certificate unknown error
1,213 views
Skip to first unread message
Frédéric Esnault
Nov 22, 2017, 1:18:36 PM11/22/17
to Search Guard Community Forum
Hi everyone,
And i configured each node this way, configured users, roles, actions and so on, then installed them using sgadmin.sh, whcih finished with success message.
I'm trying to deploy searchguard in a 3 nodes cluster.
I already did it on a 2 nodes (both local) with success.
I generated nodes certificates and client nodes certificates for applications connected to elasticsearch.
All nodes seem to start correctly and discover each other.
I tried to call elasticsearch using curl and a login/password user (defined in sg_internal_users.yml) and it works fine (I got a result with correct credentials, and Unauthorized when i use a wrong password).
But then I tried to import my generated keystore and truststore in an application using SearchGuard plugin in its transport client (java), and got the following result in the target elasticsearch node logs :
[2017-11-22T17:53:14,525][ERROR][c.f.s.s.t.SearchGuardSSLNettyTransport] [ppjbies1] SSL Problem Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[?:?] at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) ~[?:?] at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) ~[?:?] at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1800) ~[?:?] at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1083) ~[?:?] at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:907) ~[?:?] at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:?] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_144] at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:254) ~[netty-handler-4.1.11.Final.jar:4.1.11.Final] at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1156) ~[netty-handler-4.1.11.Final.jar:4.1.11.Final] at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1078) ~[netty-handler-4.1.11.Final.jar:4.1.11.Final] at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-transport-4.1.11.Final.jar:4.1.11.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.11.Final.jar:4.1.11.Final]This setup was working in my test setup, but here I can't get it to work.
I found no way of logging ssl infos. I added -Djavax.net.debug=all in every location possible (jvm.options and directly in elasticsearch script), but got no ssl debug data.
The only thing i get is searhguard debug info
[2017-11-22T17:52:35,887][INFO ][o.e.n.Node ] [ppjbies1] JVM arguments [-Xms2g, -Xmx2g, -Djavax.net.debug=all, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Djavax.net.debug=all, -Des.path.home=/opt/es-home][2017-11-22T17:52:36,679][INFO ][c.f.s.SearchGuardPlugin ] Clustername: pp-company-es-cluster[2017-11-22T17:52:36,679][WARN ][c.f.s.SearchGuardPlugin ] ### LICENSE NOTICE Search Guard ###
If you use one or more of the following features in productionmake sure you have a valid Search Guard license
* Kibana Multitenancy* LDAP authentication/authorization* Active Directory authentication/authorization* REST Management API* JSON Web Token (JWT) authentication/authorization* Kerberos authentication/authorization* Document- and Fieldlevel Security (DLS/FLS)* Auditlogging
In case of any doubt mail to <sa...@floragunn.com>###################################
### LICENSE NOTICE Search Guard ###
If you use one or more of the following features in productionmake sure you have a valid Search Guard license
* Kibana Multitenancy* LDAP authentication/authorization* Active Directory authentication/authorization* REST Management API* JSON Web Token (JWT) authentication/authorization* Kerberos authentication/authorization* Document- and Fieldlevel Security (DLS/FLS)* Auditlogging
In case of any doubt mail to <sa...@floragunn.com>###################################[2017-11-22T17:52:36,680][WARN ][c.f.s.SearchGuardPlugin ] Consider setting -Djdk.tls.rejectClientInitiatedRenegotiation=true to prevent DoS attacks through client side initiated TLS renegotiation.Consider setting -Djdk.tls.rejectClientInitiatedRenegotiation=true to prevent DoS attacks through client side initiated TLS renegotiation.[2017-11-22T17:52:36,711][INFO ][c.f.s.SearchGuardPlugin ] Node [ppjbies1] is a transportClient: false/tribeNode: false/tribeNodeClient: false[2017-11-22T17:52:36,712][INFO ][c.f.s.SearchGuardPlugin ] FLS/DLS module not available[2017-11-22T17:52:36,725][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: io.netty.internal.tcnative.SSL[2017-11-22T17:52:36,725][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.version: 1.8.0_144[2017-11-22T17:52:36,725][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vendor: Oracle Corporation[2017-11-22T17:52:36,725][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.version: 1.8[2017-11-22T17:52:36,725][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.vendor: Oracle Corporation[2017-11-22T17:52:36,725][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.name: Java Virtual Machine Specification[2017-11-22T17:52:36,725][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.name: Java HotSpot(TM) 64-Bit Server VM[2017-11-22T17:52:36,726][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.vendor: Oracle Corporation[2017-11-22T17:52:36,726][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.version: 1.8[2017-11-22T17:52:36,726][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.vendor: Oracle Corporation[2017-11-22T17:52:36,726][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.name: Java Platform API Specification[2017-11-22T17:52:36,726][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.name: Linux[2017-11-22T17:52:36,726][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.arch: amd64[2017-11-22T17:52:36,726][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.version: 2.6.32-642.11.1.el6.x86_64[2017-11-22T17:52:36,919][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] JVM supports the following 57 ciphers for https [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5][2017-11-22T17:52:36,931][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] JVM supports the following 57 ciphers for transport [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5][2017-11-22T17:52:36,932][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /opt/es-data/config/, from there the key- and truststore files are resolved relatively[2017-11-22T17:52:36,932][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Value for searchguard.ssl.transport.keystore_filepath is /opt/es-data/config/ppjbies1-keystore.jks[2017-11-22T17:52:36,932][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Resolved /opt/es-data/config/ppjbies1-keystore.jks to /opt/es-data/config/ppjbies1-keystore.jks against /opt/es-data/config[2017-11-22T17:52:36,933][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Value for searchguard.ssl.transport.truststore_filepath is /opt/es-data/config/truststore.jks[2017-11-22T17:52:36,933][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Resolved /opt/es-data/config/truststore.jks to /opt/es-data/config/truststore.jks against /opt/es-data/config[2017-11-22T17:52:36,937][DEBUG][c.f.s.s.u.SSLCertificateHelper] Keystore has 1 entries/aliases[2017-11-22T17:52:36,937][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: is a certificate entry?false/is a key entry?true[2017-11-22T17:52:36,937][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: chain len 3[2017-11-22T17:52:36,938][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=ppjbies1.services.company.com, OU=APO, O=company, L=France, C=FR of type -1 -> false[2017-11-22T17:52:36,938][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=company Signing CA, OU=company Signing CA, O=company, DC=company, DC=com of type 0 -> false[2017-11-22T17:52:36,938][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=company Root CA, OU=company Root CA, O=company, DC=company, DC=com of type 2147483647 -> true[2017-11-22T17:52:36,938][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: single cert CN=ppjbies1.services.company.com, OU=APO, O=company, L=France, C=FR of type -1 -> false[2017-11-22T17:52:36,939][INFO ][c.f.s.s.u.SSLCertificateHelper] No alias given, use the first one: ppjbies1[2017-11-22T17:52:36,939][WARN ][c.f.s.s.u.SSLCertificateHelper] Certificate chain for alias ppjbies1 contains a root certificate[2017-11-22T17:52:36,939][DEBUG][c.f.s.s.u.SSLCertificateHelper] Keystore has 1 entries/aliases[2017-11-22T17:52:36,939][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: is a certificate entry?false/is a key entry?true[2017-11-22T17:52:36,939][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: chain len 3[2017-11-22T17:52:36,939][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=ppjbies1.services.company.com, OU=APO, O=company, L=France, C=FR of type -1 -> false[2017-11-22T17:52:36,939][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=company Signing CA, OU=company Signing CA, O=company, DC=company, DC=com of type 0 -> false[2017-11-22T17:52:36,939][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=company Root CA, OU=company Root CA, O=company, DC=company, DC=com of type 2147483647 -> true[2017-11-22T17:52:36,940][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: single cert CN=ppjbies1.services.company.com, OU=APO, O=company, L=France, C=FR of type -1 -> false[2017-11-22T17:52:36,941][DEBUG][c.f.s.s.u.SSLCertificateHelper] Keystore has 1 entries/aliases[2017-11-22T17:52:36,941][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias root-ca-chain: is a certificate entry?true/is a key entry?false[2017-11-22T17:52:36,941][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias root-ca-chain: single cert CN=company Root CA, OU=company Root CA, O=company, DC=company, DC=com of type 2147483647 -> true[2017-11-22T17:52:36,941][DEBUG][c.f.s.s.u.SSLCertificateHelper] No alias given, will trust all of the certificates in the store[2017-11-22T17:52:36,973][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Value for searchguard.ssl.http.keystore_filepath is /opt/es-data/config/ppjbies1-keystore.jks[2017-11-22T17:52:36,974][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Resolved /opt/es-data/config/ppjbies1-keystore.jks to /opt/es-data/config/ppjbies1-keystore.jks against /opt/es-data/config[2017-11-22T17:52:36,974][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] HTTPS client auth mode OPTIONAL[2017-11-22T17:52:36,974][DEBUG][c.f.s.s.u.SSLCertificateHelper] Keystore has 1 entries/aliases[2017-11-22T17:52:36,974][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: is a certificate entry?false/is a key entry?true[2017-11-22T17:52:36,975][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: chain len 3[2017-11-22T17:52:36,975][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=ppjbies1.services.company.com, OU=APO, O=company, L=France, C=FR of type -1 -> false[2017-11-22T17:52:36,975][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=company Signing CA, OU=company Signing CA, O=company, DC=company, DC=com of type 0 -> false[2017-11-22T17:52:36,975][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=company Root CA, OU=company Root CA, O=company, DC=company, DC=com of type 2147483647 -> true[2017-11-22T17:52:36,975][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: single cert CN=ppjbies1.services.company.com, OU=APO, O=company, L=France, C=FR of type -1 -> false[2017-11-22T17:52:36,975][INFO ][c.f.s.s.u.SSLCertificateHelper] No alias given, use the first one: ppjbies1[2017-11-22T17:52:36,975][WARN ][c.f.s.s.u.SSLCertificateHelper] Certificate chain for alias ppjbies1 contains a root certificate[2017-11-22T17:52:36,975][DEBUG][c.f.s.s.u.SSLCertificateHelper] Keystore has 1 entries/aliases[2017-11-22T17:52:36,975][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: is a certificate entry?false/is a key entry?true[2017-11-22T17:52:36,976][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: chain len 3[2017-11-22T17:52:36,976][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=ppjbies1.services.company.com, OU=APO, O=company, L=France, C=FR of type -1 -> false[2017-11-22T17:52:36,976][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=company Signing CA, OU=company Signing CA, O=company, DC=company, DC=com of type 0 -> false[2017-11-22T17:52:36,976][DEBUG][c.f.s.s.u.SSLCertificateHelper] cert CN=company Root CA, OU=company Root CA, O=company, DC=company, DC=com of type 2147483647 -> true[2017-11-22T17:52:36,976][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias ppjbies1: single cert CN=ppjbies1.services.company.com, OU=APO, O=company, L=France, C=FR of type -1 -> false[2017-11-22T17:52:36,976][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Value for searchguard.ssl.http.truststore_filepath is /opt/es-data/config/truststore.jks[2017-11-22T17:52:36,977][DEBUG][c.f.s.s.DefaultSearchGuardKeyStore] Resolved /opt/es-data/config/truststore.jks to /opt/es-data/config/truststore.jks against /opt/es-data/config[2017-11-22T17:52:36,977][DEBUG][c.f.s.s.u.SSLCertificateHelper] Keystore has 1 entries/aliases[2017-11-22T17:52:36,977][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias root-ca-chain: is a certificate entry?true/is a key entry?false[2017-11-22T17:52:36,978][DEBUG][c.f.s.s.u.SSLCertificateHelper] Alias root-ca-chain: single cert CN=company Root CA, OU=company Root CA, O=company, DC=company, DC=com of type 2147483647 -> true[2017-11-22T17:52:36,978][DEBUG][c.f.s.s.u.SSLCertificateHelper] No alias given, will trust all of the certificates in the store[2017-11-22T17:52:36,983][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit.. That is not an issue, it just limits possible encryption strength. To enable AES 256 install 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'[2017-11-22T17:52:36,983][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslTransportClientProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256][2017-11-22T17:52:36,983][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256][2017-11-22T17:52:36,984][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslHTTPProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256][2017-11-22T17:52:36,984][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1][2017-11-22T17:52:36,984][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [aggs-matrix-stats][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [ingest-common][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [lang-expression][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [lang-groovy][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [lang-mustache][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [lang-painless][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [parent-join][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [percolator][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [reindex][2017-11-22T17:52:36,987][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [transport-netty3][2017-11-22T17:52:36,988][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded module [transport-netty4][2017-11-22T17:52:36,988][INFO ][o.e.p.PluginsService ] [ppjbies1] loaded plugin [search-guard-5][2017-11-22T17:52:38,566][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin com.floragunn.searchguard.SearchGuardPlugin[2017-11-22T17:52:38,617][INFO ][c.f.s.SearchGuardPlugin ] FLS/DLS valve not bound (noop) due to java.lang.ClassNotFoundException: com.floragunn.searchguard.configuration.DlsFlsValveImpl[2017-11-22T17:52:38,618][INFO ][c.f.s.SearchGuardPlugin ] Auditlog not available due to java.lang.ClassNotFoundException: com.floragunn.searchguard.auditlog.impl.AuditLogImpl[2017-11-22T17:52:38,619][DEBUG][c.f.s.SearchGuardPlugin ] Using com.floragunn.searchguard.transport.DefaultInterClusterRequestEvaluator as intercluster request evaluator class[2017-11-22T17:52:38,620][INFO ][c.f.s.SearchGuardPlugin ] Privileges interceptor not bound (noop) due to java.lang.ClassNotFoundException: com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl[2017-11-22T17:52:38,629][DEBUG][c.f.s.c.AdminDNs ] CN=sgadmin,OU=APO,O=company,L=France,C=FR is registered as an admin dn[2017-11-22T17:52:38,631][DEBUG][c.f.s.c.AdminDNs ] Loaded 1 admin DN's [CN=sgadmin,OU=APO,O=company,L=France,C=FR][2017-11-22T17:52:38,632][DEBUG][c.f.s.c.AdminDNs ] Loaded 0 impersonation DN's {}[2017-11-22T17:52:38,645][DEBUG][c.f.s.c.ConfigurationLoader] Index is: searchguard[2017-11-22T17:52:38,646][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Subscribe on configuration changes by type config with listener com.floragunn.searchguard.http.XFFResolver@32120956[2017-11-22T17:52:38,674][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Subscribe on configuration changes by type config with listener com.floragunn.searchguard.auth.BackendRegistry@67770b37[2017-11-22T17:52:38,717][DEBUG][c.f.s.h.SearchGuardHttpServerTransport] [ppjbies1] using max_chunk_size[8kb], max_header_size[8kb], max_initial_line_length[4kb], max_content_length[100mb], receive_predictor[64kb->64kb], pipelining[true], pipelining_max_events[10000][2017-11-22T17:52:38,739][INFO ][o.e.d.DiscoveryModule ] [ppjbies1] using discovery type [zen][2017-11-22T17:52:39,342][INFO ][o.e.n.Node ] [ppjbies1] initialized[2017-11-22T17:52:39,343][INFO ][o.e.n.Node ] [ppjbies1] starting ...[2017-11-22T17:52:39,413][DEBUG][c.f.s.s.t.SearchGuardSSLNettyTransport] [ppjbies1] using profile[default], worker_count[8], port[9300-9400], bind_host[null], publish_host[null], compress[false], connect_timeout[30s], connections_per_node[2/3/6/1/1], receive_predictor[64kb->64kb][2017-11-22T17:52:39,419][DEBUG][c.f.s.s.t.SearchGuardSSLNettyTransport] [ppjbies1] binding server bootstrap to: [0.0.0.0][2017-11-22T17:52:39,498][DEBUG][c.f.s.s.t.SearchGuardSSLNettyTransport] [ppjbies1] Bound profile [default] to address {0.0.0.0:9300}[2017-11-22T17:52:39,500][INFO ][o.e.t.TransportService ] [ppjbies1] publish_address {172.21.22.38:9300}, bound_addresses {0.0.0.0:9300}[2017-11-22T17:52:39,510][INFO ][o.e.b.BootstrapChecks ] [ppjbies1] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks[2017-11-22T17:52:39,515][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Check if searchguard index exists ...[2017-11-22T17:52:39,522][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [ppjbies1] no known master node, scheduling a retry[2017-11-22T17:52:59,361][DEBUG][c.f.s.s.t.SearchGuardSSLNettyTransport] [ppjbies1] connected to node [{ppjessbi}{FVHpTmZURWGQs1yxLhu0kw}{cFtADFUYSEWk_mY6nrTCQQ}{172.21.22.37}{172.21.22.37:9300}][2017-11-22T17:52:59,617][DEBUG][c.f.s.s.t.SearchGuardSSLNettyTransport] [ppjbies1] connected to node [{ppjbies2}{jhcY9XfoTIikmatGsYGpZQ}{w8W6-t8JSRuyZFf00gvXLQ}{172.21.22.39}{172.21.22.39:9300}][2017-11-22T17:52:59,620][INFO ][o.e.c.s.ClusterSettings ] [ppjbies1] updating [cluster.routing.allocation.enable] from [ALL] to [all][2017-11-22T17:52:59,926][DEBUG][c.f.s.h.SearchGuardHttpServerTransport] [ppjbies1] Bound http to address {0.0.0.0:9200}[2017-11-22T17:52:59,928][INFO ][c.f.s.h.SearchGuardHttpServerTransport] [ppjbies1] publish_address {172.21.22.38:9200}, bound_addresses {0.0.0.0:9200}[2017-11-22T17:52:59,929][INFO ][o.e.n.Node ] [ppjbies1] started[2017-11-22T17:53:00,698][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Node started, try to initialize it. Wait for at least yellow cluster state....[2017-11-22T17:53:00,762][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Try to load config ...[2017-11-22T17:53:02,080][DEBUG][c.f.s.c.ConfigurationLoader] Received config for config (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=4[2017-11-22T17:53:02,087][DEBUG][c.f.s.c.ConfigurationLoader] Received config for roles (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=3[2017-11-22T17:53:02,091][DEBUG][c.f.s.c.ConfigurationLoader] Received config for rolesmapping (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=2[2017-11-22T17:53:02,093][DEBUG][c.f.s.c.ConfigurationLoader] Received config for internalusers (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=1[2017-11-22T17:53:02,096][DEBUG][c.f.s.c.ConfigurationLoader] Received config for actiongroups (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=0[2017-11-22T17:53:02,096][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Retrieved [rolesmapping, config, internalusers, actiongroups, roles] configs[2017-11-22T17:53:03,177][DEBUG][c.f.s.c.ConfigurationLoader] Received config for config (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=4[2017-11-22T17:53:03,177][DEBUG][c.f.s.c.ConfigurationLoader] Received config for roles (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=3[2017-11-22T17:53:03,178][DEBUG][c.f.s.c.ConfigurationLoader] Received config for rolesmapping (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=2[2017-11-22T17:53:03,178][DEBUG][c.f.s.c.ConfigurationLoader] Received config for internalusers (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=1[2017-11-22T17:53:03,181][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Notify com.floragunn.searchguard.http.XFFResolver@32120956 listener about change configuration with type config[2017-11-22T17:53:03,181][DEBUG][c.f.s.c.IndexBaseConfigurationRepository] Notify com.floragunn.searchguard.auth.BackendRegistry@67770b37 listener about change configuration with type config[2017-11-22T17:53:03,184][INFO ][c.f.s.c.IndexBaseConfigurationRepository] Node 'ppjbies1' initialized[2017-11-22T17:53:03,184][DEBUG][c.f.s.c.ConfigurationLoader] Received config for actiongroups (of [config, roles, rolesmapping, internalusers, actiongroups]) with current latch value=0[2017-11-22T17:53:04,225][ERROR][c.f.s.s.t.SearchGuardSSLNettyTransport] [ppjbies1] SSL Problem Received fatal alert: certificate_unknown
And i configured each node this way, configured users, roles, actions and so on, then installed them using sgadmin.sh, whcih finished with success message.
######## Start Search Guard Configuration ########searchguard.ssl.transport.enabled: truesearchguard.ssl.transport.keystore_filepath: /opt/es-data/config/ppjessbi-keystore.jkssearchguard.ssl.transport.truststore_filepath: /opt/es-data/config/truststore.jkssearchguard.ssl.transport.enforce_hostname_verification: falsesearchguard.ssl.http.enabled: truesearchguard.ssl.http.keystore_filepath: /opt/es-data/config/ppjessbi-keystore.jkssearchguard.ssl.http.truststore_filepath: /opt/es-data/config/truststore.jks# The setting below informs SearchGuard of all client certificates allowed to administrate SearhGuard.searchguard.authcz.admin_dn: - CN=sgadmin,OU=APO,O=company,L=France,C=FR
######## End Search Guard Configuration ########
I would really appreciate if someone could help.
Frédéric Esnault
Nov 24, 2017, 2:38:25 AM11/24/17
to Search Guard Community Forum
Does any one have any idea ?
@SearchGuard, you closed the related issue in github, but could you try to help ? I have no clue on what the problem could be, and can't manage to activate javax.net.debug.
SG
Nov 24, 2017, 7:11:25 AM11/24/17
to search...@googlegroups.com
The output of -Djavax.net.debug=all goes to stdout (and so probably not into the logfile dependet from the way you installes ES. Maybe look in the systemd journal or start in in foreground mode).
"certificate_unknown" just means that the certificates in your keystore are not trusted by the root ca in your truststore. Maybe you messed up your certs somehow? Did you generate them from the same root ca?
What sounds strange to me is that you get it working with 2 nodes out of 3. Can you check whats different between the 2 working nodes and the 3rd node which does not work?
Pls post also the sgadmin command you use. Maybe the certs for sgadmin are not matching those which are deployed in the nodes?
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/122c40c4-8682-4dde-8a38-6d16e7a653f0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
"certificate_unknown" just means that the certificates in your keystore are not trusted by the root ca in your truststore. Maybe you messed up your certs somehow? Did you generate them from the same root ca?
What sounds strange to me is that you get it working with 2 nodes out of 3. Can you check whats different between the 2 working nodes and the 3rd node which does not work?
Pls post also the sgadmin command you use. Maybe the certs for sgadmin are not matching those which are deployed in the nodes?
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/122c40c4-8682-4dde-8a38-6d16e7a653f0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Frédéric Esnault
Nov 24, 2017, 7:52:35 AM11/24/17
to search...@googlegroups.com
Hi SearchGuard,
I explained wrong, I got it working on two nodes during my tests. These two nodes were local on my desktop.
Now I'm deploying on a real environment, each node on its own server, and it dos not work on any node.
About the certifcates, I generated them using the scripts in search_guard_ssl. I just modified them to change the root ca passphrase and add a customized ip for each node, but for client nodes, I changed nothing except the root ca passphrase.
Here is the script generating all certificates :
#!/bin/bashOPENSSL_VER="$(openssl version)"
if [[ $OPENSSL_VER == *"0.9"* ]]; then echo "Your OpenSSL version is too old: $OPENSSL_VER" echo "Please install version 1.0.1 or later" exit -1else echo "Your OpenSSL version is: $OPENSSL_VER"fi
set -e./clean.sh
# Root CA./gen_root_ca.sh capassphrase changeit
# Nodes./gen_node_cert.sh ppjessbi changeit capassphrase 172.21.22.37./gen_node_cert.sh ppjbies1 changeit capassphrase 172.21.22.38./gen_node_cert.sh ppjbies2 changeit capassphrase 172.21.22.39./gen_node_cert.sh ppjbies3 changeit capassphrase 172.21.22.40
# Applications clients
#
# This is the certificate that is not working
#./gen_client_node_cert.sh jira changeit capassphrase
# Admin client./gen_client_node_cert.sh sgadmin changeit capassphrase
rm -f ./*tmp*
Here is the sgadmin command :
./sgadmin.sh -cd /opt/searchguard/config -ts /opt/es-data/config/truststore.jks -ks /opt/es-data/config/sgadmin-keystore.jks -tspass changeit -kspass changeit -cn pp-es-cluster -nhnv
SG
Nov 24, 2017, 8:14:18 AM11/24/17
to search...@googlegroups.com
Make sure you execute ./gen_root_ca.sh only once. Certificates generatet not with the exactly same root CA are not trusted each other.
I suggest you delete every certificate/key/truststore etc and recreate all certs (but only once).
The scripts are known to work so i can only imagine you use certs signed by different root ca's because you run ./gen_root_ca.sh more than once.
Or use the TLS cert generator https://floragunn.com/tls-certificate-generator/
Everything else seems ok
> Am 24.11.2017 um 13:52 schrieb Frédéric Esnault <frederic...@ovyka.com>:
>
> Hi SearchGuard,
>
> I explained wrong, I got it working on two nodes during my tests. These two nodes were local on my desktop.
> Now I'm deploying on a real environment, each node on its own server.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/424db490-29ed-4bae-8ea3-06058fcc67ae%40googlegroups.com.
I suggest you delete every certificate/key/truststore etc and recreate all certs (but only once).
The scripts are known to work so i can only imagine you use certs signed by different root ca's because you run ./gen_root_ca.sh more than once.
Or use the TLS cert generator https://floragunn.com/tls-certificate-generator/
Everything else seems ok
> Am 24.11.2017 um 13:52 schrieb Frédéric Esnault <frederic...@ovyka.com>:
>
> Hi SearchGuard,
>
> I explained wrong, I got it working on two nodes during my tests. These two nodes were local on my desktop.
Frédéric Esnault
Nov 24, 2017, 8:27:04 AM11/24/17
to Search Guard Community Forum
I did not call the generator twice. And I already cleaned up every certificates (even nodes ones) once, recreating all certs by call the generate all script (only once).
I'll try again...
Btw I did launch the node in frontend, and got ssl debug, but the error is not really helping :
elasticsearch[ppjbies1][[transport_server_worker.default]][T#7], READ: TLSv1.2 Handshake, length = 136*** ClientHello, TLSv1.2RandomCookie: GMT: 1511529205 bytes = { 215, 56, 94, 216, 125, 171, 128, 135, 128, 189, 174, 27, 59, 4, 156, 93, 204, 197, 95, 160, 42, 129, 10, 253, 11, 215, 67, 9 }Session ID: {}Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256]Compression Methods: { 0 }Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}Extension ec_point_formats, formats: [uncompressed]Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSAExtension renegotiation_info, renegotiated_connection: <empty>***[read] MD5 and SHA1 hashes: len = 1360000: 01 00 00 84 03 03 5A 18 1B F5 D7 38 5E D8 7D AB ......Z....8^...0010: 80 87 80 BD AE 1B 3B 04 9C 5D CC C5 5F A0 2A 81 ......;..].._.*.0020: 0A FD 0B D7 43 09 00 00 16 C0 23 C0 27 00 67 00 ....C.....#.'.g.0030: 40 C0 09 C0 13 00 33 C0 2B C0 2F 00 9E 00 A2 01 @.....3.+./.....0040: 00 00 45 00 0A 00 16 00 14 00 17 00 18 00 19 00 ..E.............0050: 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 16 00 0B 00 ................0060: 02 01 00 00 0D 00 1C 00 1A 06 03 06 01 05 03 05 ................0070: 01 04 03 04 01 04 02 03 03 03 01 03 02 02 03 02 ................0080: 01 02 02 FF 01 00 01 00 ........%% Initialized: [Session-40, SSL_NULL_WITH_NULL_NULL] 2C 64 01 19 16 03 63 6F ....&...,d....co0090: 6D 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 m1.0.....&...,d. .......elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], closeOutboundInternal()elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], SEND TLSv1.2 ALERT: warning, description = close_notifyPadded plaintext before ENCRYPTION: len = 640000: C7 14 39 F1 B1 68 3C 2B 3E 3C F9 59 1E 5E 8C F4 ..9..h<+><.Y.^..0010: 01 00 E8 DA 73 D8 0C B6 51 8B 57 0F 3C 11 5A E2 ....s...Q.W.<.Z.0020: D6 3F 2E 45 42 DB 1B 54 E6 03 5F E8 23 C9 DA 9C .?.EB..T.._.#...0030: 8E 8C 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D ................elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], WRITE: TLSv1.2 Alert, length = 64[Raw write]: length = 690000: 15 03 03 00 40 F7 ED EC BD 91 97 95 4C 8C DF 16 ....@.......L...0010: 4A CE FB 01 2E 99 E2 FD 4D B4 F7 68 BA 7B 98 07 J.......M..h....0020: 1A 84 2C E9 9C 5C D8 F1 84 CD D2 F0 39 4F B0 12 ..,..\......9O..0030: 95 48 F6 5F 5B 14 A2 02 41 2F 5A E8 A7 F3 1E 65 .H._[...A/Z....e0040: 1B B1 BE 48 BB ...H.elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], closeOutboundInternal()elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], closeOutboundInternal()elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], closeOutboundInternal()elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#3], closeOutboundInternal()Standard ciphersuite chosen: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256%% Negotiating: [Session-40, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]*** ServerHello, TLSv1.2RandomCookie: GMT: 1511529209 bytes = { 197, 20, 240, 171, 131, 155, 239, 101, 125, 223, 7, 242, 83, 102, 237, 75, 112, 180, 213, 72, 25, 143, 110, 79, 185, 22, 61, 229 }Session ID: {90, 24, 27, 249, 98, 209, 218, 130, 81, 251, 233, 42, 137, 59, 230, 220, 130, 73, 170, 205, 156, 123, 28, 115, 167, 173, 18, 52, 0, 166, 219, 10}Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256Compression Method: 0Extension renegotiation_info, renegotiated_connection: <empty>***Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256*** Certificate chainchain [0] = [[ Version: V3 Subject: CN=ppjbies1.services.ingenico.com, OU=APO, O=Ingenico, L=France, C=FR Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits modulus: 18064921354489852508993127027925376066778304116073610862176631673270256570327624165869734576872085117977348782037160617552209238151199666595325892602232671614704707062365592163068816885003452529178773550773770572518227411333816445153462676818051213112313466711109217566735794204149027894627013201417436365493293256810832702861958045647124768607294634223790506902299607419914203463020750147507391444257415498786814192403108729379625941842128383642891468587393939251603544641452936897393276703634523517589633486000259596240426308592960812987414502319161178866400467712824775706495030431786359187511046195890552791518049 public exponent: 65537 Validity: [From: Wed Nov 22 16:19:51 GMT 2017, To: Fri Nov 22 16:19:51 GMT 2019] Issuer: CN=Ingenico Signing CA, OU=Ingenico Signing CA, O=Ingenico, DC=ingenico, DC=com SerialNumber: [ 02]
Certificate Extensions: 7[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 93 58 51 F7 1A 12 15 21 9D 13 F8 90 18 22 47 5A .XQ....!....."GZ0010: BD 9E 2B 70 ..+p]]
[2]: ObjectId: 2.5.29.19 Criticality=falseBasicConstraints:[ CA:false PathLen: undefined]
[3]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint:]]
[4]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth]
[5]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_Encipherment]
[6]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: ppjbies1.services.ingenico.com DNSName: localhost IPAddress: 172.21.22.38 OIDName: 1.2.3.4.5.5]
[7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 77 B4 4D 46 B5 92 47 48 17 91 6F 23 5F 46 61 56 w.MF..GH..o#_FaV0010: 7C 0C C1 C8 ....]]
] Algorithm: [SHA256withRSA] Signature:0000: 89 17 4E 12 56 7F 43 5D 3C CE D9 F1 96 A5 68 ED ..N.V.C]<.....h.0010: 3E 1A E1 31 76 A7 5D 97 E8 52 77 DA 3D F4 39 07 >..1v.]..Rw.=.9.0020: EB 2B 19 5E 78 32 B6 0D 02 79 C4 00 C1 79 A4 02 .+.^x2...y...y..0030: 84 B8 6D B8 6E CC 04 53 A4 D5 5E 80 20 D5 CC 37 ..m.n..S..^. ..70040: 39 A0 C2 47 29 5A 4A 08 28 5B CD 7E 26 11 2E 30 9..G)ZJ.([..&..00050: 43 16 64 36 69 42 8A E1 E2 0C 4D BC 4E 63 57 06 C.d6iB....M.NcW.0060: 82 C8 55 CA B1 85 57 CF D7 C0 1C 43 55 F3 72 B6 ..U...W....CU.r.0070: 29 C4 4A 64 88 4B 7F 25 A1 59 E9 FB A9 B2 B5 1D ).Jd.K.%.Y......0080: 73 70 30 CA 33 D7 F3 0F B1 3D 0C 71 F6 BA BA 22 sp0.3....=.q..."0090: EF F8 7C DE F0 31 41 A9 76 8E 05 3D 03 12 3F AA .....1A.v..=..?.00A0: E2 17 F5 5F FA 4D EE 80 89 8C 6F 27 24 A6 B2 0F ..._.M....o'$...00B0: 00 36 07 2F BA 62 B3 1A 0F 93 5D 81 72 3B AB 42 .6./.b....].r;.B00C0: A9 A4 81 B9 F0 EF 67 57 CD EA C1 BE BF CB 20 DE ......gW...... .00D0: E5 11 F3 35 62 58 F4 08 E1 BC D6 B2 A6 DC 93 45 ...5bX.........E00E0: 9F 79 6E DC F0 1B A8 CA 44 F6 86 0E DA 38 0D E1 .yn.....D....8..00F0: B1 76 BB 47 0A 49 DA CF F2 E4 6E 8F E1 37 9C F8 .v.G.I....n..7..
]chain [1] = [[ Version: V3 Subject: CN=Ingenico Signing CA, OU=Ingenico Signing CA, O=Ingenico, DC=ingenico, DC=com Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits modulus: 25401584571038775979607975285408514307764097153855163720983375600685013110287744065471284196111235549192912025313072890847266900630754641885195429109539996477347803786475877936094308787919571242900954684180751067754282949233377334064194787814558548293309815351829443613669719592776082525563017426701047792736535904880999155049315130761821098742029602012185995909946657587846899715202831440099035646268672534274772721915305532175578933219991015506072207170772259046646159751553373278023070596457356408101672446565479119958486331221218156822829316497007137499876726676976552997223674258988908516629630726192040234634651 public exponent: 65537 Validity: [From: Wed Nov 22 16:19:48 GMT 2017, To: Mon Nov 22 16:19:48 GMT 2027] Issuer: CN=Ingenico Root CA, OU=Ingenico Root CA, O=Ingenico, DC=ingenico, DC=com SerialNumber: [ 02]
Certificate Extensions: 4[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 0E 89 24 A6 59 CB F2 62 5B FA BA 41 24 3C AF 81 ..$.Y..b[..A$<..0010: 23 11 31 8B #.1.]]
[2]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0]
[3]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign]
[4]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 93 58 51 F7 1A 12 15 21 9D 13 F8 90 18 22 47 5A .XQ....!....."GZ0010: BD 9E 2B 70 ..+p]]
] Algorithm: [SHA256withRSA] Signature:0000: 02 32 49 FB 25 7C 47 CC 17 38 5B 00 F8 D6 5E D7 .2I.%.G..8[...^.0010: 2F FA E6 BC 4B 81 B7 1A 91 8F 38 AD DA 5B 54 DF /...K.....8..[T.0020: 13 DB 56 9B 51 CC 0A C8 F4 07 EF 53 95 94 DD 98 ..V.Q......S....0030: 9F EB A2 FE 09 7D E5 23 F6 B5 B5 B2 0D 59 71 66 .......#.....Yqf0040: B1 64 A5 3A 59 C9 44 7F 01 B7 AE 5E F3 E1 79 08 .d.:Y.D....^..y.0050: 24 BB C9 CA AC 5F BD B4 D5 76 36 3D CA 07 0E 39 $...._...v6=...90060: 02 8D 23 84 FA 80 2C A5 74 2D B2 36 DF CA E5 F9 ..#...,.t-.6....0070: 8C 90 C1 CD 7F 3A 0D 85 54 D9 E9 77 93 D6 E8 D4 .....:..T..w....0080: 41 F1 A9 93 6B 03 E5 C0 91 3B 3C 9C 4C B6 21 ED A...k....;<.L.!.0090: 2D C7 20 9A D4 CC 22 23 01 6D 96 B4 3C 8F 78 25 -. ..."#.m..<.x%00A0: 7E ED 4A DA 14 BC 9C 7D 4C BF 94 60 82 BB BC 53 ..J.....L..`...S00B0: AC 00 2B 50 45 74 F2 71 4D BF 7F B9 CF 96 27 CC ..+PEt.qM.....'.00C0: D2 27 E2 37 CE 84 0D 7F F2 3E E6 06 63 5A E6 71 .'.7.....>..cZ.q00D0: 1F 08 14 B4 C4 A4 E0 F0 9E CB AA 10 FF BA 63 95 ..............c.00E0: 96 BD 13 25 5B 3D D5 51 FF 76 00 3E 57 84 30 EC ...%[=.Q.v.>W.0.00F0: AC B3 7D 02 07 D2 93 5A 00 D4 B0 E9 97 86 9A 23 .......Z.......#
]***
00A0: 19 16 08 69 6E 67 65 6E 69 63 6F 31 11 30 0F 06 ...ingenico1.0..00B0: 03 55 04 0A 0C 08 49 6E 67 65 6E 69 63 6F 31 1C .U....Ingenico1.00C0: 30 1A 06 03 55 04 0B 0C 13 49 6E 67 65 6E 69 63 0...U....Ingenic00D0: 6F 20 53 69 67 6E 69 6E 67 20 43 41 31 1C 30 1A o Signing CA1.0.00E0: 06 03 55 04 03 0C 13 49 6E 67 65 6E 69 63 6F 20 ..U....Ingenico 00F0: 53 69 67 6E 69 6E 67 20 43 41 30 1E 17 0D 31 37 Signing CA0...170100: 31 31 32 32 31 36 31 39 35 31 5A 17 0D 31 39 31 1122161951Z..1910110: 31 32 32 31 36 31 39 35 31 5A 30 68 31 0B 30 09 122161951Z0h1.0.0120: 06 03 55 04 06 13 02 46 52 31 0F 30 0D 06 03 55 ..U....FR1.0...U0130: 04 07 13 06 46 72 61 6E 63 65 31 11 30 0F 06 03 ....France1.0...0140: 55 04 0A 13 08 49 6E 67 65 6E 69 63 6F 31 0C 30 U....Ingenico1.00150: 0A 06 03 55 04 0B 13 03 41 50 4F 31 27 30 25 06 ...U....APO1'0%.0160: 03 55 04 03 13 1E 70 70 6A 62 69 65 73 31 2E 73 .U....ppjbies1.s0170: 65 72 76 69 63 65 73 2E 69 6E 67 65 6E 69 63 6F ervices.ingenico0180: 2E 63 6F 6D 30 82 01 22 30 0D 06 09 2A 86 48 86 .com0.."0...*.H.0190: F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A ............0...01A0: 02 82 01 01 00 8F 1A 0B C4 67 3F BC 37 24 27 1F .........g?.7$'.01B0: 3A 31 60 30 03 8A BE 26 FE 5E 38 94 5F A8 48 54 :1`0...&.^8._.HT01C0: F6 BC 21 FB 23 13 E9 AF 96 0A 6A A2 CE A2 40 03 ..!.#.....j...@.01D0: 7D 2B 5E 2F 59 03 6A AA A5 E5 8C 21 0E 70 CC D4 .+^/Y.j....!.p..01E0: 9C 44 B9 1E 54 57 E1 F9 DC 7E AC F0 3B 43 0F 5A .D..TW......;C.Z01F0: B5 D4 55 89 24 9D 83 E3 3C C2 89 08 E3 54 55 2F ..U.$...<....TU/0200: 20 CD C8 03 DC 32 C6 FE 37 88 06 C4 DD B8 EC AB ....2..7.......0210: 2C F4 0C ED CF 9C 94 4C 1F 85 C8 FD 7E 1F 3E F0 ,......L......>.0220: 6D 33 DB E3 06 A2 CB 87 09 DA 95 3B BB EB 19 B8 m3.........;....0230: C3 CC 50 0C E6 EA D4 63 B5 22 8F 26 4B 56 9B 50 ..P....c.".&KV.P0240: 3D E5 96 6A 57 8E 71 31 B6 21 DE 2B 4B 37 45 A6 =..jW.q1.!.+K7E.0250: 5A A8 ED C3 8D E4 1D FF 76 0B CD 5E 79 C5 E5 55 Z.......v..^y..U0260: 13 01 AA 2B 59 43 C3 D0 A2 94 A6 4F A6 F7 5F C8 ...+YC.....O.._.0270: 35 04 8E E2 65 9F 27 4D 45 93 52 DF 22 A2 B8 B7 5...e.'ME.R."...0280: B1 BE 30 30 CC A0 4C 0E 04 32 F2 21 86 AA 54 44 ..00..L..2.!..TD0290: A3 AB 65 A6 26 57 3E 92 7D 57 40 B3 55 4A 68 F7 ..e.&W>..W@.UJh.02A0: 17 66 56 4B 61 02 03 01 00 01 A3 82 01 25 30 82 .fVKa........%0.02B0: 01 21 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 .!0...U.........02C0: 05 A0 30 09 06 03 55 1D 13 04 02 30 00 30 1D 06 ..0...U....0.0..02D0: 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 .U.%..0...+.....02E0: 03 01 06 08 2B 06 01 05 05 07 03 02 30 1D 06 03 ....+.......0...02F0: 55 1D 0E 04 16 04 14 77 B4 4D 46 B5 92 47 48 17 U......w.MF..GH.0300: 91 6F 23 5F 46 61 56 7C 0C C1 C8 30 1F 06 03 55 .o#_FaV....0...U0310: 1D 23 04 18 30 16 80 14 93 58 51 F7 1A 12 15 21 .#..0....XQ....!0320: 9D 13 F8 90 18 22 47 5A BD 9E 2B 70 30 62 06 03 ....."GZ..+p0b..0330: 55 1D 1F 04 5B 30 59 30 57 A0 55 A0 53 86 51 68 U...[0Y0W.U.S.Qh0340: 74 74 70 73 3A 2F 2F 72 61 77 2E 67 69 74 68 75 ttps://raw.githu0350: 62 75 73 65 72 63 6F 6E 74 65 6E 74 2E 63 6F 6D busercontent.com0360: 2F 66 6C 6F 72 61 67 75 6E 6E 63 6F 6D 2F 75 6E /floragunncom/un0370: 69 74 74 65 73 74 2D 61 73 73 65 74 73 2F 6D 61 ittest-assets/ma0380: 73 74 65 72 2F 72 65 76 6F 6B 65 64 2E 63 72 6C ster/revoked.crl0390: 30 41 06 03 55 1D 11 04 3A 30 38 82 1E 70 70 6A 0A..U...:08..ppj03A0: 62 69 65 73 31 2E 73 65 72 76 69 63 65 73 2E 69 bies1.services.i03B0: 6E 67 65 6E 69 63 6F 2E 63 6F 6D 82 09 6C 6F 63 ngenico.com..loc03C0: 61 6C 68 6F 73 74 87 04 AC 15 16 26 88 05 2A 03 alhost.....&..*.03D0: 04 05 05 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B ...0...*.H......03E0: 05 00 03 82 01 01 00 89 17 4E 12 56 7F 43 5D 3C .........N.V.C]<03F0: CE D9 F1 96 A5 68 ED 3E 1A E1 31 76 A7 5D 97 E8 .....h.>..1v.]..0400: 52 77 DA 3D F4 39 07 EB 2B 19 5E 78 32 B6 0D 02 Rw.=.9..+.^x2...0410: 79 C4 00 C1 79 A4 02 84 B8 6D B8 6E CC 04 53 A4 y...y....m.n..S.0420: D5 5E 80 20 D5 CC 37 39 A0 C2 47 29 5A 4A 08 28 .^. ..79..G)ZJ.(0430: 5B CD 7E 26 11 2E 30 43 16 64 36 69 42 8A E1 E2 [..&..0C.d6iB...0440: 0C 4D BC 4E 63 57 06 82 C8 55 CA B1 85 57 CF D7 .M.NcW...U...W..0450: C0 1C 43 55 F3 72 B6 29 C4 4A 64 88 4B 7F 25 A1 ..CU.r.).Jd.K.%.0460: 59 E9 FB A9 B2 B5 1D 73 70 30 CA 33 D7 F3 0F B1 Y......sp0.3....0470: 3D 0C 71 F6 BA BA 22 EF F8 7C DE F0 31 41 A9 76 =.q...".....1A.v0480: 8E 05 3D 03 12 3F AA E2 17 F5 5F FA 4D EE 80 89 ..=..?...._.M...0490: 8C 6F 27 24 A6 B2 0F 00 36 07 2F BA 62 B3 1A 0F .o'$....6./.b...04A0: 93 5D 81 72 3B AB 42 A9 A4 81 B9 F0 EF 67 57 CD .].r;.B......gW.04B0: EA C1 BE BF CB 20 DE E5 11 F3 35 62 58 F4 08 E1 ..... ....5bX...04C0: BC D6 B2 A6 DC 93 45 9F 79 6E DC F0 1B A8 CA 44 ......E.yn.....D04D0: F6 86 0E DA 38 0D E1 B1 76 BB 47 0A 49 DA CF F2 ....8...v.G.I...04E0: E4 6E 8F E1 37 9C F8 00 03 DB 30 82 03 D7 30 82 .n..7.....0...0.04F0: 02 BF A0 03 02 01 02 02 01 02 30 0D 06 09 2A 86 ..........0...*.0500: 48 86 F7 0D 01 01 0B 05 00 30 78 31 13 30 11 06 H........0x1.0..0510: 0A 09 92 26 89 93 F2 2C 64 01 19 16 03 63 6F 6D ...&...,d....com0520: 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 1.0.....&...,d..0530: 16 08 69 6E 67 65 6E 69 63 6F 31 11 30 0F 06 03 ..ingenico1.0...0540: 55 04 0A 0C 08 49 6E 67 65 6E 69 63 6F 31 19 30 U....Ingenico1.00550: 17 06 03 55 04 0B 0C 10 49 6E 67 65 6E 69 63 6F ...U....Ingenico0560: 20 52 6F 6F 74 20 43 41 31 19 30 17 06 03 55 04 Root CA1.0...U.0570: 03 0C 10 49 6E 67 65 6E 69 63 6F 20 52 6F 6F 74 ...Ingenico Root0580: 20 43 41 30 1E 17 0D 31 37 31 31 32 32 31 36 31 CA0...1711221610590: 39 34 38 5A 17 0D 32 37 31 31 32 32 31 36 31 39 948Z..271122161905A0: 34 38 5A 30 7E 31 13 30 11 06 0A 09 92 26 89 93 48Z0.1.0.....&..05B0: F2 2C 64 01 19 16 03 63 6F 6D 31 18 30 16 06 0A .,d....com1.0...05C0: 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 67 65 ..&...,d....inge05D0: 6E 69 63 6F 31 11 30 0F 06 03 55 04 0A 0C 08 49 nico1.0...U....I05E0: 6E 67 65 6E 69 63 6F 31 1C 30 1A 06 03 55 04 0B ngenico1.0...U..05F0: 0C 13 49 6E 67 65 6E 69 63 6F 20 53 69 67 6E 69 ..Ingenico Signi0600: 6E 67 20 43 41 31 1C 30 1A 06 03 55 04 03 0C 13 ng CA1.0...U....0610: 49 6E 67 65 6E 69 63 6F 20 53 69 67 6E 69 6E 67 Ingenico Signing0620: 20 43 41 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 CA0.."0...*.H..0630: 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 ...........0....0640: 82 01 01 00 C9 38 24 AC 9F 51 53 FE 46 D0 06 97 .....8$..QS.F...0650: 2A 68 55 68 F4 26 3A 0F 27 0E 6E CB 2B CB D7 6D *hUh.&:.'.n.+..m0660: 7F D2 37 6B F8 6D 34 EA A9 BE 53 04 11 09 C1 42 ..7k.m4...S....B0670: FA 5D 5D 4A CA 48 25 C3 F7 6C 37 37 86 B0 70 22 .]]J.H%..l77..p"0680: 3F BA F6 E9 D4 DA 2C DB 48 4F 48 F0 9A CF AA 60 ?.....,.HOH....`0690: 11 6D 4E 40 35 86 9C 15 8A 1E 3D 25 CE B4 EF 10 .mN@5.....=%....06A0: 4C C9 A6 82 47 3D AA 32 13 C3 9C 9A C8 29 BE 70 L...G=.2.....).p06B0: 9F 20 B9 4B C9 26 01 CC DE 68 86 C1 87 D5 62 3D . .K.&...h....b=06C0: FD 9F 8D FE A7 09 F4 9E 0B A9 46 31 E7 D8 E6 DA ..........F1....06D0: 97 5F 10 75 66 EA D6 AE 05 39 C6 FD 4A 78 44 58 ._.uf....9..JxDX06E0: 7D F9 00 4A D7 2B 74 1B 3C 3E 06 34 A9 6C 80 78 ...J.+t.<>.4.l.x06F0: 84 74 E4 B5 14 5A 2A CA 02 46 65 C1 26 90 63 05 .t...Z*..Fe.&.c.0700: 5C 71 29 FE 29 2C 0D F3 73 2E 46 8D AA 4A 3B 1D \q).),..s.F..J;.0710: 1F 8D 0C AE D1 97 83 C3 F6 2E 49 08 2F 91 0B 5A ..........I./..Z0720: AF A9 A5 A9 7D CE 3D 4D 4B A9 4A C9 26 71 4C 3C ......=MK.J.&qL<0730: 9C 5E A7 5C 25 CB FA 7D 11 53 E7 F7 4E AA 79 DC .^.\%....S..N.y.0740: 78 1E CD 9B 02 03 01 00 01 A3 66 30 64 30 0E 06 x.........f0d0..0750: 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 12 06 .U...........0..0760: 03 55 1D 13 01 01 FF 04 08 30 06 01 01 FF 02 01 .U.......0......0770: 00 30 1D 06 03 55 1D 0E 04 16 04 14 93 58 51 F7 .0...U.......XQ.0780: 1A 12 15 21 9D 13 F8 90 18 22 47 5A BD 9E 2B 70 ...!....."GZ..+p0790: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 0E 89 24 0...U.#..0.....$07A0: A6 59 CB F2 62 5B FA BA 41 24 3C AF 81 23 11 31 .Y..b[..A$<..#.107B0: 8B 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 .0...*.H........07C0: 03 82 01 01 00 02 32 49 FB 25 7C 47 CC 17 38 5B ......2I.%.G..8[07D0: 00 F8 D6 5E D7 2F FA E6 BC 4B 81 B7 1A 91 8F 38 ...^./...K.....807E0: AD DA 5B 54 DF 13 DB 56 9B 51 CC 0A C8 F4 07 EF ..[T...V.Q......07F0: 53 95 94 DD 98 9F EB A2 FE 09 7D E5 23 F6 B5 B5 S...........#...0800: B2 0D 59 71 66 B1 64 A5 3A 59 C9 44 7F 01 B7 AE ..Yqf.d.:Y.D....0810: 5E F3 E1 79 08 24 BB C9 CA AC 5F BD B4 D5 76 36 ^..y.$...._...v60820: 3D CA 07 0E 39 02 8D 23 84 FA 80 2C A5 74 2D B2 =...9..#...,.t-.0830: 36 DF CA E5 F9 8C 90 C1 CD 7F 3A 0D 85 54 D9 E9 6.........:..T..0840: 77 93 D6 E8 D4 41 F1 A9 93 6B 03 E5 C0 91 3B 3C w....A...k....;<0850: 9C 4C B6 21 ED 2D C7 20 9A D4 CC 22 23 01 6D 96 .L.!.-. ..."#.m.0860: B4 3C 8F 78 25 7E ED 4A DA 14 BC 9C 7D 4C BF 94 .<.x%..J.....L..0870: 60 82 BB BC 53 AC 00 2B 50 45 74 F2 71 4D BF 7F `...S..+PEt.qM..0880: B9 CF 96 27 CC D2 27 E2 37 CE 84 0D 7F F2 3E E6 ...'..'.7.....>.0890: 06 63 5A E6 71 1F 08 14 B4 C4 A4 E0 F0 9E CB AA .cZ.q...........08A0: 10 FF BA 63 95 96 BD 13 25 5B 3D D5 51 FF 76 00 ...c....%[=.Q.v.08B0: 3E 57 84 30 EC AC B3 7D 02 07 D2 93 5A 00 D4 B0 >W.0........Z...08C0: E9 97 86 9A 23 0C 00 01 49 03 00 17 41 04 17 F0 ....#...I...A...08D0: E9 F0 D9 ED 60 8B 0C 3A B9 26 06 CF 38 39 4C A0 ....`..:.&..89L.08E0: E9 0E 20 99 FE 2A 60 00 31 18 0B 15 45 6D EA 12 .. ..*`.1...Em..08F0: B2 F6 8D E9 55 9C EC C1 05 F4 4F 46 E5 16 63 60 ....U.....OF..c`0900: BD 5B BC 93 3C D2 3C 9B 69 73 93 8A 33 4F 06 01 .[..<.<.is..3O..0910: 01 00 81 66 29 2B D9 A0 A4 D3 1F 4D 14 24 E7 10 ...f)+.....M.$..0920: FC EB 1D 95 B0 11 39 F2 A1 FA 43 AF 91 C9 E5 E9 ......9...C.....0930: 42 21 A4 AF A9 3B 4A 6B 2C 16 0B E0 2D 84 8E 51 B!...;Jk,...-..Q0940: 5E C7 CA FB EA 89 DF FC 08 1F F5 39 38 EF 9E DB ^..........98...0950: A5 DD FB A1 61 E3 A0 6D F2 71 D5 94 C9 D9 AF F5 ....a..m.q......0960: E6 1A C1 0C 46 97 D9 35 85 34 30 18 0C 36 A5 CD ....F..5.40..6..0970: C5 B4 D0 42 B9 0C 77 95 C1 5D E3 96 E3 D8 00 53 ...B..w..].....S0980: A1 E3 98 4A 94 69 FA 13 65 9A 42 B3 AC BF 13 12 ...J.i..e.B.....0990: 29 B9 8E 0A 7E EC AE 3B 63 C7 F2 64 D7 77 BC 7D )......;c..d.w..09A0: 6E 1B A8 3F 69 62 D7 77 3A C5 FD 48 94 BA 01 CA n..?ib.w:..H....09B0: B3 52 F9 49 38 0D E7 95 C1 7A D3 69 5A 7C 4E 06 .R.I8....z.iZ.N.09C0: DF 25 54 49 BB B7 6E A4 34 F7 42 7B 5E 67 5A 5C .%TI..n.4.B.^gZ\09D0: 16 45 F0 E4 3A B9 C6 52 EB 73 2C 3D 14 B5 FC A3 .E..:..R.s,=....09E0: AC EC 20 14 A0 C7 AB B0 22 CC F6 A3 F9 96 20 93 .. ....."..... .09F0: B0 E6 AA 68 D6 F3 3E 96 D3 02 1E 44 58 5E A8 17 ...h..>....DX^..0A00: 17 F8 5B DF 6E 2F 9A F8 A8 4D 3F 5F 8A CD A9 D7 ..[.n/...M?_....0A10: 6F BD 0D 00 00 F0 03 01 02 40 00 1A 06 03 06 01 o........@......0A20: 05 03 05 01 04 03 04 01 04 02 03 03 03 01 03 02 ................0A30: 02 03 02 01 02 02 00 CE 00 7A 30 78 31 13 30 11 .........z0x1.0.0A40: 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 03 63 6F ....&...,d....co0A50: 6D 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 m1.0.....&...,d.0A60: 19 16 08 69 6E 67 65 6E 69 63 6F 31 11 30 0F 06 ...ingenico1.0..0A70: 03 55 04 0A 0C 08 49 6E 67 65 6E 69 63 6F 31 19 .U....Ingenico1.0A80: 30 17 06 03 55 04 0B 0C 10 49 6E 67 65 6E 69 63 0...U....Ingenic0A90: 6F 20 52 6F 6F 74 20 43 41 31 19 30 17 06 03 55 o Root CA1.0...U0AA0: 04 03 0C 10 49 6E 67 65 6E 69 63 6F 20 52 6F 6F ....Ingenico Roo0AB0: 74 20 43 41 00 50 30 4E 31 0B 30 09 06 03 55 04 t CA.P0N1.0...U.0AC0: 06 13 02 46 52 31 0F 30 0D 06 03 55 04 07 13 06 ...FR1.0...U....0AD0: 46 72 61 6E 63 65 31 11 30 0F 06 03 55 04 0A 13 France1.0...U...0AE0: 08 49 6E 67 65 6E 69 63 6F 31 0C 30 0A 06 03 55 .Ingenico1.0...U0AF0: 04 0B 13 03 41 50 4F 31 0D 30 0B 06 03 55 04 03 ....APO1.0...U..0B00: 13 04 6A 69 72 61 0E 00 00 00 ..jira....elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], WRITE: TLSv1.2 Handshake, length = 2826[Raw write]: length = 28310000: 16 03 03 0B 0A 02 00 00 4D 03 03 5A 18 1B F9 9B ........M..Z....0010: 68 16 39 1A 61 6A 41 63 02 00 CF BC B5 6A C5 C5 h.9.ajAc.....j..0020: 81 69 5A 8D AF 01 79 86 98 E6 2E 20 5A 18 1B F9 .iZ...y.... Z...0030: E4 27 88 72 47 11 5B 8F E4 BE CA 0E B2 B4 C0 33 .'.rG.[........30040: EC 92 7B 6E 08 61 6D 19 93 2D 9E 3A C0 27 00 00 ...n.am..-.:.'..0050: 05 FF 01 00 01 00 0B 00 08 70 00 08 6D 00 04 8C .........p..m...0060: 30 82 04 88 30 82 03 70 A0 03 02 01 02 02 01 02 0...0..p........0070: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 0...*.H........00080: 7E 31 13 30 11 06 0A 09 92 26 89 93 F2 2C 64 01 .1.0.....&...,d.0090: 19 16 03 63 6F 6D 31 18 30 16 06 0A 09 92 26 89 ...com1.0.....&.00A0: 93 F2 2C 64 01 19 16 08 69 6E 67 65 6E 69 63 6F ..,d....ingenico00B0: 31 11 30 0F 06 03 55 04 0A 0C 08 49 6E 67 65 6E 1.0...U....Ingen00C0: 69 63 6F 31 1C 30 1A 06 03 55 04 0B 0C 13 49 6E ico1.0...U....In00D0: 67 65 6E 69 63 6F 20 53 69 67 6E 69 6E 67 20 43 genico Signing C00E0: 41 31 1C 30 1A 06 03 55 04 03 0C 13 49 6E 67 65 A1.0...U....Inge00F0: 6E 69 63 6F 20 53 69 67 6E 69 6E 67 20 43 41 30 nico Signing CA00100: 1E 17 0D 31 37 31 31 32 32 31 36 31 39 35 31 5A ...171122161951Z0110: 17 0D 31 39 31 31 32 32 31 36 31 39 35 31 5A 30 *** ECDH ServerKeyExchangeSignature Algorithm SHA512withRSA..191122161951Z00120: 68 31 0B 30 09 06 03 55 04 06 13 02 46 52 31 0F h1.0...U....FR1.0130: 30 0D 06 03 55 04 07 13 06 46 72 61 6E 63 65 31 0...U....France10140: 11 30 0F 06 03 55 04 0A 13 08 49 6E 67 65 6E 69 .0...U....Ingeni0150: 63 6F 31 0C 30 0A 06 03 55 04 0B 13 03 41 50 4F co1.0...U....APO0160: 31 27 30 25 06 03 55 04 03 13 1E 70 70 6A 62 69 1'0%..U....ppjbiServer key: Sun EC public key, 256 bits public x coord: 94603154185594758712177503329309423254472990815864490343227687521905671056078 public y coord: 55741497693188403891737767541228575825312812852334675528804140042533062606815 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)0170: 65 73 31 2E 73 65 72 76 69 63 65 73 2E 69 6E 67 es1.services.ing0180: 65 6E 69 63 6F 2E 63 6F 6D 30 82 01 22 30 0D 06 enico.com0.."0..0190: 09 2A 86 48 86 F7*** CertificateRequestCert Types: RSA 0D 01 01 01 05 00 03 82 01 0F .*.H............01A0: 00 30 82 01 0A 02 82 01 01 00 8F 1A 0B C4 67 3F .0............g?01B0: BC 37 24 27 1F 3A 31 60 30 03 8A BE 26 FE 5E 38 .7$'.:1`0...&.^801C0: 94 5F A8 48 54 F6 BC 21 FB 23 13 E9 AF 96 0A 6A ._.HT..!.#.....j01D0: A2 CE A2 40 03 7D 2B 5E 2F 59 03 6A AA A5 E5 8C ...@..+^/Y.j....01E0: 21 0E 70 CC D4 9C 44 B9 1E 54 57 E1 F9 DC 7E AC !.p...D..TW.....01F0: F0 3B 43 0F 5A B5 D4 55 89 24 9D 83 E3 3C C2 89 , DSS, ECDSA .;C.Z..U.$...<..0200: 08 E3 54 55 2F 20 CD C8 03 DC 32 C6 FE 37 88 06 Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSACert Authorities: ..TU/ ....2..7..0210: C4 DD B8 EC AB 2C F4 0C ED CF 9C 94 4C 1F 85 C8 .....,......L...0220: FD 7E 1F 3E F0 6D 33 DB E3 06 A2 CB 87 09 DA 95 ...>.m3.........0230: 3B BB EB 19 B8 C3 CC 50 <CN=Ingenico Root CA, OU=Ingenico Root CA, O=Ingenico, DC=ingenico, DC=com> 0C E6 EA D4 63 B5 22 8F ;......P....c.".0240: 26 4B<CN=jira, OU=APO, O=Ingenico, L=France, C=FR> 56 9B 50 3D E5 96 6A 57 8E 71*** ServerHelloDone 31[write] MD5 and SHA1 hashes: len = 2826 B6 21 DE &KV.P=..jW.q1.!.0250: 2B 4B 37 45 A6 5A A8 ED C3 8D E4 1D FF 76 0B CD +K7E.Z....0...v..0260000: 5E 79 C5 E5 55 13 01 AA 2B 59 43 C3 D0 A2 94 A6 ^y..U...+YC.....0270: 4F A6 F7 5F C8 35 04 8E: 02 00 00 4D 03 03 5A 18 1B F9 C5 14 F0 AB 83 9B ...M..Z.........0010: EF 65 7D DF 07 F2 53 66 ED 4B 70 B4 D5 48 19 8F .e....Sf.Kp..H..0020: 6E 4F B9 16 3D E5 20 5A 18 1B F9 62 D1 DA 82 51 nO..=. Z...b...Q0030: FB E9 2A 89 3B E6 DC 82 49 AA CD 9C E2 65 9F 27 4D 45 93 52 O.._.5...e.'ME.R0280: DF 22 A2 B8 B7 B1 BE 30 7B 1C 73 A7 ..*.;.. 30 CC A0 4C 0E 04 32 F2 .".....00..L..2.0290: 21 86 AA 54 44 A3 AB 65 A6 26 57 3E 92 7D 57 40 !..TD..e.&W>..W@02A0: B3 55 4A 68 F7 17 66 56 4B 61 02 03 01 00 01 A3 .UJh..fVKa......02B0: 82 01 25 30 82 01 21 30 0E 06 03 55 1D 0F 01 01 ..%0..!0...U....02C0: FF 04 04 03 02 05 A0 30 09 06 03 55 1D 13 04 02 .......0...U....02D0: 30 00 30 1D 06 03 55 1D 25 04 16 30 14 06 08 2B 0.0...U.%..0...+02E0: 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 .........+......02F0: 02 30 1D 06 03 55.I.....s.0040: AD 12 34 00 A6 DB 0A C0 27 00 00 05 FF 01 00 01 ..4.....'.......0050: 00 0B 00 08 70 00 08 6D 00 04 8C 30 82 04 88 30 ....p..m...0...00060: 82 03 70 A0 03 02 01 02 02 01 02 1D 0E 04 16 04 14 77 B4 4D 46 .0...U......w.MF0300: B5 92 47 48 17 91 6F 23 5F 46 61 56 7C 0C C1 C8 30 0D 06 09 2A ..GH..o#_FaV....0310: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 93 58 51 ..p.... 0...U.#..0....XQ0320: F7 1A 12 15 21 9D 13 F8 90 18 22 47 5A BD 9E 2B ....!....."GZ..+0330: 70 30 62 06 03 55 1D 1F 04 5B 30 59 30 57 A0 55 p0b..U......0...*0070: 86 48 86 F7 0D 01 01 0B 05 00 30 7E 31 13 30 11 .H........0.1.0.0080: 06 0A.[0Y0W.U0340: A0 53 86 51 68 74 74 70 73 3A 2F 2F 72 61 77 2E .S.Qhttps://raw.0350: 67 69 74 68 75 62 75 73 65 72 63 6F 6E 74 65 6E 09 92 26 89 93 F2 2C 64 01 19 16 03 63 6F githubuserconten0360: 74 2E 63 6F 6D 2F 66 6C 6F 72 61 67 75 6E 6E 63 t.com/floragunnc0370: 6F 6D 2F 75 6E 69 74 74 65 73 74 2D 61 73 73 65 om/unittest-asse0380: 74 73 2F 6D 61 73 74 65 72 2F 72 65 76 6F 6B 65 ts/master/revoke0390: 64 2E 63 72 6C 30 41 06 03 55 1D 11 04 3A 30 38 d.crl0A..U...:0803A0: 82 1E 70 70 6A 62 69 65 73 31 2E 73 65 72 76 69 ..ppjbies1.servi03B0: 63 65 73 2E 69 6E 67 65 6E 69 63 6F 2E 63 6F 6D ces.ingenico.com ....&...,d....co0090: 6D 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 m1.0.....&...,d.00A0: 19 16 08 69 6E 67 65 6E 69 63 6F 31 11 30 0F 06 .03C0..ingenico1.0..: 82 09 6C 6F 63 61 6C 68 6F 73 74 87 04 AC 15 16 ..localhost.....03D0: 26 88 05 2A 03 04 05 05 30 0D 06 09 2A 86 48 86 &..*....0...*.H.03E0: F7 0D 01 01 0B 05 00 03 82 01 01 00 89 17 4E 12 ..............N.03F0: 56 7F 43 5D 3C CE D9 F1 96 A5 68 ED 3E 1A E1 31 V.C]<.....h.>..10400: 76 A7 5D 97 E8 52 77 DA 3D F4 39 07 EB 2B 19 5E v.]..Rw.=.9..+.^0410: 78 32 B6 0D 02 79 C4 00 C1 79 A4 02 84 B8 6D B8 x2...y...y....m.0420: 6E CC 04 53 A4 D5 5E 80 20 D5 CC 37 39 A0 C2 47 n..S..^. ..79..G0430: 29 5A 4A 08 28 5B CD 7E 26 11 2E 30 43 16 64 36 )ZJ.([..&..0C.d60440: 69 42 8A E1 E2 0C 4D BC 4E 63 57 06 82 C8 55 CA iB....M.NcW...U.0450: B1 85 57 CF D7 C0 1C 43 55 F3 72 B6 29 C4 4A 64 ..W.00B0: 03 55 04 0A 0C 08 49 6E 67 65 6E 69 63 6F 31 1C .U....Ingenico1.00C0...CU.r.).Jd0460: 88 4B 7F 25 A1 59 E9 FB A9 B2 B5 1D 73 70 30 CA .K: 30 1A 06 03 55 04 0B 0C 13 49 6E 67 65 6E 69 63 0...U....Ingenic00D0: 6F 20 53 69 67 6E 69 6E 67 20 43 41 31 1C 30 1A o Signing CA1.0.00E0: 06 03 55 04 03 0C 13 49 6E 67 65 6E 69 63 6F 20 ..U....Ingenico 00F0: 53 69 67 6E 69 6E 67 20 43 41 30 1E 17 0D 31 37 Signing CA0...170100: 31 31 32 32 31 36 31 39 35 31 5A 17 0D 31 39 31 1122161951Z..1910110: 31 32 32 31 36 31 39 35 31 5A 30 68 31 0B 30 09 122161951Z0h1.0..%.Y......sp0.0470: 33 D7 F3 0F B1 3D 0C 71 0120 F6 BA BA 22 EF F8 7C DE 3....=.q..."....0480: F0 31: 06 03 55 04 06 13 02 46 52 31 0F 30 0D 06 03 55 ..U....FR1.0...U0130: 04 07 13 06 46 72 61 6E 63 65 31 11 30 0F 06 03 ....France1.0...0140: 55 04 0A 13 08 49 6E 67 65 6E 69 63 6F 31 0C 30 U....Ingenico1.00150: 0A 06 03 55 04 0B 13 03 41 50 4F 31 27 30 25 06 .. 41 A9 76 8E 05 3D 03 12 3F AA E2 17 F5 5F .1A.v..=..?...._.U....APO1'0%.0160: 03 55 04 03 13 1E 70 70 6A 62 69 65 73 31 2E 73 .U....ppjbies1.s0170: 65 72 76 69 63 65 73 2E 69 6E 67 65 6E 69 63 6F ervices.ingenico0180: 2E 63 6F 6D 30 82 01 22 30 0D 06 09 2A 86 48 86 .com0.."0...*.H.0190: F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A .0490: FA 4D EE 80 89 8C 6F 27 24 A6 B2 0F 00 36 07 2F .M....o'$....6./04A0: BA 62 B3 1A 0F 93 5D 81 72 3B AB 42 A9 A4 81 B9 .b....].r;.B...............0...01A0: 02 82 01 01 00 8F 1A 0B C4 67 3F BC 37 24 27 1F .........g?.7$'.04B001B0: 3A 31 60 30 03 8A BE 26 FE 5E 38 94 5F A8 48 54 :1`0...&.^8._.HT01C0: F6 BC 21 FB 23 13 E9 AF 96 0A 6A A2 CE A2 40 03 ..!.#.: F0 EF 67 57 CD EA C1 BE BF CB 20 DE E5 11 F3 35 ..gW...... .....j...@.01D0: 7D 2B 5E 2F 59 03 6A AA A5 E5 8C 21 0E 70 CC D4 .+^/Y.j....!.p..01E0: 9C 44 B9 1E 54 57 E1 F9 DC 7E AC F0 3B 43 0F 5A .D..TW......;C.Z...501F004C0: 62 58 F4 08 E1 BC D6 B2 A6 DC 93 45 9F 79 6E DC bX.........E.yn.04D0: F0 1B A8 CA 44 F6 86 0E DA 38 0D E1 B1 76 BB 47 ....D....8...v.G: B5 D4 55 89 24 9D 83 E3 3C C2 89 08 E3 54 55 2F ..U.$...<....TU/0200: 20 CD C8 03 DC 32 C6 FE 37 88 06 C4 DD B8 EC AB ....2..7.......0210: 2C F4 0C ED CF 9C 94 4C 1F 85 C8 FD 7E 1F 3E F0 ,......L......>.0220: 6D 33 DB E3 06 A2 CB 87 09 DA 95 3B BB EB 19 B8 m3.........;....04E00230: C3 CC 50 0C E6 EA D4 63 B5 22 8F 26 4B 56 9B 50 ..P....c.".&KV.P0240: 3D E5 96 6A 57 8E 71 31 B6 21 DE 2B 4B 37 45 A6 =..jW.q1.!.+K7E.0250: 5A A8 ED C3 8D E4 1D FF 76 0B CD 5E 79 C5 E5 55 Z.......v..^y..U0260: 13 01 AA 2B 59 43 C3 D0 A2 94 A6 4F A6 F7 5F C8 ...+YC.....O.._.0270: 35 04 8E E2 65 9F 27 4D 45 93 52 DF 22 A2 B8 B7 5...e.'ME.R."...0280: B1 BE 30 30 CC A0 4C 0E 04 32 F2 21 86 AA 54 44 ..00: 0A 49 DA CF F2 E4 6E 8F E1 37 9C F8 00 03 DB 30 .I....n..7.....004F0: 82 03 D7 30 82 02 BF A0 03 02..L..2.!..TD0290: A3 AB 65 A6 26 57 3E 92 7D 57 40 B3 55 4A 68 F7 ..e.&W>..W@.UJh.02A0: 17 66 56 4B 61 02 03 01 00 01 A3 82 01 25 30 82 01 02 02 01 02 30 ...0...........00500: 0D 06 09 2A 86 .fVKa........%0.02B0: 01 21 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 .!0...U.........02C0: 05 A0 30 09 06 0 3 55 1D 13 04 02 30 00 30 1D 06 ..0...U....0.0..02D0: 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 .U.%..0...+.....02E0: 03 01 06 08 2B 06 01 05 05 07 03 02 30 1D48 06 03 ....+.......0...02F0: 55 1D 0E 04 16 04 14 77 B4 4D 46 B5 92 47 48 17 U......w.MF..GH.0300: 91 6F 23 5F 46 61 56 7C 0C C1 C8 30 1F 06 03 55 .o#_FaV....0...U0310: 1D 23 04 18 30 16 80 14 93 58 51 F7 1A 12 15 21 .#..0....XQ....!0320: 9D 13 F8 90 18 22 47 5A BD 9E 2B 70 30 62 06 03 ....."GZ..+p0b..0330: 55 1D 1F 04 5B 30 59 30 57 A0 55 A0 53 86 51 68 U...[0Y0W.U.S 86 F7 0D 01 01 0B 05 00 30 78 ...*.H........0x.Qh0340: 74 74 051070 73 3A 2F 2F 72 61 77 2E 67 69 74 68 75 ttps://raw.githu0350: 62 75 73 65 72 63 6F 6E 74 65 6E 74 2E 63 6F 6D busercontent.com0360: 31 13 30 11 06 0A 09 92 26 89 93 F2 2C 64 01 19 1.0.....&...,d..: 2F 66 6C 6F 72 61 67 75 6E 6E 630520 6F 6D 2F 75 6E /floragunncom/un0370: 69 74 74 65 73 74 2D 61 73 73 65 74 73 2F 6D 61 ittest-assets/ma0380: 73 74 65 72 2F 72 65 76 6F 6B 65 64 2E 63 72 6C : 16 03 63 6F 6D 31 18 30 ster/revoked.crl0390: 30 41 06 03 55 1D 11 04 3A 30 38 82 1E 70 70 6A 0A..U...:08..ppj03A0: 62 69 65 73 31 2E 73 65 72 76 69 63 65 73 2E 69 bies1.services.i 16 06 0A 09 92 26 89 93 03B0..com1.0.....&..0530: F2 2C 64 01 19 16 08 69 6E 67 65 6E 69 63 6F 31 .,d....ingenico10540: 11 30 0F 06 03 55 04 0A 0C 08 49 6E 67 65 6E 69 .0...U....Ingeni0550: 63 6F 31 19 30 17 06 03 55 04 0B 0C 10 49 6E 67 co1.0...U....Ing0560: 65 6E 69 63 6F 20 52 6F 6F 74 20 43 41 31 19 30 enico Root CA1.00570: 17 06 03 55 04 03 0C 10 49 6E 67 65 6E 69 63 6F ...U....Ingenico0580: 20 52 6F 6F 74 20 43 41 30 1E 17 0D 31 37 31 31 Root CA0...17110590: 32 32 31 36 31 39 34 38 5A 17 0D 32 37 31 31 32 22161948Z..2711205A0: 32 31 36 31 39 34 38 5A 30 7E 31 13 30 11 06 0A 2161948Z0.1.0...: 6E 67 65 6E 69 63 6F 2E 63 6F 6D 82 09 6C 6F 63 ngenico.com..loc03C0: 61 6C 68 6F 73 74 87 04 AC 15 16 26 88 05 2A 03 alhost.....&..*.03D0: 04 05 05 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B ...0...*05B0.H......03E0: 05 00 03 82 01 01 00 89 17 4E 12 56 7F 43 5D 3C .........N.V.C]<: 09 92 26 89 93 F2 2C 64 0103F0: CE D9 F1 96 A5 68 ED 3E 1A E1 31 76 A7 5D 97 E8 .....h.>..1v.]..0400: 52 77 DA 3D F4 39 07 EB 2B 19 5E 78 32 B6 0D 02 Rw.=.9..+.^x2...0410: 79 C4 00 C1 79 A4 02 84 B8 6D B8 6E CC 04 53 A4 y...y....m.n..S.0420: D5 5E 80 20 D5 CC 37 39 A0 C2 47 29 5A 4A 08 28 .^. ..79..G)ZJ.(0430: 5B CD 7E 26 11 2E 30 43 16 64 36 69 42 8A E1 E2 [ 19 16 03 63 6F 6D 31 ..&...,d....com105C0: 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 .0.....&...,d...05D0: 08 69 6E 67 65 6E 69 63 6F 31 11 30 0F 06 03 55 .ingenico1.0...U05E0: 04 0A 0C 08 49 6E 67 65 6E 69 63 6F 31 1C 30 1A ....Ingenico1.0.05F0: 06 03 55 04 0B 0C 13 49 6E 67 65 6E 69 63 6F 20 ..U....Ingenico 0600: 53 69 67 6E 69 6E 67 20 43 41 31 1C 30 1A 06 03..&..0C.d6iB...0440: 0C 4D BC 4E 63 57 06 82 C8 55 CA B1 85 57 CF D7 .M.NcW...U...W..0450: C0 1C 43 55 F3 72 B6 29 C4 4A 64 88 4B 7F 25 A1 ..CU.r.).Jd.K.%.0460: 59 E9 FB A9 B2 B5 1D 73 70 30 CA 33 D7 F3 0F B1 Y......sp0.3....0470: 3D 0C 71 F6 BA BA 22 EF F8 7C DE F0 31 41 Signing CA1.0...0610: 55 04 03 0C 13 49 6E 67 65 6E 69 63 6F 20 53 69 U....Ingenico Si0620: 67 6E 69 6E 67 20 43 41 30 82 01 22 30 0D 06 09 gning CA0.."0...0630: 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 *.H.............0640: 30 82 01 0A 02 82 01 01 00 C9 38 24 AC 9F 51 53 0.........8$..QS0650: FE 46 D0 06 97 2A 68 55 68 F4 26 3A 0F 27 0E 6E A9 76 =.q...".....1A.v0480: 8E 05 3D 03.F...*hUh.&:.'.n0660: CB 2B CB D7 6D 7F D2 37 6B F8 6D 34 EA A9 BE 53 .+..m..7k.m4...S0670: 04 11 09 C1 12 3F AA E2 17 F5 5F FA 4D EE 8042 89 ..=..?...._.M...0490: 8C 6F 27 24 A6 B2 0F 00 36 07 2F BA 62 B3 1A 0F .o'$....6./.b...04A0: 93 5D 81 72 3B AB 42 A9 A4 81 B9 F0 EF 67 57 CD .].r;.B......gW.04B0: EA C1 BE BF CB 20 DE E5 11 F3 35 62 58 F4 08 E1 ..... ....5bX...04C0: BC D6 B2 A6 DC 93 45 9F 79 6E DC F0 1B A8 CA 44 ......E.yn.....D04D0: F6 86 0E DA 38 0D E1 B1 76 BB 47 0A 49 DA CF F2 ... FA 5D 5D 4A CA 48 25 C3 F7 6C 37 ....B.]]J.H%..l70680: 37 86 B0 70 22 3F BA F6 E9 D4 DA 2C DB 48 4F 48 7..p"?.....,.HOH0690: F0 9A CF AA 60 11 6D 4E 40 35 86 9C 15 8A 1E 3D ....8...v.G.I...04E0: E4 6E 8F E1 37 9C F8 00 03 DB 30 82 03 D7 30 82 .n..7.....0...0.04F0: 02 BF A0 03 02 01 02 02 01 02 30 0D 06 09 2A 86 ..........0...*.0500: 48 86 F7 0D 01 01 0B.`.mN@5.....= 05 00 30 78 31 13 30 11 06 H........0x1.0..0510: 0A 09 92 26 89 93 F2 2C 64 01 19 16 03 63 6F 6D ...&...,d....com
06A0: 25 CE B4 EF 10 4C C9 A6 82 47 3D AA 32 13 C3 9C %....L...G=.2...06B0: 9A C8 29 BE 70 9F 20 B9 4B C9 26 01 CC DE 68 86 ..).p. .K.&...h.06C0: C1 87 D5 62 3D FD 9F 8D FE A7 09 F4 9E 0B A9 46 ...b=..........F06D0: 31 E7 D8 E6 DA 97 5F 10 75 66 EA D6 AE 05 39 C6 1....._.uf....9.06E0: FD 4A 78 44 58 7D F9 00 4A D7 2B 74 1B 3C 3E 06 .JxDX...J.+t.<>.06F0: 34 A9 6C 80 78 84 74 E4 B5 14 5A 2A CA 02 46 65 4.l.x.t...Z*..Fe0700: C1 26 90 63 05 5C 71 29 FE 29 2C 0D F3 73 2E 46 .&.c.\q).),..s.F0710: 8D AA 4A 3B 1D 1F 8D 0C AE D1 97 83 C3 F6 2E 49 ..J;...........I0720: 08 2F 91 0B 5A AF A9 A5 A9 7D CE 3D 4D 4B A9 4A ./..Z......=MK.J0730: C9 26 71 4C 3C 9C 5E A7 5C 25 CB FA 7D 11 53 E7 .&qL<.^.\%....S.0740: F7 4E AA 79 DC 78 1E CD 9B 02 03 01 00 01 A3 66 .N.y.x.........f0750: 30 64 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 0d0...U.........0760: 01 06 30 12 06 03 55 1D 13 01 01 FF 04 08 30 06 ..0520: 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 1.0.....&...,d..0530: 16 08 69 6E 67 65 6E 69 63 6F 31 11 30 0F 06 03 ..ingenico1.0...0540: 55 04 0A 0C 08 49 6E 67 65 6E 69 63 6F 31 19 30 U....Ingenico1.00550: 17 06 03 55 04 0B 0C 10 49 6E 67 65 6E 69 63 6F ..0.U....Ingenico0560: 20 52 6F 6F 74 20 43 41 31 19 30 17 06 03 55 04 Root CA1.0...U.0570: 03 0C 10 49 6E 67 65 6E 69 63 6F 20 52 6F 6F 74 ...Ingenico Root0580: 20 43 41 30 1E 17 0D 31 37 31 31 32 32 31 36 31 CA0...171122161...U.......0.0770: 01 01 FF 02 01 00 30 1D 06 03 55 1D 0E 04 16 04 ......0...U.....0780: 14 93 58 51 F7 1A 12 15 21 9D 13 F8 90 18 22 47 ..XQ....!....."G0790: 5A BD 9E 2B 70 30 1F 06 03 55 1D 23 04 18 30 16 Z..+p0...U.#..0.07A0: 80 14 0E 89 24 A6 59 CB F2 62 5B FA BA 41 24 3C ....$.Y..b[..A$<07B0: AF 81 23 11 31 8B 30 0D 06 09 2A 86 48 86 F7 0D ..#.1.0...*.H...07C0: 01 01 0B 05 00 03 82 01 01 00 02 32 49 FB 25 7C ...........2I.%.07D0: 47 CC 17 38 5B 00 F8 D6 5E D7 2F FA E6 BC 4B 81 G..8[...^./...K.07E0: B7 1A 91 8F 38 AD DA 5B 54 DF 13 DB 56 9B 51 CC ....8..[T...V.Q.07F0: 0A C8 F4 07 EF 53 95 94 DD 98 9F EB A2 FE 09 7D .....S..........0800: E5 23 F6 B5 B5 B2 0D 59 71 66 B1 64 A5 3A 59 C9 .#.....Yqf.d.:Y.0810: 44 7F 01 B7 AE 5E F3 E1 79 08 24 BB C9 CA AC 5F D....^..y.$...._0820: BD B4 D5 76 36 3D CA 07 0E 39 02 8D 23 84 FA 80 ...v6=...9..#...0830: 2C A5 74 2D B2 36 DF CA E5 F9 8C 90 C1 CD 7F 3A ,.t-.6.........:00840: 0D 85 54 D9 E9 77 93 D6 590 : 39 34 38 5A 17 0D 32 37 31 31 32 32 31 36 31 39 948Z..271122161905A0: 34 38 5A 30 7E 31 13 30 11 06 0A 09 92 26 89 93 48Z0.1.0.....&..05B0: F2 2C 64 01 19 16 03 63 6F 6D 31 18 30 16 06 0A .,d....com1.0...05C0E8: 09 92 26 89 93 F2 2C 64 01 19 16 08 69 6E 67 65 ..&...,d....inge05D0: 6E 69 63 6F 31 11 30 0F 06 03 55 04 0A 0C 08 49 nico1.0...U....I05E0: 6E 67 65 6E 69 63 6F 31 1C 30 1A 06 03 55 04 0B ngenico1.0...U..05F0: 0C 13 49 6E 67 65 6E 69 63 6F 20 53 69 67 6E 69 D4 41 F1 A9 93 6B 03 ..T..w....A...k.0850: E5 C0 91 3B 3C 9C 4C B6 21 ED 2D C7 20 9A D4 CC ...;<.L.!.-. .....Ingenico Signi0600: 6E 67 20 43 41 31 1C 30 1A 06 03 55 04 03 0C 13 ng CA1.0...U....0610: 49 6E 67 65 6E 69 63 6F 20 53 69 67 6E 69 6E 67 Ingenico Signing0620: 20 43 41 30 820860: 22 23 01 6D 01 22 30 96 B4 3C 8F 78 25 7E ED 4A DA 14 BC "# 0D 06 09 2A 86 48 86 F7 CA0.."0...*.H..0630: 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 ...........0....0640: 82 01 01 00 C9 38 24 AC 9F 51 53 FE 46 D0 06 97 .....8$..QS.F...0650: 2A 68 55 68 F4 26 3A 0F 27 0E 6E CB 2B CB D7 6D *hUh.&:.'.n.+..m0660: 7F D2 37 6B F8 6D 34 EA .m..<.x%..J...0870: 9C 7D 4C BF 94 60 82 BB BC 53 AC 00 2B 50 45 74 A9..L..`...S..+PEt0880: F2 71 4D BF 7F B9 CF 96 27 CC D2 27 E2 37 CE 84 .qM.....'..'.7..0890: 0D 7F F2 3E E6 06 63 5A E6 71 1F 08 14 B4 C4 A4 ...>..cZ.q......08A0: E0 F0 9E CB AA 10 FF BA 63 95 96 BD 13 25 5B 3D ........c....%[=08B0: D5 51 FF 76 00 3E 57 84 30 EC AC B3 7D 02 07 D2 .Q.v.>W.0.......08C0: 93 5A 00 D4 B0 E9 97 86 9A 23 0C 00 01 49 03 00 .Z.... BE 53 04 11 09 C1 42 ..7k.m4...S....B0670: FA 5D 5D 4A CA 48 25 C3 F7 6C 37 37 86 B0 70 22 .]]J.H%..l77..p"0680...#...I..08D0: 17 41 04 17 F0 E9 F0 D9 ED 60 8B 0C 3A B9 26 06 .A......: 3F BA F6 E9 D4 DA 2C DB 48 4F 48 F0 9A CF AA 60 .`..:.&.08E0: CF 38 39 4C A0 E9 0E 20 99 FE 2A 60 00 31 18 0B .89L... ..*`.1..08F0: 15 45 6D EA 12 B2 F6 8D E9 55 9C EC C1 05 F4 4F .Em......U.....O0900: 46 E5 16 63 60 BD 5B BC ?.....,.HOH....`0690: 11 6D 4E 40 35 86 9C 15 8A 1E 3D 25 CE B4 EF 10 .mN@5.....=%....06A0: 4C C9 A6 82 47 3D AA 32 13 C3 9C 9A C8 29 BE 70 L...G=.2.....).p06B0: 9F 20 B9 4B C9 26 01 CC DE 68 86 C1 87 D5 62 3D . .K.&...h....b=06C0: FD 9F 8D FE A7 09 F4 9E 0B A9 46 31 E7 D8 E6 DA ..........F1....06D0: 97 5F 10 75 66 EA D6 AE 05 39 C6 FD 4A 78 44 58 ._.uf....9..JxDX06E0: 7D F9 00 4A D7 2B 74 1B 3C 3E 06 34 A9 6C 80 78 93 3C D2 3C 9B 69 73 93 F..c`.[..<.<.is.0910: 8A 33 4F 06 01 01 00 81 66 29 2B D9 A0 A4 D3 1F .3O.....f)+.....0920: 4D 14 24 E7 10 FC EB 1D 95 B0 11 39 F2 A1 FA 43 M.$........9...C0930: AF 91 C9 E5 E9 42 21 A4 AF A9 3B 4A 6B 2C 16 0B .....B!...;Jk,..0940: E0 2D 84 8E 51 5E C7 CA FB EA 89 DF FC 08 1F F5 .-..Q^. ...J.+t.<>.4.l.x06F0: 84 74 E4 B5 14 5A 2A CA 02 46 65 C1 26 90 63 05 .t...Z*..Fe.&.c.0700: 5C 71 29 FE 29 2C 0D F3 73 2E 46 8D AA 4A 3B 1D \q).),..s.F..J;..........0950: 39 38 EF 9E DB A5 DD FB A1 61 E3 A0 6D F2 71 D5 98.......a..m.q.0960: 94 C9 D9 AF F5 E6 1A C1 0C 46 97 D9 35 85 34 30 .........F..5.400970: 18 0C 36 A5 CD C5 B4 D0 42 B9 0C 77 95 C1 5D E3 ..6.....B..w..].0980: 96 0710: 1F 8D 0C AE D1 97 83 C3 F6 2E 49 08 2F 91 0B 5A ......E3....I./..Z0720: AF A9 A5 A9 7D CE 3D 4D 4B A9 4A C9 26 71 4C 3C ......=MK.J.&qL<0730: 9C 5E A7 5C 25 CB FA 7D 11 53 E7 F7 4E AA 79 DC .^.\%....S..N.y.0740: 78 1E CD 9B 02 03 01 00 01 A3 66 30 64 30 0E 06 x.........f0d0..0750: 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 12 06 .U...........0..0760: 03 55 1D 13 01 01 FF 04 08 30 06 01 01 FF 02 01 D8 00 53 A1 E3 98 4A 94 69 FA 13 65 9A 42 ....S...J.i..e.B0990: B3 AC BF 13 12 29 B9 8E 0A 7E EC AE 3B 63 C7 F2 .....) .U.......0............;c..09A0: 64 D7 77 BC 7D 6E 1B A8 3F 69 62 D7 770770: 00 30 1D 06 03 55 1D 0E 04 16 04 14 93 58 51 F7 .0...U.......XQ.0780: 1A 12 15 21 9D 13 F8 90 18 22 47 5A BD 3A C5 FD d.w..n..?ib.w:..09B0: 48 94 BA 01 CA B3 52 F9 9E 2B 70 ...!....."GZ 49 38 0D E7 95 C1 7A D3 H.....R.I8....z...+p0790: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 0E 89 24 0...U.#..0.....$07A0: A6 59 CB F2 62 5B FA BA 41 24 3C AF 81 23 11 31 .Y..b[..A$<..#.107B0: 8B 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 .0...*.H........07C0: 03 82 01 01 00 02 32 49 FB 25 7C 47 CC 17 38 5B ......2I.%.G..8[07D0: 00 F8 D6 5E D7 2F FA E6 BC 4B 81 B7 1A 91 8F 38 ...^./...K.....807E0: AD DA 5B 54 DF 13 DB 56 9B 51 CC 0A C8 F4 07 EF ..[T...V.Q09C0......07F0: 53 95 94 DD 98 9F EB A2 FE 09 7D E5 23 F6 B5 B5 S...........#...0800: B2 0D 59 71 66 B1 64 A5 3A 59 C9 44 7F 01 B7 AE ..Yqf.d.:Y.D....0810: 5E F3 E1 79 08 24 BB C9 CA AC 5F BD B4 D5 76 36 ^..y.$...._...v60820: 3D CA 07 0E 39 02 8D 23 84 FA 80 2C A5 74 2D B2 =...9..#...,.t-.0830: 36 DF CA E5 F9 8C 90 C1 CD 7F 3A 0D 85 54 D9 E9 6.........:..T..: 69 5A 7C 4E 06 DF 25 54 0840 49 BB B7 6E A4 34 F7 42 iZ.N..%TI..n.4.B09D0: 7B 5E 67 5A 5C 16 45 F0 E4 3A B9 C6 52 EB 73 2C .^gZ\.E..:..R.s,09E0: 3D 14 B5 FC A3 AC EC 20 14 A0 C7 AB B0 22 CC F6 =...... ....."..09F0: A3 F9 96 20 93 B0 E6 AA 68 D6 F3 3E 96 D3 02 1E ... ....h..>..: 77 93 D6 E8 D4 41..0A00: 44 58 5E A8 17 17 F8 5B F1 A9 93 6B 03 E5 C0 91 3B 3C w.. DF 6E 2F 9A F8 A8 4D 3F DX^....[.n/...M?0A10: 5F 8A CD A9 D7 6F BD 0D 00 00 F0 03 01 02 40 00 _....o........@.0A20: 1A 06 03 06 01 05 03 05 01 04 03 04 01 04 02 03 ................0A30: 03 03 01 03 02 02 03 02 01 02 02 00 CE 00 7A 30 ..........A...k....;<0850: 9C 4C B6 21 ED 2D C7 20 9A D4 CC 22 23 01 6D 96 .L.!.-. ..."#.m.0860: B4 3C 8F 78 25 7E ED 4A DA 14 BC 9C 7D 4C BF 94 .<.x%..J.....L..0870: 60 82 BB BC 53 AC 00 2B 50 45 74 F2 71 4D BF 7F `...S..+PEt.qM..0880: B9 CF 96 27 CC D2 27 E2 37 CE 84 0D 7F F2 3E E6 ...'..'.7.....>.0890: 06 63 5A E6 71 1F 08 14 B4 C4 A4 E0 F0 9E CB AA .cZ.q...........08A0: 10 FF BA 63 95 96 BD 13 25 5B 3D D5 51 FF 76 00 ...c....%[=.Q......z00A40: 78 31 13 30 11 06 0A 09 92 26 89 93 F2 2C 64 01 x1.0.....&...,d.0A50: 19 16 03 63 6F 6D 31 18 30 16 06 0A 09 92 26 89.v.08B0: 3E 57 84 30 EC AC B3 7D 02 07 D2 93 5A 00 D4 B0 >W.0........Z...08C0: E9 97 86 9A 23 0C 00 01 49 03 00 17 41 04 D1 27 ....#...I...A..'08D0: 7C DD CB DF EB D9 6F B1 9F E6 17 B9 0A 11 B3 65 ......o........e08E0: 99 2D 57 E6 7F 41 17 F5 E5 45 72 DE AA CE 7B 3C .-W..A...Er....<08F0: 91 D4 EB C8 B6 79 56 D0 DD 83 B1 08 76 86 48 D0 .....yV.....v.H. ...com1.0.....&.09000A60: 93 F2 2C 64 01 19 16 08 69 6E 67 65 6E 69 63 6F ..,d....ingenico: 3E 65 0F DF 55 3C 18 18 2F A1 2F B4 7F DF 06 01 >e..U<.././.....0910: 01 00 7F FD 35 55 01 64 21 1A B10A70: 31 11 30 0F 06 03 55 04 0A 0C 08 49 6E 67 65 6E 1.0...U....Ingen0A80: 69 63 6F 31 19 30 17 06 03 55 04 0B 0C 10 49 6E ico1.0...U....In0A90: 67 65 6E 69 63 6F 20 52 6F 6F 74 20 43 41 31 19 genico Root CA1.0AA0 C6 D6 D3 BF 79 : 30 17 06 03 55 04 03 0C 10 49 6E 67 65 6E 69 63 0...U.. ....5U.d!..Ingenic0AB0: 6F 20 52 6F 6F 74 20 43 41 00 50 30 4E 31 0B 30 o Root CA.P0N1.00AC0: 09 06 03 55 04 06 13 02 46 52 31 0F 30 0D 06 03 ...U....FR1.0...0AD0: 55 04 07 13 06 46 72 61 6E 63 65 31 11 30 0F 06 U....France1.0..0AE0: 03 55 04 0A 13 08 49 6E ......y0920: F6 1F 6B CD EA 2F 95 A0 39 B2 14 26 F2 AD 60 A8 ..k../..9..&..`.0930: 27 42 08 0E 96 A3 FA 21 31 C8 00 AC 54 0D 59 73 'B.....!1...T.Ys0940: 56 F1 B7 D8 67 9F CD 2F 04 69 86 95 FB A1 D4 38 V...g../.i.....80950: 2E 66 5D 4C 90 34 02 9B 67 65 6E 69 63 6F 31 0C .U....Ingenico1.0AF0: 30 0A 06 03 55 04 0B 13 03 41 50 4F 31 0D 30 0B 0...U....APO1.0.0B00: 06 03 55 04 03 13 04 6A 69 72 61 0E 00 00 00 ..U....jira....elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], closeOutboundInternal()elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], SEND TLSv1.2 ALERT: warning, description = close_notifyPadded plaintext before ENCRYPTION: len = 640000: 0E 89 FD D4 76 1B 81 11 05 B9 37 2F 95 BB 16 4C ....v.....7/...L0010: 01 00 B7 DF 62 50 74 A5 39 30 21 82 32 4F F4 32 ....bPt.90!.2O.20020: 85 C1 72 EF 43 6A 8A 8A 0C 76 C6 0D EC E2 DE A8 ..r.Cj...v......0030: 0B 4F 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D .O..............elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], WRITE: TLSv1.2 Alert, length = 64[Raw write]: length = 690000: 15 03 03 00 40 C8 D5 02 DC EA D8 9A DF E7 81 3F ....@..........?0010: E8 73 76 5E 25 6E 14 C2 CE 78 48 E1 DC CE BB B9 .sv^%n...xH.....0020: D6 96 2E 14 4B 89 80 67 D1 B3 6B 17 6D D3 07 32 ....K..g..k.m..20030: 45 A4 5C F7 EA 98 59 25 94 B0 03 BD 57 A1 FE 8E E.\...Y%....W...0040: 0A BD 6D 57 66 ..mWf E3 ED B0 AE BC 1E 1A 49 .f]L.4.........I0960: 92 47 61 AC 52 B6 F4 D9 62 CD 93 4F 40 4D 19 9B .Ga.R...b..O@M..0970: AF 70 17 94 C0 90 28 82 6F 3C 30 48 22 75 5F 0C .p....(.o<0H"u_.0980: 24 6B D9 37 E2 78 28 6D 53 2A 02 A5 D6 24 3D 79 $k.7.x(mS*...$=y0990: 42 39 A0 42 E8 5A 4D A4 6F 48 F0 19 19 CB B0 53 B9.B.ZM.oH.....S09A0: 30 38 95 87 BD 9D B9 4A 67 7F E9 2D 34 8A 40 8A 08.....Jg..-4.@.09B0: DD BE 97 63 48 FE 70 10 7B 05 CA 42 0A F8 ED 77 ...cH.p....B...w09C0: C4 74 56 FA 1C E3 C5 66 06 6E 1A C6 1B DA 63 37 .tV....f.n....c709D0: 3E 41 AA FD 37 9D 00 AF 72 5F 08 E2 FB D9 DE A5 >A..7...r_......09E0: 86 86 93 5F BD 14 70 3D 6F 88 E0 37 A6 CE F0 6B ..._..p=o..7...k09F0: 5B 6F 82 5A 42 75 94 89 0A 47 CA C1 DE B0 94 B6 [o.ZBu...G......0A00: 80 5A 64 5D 0E D8 3B DF 89 FE FE CC AE 4E 4C 55 .Zd]..;......NLU0A10: 3E 5D 0D 00 00 F0 03 01 02 40 00 1A 06 03 06 01 >].......@......0A20: 05 03 05 01 04 03 04 01 04 02 03 03 03 01 03 02 ................0A30: 02 03 02 01 02 02 00 CE 00 7A 30 78 31 13 30 11 .........z0x1.0.0A40: 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 03 63 6F ....&...,d....co0A50: 6D 31 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 m1.0.....&...,d.0A60: 19 16 08 69 6E 67 65 6E 69 63 6F 31 11 30 0F 06 ...ingenico1.0..0A70: 03 55 04 0A 0C 08 49 6E 67 65 6E 69 63 6F 31 19 .U....Ingenico1.0A80: 30 17 06 03 55 04 0B 0C 10 49 6E 67 65 6E 69 63 0...U....Ingenic0A90: 6F 20 52 6F 6F 74 20 43 41 31 19 30 17 06 03 55 o Root CA1.0...U0AA0: 04 03 0C 10 49 6E 67 65 6E 69 63 6F 20 52 6F 6F ....Ingenico Roo0AB0: 74 20 43 41 00 50 30 4E 31 0B 30 09 06 03 55 04 t CA.P0N1.0...U.0AC0: 06 13 02 46 52 31 0F 30 0D 06 03 55 04 07 13 06 ...FR1.0...U....0AD0: 46 72 61 6E 63 65 31 11 30 0F 06 03 55 04 0A 13 France1.0...U...0AE0: 08 49 6E 67 65 6E 69 63 6F 31 0C 30 0A 06 03 55 .Ingenico1.0...U0AF0: 04 0B 13 03 41 50 4F 31 0D 30 0B 06 03 55 04 03 ....APO1.0...U..0B00: 13 04 6A 69 72 61 0E 00 00 00 ..jira....elasticsearch[ppjbies1][[transport_server_worker.default]][T#7], WRITE: TLSv1.2 Handshake, length = 2826[Raw write]: length = 28310000: 16 03 03 0B 0A 02 00 00 4D 03 03 5A 18 1B F9 C5 ........M..Z....0010: 14 F0 AB 83 9B EF 65 7D DF 07 F2 53 66 ED 4B 70 ......e....Sf.Kp0020: B4 D5 48 19 8F 6E 4F B9 16 3D E5 20 5A 18 1B F9 ..H..nO..=. Z...0030: 62 D1 DA 82 51 FB E9 2A 89 3B E6 DC 82 49 AA CD b...Q..*.;...I..0040: 9C 7B 1C 73 A7 AD 12 34 00 A6 DB 0A C0 27 00 00 ...s...4.....'..0050: 05 FF 01 00 01 00 0B 00 08 70 00 08 6D 00 04 8C elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], closeOutboundInternal() elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], SEND TLSv1.2 ALERT: warning, description = close_notify.........p..m...0060: 30 82 04 88 30 82 03 70 A0 03 02 01 02 02 01 02 0...0..p........0070: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 0...*.H........00080: 7E 31 13 30 11 06 0A 09 92 26 89 93 F2 2C 64 01 .1.0.....&...,d.0090: 19 16 03 63 6F 6D 31 18 30 16 06 0A 09 92 26 89 ...com1.0.....&.00A0: 93 F2 2C 64 01 19 16 08 69 6E 67 65 6E 69 63 6F ..,d....ingenico00B0: 31 11 30 0F 06 03 55 04 0A 0C 08 49 6E 67 65 6E 1.0...U....Ingen00C0: 69 63 6F 31 1C 30 1A 06 03 55 04 0B 0C 13 49 6E ico1.0...U..Padded plaintext before ENCRYPTION: len = 64..In00D0: 67 65 6E 69 63 6F 20 53 69 67 6E 69 6E 67 20 43 0000 genico Signing C00E0: 41 31 1C 30 1A 06 03 55 04 03 0C 13 49 6E 67 65 A1.0...U....Inge00F0: 6E 69 63 6F 20 53 69 67 6E 69 6E 67 20 43 41: 08 46 54 32 6E 92 38 A0 00 45 D2 15 0C 13 B8 70 .FT2n.8..E.....p0010: 01 00 04 AF 30 nico Signing CA0 2A EB EB 64 BE BC 1F EF 66 18 B2 9C ....*..d....f...01000020: DB 75 7F 70 91 75 96 13 : 1E 17 0D 31 37 31 31 32 32 31 36 31 39 35 31 5A 76 38 65 04 F3 B4 F5 43 .u.p.u..v8e....C0030: BE 4D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D .M.............. ...171122161951Z0110: 17 0D 31 39 31 31 32 32 31 36 31 39 35 31 5A 30 ..191122161951Z00120: 68 31 0Belasticsearch[ppjbies1][[transport_server_worker.default]][T#5], WRITE: TLSv1.2 Alert, length = 64 30 09 06 03 55 04 06 13 02 46 52 31 0F h1.0...U....FR1.0130: 30 0D 06 03 55 04 07 13 06 46 72 61 6E 63 65 31 0[Raw write]: length = 69...U....France100000140: 11 30 0F 06 03 55 04 0A 13 08 49 6E 67 65 6E 69 .0...U....Ingeni0150: 63 6F 31 0C 30 0A 06 03 55 04 0B 13 03 41 50 4F co1.0...U....APO0160: 31 27 30 25 06 03 55 04 03 13 1E 70 70 6A 62 69 1'0%..U....ppjbi0170: 65 73 31 2E 73 65 72 76 69 63 65 73 2E 69 6E 67 es1.services.ing0180: 65 6E 69 63 6F 2E 63 6F 6D 30 82 01 22 30 0D 06 enico.com0.."0..0190: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F .*.H............01A0: 00 30 82 01 0A 02 82 01 01 00 8F 1A 0B C4 67 3F .0............g?01B0: BC 37 24 27 1F 3A 31 60 30 03 8A BE 26 FE 5E 38 .7$'.:1`0...&.^801C0: 94 5F A8 48 54 F6 BC 21 FB 23 13 E9 AF 96 0A 6A ._.HT..!.#.....j01D0: A2 CE A2 40 03 7D 2B 5E 2F 59 03 6A AA A5 E5 8C ...@..+^/Y.j....01E0: 21 0E 70 CC D4 9C 44 B9 1E 54 57 E1 F9 DC 7E AC !.p...D..TW.....01F0: F0 3B 43 0F 5A B5 D4 55 89 24 9D 83 E3 3C C2 89 .;C.Z..U.$...<..0200: 08 E3 54 55 2F 20 CD C8 03 DC 32 C6 FE 37 88 06 ..TU/ ....2..7..0210: C4 DD B8 EC AB 2C F4 0C ED CF 9C 94 4C 1F 85 C8 .....,......L...0220: FD 7E 1F 3E F0 6D 33 DB E3 06 A2 CB 87 09 DA 95 ...>.m3.........0230: 3B BB EB 19 B8 C3 CC 50 0C E6 EA D4 63 B5 22 8F ;......P....c.".0240: 26 4B 56 9B 50 3D E5 96 6A 57 8E 71 31 B6 21 DE &KV.P=..jW.q1.!.0250: 2B 4B 37 45 A6 5A A8 ED C3 8D E4 1D FF 76 0B CD +K7E.Z.......v..0260: 5E 79 C5 E5 55 13 01 AA 2B 59 43 C3 D0 A2 94 A6 ^y..U...+YC.....0270: 4F A6 F7 5F C8 35 04 8E E2 65 9F 27 4D 45 93 52 O.._.5...e.'ME.R0280: DF 22 A2 B8 B7 B1 BE 30 30 CC A0 4C 0E 04 32 F2 .".....00..L..2.0290: 21 86 AA 54 44 A3 AB 65 A6 26 57 3E 92 7D 57 40 !..TD..e.&W>..W@02A0: B3 55 4A 68 F7 17 66 56 4B 61 02 03 01 00 01 A3 .UJh..fVKa......02B0: 82 01 25 30 82 01 21 30 0E 06 03 55 1D 0F 01 01 ..%0..!0...U....02C0: FF 04 04 03 02 05 A0 30 09 06 03 55 1D 13 04 02 .......0...U....02D0: 30 00 30 1D 06 03 55 1D 25 04 16 30 14 06 08 2B 0.0...U.%..0...+02E0: 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 .........+......02F0: 02 30 1D 06 03 55 1D 0E 04 16 04 14 77 B4 4D 46 .0...U......w.MF0300: B5 92 47 48 17 91 6F 23 5F 46 61 56 7C 0C C1 C8 ..GH..o#_FaV....0310: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 93 58 51 0...U.#..0....XQ0320: F7 1A 12 15 21 9D 13 F8 90 18 22 47 5A BD 9E 2B ....!....."GZ..+0330: 70 30 62 06 03 55 1D 1F 04 5B 30 59 30 57 A0 55 p0b..U...[0Y0W.U0340: A0 53 86 51 68 74 74 70 73 3A 2F 2F 72 61 77 2E .S.Qhttps://raw.0350: 67 69 74 68 75 62 75 73 65 72 63 6F 6E 74 65 6E githubuserconten0360: 74 2E 63 6F 6D 2F 66 6C 6F 72 61 67 75 6E 6E 63 t.com/floragunnc0370: 6F 6D 2F 75 6E 69 74 74 65 73 74 2D 61 73 73 65 om/unittest-asse0380: 74 73 2F 6D 61 73 74 65 72 2F 72 65 76 6F 6B 65 ts/master/revoke0390: 64 2E 63 72 6C 30 41 06 03 55 1D 11 04 3A 30 38 d.crl0A..U...:0803A0: 82 1E 70 70 6A 62 69 65 73 31 2E 73 65 72 76 69 ..ppjbies1.servi03B0: 63 65 73 2E 69 6E 67 65 6E 69 63 6F 2E 63 6F 6D ces.ingenico.com03C0: 82 09 6C 6F 63 61 6C 68 6F 73 74 87 04 AC 15 16 ..localhost.....03D0: 26 88 05 2A 03 04 05 05 30 0D 06 09 2A 86 48 86 &..*....0...*.H.03E0: F7 0D 01 01 0B 05 00 03 82 01 01 00 89 17 4E 12 ..............N.03F0: 56 7F 43 5D 3C CE D9 F1 96 A5 68 ED 3E 1A E1 31 V.C]<.....h.>..10400: 76 A7 5D 97 E8 52 77 DA 3D F4 39 07 EB 2B 19 5E v.]..Rw.=.9..+.^0410: 78 32 B6 0D 02 79 C4 00 C1 79 A4 02 84 B8 6D B8 x2...y...y....m.0420: 6E CC 04 53 A4 D5 5E 80 20 D5 CC 37 39 A0 C2 47 n..S..^. ..79..G0430: 29 5A 4A 08 28 5B CD 7E 26 11 2E 30 43 16 64 36 )ZJ.([..&..0C.d60440: 69 42 8A E1 E2 0C 4D BC 4E 63 57 06 82 C8 55 CA iB....M.NcW...U.0450: B1 85 57 CF D7 C0 1C 43 55 F3 72 B6 29 C4 4A 64 ..W....CU.r.).Jd0460: 88 4B 7F 25 A1 59 E9: 15 03 03 00 40 B1 AA 4D 6D 9B 8D 1C 14 D9 AC 10 FB A9 B2 B5 1D 73 70 30 CA .K.%.Y......sp0.0470: 33 D7 F3 0F B1 3D 0C 71 F6 BA BA 22 EF F8 7C DE ....@. 3....=.q..."....0480: F0 31 41 A9 76 8E 05 3D 03 12 3F AA E2 17 F5 5F .1A.v..=..?...._0490: FA 4D EE 80 89 8C 6F 27 24 A6 B2 0F 00 36 07 2F .M....o'$....6./04A0: BA 62 B3 1A 0F 93 5D 81 72 3B AB 42 A9 A4 81 B9 .b....].r;.B....04B0: F0 EF 67 57 CD EA C1 BE BF CB 20 DE E5 11 F3 35 .Mm....... ..gW...... ....504C0: 62 58 F4 08 E1 BC D6 B2 A6 DC 93 45 9F 79 6E DC bX.........E.yn.04D0: F0 1B A8 CA 44 F6 86 0E DA 38 0D E1 B1 76 BB 47 ....D....8...v.G04E0: 0A 49 DA CF F2 E4 6E 8F E1 37 9C F8 00 03 DB 30 .I....n..7.....004F0: 82 03 D7 30 82 02 BF A0 03 02 01 02 02 01 02 30 ...0...........00500: 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 78 ...*.H........0x0510: 31 13 30 11 06 0A 09 92 26 89 93 F2 2C 64 01 19 1.0.....&...,d..0520: 16 03 63 6F 6D 31 18 30 0010: 9C 5B D1 AE 70 0A 61 FC 16 06 0A 09 92 26 89 93 ..com1.0.....&..0530: F2 2C 64 01 19 16 08 69 6E 67 65 6E 69 63 6F 31 .,d....ingenico1 C3 04 F3 ED C8 92 0C 0E .[..p.a.........0020: FB C0 34 7B FE A6 98 AC 68 77 AD 6B 91 0F 08 7D ..4.....hw.k....0030: 6A 1F EC E3 8A 30 CB E6 3F BC FB E7 4B 7D 57 FD j....0..?...K.W.0040: B2 3B 16 B4 3A .;..:0540: 11 30 0F 06 03 55 04 0A 0C 08 49 6E 67 65 6E 69 .0...U....Ingeni0550: 63 6F 31 19 30 17 06 03 55 04 0B 0C 10 49 6E 67 co1.0...U....Ing0560: 65 6E 69 63 6F 20 52 6F 6F 74 20 43 41 31 19 30 enico Root CA1.00570: 17 06 03 55 04 03 0C 10 49 6E 67 65 6E 69 63 6F ...U....Ingenico0580: 20 52 6F 6F 74 20 43 41 30 1E 17 0D 31 37 31 31 Root CA0...17110590: 32 32 31 36 31 39 34 38 5A 17 0D 32 37 31 31 32 22161948Z..2711205A0: 32 31 36 31 39 34 38 5A 30 7E 31 13 30 11 06 0A 2161948Z0.1.0...05B0: 09 92 26 89 93 F2 2C 64 01 19 16 03 63 6F 6D 31 ..&...,d....com105C0: 18 30 16 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 .0.....&...,d...05D0: 08 69 6E 67 65 6E 69 63 6F 31 11 30 0F 06 03 55 .ingenico1.0...U05E0: 04 0A 0C 08 49 6E 67 65 6E 69 63 6F 31 1C 30 1A ....Ingenico1.0.05F0: 06 03 55 04 0B 0C 13 49 6E 67 65 6E 69 63 6F 20 ..U....Ingenico 0600: 53 69 67 6E 69 6E 67 20 43 41 31 1C 30 1A 06 03 Signing CA1.0...0610: 55 04 03 0C 13 49 6E 67 65 6E 69 63 6F 20 53 69 U....Ingenico Si0620: 67 6E 69 6E 67 20 43 41 30 82 01 22 30 0D 06 09 gning CA0.."0...0630: 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 *.H.............0640: 30 82 01 0A 02 82 01 01 00 C9 38 24 AC 9F 51 53 0.........8$..QS0650: FE 46 D0 06 97 2A 68 55 68 F4 26 3A 0F 27 0E 6E .F...*hUh.&:.'.n0660: CB 2B CB D7 6D 7F D2 37 6B F8 6D 34 EA A9 BE 53 .+..m..7k.m4...S0670: 04 11 09 C1 42 FA 5D 5D 4A CA 48 25 C3 F7 6C 37 ....B.]]J.H%..l70680: 37 86 B0 70 22 3F BA F6 E9 D4 DA 2C DB 48 4F 48 7..p"?.....,.HOH0690: F0 9A CF AA 60 11 6D 4E 40 35 86 9C 15 8A 1E 3D ....`.mN@5.....=06A0: 25 CE B4 EF 10 4C C9 A6 82 47 3D AA 32 13 C3 9C %....L...G=.2...06B0: 9A C8 29 BE 70 9F 20 B9 4B C9 26 01 CC DE 68 86 ..).p. .K.&...h.06C0: C1 87 D5 62 3D FD 9F 8D FE A7 09 F4 9E 0B A9 46 ...b=..........Felasticsearch[ppjbies1][[transport_server_worker.default]][T#5], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], closeOutboundInternal()06D0: 31 E7 D8 E6 DA 97 5F 10 75 66 EA D6 AE 05 39 C6 1....._.uf....9.06E0: FD 4A 78 44 58 7D F9 00 4A D7 2B 74 1B 3C 3E 06 .JxDX...J.+t.<>.06F0: 34 A9 6C 80 78 84 74 E4 B5 14 5A 2A CA 02 46 65 4.l.x.t...Z*..Fe0700: C1 26 90 63 05 5C 71 29 FE 29 2C 0D F3 73 2E 46 .&.c.\q).),..s.F0710: 8D AA 4A 3B 1D 1F 8D 0C AE D1 97 83 C3 F6 2E 49 ..J;...........I0720: 08 2F 91 0B 5A AF A9 A5 A9 7D CE 3D 4D 4B A9 4A ./..Z......=MK.J0730: C9 26 71 4C 3C 9C 5E A7 5C 25elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], SEND TLSv1.2 ALERT: warning, description = close_notify CB FA 7D 11 53 E7 .&qL<.^.\%....S.elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], WRITE: TLSv1.2 Alert, length = 20740: F7 4E AA 79 DC 78 1E CD 9B 02 03 01 00 01 A3 66 .N.y.x.........f0750: 30 64 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 0d0...U.........0760: 01 06 30 12 06 03 55 1D 13 01 01 FF 04 08 30 06 ..0...U.......0.0770: 01 01 FF 02 01 00 30 1D 06 03 55 1D 0E 04 16 04 ......0...U.....0780: 14 93 58 51 F7 1A 12 15 [Raw write]: length = 7 21 9D 13 F8 90 18 22 47 ..XQ....!....."G0790: 5A BD 9E 2B 70 30 1F 06 03 55 1D 23 04 18 30 16 Z..+p0...U.#..0.07A0: 80 14 0E 89 24 A6 59 CB F2 62 5B FA BA 41 24 3C ....$.Y..b[..A$<07B0: AF 81 23 11 31 8B 30 0D 06 09 2A 86 48 86 F7 0D ..#.1.0...*.H...07C0: 01 01 0B 05 00 03 82 01 01 00 02 32 49 FB 25 7C ...........2I.%.07D0: 47 CC 17 38 5B 00 F8 D6 5E D7 2F FA E6 BC 4B 81 G..8[...^./...K.07E0: B7 1A 91 8F 38 AD DA 5B 54 DF 13 DB 56 9B 51 CC ....8..[T...V.Q.07F0: 0A C8 F4 07 EF 53 95 94 DD 98 9F EB A2 FE 09 7D .....S..........0800: E5 23 F6 B5 B5 B2 0D 59 71 66 B1 64 A5 3A 59 C9 .#.....Yqf.d.:Y.08100: 44 7F 01 B7 AE 5E F3 E1 79 08 24 BB C9 CA AC 5F D....^..y.$...._0820: BD B4 D5 76 36 3D CA 07 0E 39 02 8D 23 84 FA 80 ...v6=...9..#...0830: 2C A5 74 2D B2 36 DF CA E5 F9 8C 90 C1 CD 7F 3A ,.t-.6.........:0840: 0D 85 54 D9 E9 77 93 D6 E8 D4 41 F1 A9 93 6B 03 ..T..w....A...k.0850: E5 C0 91 3B 3C 9C 4C B6 21 ED 2D C7 20 9A D4 CC ...;<.L.!000.-. ...0860: 22 23 01 6D 96 B4 3C 8F 78 25 7E ED 4A DA 14 BC "#.m..<.x%..J...0870: 9C 7D 4C BF 94 60 82 BB BC 53 AC 00 2B 50 45 74 ..L..`...S..+PEt0880: F2 71 4D BF 7F B9 CF 96 27 CC D2 27 E2 37 CE 84 .qM.....'..'.7..0890: 0D 7F F2 3E E6 06 63 5A E6 71 1F 08 14 B4 C4 A4 ...>..cZ.q......08A0: E0 F0 9E CB AA 10 FF BA 63 95 96 BD 13 25 5B 3D ........c....%[=08B0: D5 51 FF 76 00 3E 57 84 30 EC AC B3 7D 02 07 D2 .Q.v.>W.0.......08C0: 93 5A 00 D4 B0 E9 97 86 9A 23 0C 00 01 49 03 00 .Z.......#...I..08D0: 17 41 04 D1 27 7C DD CB DF EB D9 6F B1 9F E6 17 .A..'......o....08E0: B9 0A 11 B3 65 99 2D 57 E6 7F 41 17 F5 E5 45 72 ....e.-W..A...Er08F0: DE AA CE 7B 3C 91 D4 EB C8: 15 03 03 00 02 01 00 B6 79 56 ....... D0 DD 83 B1 ....<.....yV....0900: 08 76 86 48 D0 3E 65 0F DF 55 3C 18 18 2F A1 2F .v.H.>e..U<.././0910: B4 7F DF 06 01 01 00 7F FD 35 55 01 64 21 1A B1 .........5U.d!..0920: C6 D6 D3 BF 79 F6 1F 6B CD EA 2F 95 A0 39 B2 14 ....y..k../..9..0930: 26 F2 AD 60 A8 27 42 08 0E 96 A3 FA 21 31 C8 00 &..`.'B.....!1..0940: AC 54 0D 59 73 56 F1 B7 D8 67 9F CD 2F 04 69 86 .T.YsV...g../.i.0950: 95 FB A1 D4 38 2E 66 5D 4C 90 34 02 9B E3 ED B0 ....8.f]L.4.....0960: AE BC 1E 1A 49 92 47 61 AC 52 B6 F4 D9 62 CD 93 ....I.Ga.R...b..0970: 4F 40 4D 19 9B AF 70 17 94 C0 90 28 82 6F 3C 30 O@M...p....(.o<00980: 48 22 75 5F 0C 24 6B D9 37 E2 78 28 6D 53 2A 02elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], called closeOutbound() H"u_.$k.7.x(mS*.0990: A5 D6 24 3D 79 42 39 A0 42 E8 5A 4D A4 6F 48 F0 ..$=yB9.B.ZM.oH.elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], closeOutboundInternal()09A0: 19 19 CB B0 53 30 38 95 87 BD 9D B9 4A 67 7F E9 ....S08.....Jg..09B0: 2D 34 8A 40 8A DD BE 97 63 48 FE 70 10 7B 05 CA -4.@....cH.p....09C0: 42 0A F8 ED 77 C4 74 56 FA 1C E3 C5 66 06 6E 1A elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], closeOutboundInternal()B...w.tV....f.n.09D0: C6 1B DA 63 37 3E 41 AA FD 37 9D 00 AF 72 5F 08 ...c7>A..7...r_.09E0: E2 FB D9 DE A5elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#5], closeOutboundInternal() 86 86 93 5F BD 14 70 3D 6F 88 E0 ........_..p=o..09F0: 37 A6 CE F0 6B 5B 6F 82 5A 42 75 94 89 0A 47 CA 7...k[o.ZBu...G.0A00: C1 DE B0 94 B6 80 5A 64 5D 0E D8 3B DF 89 FE FE ......Zd]..;....0A10: CC AE 4E 4C 55 3E 5D 0D 00 00 F0 03 01 02 40 00 ..NLU>].......@.0A20: 1A 06 03 06 01 05 03 05 01 04 03 04 01 04 02 03 ................0A30: 03 03 01 03 02 02 03 02 01 02 02 00 CE 00 7A 30 ..............z00A40: 78 31 13 30 11 06 0A 09 92 26 89 93 F2 2C 64 01 x1.0.....&...,d.0A50: 19 16 03 63 6F 6D 31 18 30 16 06 0A 09 92 26 89 ...com1.0.....&.0A60: 93 F2 2C 64 01 19 16 08 69 6E 67 65 6E 69 63 6F ..,d....ingenico0A70: 31 11 30 0F 06 03 55 04 0A 0C 08 49 6E 67 65 6E 1.0...U....Ingen0A80: 69 63 6F 31 19 30 17 06 03 55 04 0B 0C 10 49 6E ico1.0...U....In0A90: 67 65 6E 69 63 6F 20 52 6F 6F 74 20 43 41 31 19 genico Root CA1.0AA0: 30 17 06 03 55 04 03 0C 10 49 6E 67 65 6E 69 63 0...U....Ingenic0AB0: 6F 20 52 6F 6F 74 20 43 41 00 50 30 4E 31 0B 30 o Root CA.P0N1.00AC0: 09 06 03 55 04 06 13 02 46 52 31 0F 30 0D 06 03 ...U....FR1.0...0AD0: 55 04 07 13 06 46 72 61 6E 63 65 31 11 30 0F 06 U....France1.0..0AE0: 03 55 04 0A 13 08 49 6E 67 65 6E 69 63 6F 31 0C .U....Ingenico1.0AF0: 30 0A 06 03 55 04 0B 13 03 41 50 4F 31 0D 30 0B 0...U....APO1.0.0B00: 06 03 55 04 03 13 04 6A 69 72 61 0E 00 00 00 ..U....jira....elasticsearch[ppjbies1][[transport_server_worker.default]][T#7], called closeOutbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#7], closeOutboundInternal()elasticsearch[ppjbies1][[transport_server_worker.default]][T#7], SEND TLSv1.2 ALERT: warning, description = close_notifyelasticsearch[ppjbies1][[transport_server_worker.default]][T#7], WRITE: TLSv1.2 Alert, length = 2elasticsearch[ppjbies1][[transport_server_worker.default]][T#7], called closeInbound()elasticsearch[ppjbies1][[transport_server_worker.default]][T#7], fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?%% Invalidated: [Session-40, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]elasticsearch[ppjbies1][[transport_server_worker.default]][T#7], SEND TLSv1.2 ALERT: fatal, description = internal_errorelasticsearch[ppjbies1][[transport_server_worker.default]][T#7], Exception sending alert: java.io.IOException: writer side was already closed.
SG
Nov 24, 2017, 8:33:15 AM11/24/17
to search...@googlegroups.com
can you please try the original script and the tls cert generator and report back if they work?
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/957a758e-5902-474a-8aea-7255b6f04820%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
Frédéric Esnault
Nov 24, 2017, 9:39:50 AM11/24/17
to search...@googlegroups.com
I downloaded the certificates from your generator site and configured everything.
Still same error :
[2017-11-24T14:37:24,085][ERROR][c.f.s.s.t.SearchGuardSSLNettyTransport] [ppjbies1] SSL Problem Received fatal alert: certificate_unknownjavax.net.ssl.SSLException: Received fatal alert: certificate_unknown######## Start Search Guard Configuration ########searchguard.ssl.transport.enabled: truesearchguard.ssl.transport.keystore_filepath: CN=jbies1-keystore.jkssearchguard.ssl.transport.keystore_password: *******searchguard.ssl.transport.truststore_filepath: truststore.jkssearchguard.ssl.transport.truststore_password: *******searchguard.ssl.transport.enforce_hostname_verification: falsesearchguard.ssl.http.enabled: truesearchguard.ssl.http.keystore_filepath: CN=jbies1-keystore.jkssearchguard.ssl.http.keystore_password: *******searchguard.ssl.http.truststore_filepath: truststore.jkssearchguard.ssl.http.truststore_password: *******# The setting below informs SearchGuard of all client certificates allowed to administrate SearhGuard.searchguard.authcz.admin_dn: - CN=sgadmin
######## End Search Guard Configuration ########SG
Nov 24, 2017, 9:52:29 AM11/24/17
to search...@googlegroups.com
maybe you have somewhere an old elasticsearch instance with incompatible certs running in your network?
Certs from the generator are proven to work, so it must be something on your side.
Use Oracle JDK 1.8 instead of OpenJDK may help (if you are on OpenJDK)
> Am 24.11.2017 um 15:39 schrieb Frédéric Esnault <frederic...@ovyka.com>:
>
>
> I downloaded the certificates from your generator script and configured everything.
Certs from the generator are proven to work, so it must be something on your side.
Use Oracle JDK 1.8 instead of OpenJDK may help (if you are on OpenJDK)
> Am 24.11.2017 um 15:39 schrieb Frédéric Esnault <frederic...@ovyka.com>:
>
>
> I downloaded the certificates from your generator script and configured everything.
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/576af3e2-1d59-4c8c-b0d9-aff93f92b43a%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
Frédéric Esnault
Nov 24, 2017, 10:13:01 AM11/24/17
to Search Guard Community Forum
And even if they were, they would not be using certificate, I'm only starting to secure them.
I'm indeed using Oracle JDK 8, not OpenJDK.
I'm sure your certificates work, I don't see any reason why they would not. And I tested in my local dev cluster, everything went fine using certificates generated with your scripts;
I'd agree with you that it may come from my setup, but don't know where to look now. In the nodes certificates I generated, I included the IP for each node, to make sure that would not interfere, but the result is the same with your generic certificates and mine.
The nodes are talking to each other, that seems ok.
The problem seems to be between the client application (a Java application using SearchGuard plugin in its Transport node. Maybe something is off there. It worked in my local test, but not now in a real cluster.
For information, each node has its own server, and the client application is on its own server too.
Here is the code for transport client creation :
Thread.currentThread().setContextClassLoader(Constants.class.getClassLoader());Settings.Builder builder = Settings.builder() .put("client.transport.sniff", false) .put("cluster.name", clusterName) .put("path.conf", "elasticsearch");if (searchGuardConfigDTO != null && searchGuardConfigDTO.isActive()) { builder.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, searchGuardConfigDTO.getKeyStorePath()) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, searchGuardConfigDTO.getTrustStorePath()) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, searchGuardConfigDTO.getKeyStorePassword()) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, searchGuardConfigDTO.getTrustStorePassword()) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED, true);}Settings settings = builder.build();if (searchGuardConfigDTO != null && searchGuardConfigDTO.isActive()) { this.client = new PreBuiltTransportClient(settings, SearchGuardPlugin.class);} else { this.client = new PreBuiltTransportClient(settings);}for (ESNode node : nodes) { try { this.client.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(node.getNodeIp()), node.getNodePort())); } catch (UnknownHostException uhe) { LOGGER.error(uhe.getMessage(), uhe); }}SG
Nov 24, 2017, 10:25:52 AM11/24/17
to search...@googlegroups.com
look here how the transport client can be used
https://github.com/floragunncom/search-guard/blob/5.6.0/src/main/java/com/floragunn/searchguard/tools/SearchGuardAdmin.java
https://github.com/floragunncom/search-guard/blob/5.6.0/src/test/java/com/floragunn/searchguard/SGTests.java#L1240
https://github.com/floragunncom/search-guard/blob/5.6.0/src/main/java/com/floragunn/searchguard/tools/SearchGuardAdmin.java
https://github.com/floragunncom/search-guard/blob/5.6.0/src/test/java/com/floragunn/searchguard/SGTests.java#L1240
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/6e301e83-7c45-4cc4-a914-a16cc9104da5%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
Frédéric Esnault
Nov 24, 2017, 10:58:43 AM11/24/17
to Search Guard Community Forum
Yep that seems similar to what i did, except you use more options.
But my transport client was working in my dev local cluster, anyway.
Frédéric Esnault
Nov 24, 2017, 12:29:38 PM11/24/17
to search...@googlegroups.com
Hi again,
I just created a spring boot command line app, very simple, calling my ES cluster with SG plugin : Here is its code :
public void search(String ip, String clusterName, String index, String type, String ksPwd, String ksPth, String tsPwd, String tsPth) { TransportClient client; Settings.Builder builder = Settings.builder() .put("client.transport.sniff", false) .put("cluster.name", clusterName) .put("path.conf", "elasticsearch"); builder.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, ksPth) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, ksPwd) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, tsPth) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, tsPwd) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED, true); Settings settings = builder.build(); client = new PreBuiltTransportClient(settings, SearchGuardPlugin.class);
try { client.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(ip), 9300)); } catch (UnknownHostException uhe) { System.err.println("Error : " + uhe.getMessage()); uhe.printStackTrace(); }
SearchRequestBuilder searchRequestBuilder = client.prepareSearch(index).setTypes(type).setQuery(QueryBuilders.matchAllQuery()); SearchResponse searchResponse = searchRequestBuilder.execute().actionGet(); SearchHits hits = searchResponse.getHits(); System.out.println("Results : "+hits.getTotalHits());
}I moved the resulting jar on the node server itself (local call), and called it, but got the same error : certificate_unknown.
Here is the calling line :
sgtest-1.0-SNAPSHOT.jar 172.21.22.38 pp-es-cluster ppjessbi apo_mapping ***** search-guard-certificates/client-certificates/CN\=demouser-keystore.jks ***** search-guard-certificates/truststore.jks
Is there something you see that seems off ?
I am using your generated certificates, imported configuration using sgadmin.sh, and called the java client from the node itself, I really dont see what can be wrong here.
I'd need a little help on this one.
Is there another way to test the democlient certificate, or any other way to make this work ? Without this, I cannot use SG, and would have to revert to XPack, which is not free. And I had it working locally so where is my problem here ?
Frédéric Esnault
Nov 24, 2017, 12:49:15 PM11/24/17
to Search Guard Community Forum
Got it !
Feeling better, and thanks for the pointer to your SGAdmin code, it's where I saw the options that resolved the problem.
Everything came from the fact that SG was trying to verify the client hostname vs its certificate, and it was not working.
I added two options in my client config and got it working (well almost, now I have this : Caused by: java.lang.Exception: no such user CN=demouser.
So the solution was just to add this to my java client code :
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION, false).put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME, false)Feeling better, and thanks for the pointer to your SGAdmin code, it's where I saw the options that resolved the problem.
Reply all
Reply to author
Forward
0 new messages