number: 0x68
Valid from Thu Feb 25 15:08:11 CET 1999 until Wed Feb 20 15:08:11 CET 2019
adding as trusted cert:
Subject: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US
Issuer: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US
Algorithm: RSA; Serial number: 0x57cb336fc25c16e6471617e3903168e0
Valid from Fri Dec 01 01:00:00 CET 2006 until Tue Jan 01 00:59:59 CET 2030
adding as trusted cert:
Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x67c8e1e8e3be1cbdfc913b8ea6238749
Valid from Wed Jan 01 01:00:00 CET 1997 until Sat Jan 02 00:59:59 CET 2021
adding as trusted cert:
Subject: CN=CNNIC ROOT, O=CNNIC, C=CN
Issuer: CN=CNNIC ROOT, O=CNNIC, C=CN
Algorithm: RSA; Serial number: 0x49330001
Valid from Mon Apr 16 09:09:14 CEST 2007 until Fri Apr 16 09:09:14 CEST 2027
adding as trusted cert:
Subject: OID.0.9.2342.19200300.100.1.3=infoca@kmd-ca.dk, CN=KMD-CA Server, OU=KMD-CA, O=KMD, C=DK
Issuer: OID.0.9.2342.19200300.100.1.3=infoca@kmd-ca.dk, CN=KMD-CA Server, OU=KMD-CA, O=KMD, C=DK
Algorithm: RSA; Serial number: 0x3bcac952
Valid from Fri Oct 16 21:19:21 CEST 1998 until Fri Oct 12 21:19:21 CEST 2018
adding as trusted cert:
Subject: EMAILADDRESS=Info@izenpe.com, CN=Izenpe.com, L=Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz, O=IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8, C=ES
Issuer: EMAILADDRESS=Info@izenpe.com, CN=Izenpe.com, L=Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz, O=IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8, C=ES
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jan 31 00:00:00 CET 2003 until Wed Jan 31 00:00:00 CET 2018
adding as trusted cert:
Subject: O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?. (c) Kas?m 2005, L=Ankara, C=TR, CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?
Issuer: O=T?RKTRUST Bilgi ?leti?im ve Bili?im G?venli?i Hizmetleri A.?. (c) Kas?m 2005, L=Ankara, C=TR, CN=T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?
Algorithm: RSA; Serial number: 0x1
Valid from Mon Nov 07 11:07:57 CET 2005 until Wed Sep 16 12:07:57 CEST 2015
adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Thu Jan 01 01:00:00 CET 2004 until Mon Jan 01 00:59:59 CET 2029
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=Staat der Nederlanden Root CA - G2, O=Staat der Nederlanden, C=NL
Issuer: CN=Staat der Nederlanden Root CA - G2, O=Staat der Nederlanden, C=NL
Algorithm: RSA; Serial number: 0x98968c
Valid from Wed Mar 26 12:18:17 CET 2008 until Wed Mar 25 12:03:10 CET 2020
adding as trusted cert:
Subject: CN=Certigna, O=Dhimyotis, C=FR
Issuer: CN=Certigna, O=Dhimyotis, C=FR
Algorithm: RSA; Serial number: 0xfedce3010fc948ff
Valid from Fri Jun 29 17:13:05 CEST 2007 until Tue Jun 29 17:13:05 CEST 2027
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=VAS Latvijas Pasts SSI(RCA), OU=Sertifikacijas pakalpojumi, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, C=LV
Issuer: CN=VAS Latvijas Pasts SSI(RCA), OU=Sertifikacijas pakalpojumi, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, C=LV
Algorithm: RSA; Serial number: 0x630686a7c53765a54390a86a58ccd432
Valid from Wed Sep 13 11:22:10 CEST 2006 until Fri Sep 13 11:27:57 CEST 2024
adding as trusted cert:
Subject: CN=UCA Global Root, O=UniTrust, C=CN
Issuer: CN=UCA Global Root, O=UniTrust, C=CN
Algorithm: RSA; Serial number: 0x8
Valid from Tue Jan 01 01:00:00 CET 2008 until Thu Dec 31 01:00:00 CET 2037
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 14:14:45 CEST 1999 until Sun Jun 23 14:14:45 CEST 2019
adding as trusted cert:
Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
Valid from Tue Nov 07 20:31:18 CET 2006 until Mon Dec 31 20:40:55 CET 2029
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x32888e9ad2f5eb1347f87fc4203725f8
Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=TWCA Root Certification Authority, OU=Root CA, O=TAIWAN-CA, C=TW
Issuer: CN=TWCA Root Certification Authority, OU=Root CA, O=TAIWAN-CA, C=TW
Algorithm: RSA; Serial number: 0x1
Valid from Thu Aug 28 09:24:33 CEST 2008 until Tue Dec 31 16:59:59 CET 2030
adding as trusted cert:
Subject: CN=OISTE WISeKey Global Root GA CA, OU=OISTE Foundation Endorsed, OU=Copyright (c) 2005, O=WISeKey, C=CH
Issuer: CN=OISTE WISeKey Global Root GA CA, OU=OISTE Foundation Endorsed, OU=Copyright (c) 2005, O=WISeKey, C=CH
Algorithm: RSA; Serial number: 0x413d72c7f46b1f81437df1d22854df9a
Valid from Sun Dec 11 17:03:44 CET 2005 until Fri Dec 11 17:09:51 CET 2037
adding as trusted cert:
Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 01 02:00:00 CEST 2009 until Fri Jan 01 00:59:59 CET 2038
adding as trusted cert:
Subject: CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL
Issuer: CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL
Algorithm: RSA; Serial number: 0x98968a
Valid from Tue Dec 17 10:23:49 CET 2002 until Wed Dec 16 10:15:38 CET 2015
adding as trusted cert:
Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068, C=ES
Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068, C=ES
Algorithm: RSA; Serial number: 0x53ec3beefbb2485f
Valid from Wed May 20 10:38:15 CEST 2009 until Tue Dec 31 09:38:15 CET 2030
adding as trusted cert:
Subject: OU=BridgeCA, OU=Prefectural Association For JPKI, O=JPKI, C=JP
Issuer: OU=BridgeCA, OU=Prefectural Association For JPKI, O=JPKI, C=JP
Algorithm: RSA; Serial number: 0x1
Valid from Sat Dec 27 06:08:15 CET 2003 until Thu Dec 26 15:59:59 CET 2013
adding as trusted cert:
Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 01:00:00 CET 1996 until Fri Jan 01 00:59:59 CET 2021
adding as trusted cert:
Subject: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA Chained CAs Certification Authority, OU=IPS CA Chained CAs Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Issuer: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA Chained CAs Certification Authority, OU=IPS CA Chained CAs Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Algorithm: RSA; Serial number: 0x0
Valid from Mon Dec 31 12:14:54 CET 2001 until Mon Dec 29 12:14:54 CET 2025
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA II, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA II, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x193300010002281a9a04bcf25545
Valid from Wed Mar 22 16:58:34 CET 2006 until Tue Dec 31 23:59:59 CET 2030
adding as trusted cert:
Subject: CN=Belgium Root CA, C=BE
Issuer: CN=Belgium Root CA, C=BE
Algorithm: RSA; Serial number: 0x580b056c5324dbb25057185ff9e5a650
Valid from Mon Jan 27 00:00:00 CET 2003 until Mon Jan 27 00:00:00 CET 2014
adding as trusted cert:
Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Algorithm: RSA; Serial number: 0x444c0
Valid from Wed Oct 22 14:07:37 CEST 2008 until Mon Dec 31 13:07:37 CET 2029
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Mon Jan 29 01:00:00 CET 1996 until Thu Aug 03 01:59:59 CEST 2028
adding as trusted cert:
Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee
Valid from Fri Jan 29 15:10:36 CET 2010 until Mon Dec 31 15:10:36 CET 2040
adding as trusted cert:
Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 06:20:49 CEST 2003 until Sat Sep 30 06:20:49 CEST 2023
adding as trusted cert:
Subject: OU=MPHPT Certification Authority, OU=MPHPT, O=Japanese Government, C=JP
Issuer: OU=MPHPT Certification Authority, OU=MPHPT, O=Japanese Government, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Thu Mar 14 08:50:26 CET 2002 until Tue Mar 13 15:59:59 CET 2012
adding as trusted cert:
Subject: C=TR, O=EBG Bili?im Teknolojileri ve Hizmetleri A.?., CN=EBG Elektronik Sertifika Hizmet Sa?lay?c?s?
Issuer: C=TR, O=EBG Bili?im Teknolojileri ve Hizmetleri A.?., CN=EBG Elektronik Sertifika Hizmet Sa?lay?c?s?
Algorithm: RSA; Serial number: 0x4caf73421c8e7402
Valid from Thu Aug 17 02:21:09 CEST 2006 until Sun Aug 14 02:31:09 CEST 2016
adding as trusted cert:
Subject: OU=Application CA G2, O=LGPKI, C=JP
Issuer: OU=Application CA G2, O=LGPKI, C=JP
Algorithm: RSA; Serial number: 0x31
Valid from Fri Mar 31 17:00:00 CEST 2006 until Thu Mar 31 16:59:59 CEST 2016
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Algorithm: RSA; Serial number: 0x4000000000121585308a2
Valid from Wed Mar 18 11:00:00 CET 2009 until Sun Mar 18 11:00:00 CET 2029
adding as trusted cert:
Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x7c4f04391cd4992d
Valid from Fri Jan 29 15:08:24 CET 2010 until Tue Dec 31 15:08:24 CET 2030
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036
adding as trusted cert:
Subject: CN=AC Ra?z Certic?mara S.A., O=Sociedad Cameral de Certificaci?n Digital - Certic?mara S.A., C=CO
Issuer: CN=AC Ra?z Certic?mara S.A., O=Sociedad Cameral de Certificaci?n Digital - Certic?mara S.A., C=CO
Algorithm: RSA; Serial number: 0x77e52937be015e357f0698ccbec0c
Valid from Mon Nov 27 21:46:29 CET 2006 until Tue Apr 02 23:42:02 CEST 2030
adding as trusted cert:
Subject: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA CLASEA1 Certification Authority, OU=IPS CA CLASEA1 Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Issuer: EMAILADDRESS=ips@mail.ips.es, CN=IPS CA CLASEA1 Certification Authority, OU=IPS CA CLASEA1 Certification Authority, O="ips@mail.ips.es C.I.F. B-60929452", O=IPS Internet publishing Services s.l., L=Barcelona, ST=Barcelona, C=ES
Algorithm: RSA; Serial number: 0x0
Valid from Mon Dec 31 12:21:41 CET 2001 until Mon Dec 29 12:21:41 CET 2025
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 18:50:51 CET 1999 until Tue Dec 24 19:20:51 CET 2019
adding as trusted cert:
Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 01 02:00:00 CEST 2009 until Fri Jan 01 00:59:59 CET 2038
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 09:29:40 CEST 2001 until Tue Apr 06 09:29:40 CEST 2021
adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 15:38:43 CET 2006 until Wed Dec 31 23:59:59 CET 2025
adding as trusted cert:
Subject: CN=VRK Gov. Root CA, OU=Varmennepalvelut, OU=Certification Authority Services, O=Vaestorekisterikeskus CA, ST=Finland, C=FI
Issuer: CN=VRK Gov. Root CA, OU=Varmennepalvelut, OU=Certification Authority Services, O=Vaestorekisterikeskus CA, ST=Finland, C=FI
Algorithm: RSA; Serial number: 0x186a0
Valid from Wed Dec 18 14:53:00 CET 2002 until Mon Dec 18 14:51:08 CET 2023
trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(3000) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1336324578 bytes = { 68, 162, 123, 104, 72, 247, 101, 141, 41, 113, 225, 18, 20, 160, 202, 191, 158, 103, 49, 176, 64, 43, 176, 88, 235, 85, 120, 132 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 81
0000: 01 00 00 4D 03 01 50 A7 B2 E2 44 A2 7B 68 48 F7 ...M..P...D..hH.
0010: 65 8D 29 71 E1 12 14 A0 CA BF 9E 67 31 B0 40 2B e.)q.......g1.@+
0020: B0 58 EB 55 78 84 00 00 26 00 04 00 05 00 2F 00 .X.Ux...&...../.
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00 5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 00 FF 01 ................
0050: 00 .
main, WRITE: TLSv1 Handshake, length = 81
[write] MD5 and SHA1 hashes: len = 110
0000: 01 03 01 00 45 00 00 00 20 00 00 04 01 00 80 00 ....E... .......
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00 ..../..5..3..9..
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13 2..8............
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 .....@..........
0040: 00 80 00 00 08 00 00 14 00 00 11 00 00 FF 50 A7 ..............P.
0050: B2 E2 44 A2 7B 68 48 F7 65 8D 29 71 E1 12 14 A0 ..D..hH.e.)q....
0060: CA BF 9E 67 31 B0 40 2B B0 58 EB 55 78 84 ...g1.@+.X.Ux.
main, WRITE: SSLv2 client hello message, length = 110
[Raw write]: length = 112
0000: 80 6E 01 03 01 00 45 00 00 00 20 00 00 04 01 00 .n....E... .....
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 ....../..5..3..9
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 ..2..8..........
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 .......@........
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 00 00 FF ................
0050: 50 A7 B2 E2 44 A2 7B 68 48 F7 65 8D 29 71 E1 12 P...D..hH.e.)q..
0060: 14 A0 CA BF 9E 67 31 B0 40 2B B0 58 EB 55 78 84 .....g1.@+.X.Ux.
[Raw read]: length = 5
0000: 16 03 01 00 51 ....Q
[Raw read]: length = 81
0000: 02 00 00 4D 03 01 50 A7 B2 E2 B8 84 F7 B2 95 5E ...M..P........^
0010: F9 65 6A A5 E8 D8 5A 4B F9 D4 7F CA 37 6E 98 6A .ej...ZK....7n.j
0020: 66 BA 4E 0A 53 37 20 5B F9 11 39 C2 DA 76 C4 39 f.N.S7 [..9..v.9
0030: 57 75 DB AD 36 A1 70 CD 87 0A 0B 3C 0D 30 25 A7 Wu..6.p....<.0%.
0040: 6F CF D5 6A CE 67 18 00 04 00 00 05 FF 01 00 01 o..j.g..........
0050: 00 .
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie: GMT: 1336324578 bytes = { 184, 132, 247, 178, 149, 94, 249, 101, 106, 165, 232, 216, 90, 75, 249, 212, 127, 202, 55, 110, 152, 106, 102, 186, 78, 10, 83, 55 }
Session ID: {91, 249, 17, 57, 194, 218, 118, 196, 57, 87, 117, 219, 173, 54, 161, 112, 205, 135, 10, 11, 60, 13, 48, 37, 167, 111, 207, 213, 106, 206, 103, 24}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 81
0000: 02 00 00 4D 03 01 50 A7 B2 E2 B8 84 F7 B2 95 5E ...M..P........^
0010: F9 65 6A A5 E8 D8 5A 4B F9 D4 7F CA 37 6E 98 6A .ej...ZK....7n.j
0020: 66 BA 4E 0A 53 37 20 5B F9 11 39 C2 DA 76 C4 39 f.N.S7 [..9..v.9
0030: 57 75 DB AD 36 A1 70 CD 87 0A 0B 3C 0D 30 25 A7 Wu..6.p....<.0%.
0040: 6F CF D5 6A CE 67 18 00 04 00 00 05 FF 01 00 01 o..j.g..........
0050: 00 .
[Raw read]: length = 5
0000: 16 03 01 03 0D .....
[Raw read]: length = 781
0000: 0B 00 03 09 00 03 06 00 03 03 30 82 02 FF 30 82 ..........0...0.
0010: 02 68 A0 03 02 01 02 02 02 59 CE 30 0D 06 09 2A .h.......Y.0...*
0020: 86 48 86 F7 0D 01 01 05 05 00 30 81 9B 31 0B 30 .H........0..1.0
0030: 09 06 03 55 04 06 13 02 2D 2D 31 12 30 10 06 03 ...U....--1.0...
0040: 55 04 08 0C 09 53 6F 6D 65 53 74 61 74 65 31 11 U....SomeState1.
0050: 30 0F 06 03 55 04 07 0C 08 53 6F 6D 65 43 69 74 0...U....SomeCit
0060: 79 31 19 30 17 06 03 55 04 0A 0C 10 53 6F 6D 65 y1.0...U....Some
0070: 4F 72 67 61 6E 69 7A 61 74 69 6F 6E 31 1F 30 1D Organization1.0.
0080: 06 03 55 04 0B 0C 16 53 6F 6D 65 4F 72 67 61 6E ..U....SomeOrgan
0090: 69 7A 61 74 69 6F 6E 61 6C 55 6E 69 74 31 0E 30 izationalUnit1.0
00A0: 0C 06 03 55 04 03 0C 05 77 65 62 30 31 31 19 30 ...U....web011.0
00B0: 17 06 09 2A 86 48 86 F7 0D 01 09 01 16 0A 72 6F ...*.H........ro
00C0: 6F 74 40 77 65 62 30 31 30 1E 17 0D 31 32 31 30 ot@web010...1210
00D0: 31 35 32 30 34 36 32 33 5A 17 0D 31 33 31 30 31 15204623Z..13101
00E0: 35 32 30 34 36 32 33 5A 30 81 9B 31 0B 30 09 06 5204623Z0..1.0..
00F0: 03 55 04 06 13 02 2D 2D 31 12 30 10 06 03 55 04 .U....--1.0...U.
0100: 08 0C 09 53 6F 6D 65 53 74 61 74 65 31 11 30 0F ...SomeState1.0.
0110: 06 03 55 04 07 0C 08 53 6F 6D 65 43 69 74 79 31 ..U....SomeCity1
0120: 19 30 17 06 03 55 04 0A 0C 10 53 6F 6D 65 4F 72 .0...U....SomeOr
0130: 67 61 6E 69 7A 61 74 69 6F 6E 31 1F 30 1D 06 03 ganization1.0...
0140: 55 04 0B 0C 16 53 6F 6D 65 4F 72 67 61 6E 69 7A U....SomeOrganiz
0150: 61 74 69 6F 6E 61 6C 55 6E 69 74 31 0E 30 0C 06 ationalUnit1.0..
0160: 03 55 04 03 0C 05 77 65 62 30 31 31 19 30 17 06 .U....web011.0..
0170: 09 2A 86 48 86 F7 0D 01 09 01 16 0A 72 6F 6F 74 .*.H........root
0180: 40 77 65 62 30 31 30 81 9F 30 0D 06 09 2A 86 48 @web010..0...*.H
0190: 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 02 ............0...
01A0: 81 81 00 B9 77 AF 04 2A E2 41 B6 0F 8E 6D CB 30 ....w..*.A...m.0
01B0: CC 96 A2 73 6A E9 E4 65 1E 6E ED 5F 3F B1 0D F8 ...sj..e.n._?...
01C0: E9 14 A2 8E 1B D0 D3 BC 3B D4 F9 2A 70 94 EA 33 ........;..*p..3
01D0: 4E C4 A3 A2 17 10 AE 51 05 B6 7B 53 96 11 E7 66 N......Q...S...f
01E0: F1 DD 73 71 E4 91 76 0D 57 A9 1D 16 45 EC 4C FB ..sq..v.W...E.L.
01F0: 07 1D BB 82 FF 0E 9D ED AF 09 7F B0 0E EB 19 20 ...............
0200: 52 26 88 2B 6B E1 30 F0 06 AC 5D B6 1F E4 4C 89 R&.+k.0...]...L.
0210: F5 5A 7D 9D E5 F6 30 28 C1 7C 7A 17 F2 BD 84 F1 .Z....0(..z.....
0220: F5 97 59 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 ..Y......P0N0...
0230: 55 1D 0E 04 16 04 14 30 32 67 42 35 40 F9 B7 F0 U......02gB5@...
0240: 51 1E BC A4 A1 B7 6C 8D FF 18 F2 30 1F 06 03 55 Q.....l....0...U
0250: 1D 23 04 18 30 16 80 14 30 32 67 42 35 40 F9 B7 .#..0...02gB5@..
0260: F0 51 1E BC A4 A1 B7 6C 8D FF 18 F2 30 0C 06 03 .Q.....l....0...
0270: 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 U....0....0...*.
0280: 48 86 F7 0D 01 01 05 05 00 03 81 81 00 48 F3 7C H............H..
0290: 09 D2 2E 24 F8 27 6A B6 46 35 82 33 28 2B 99 0A ...$.'j.F5.3(+..
02A0: 61 6A 8B 29 49 09 B1 E1 CC 1D 7F 37 0E 8A 7B 25 aj.)I......7...%
02B0: CC 82 3A 69 21 23 0D AB 0D 99 36 A8 31 5A E7 C4 ..:i!#....6.1Z..
02C0: EE 4A BC 8D 9C FF A1 DD A7 F3 11 88 B3 46 7A 7F .J...........Fz.
02D0: 34 AD 54 47 1D 3C 47 B5 75 EC B7 0F 38 97 7F B9 4.TG.<G.u...8...
02E0: E3 E6 EA 1F 89 EB A8 3A B1 21 88 97 E0 D9 DA 68 .......:.!.....h
02F0: 1A F0 F2 F8 ED 39 93 D0 F1 F7 24 7D 5A 71 1E DE .....9....$.Zq..
0300: 64 43 FE 69 E5 4E 36 A6 4C 11 96 61 72 dC.i.N6.L..ar
main, READ: TLSv1 Handshake, length = 781
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 130239717645625039446867810265815675924598680366480291538572828355817948069212793748514833469893116011718880147177173794012266279892499833991844993361925891994365964380211747649162835760408844922777394424037787481478926521393063444048231969253187639595947459432351132031539503977746849948171699101810298296153
public exponent: 65537
Validity: [From: Mon Oct 15 22:46:23 CEST 2012,
To: Tue Oct 15 22:46:23 CEST 2013]
Issuer: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
SerialNumber: [ 59ce]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 30 32 67 42 35 40 F9 B7 F0 51 1E BC A4 A1 B7 6C 02gB5@...Q.....l
0010: 8D FF 18 F2 ....
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 30 32 67 42 35 40 F9 B7 F0 51 1E BC A4 A1 B7 6C 02gB5@...Q.....l
0010: 8D FF 18 F2 ....
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 48 F3 7C 09 D2 2E 24 F8 27 6A B6 46 35 82 33 28 H.....$.'j.F5.3(
0010: 2B 99 0A 61 6A 8B 29 49 09 B1 E1 CC 1D 7F 37 0E +..aj.)I......7.
0020: 8A 7B 25 CC 82 3A 69 21 23 0D AB 0D 99 36 A8 31 ..%..:i!#....6.1
0030: 5A E7 C4 EE 4A BC 8D 9C FF A1 DD A7 F3 11 88 B3 Z...J...........
0040: 46 7A 7F 34 AD 54 47 1D 3C 47 B5 75 EC B7 0F 38 Fz.4.TG.<G.u...8
0050: 97 7F B9 E3 E6 EA 1F 89 EB A8 3A B1 21 88 97 E0 ..........:.!...
0060: D9 DA 68 1A F0 F2 F8 ED 39 93 D0 F1 F7 24 7D 5A ..h.....9....$.Z
0070: 71 1E DE 64 43 FE 69 E5 4E 36 A6 4C 11 96 61 72 q..dC.i.N6.L..ar
]
***
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, IOException in getSession(): javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.jirafe.shaded.httpclient.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.jirafe.shaded.httpclient.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.jirafe.shaded.httpclient.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.jirafe.shaded.httpclient.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.jirafe.shaded.httpclient.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
at org.jirafe.shaded.httpclient.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.jirafe.shaded.httpclient.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.jirafe.shaded.httpclient.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.jirafe.shaded.httpclient.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at Test.main(Test.java:11)
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Reopened] (HTTPCLIENT-1262) Weird SSL issue (PKIX path
building failed) [www.popcornopolis.com]
Posted by "Cédric Chantepie (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cédric Chantepie reopened HTTPCLIENT-1262:
------------------------------------------
Same with http{core,client} 4.2.2:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.jirafe.shaded.httpclient.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.jirafe.shaded.httpclient.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.jirafe.shaded.httpclient.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.jirafe.shaded.httpclient.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.jirafe.shaded.httpclient.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
at org.jirafe.shaded.httpclient.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.jirafe.shaded.httpclient.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.jirafe.shaded.httpclient.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.jirafe.shaded.httpclient.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at Test.main(Test.java:11)
> Weird SSL issue (PKIX path building failed) [www.popcornopolis.com]
> -------------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Blocker
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Resolved] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1262.
-------------------------------------------
Resolution: Invalid
What does this all tell you?
The certificate presented by the target site is clearly not trusted, as it is not present on the list of trusted CAs. If developers of curl or Ning http client trunk it is a good idea to trust certificates like that by default it is their problem
---
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 130239717645625039446867810265815675924598680366480291538572828355817948069212793748514833469893116011718880147177173794012266279892499833991844993361925891994365964380211747649162835760408844922777394424037787481478926521393063444048231969253187639595947459432351132031539503977746849948171699101810298296153
public exponent: 65537
Validity: [From: Mon Oct 15 22:46:23 CEST 2012,
To: Tue Oct 15 22:46:23 CEST 2013]
Issuer: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
SerialNumber: [ 59ce]
---
Having said that one can easily configure HttpClient to accept such certificates if really necessary.
Oleg
---
SSLSocketFactory sslsf = new SSLSocketFactory(
new TrustSelfSignedStrategy(), new AllowAllHostnameVerifier());
Scheme https = new Scheme("https", 443, sslsf);
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getConnectionManager().getSchemeRegistry().register(https);
HttpGet httpget = new HttpGet("https://www.popcornopolis.com/");
HttpResponse response = httpclient.execute(httpget);
try {
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
} finally {
EntityUtils.consume(response.getEntity());
}
---
[DEBUG] BasicClientConnectionManager - Get connection for route {s}->https://www.popcornopolis.com
[DEBUG] DefaultClientConnectionOperator - Connecting to www.popcornopolis.com:443
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] RequestAuthCache - Auth cache not set in the context
[DEBUG] RequestTargetAuthentication - Target auth state: UNCHALLENGED
[DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
[DEBUG] DefaultHttpClient - Attempt 1 to execute request
[DEBUG] DefaultClientConnection - Sending request: GET / HTTP/1.1
[DEBUG] headers - >> GET / HTTP/1.1
[DEBUG] headers - >> Host: www.popcornopolis.com
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.2 (java 1.5)
[DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1 200 OK
[DEBUG] headers - << HTTP/1.1 200 OK
[DEBUG] headers - << Date: Sat, 17 Nov 2012 16:40:46 GMT
[DEBUG] headers - << Server: Apache
[DEBUG] headers - << X-Powered-By: PHP/5.3.14 ZendServer/5.0
[DEBUG] headers - << Set-Cookie: frontend=6u7ajad46vmf1531gb2d6m3lg0; expires=Sat, 24-Nov-2012 16:40:48 GMT; path=/; domain=www.popcornopolis.com; HttpOnly
[DEBUG] headers - << Expires: Thu, 19 Nov 1981 08:52:00 GMT
[DEBUG] headers - << Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[DEBUG] headers - << Pragma: no-cache
[DEBUG] headers - << Vary: Accept-Encoding,User-Agent
[DEBUG] headers - << Keep-Alive: timeout=15, max=100
[DEBUG] headers - << Connection: Keep-Alive
[DEBUG] headers - << Transfer-Encoding: chunked
[DEBUG] headers - << Content-Type: text/html; charset=UTF-8
[DEBUG] ResponseProcessCookies - Cookie accepted: "[version: 0][name: frontend][value: 6u7ajad46vmf1531gb2d6m3lg0][domain: www.popcornopolis.com][path: /][expiry: Sat Nov 24 17:40:48 CET 2012]".
[DEBUG] DefaultHttpClient - Connection can be kept alive for 15000 MILLISECONDS
----------------------------------------
HTTP/1.1 200 OK
[DEBUG] BasicClientConnectionManager - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl@4104c575
[DEBUG] BasicClientConnectionManager - Connection can be kept alive for 15000 MILLISECONDS
---
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Resolved] (HTTPCLIENT-1262) Weird SSL issue (PKIX path
building failed) [www.popcornopolis.com]
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1262.
-------------------------------------------
Resolution: Won't Fix
I am sorry but HttpClient 3.x is EOL (end of life) and is no longer being maintained or supported. Please consider upgrading to HttpClient 4.x.
Oleg
> Weird SSL issue (PKIX path building failed) [www.popcornopolis.com]
> -------------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 3.1 Final
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Blocker
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Sebb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499894#comment-13499894 ]
Sebb commented on HTTPCLIENT-1262:
----------------------------------
Perhaps the site behaves differently for diffierent User-Agent strings?
IE 8 reports:
>>
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
<<
Try changing the UA string in HC and see if that helps.
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
> Attachments: curl.dump, java.dump, ssl-ca-chain.png
>
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1262) Weird SSL issue (PKIX path
building failed) [www.popcornopolis.com]
Posted by "Cédric Chantepie (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cédric Chantepie updated HTTPCLIENT-1262:
-----------------------------------------
Affects Version/s: (was: 3.1 Final)
4.2.2
> Weird SSL issue (PKIX path building failed) [www.popcornopolis.com]
> -------------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Blocker
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Cédric Chantepie (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cédric Chantepie updated HTTPCLIENT-1262:
-----------------------------------------
Attachment: java.dump
curl.dump
Here are dumps maid using ssldump around curl and java (httpclient 4.2.2) requests.
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
> Attachments: curl.dump, java.dump, ssl-ca-chain.png
>
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499477#comment-13499477 ]
Oleg Kalnichevski commented on HTTPCLIENT-1262:
-----------------------------------------------
Yes, it does look like the site behaves differently when accessed using a common browser. You might want to use packet sniffer such as Wireshark to see hat kind of packets get exchanged between the site and the browser.
Oleg
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Comment Edited] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499457#comment-13499457 ]
Oleg Kalnichevski edited comment on HTTPCLIENT-1262 at 11/17/12 4:43 PM:
-------------------------------------------------------------------------
What does this all tell you?
The certificate presented by the target site is clearly not trusted, as it is not present on the list of trusted CAs. If developers of curl or Ning http client think it is a good idea to trust certificates like that by default it is their problem
---
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 130239717645625039446867810265815675924598680366480291538572828355817948069212793748514833469893116011718880147177173794012266279892499833991844993361925891994365964380211747649162835760408844922777394424037787481478926521393063444048231969253187639595947459432351132031539503977746849948171699101810298296153
public exponent: 65537
Validity: [From: Mon Oct 15 22:46:23 CEST 2012,
To: Tue Oct 15 22:46:23 CEST 2013]
Issuer: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
SerialNumber: [ 59ce]
---
Having said that one can easily configure HttpClient to accept such certificates if really necessary.
Oleg
---
SSLSocketFactory sslsf = new SSLSocketFactory(
new TrustSelfSignedStrategy(), new AllowAllHostnameVerifier());
Scheme https = new Scheme("https", 443, sslsf);
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getConnectionManager().getSchemeRegistry().register(https);
HttpGet httpget = new HttpGet("https://www.popcornopolis.com/");
HttpResponse response = httpclient.execute(httpget);
try {
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
} finally {
EntityUtils.consume(response.getEntity());
}
---
[DEBUG] BasicClientConnectionManager - Get connection for route {s}->https://www.popcornopolis.com
[DEBUG] DefaultClientConnectionOperator - Connecting to www.popcornopolis.com:443
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] RequestAuthCache - Auth cache not set in the context
[DEBUG] RequestTargetAuthentication - Target auth state: UNCHALLENGED
[DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
[DEBUG] DefaultHttpClient - Attempt 1 to execute request
[DEBUG] DefaultClientConnection - Sending request: GET / HTTP/1.1
[DEBUG] headers - >> GET / HTTP/1.1
[DEBUG] headers - >> Host: www.popcornopolis.com
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.2 (java 1.5)
[DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1 200 OK
[DEBUG] headers - << HTTP/1.1 200 OK
[DEBUG] headers - << Date: Sat, 17 Nov 2012 16:40:46 GMT
[DEBUG] headers - << Server: Apache
[DEBUG] headers - << X-Powered-By: PHP/5.3.14 ZendServer/5.0
[DEBUG] headers - << Set-Cookie: frontend=6u7ajad46vmf1531gb2d6m3lg0; expires=Sat, 24-Nov-2012 16:40:48 GMT; path=/; domain=www.popcornopolis.com; HttpOnly
[DEBUG] headers - << Expires: Thu, 19 Nov 1981 08:52:00 GMT
[DEBUG] headers - << Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[DEBUG] headers - << Pragma: no-cache
[DEBUG] headers - << Vary: Accept-Encoding,User-Agent
[DEBUG] headers - << Keep-Alive: timeout=15, max=100
[DEBUG] headers - << Connection: Keep-Alive
[DEBUG] headers - << Transfer-Encoding: chunked
[DEBUG] headers - << Content-Type: text/html; charset=UTF-8
[DEBUG] ResponseProcessCookies - Cookie accepted: "[version: 0][name: frontend][value: 6u7ajad46vmf1531gb2d6m3lg0][domain: www.popcornopolis.com][path: /][expiry: Sat Nov 24 17:40:48 CET 2012]".
[DEBUG] DefaultHttpClient - Connection can be kept alive for 15000 MILLISECONDS
----------------------------------------
HTTP/1.1 200 OK
[DEBUG] BasicClientConnectionManager - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl@4104c575
[DEBUG] BasicClientConnectionManager - Connection can be kept alive for 15000 MILLISECONDS
---
was (Author: olegk):
What does this all tell you?
The certificate presented by the target site is clearly not trusted, as it is not present on the list of trusted CAs. If developers of curl or Ning http client trunk it is a good idea to trust certificates like that by default it is their problem
---
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 130239717645625039446867810265815675924598680366480291538572828355817948069212793748514833469893116011718880147177173794012266279892499833991844993361925891994365964380211747649162835760408844922777394424037787481478926521393063444048231969253187639595947459432351132031539503977746849948171699101810298296153
public exponent: 65537
Validity: [From: Mon Oct 15 22:46:23 CEST 2012,
To: Tue Oct 15 22:46:23 CEST 2013]
Issuer: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
SerialNumber: [ 59ce]
---
Having said that one can easily configure HttpClient to accept such certificates if really necessary.
Oleg
---
SSLSocketFactory sslsf = new SSLSocketFactory(
new TrustSelfSignedStrategy(), new AllowAllHostnameVerifier());
Scheme https = new Scheme("https", 443, sslsf);
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getConnectionManager().getSchemeRegistry().register(https);
HttpGet httpget = new HttpGet("https://www.popcornopolis.com/");
HttpResponse response = httpclient.execute(httpget);
try {
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
} finally {
EntityUtils.consume(response.getEntity());
}
---
[DEBUG] BasicClientConnectionManager - Get connection for route {s}->https://www.popcornopolis.com
[DEBUG] DefaultClientConnectionOperator - Connecting to www.popcornopolis.com:443
[DEBUG] RequestAddCookies - CookieSpec selected: best-match
[DEBUG] RequestAuthCache - Auth cache not set in the context
[DEBUG] RequestTargetAuthentication - Target auth state: UNCHALLENGED
[DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED
[DEBUG] DefaultHttpClient - Attempt 1 to execute request
[DEBUG] DefaultClientConnection - Sending request: GET / HTTP/1.1
[DEBUG] headers - >> GET / HTTP/1.1
[DEBUG] headers - >> Host: www.popcornopolis.com
[DEBUG] headers - >> Connection: Keep-Alive
[DEBUG] headers - >> User-Agent: Apache-HttpClient/4.2.2 (java 1.5)
[DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1 200 OK
[DEBUG] headers - << HTTP/1.1 200 OK
[DEBUG] headers - << Date: Sat, 17 Nov 2012 16:40:46 GMT
[DEBUG] headers - << Server: Apache
[DEBUG] headers - << X-Powered-By: PHP/5.3.14 ZendServer/5.0
[DEBUG] headers - << Set-Cookie: frontend=6u7ajad46vmf1531gb2d6m3lg0; expires=Sat, 24-Nov-2012 16:40:48 GMT; path=/; domain=www.popcornopolis.com; HttpOnly
[DEBUG] headers - << Expires: Thu, 19 Nov 1981 08:52:00 GMT
[DEBUG] headers - << Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[DEBUG] headers - << Pragma: no-cache
[DEBUG] headers - << Vary: Accept-Encoding,User-Agent
[DEBUG] headers - << Keep-Alive: timeout=15, max=100
[DEBUG] headers - << Connection: Keep-Alive
[DEBUG] headers - << Transfer-Encoding: chunked
[DEBUG] headers - << Content-Type: text/html; charset=UTF-8
[DEBUG] ResponseProcessCookies - Cookie accepted: "[version: 0][name: frontend][value: 6u7ajad46vmf1531gb2d6m3lg0][domain: www.popcornopolis.com][path: /][expiry: Sat Nov 24 17:40:48 CET 2012]".
[DEBUG] DefaultHttpClient - Connection can be kept alive for 15000 MILLISECONDS
----------------------------------------
HTTP/1.1 200 OK
[DEBUG] BasicClientConnectionManager - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl@4104c575
[DEBUG] BasicClientConnectionManager - Connection can be kept alive for 15000 MILLISECONDS
---
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499785#comment-13499785 ]
Oleg Kalnichevski commented on HTTPCLIENT-1262:
-----------------------------------------------
Hi Sebastian
The trouble is that the server presents a certificate to HttpClient which is self signed and does not have a formal CA,
---
Version: V3
Subject: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
...
Validity: [From: Mon Oct 15 22:46:23 CEST 2012,
To: Tue Oct 15 22:46:23 CEST 2013]
Issuer: EMAILADDRESS=root@web01, CN=web01, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--
...
---
whereas the certificate presented to Firefox is clearly different and has a proper CA chain. See screenshot attached.
The only theory I can think of is that www.popcornopolis.com is effectively a clever reverse proxy that can distribute SSL sessions across different hosts based on some characteristics of the SSL handshake messages. Sessions initiated by common browsers get directed to the target host whereas those initiated by what believed to be a crawler get directed to some development host with a self signed certificate. I can easily be wrong here, though.
Oleg
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
> Attachments: ssl-ca-chain.png
>
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Cédric Chantepie (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499463#comment-13499463 ]
Cédric Chantepie commented on HTTPCLIENT-1262:
----------------------------------------------
My preferred option would be to still use httpclient. There is something I don't.
Why common web browsers (up-to-date Firefox, Safari, ...) see a valid certificate from GeoTrust is found?
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski updated HTTPCLIENT-1262:
------------------------------------------
Attachment: ssl-ca-chain.png
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
> Attachments: ssl-ca-chain.png
>
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1262) Weird SSL issue (peer not
authenticated) [www.popcornopolis.com]
Posted by "Cédric Chantepie (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499905#comment-13499905 ]
Cédric Chantepie commented on HTTPCLIENT-1262:
----------------------------------------------
Already tried (with curl or Firefox UA). Doesn't help.
> Weird SSL issue (peer not authenticated) [www.popcornopolis.com]
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-1262
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1262
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth, HttpClient
> Affects Versions: 4.2.2
> Environment: JDK 1.6, Mac OS X 10.{6,8}, Ubuntu
> Reporter: Cédric Chantepie
> Priority: Trivial
> Labels: pki, ssl
> Attachments: curl.dump, java.dump, ssl-ca-chain.png
>
>
> Try to request some HTTPS websites, we get 'PKIX path building failed' error.
> Seems it's about intermediate/chain certificate.
> Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
> at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
> at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
> at org.jirafe.shaded.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
> at org.jirafe.shaded.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
> at org.jirafe.shaded.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at org.jirafe.shaded.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at org.jirafe.shaded.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> at Test.main(Test.java:22)
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
> at sun.security.validator.Validator.validate(Validator.java:218)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
> at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
> at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
> ... 23 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org