Https Client certificate authentication error :"javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException"

[mohan v]

Hi,

I am using rest assured 2.3.1

It seems I get error while using client certificate while using HTTPS

I understand that similar was  a bug in earlier version. However that bug was related to using server side  related trustore(jks) file

However when you also need to use client side certificate (pkcs12 or jks file), you get new error

As per understand the fix was provided only for server side certificate and not client side certifcate

The code used:

RestAssured.authentication = certificate(keyStorePath, keyStorePassword, certAuthSettings().allowAllHostnames());

The error details

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)

  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)

  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)

  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)

  at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)

  at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

  at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)

  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)

  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)

  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)

  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)

  at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533)

  at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401)

  at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178)

  at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)

  at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)

  at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)

  at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)

  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)

  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)

  at org.apache.http.client.HttpClient$execute$0.call(Unknown Source)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120)

  at com.jayway.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.doRequest(RequestSpecificationImpl.groovy:1638)

  at com.jayway.restassured.internal.http.HTTPBuilder.doRequest(HTTPBuilder.java:481)

  at com.jayway.restassured.internal.http.HTTPBuilder.request(HTTPBuilder.java:430)

  at com.jayway.restassured.internal.http.HTTPBuilder$request$2.call(Unknown Source)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:124)

  at com.jayway.restassured.internal.RequestSpecificationImpl.sendHttpRequest(RequestSpecificationImpl.groovy:1166)

  at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendHttpRequest(RequestSpecificationImpl.groovy)

  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:606)

  at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

  at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

  at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

  at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

  at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

  at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

  at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

  at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:133)

  at com.jayway.restassured.internal.RequestSpecificationImpl.sendRequest(RequestSpecificationImpl.groovy:1008)

  at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendRequest(RequestSpecificationImpl.groovy)

  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:606)

  at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

  at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

  at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

  at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

  at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

  at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

  at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128)

  at com.jayway.restassured.internal.filter.SendRequestFilter.filter(SendRequestFilter.groovy:31)

  at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

  at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

  at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

  at com.jayway.restassured.filter.log.RequestLoggingFilter.filter(RequestLoggingFilter.java:101)

  at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:124)

  at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

  at com.jayway.restassured.filter.FilterContext$next.call(Unknown Source)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120)

  at com.jayway.restassured.internal.RequestSpecificationImpl.in

[Johan Haleby]

Does it work if you use relaxed https validation?

Regards,

/Johan

[mohan v]

Hi Johan,

If I use " RestAssured.useRelaxedHTTPSValidation();", it works  and Rest assured send request

But the server sends a valid error message saying "No valid client certificate received"

I able to send the request using the same certifcate from Mozilla rest client, which means rest assured does nt send client certifcate

[Johan Haleby]

I've never needed to do this myself so I'm not sure if I can answer your question in an adequate manner. I would suggest asking google for how to configure http client to do this. Then you can hopefully make use of the SSLConfig to customize the SSL settings to work for you. If you figure something out please let us know and perhaps I can make the configuration simpler in a future version.

Regards,

/Johan

--
You received this message because you are subscribed to the Google Groups "REST assured" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rest-assured...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mohan v]

On further analysis, it seems earlier version of rest assured used to support client certificate validation  as shown in https://code.google.com/p/rest-assured/issues/detail?id=205

But the current version does nt support client certificate, it is always server validation, no matter you use truststore or keystore, it is used for validation of the server

Can I expect this to be in future versions?

[Johan Haleby]

I don't know how to fix this so please help out! This is an open source project and all (well most :)) contributions are welcome. What is it exactly that you're missing (code wise)? How would the code look like if you were to do the same thing with only Http Client?

/Johan

[mohan v]

Ok, I will figure out how to do the same using Http Client.

Meanwhile I want to see, where I rest-assured does authentication stuff, I guess this where I can see rest-assured-code to start with https://github.com/jayway/rest-assured/tree/master/rest-assured/src/main/java/com/jayway/restassured

Please correct If that is not the correc link

[Johan Haleby]

You should probably look at com.jayway.restassured.authentication.CertAuthScheme and com.jayway.restassured.internal.KeystoreSpecImpl

Regards,

/Johan

[mohan v]

I got my request working with http client with the following code.

I expect rest-assured could do something similar

===================================

Code

===================================

import java.io.File;

import java.io.FileInputStream;

import java.io.InputStream;

import java.net.HttpURLConnection;

import java.net.URL;

import java.security.KeyStore;

import javax.net.ssl.HttpsURLConnection;

import javax.net.ssl.KeyManagerFactory;

import javax.net.ssl.SSLContext;

import javax.net.ssl.TrustManagerFactory;

import org.apache.http.HttpEntity;

import org.apache.http.HttpResponse;

import org.apache.http.client.methods.CloseableHttpResponse;

import org.apache.http.client.methods.HttpGet;

import org.apache.http.client.methods.HttpPost;

import org.apache.http.conn.scheme.Scheme;

import org.apache.http.conn.scheme.SchemeRegistry;

import org.apache.http.conn.ssl.SSLContexts;

import org.apache.http.conn.ssl.SSLConnectionSocketFactory;

import org.apache.http.conn.ssl.SSLSocketFactory;

import org.apache.http.conn.ssl.TrustSelfSignedStrategy;

import org.apache.http.impl.client.CloseableHttpClient;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.impl.client.HttpClients;

import org.apache.http.impl.conn.SingleClientConnManager;

import org.apache.http.params.BasicHttpParams;

import org.apache.http.params.HttpParams;

import org.apache.http.util.EntityUtils;

import org.codehaus.plexus.util.IOUtil;

/**

 * This example demonstrates how to create secure connections with a custom SSL

 * context.

 */

public class ClientCustomSSL {

    public final static void main(String[] args) throws Exception {

        String   trustStorePath="C:/cert/truststore.jks";

        String   trustStorePassword="changeit";

        String   keyStorePath="C:/cert/client.p12";

        String   keyStorePassword="password1";

        // keystore has the certificates presented to the server when a server

        // requests one to authenticate this application to the server

//        System.setProperty("javax.net.ssl.keyStore", keyStorePath);

//        System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);

        KeyStore keystore = KeyStore.getInstance("pkcs12");

        InputStream keystoreInput = new FileInputStream(keyStorePath);

        keystore.load(keystoreInput, keyStorePassword.toCharArray());

        System.out.println("Keystore has " + keystore.size() + " keys");

        // trustStore has the certificates that are presented by the server that

        // this application is to trust

//        System.setProperty("javax.net.ssl.trustStore", trustStorePath);

//        System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);

        KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());

        InputStream truststoreInput = new FileInputStream(trustStorePath);

        truststore.load(truststoreInput, trustStorePassword.toCharArray());

        System.out.println("Truststore has " + truststore.size() + " keys");

          SchemeRegistry schemeRegistry = new SchemeRegistry();

        SSLSocketFactory lSchemeSocketFactory = new SSLSocketFactory(keystore, keyStorePassword, truststore);

        schemeRegistry.register(new Scheme("https", 8443, lSchemeSocketFactory));

        final HttpParams httpParams = new BasicHttpParams();

        DefaultHttpClient lHttpClient = new DefaultHttpClient(new SingleClientConnManager(schemeRegistry), httpParams);

        String lUrl = "https://someserver:8443/customer";

        HttpGet lMethod = new HttpGet(lUrl);

//        "NAP-User-Credentials", "test:THIS,THAT")

        lMethod.setHeader("NAP-User-Credentials", "test:THIS,THAT");

        HttpResponse lHttpResponse = lHttpClient.execute(lMethod);

        System.out.println("Response status code: " + lHttpResponse.getStatusLine().getStatusCode());

        System.out.println("Response " + EntityUtils.toString(lHttpResponse.getEntity()) );

    }

}

[Johan Haleby]

Since you create your own SSLSocketFactory you can use that in REST Assured using the SSLConfig:

given().config(config().sslConfig(sslConfig().sslSocketFactory(sslSocketFactory))).when()..

Regards,

/Johan

[mohan v]

Great.

That seems to have worked .

However, as you can org.apache.http.conn.ssl.SSLSocketFactory is deprecated, that may not be work in future

So it may not work in future

Please let me know if you know any equivalent new SocketFactory

I did the following

KeyStore keystore = KeyStore.getInstance("jks");

  

            InputStream keystoreInput = new FileInputStream(keyStorePath);

            keystore.load(keystoreInput, keyStorePassword.toCharArray());

            System.out.println("Keystore has " + keystore.size() + " keys");

    KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());

            InputStream truststoreInput = new FileInputStream(trustStorePath);

            truststore.load(truststoreInput, trustStorePassword.toCharArray());

            System.out.println("Truststore has " + truststore.size() + " keys");

org.apache.http.conn.ssl.SSLSocketFactory lSchemeSocketFactory = new org.apache.http.conn.ssl.SSLSocketFactory(keystore, keyStorePassword, truststore);

RestAssured.config = RestAssured.config().sslConfig(sslConfig().sslSocketFactory(lSchemeSocketFactory));

[Johan Haleby]

Glad you got it working. Unfortunately Rest Assured is quite coupled to 4.2 and below of HTTP Client. There needs to be some significant work and breaking changes before it can be upgraded to support the 4.3 release. But it has to bo done eventually :)

Regards,

/Johan

[Pritpal Singh]

Hi Mohan,

I'm facing the same issue. I've certificates in .pfx. .p12 and .jks format. Can you help which one to use and how to use it?

Thanks,

[Johan Haleby]

If you can use them as a keystore or truststore then follow the documentation.

Regards,

/Johan

[Pritpal Singh]

Hi Johan,

I received certificates in (cer, p12, pfx and jks) formats from my dev team. They are able to use these certificates with SOAPUI tool. I tried using jks file as below but it didn't work, got  -" PKIX path building failed: " error

RestAssured.keystore("appqa.jks", "webit");

I followed your instructions on the link 

http://rest-assured.googlecode.com/svn/tags/2.3.2/apidocs/com/jayway/restassured/config/SSLConfig.html and imported cer format into JKS

performed following steps -

keytool -importcert -alias "app-qa" -file appqa.cer -keystore appqaID.jks -storepass changeit

RestAssured.config = newConfig().sslConfig(sslConfig().keystore("appqaID.jks", "chageit"));

still getting error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Struggling with it for past one week, please help!

[Johan Haleby]

Try setting keystoreType to "PKCS12" in the SSLConfig and see if that works.

/Johan

[Pritpal Singh]

Changing Keystore type to "PKCS12" didn't work. One of the post suggested uninstall/re-install Java..tried that also its not working.

I wanted to check out its not my machine that's causing problem, so I installed SOAPUI on my machine....Used the .pfx format of certificate and it works with SOAPUI.

I ran out of ideas, not sure what's going on...Its killing me...

Can you please suggest any other manual work around?

[Johan Haleby]

I would suggest googling for PKCS12 and http client. If you find a solution then please let me know and I can see if there's something that can be done to make it easier from Rest Assured.

[Johan Rask]

Han har inte bara ett stavfel? Kanske för enkelt..

Sent with Mail Pilot

[Johan Haleby]

Could it be possible that you've misspelled the password? It says "chageit" in the code you pasted earlier, perhaps it should be "changeit"?

/Johan

[Pritpal Singh]

I had corrected the password...still does not work. The certificate i'm using has private key, one cacert and one more certificate. I tried various things. Exporting .pfx to %JAVAHOME%\jre7\lib\security\cacerts, then using cacerts in my code, created jks using keytoool. Even when i dont use any cert and just use relaxedHTTPSValidation()...I always get this error "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

Not sure what's going on.

Johan - has anyone faced same issue, how they resolved it finally?

...

[Pritpal Singh]

when i use relaxedHTTPSValidation() then i get javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure error

...

[Johan Rask]

Hi,

What are you trying to accomplish?

- Is the server you are accessing using its own CA and the certificates that you are referring to (jks, pem, cer, p12) is are CA certs? Then it is not the keystore that you should change but the

truststore. 

- Or Is it client authentication, meaning that the server wants to authenticate you?

Regards /Johan R

[Pritpal Singh]

Its the first one. Can you give me an example of how to use truststore? 

[Pritpal Singh]

Below is my code using truststore this time. But this also does not work -

      InputStream trustStoreStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("clientid.jks");

 

       KeyStore trustStore = null;

try {

trustStore = KeyStore.getInstance(KeyStore.getDefaultType());

} catch (KeyStoreException e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

try {

trustStore.load(trustStoreStream, "weblogic".toCharArray());

} catch (NoSuchAlgorithmException | CertificateException

| IOException e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

       RestAssured.config = RestAssured.config().sslConfig(sslConfig().trustStore(trustStore).and().allowAllHostnames());

[Johan Rask]

Ok, lets start from the beginning.

You said in an earlier mail "The certificate i'm using has private key, one cacert and one more certificate.” 

For me, this sounds like 3 certificates?

What are these certificates supposed to do? Have you got any instructions? It seems like you are only using 1 in your code.

* The truststore should be the CA certificate

* Are you sure you are suppose to use client auth as well? (clientid.jks implies client cert…)

- Enable debug http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html

- Send complete messages and stacktraces.

/Johan R

[Johan Rask]

Or perhaps you mean that your cert contains the complete cert chain?

/Johan

[Pritpal Singh]

Ya lets start from begining. So they have given me this certificate with "******.pfx". When i used this certificate with HPST tool, I'm able to access the web service. But i'm facing issues with using it with Java/Rest-assured.

Using OpenSSL i converted the .pfx to .crt and I viewed the content. I see private key and 2 certificates in there. Here is the content of the certificate

Note that - I replaced some text with <some content> and <name of the company>

Bag Attributes

    friendlyName: <some content....>

    localKeyID: <some content...>

Key Attributes: <No Attributes>

-----BEGIN PRIVATE KEY-----

<some content>

-----END PRIVATE KEY-----

Bag Attributes

    friendlyName: CN=<some content>,OU=Web Servers,O=<Name of the company>,C=US

    localKeyID: <some content>

subject=/C=US/O=<name of the company>/OU=Web Servers/CN=<name of the company.com>

issuer=/C=US/O=<Name of the company>

-----BEGIN CERTIFICATE-----

<some content>

-----END CERTIFICATE-----

Bag Attributes

    friendlyName: O=<name of the company?,C=US

subject=/C=US/O=<Name of the company>

issuer=/C=US/O=<Name of the company>

-----BEGIN CERTIFICATE-----

<some content>

-----END CERTIFICATE-----

Now question is how do i use it with Java/Rest Assured. If it works with hpst tool, it should work with Java/Rest-Assured as well.

I tried various things -

1. Converted certificate to jks and used as a keystore and truststore

2. Added certificate to %Java_Home%/jre7\lib\security/cacerts and used cacerts as a trust store

[Johan Rask]

Can you please supply stacktrace and ssl debug info. 

/Johan. 

Sent from my iPhone

[Pritpal Singh]

This is the stacktrace 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:436)

at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)

at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)

at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)

at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

at org.apache.http.client.HttpClient$execute$0.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120)

at com.jayway.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.doRequest(RequestSpecificationImpl.groovy:1638)

at com.jayway.restassured.internal.http.HTTPBuilder.doRequest(HTTPBuilder.java:481)

at com.jayway.restassured.internal.http.HTTPBuilder.request(HTTPBuilder.java:430)

at com.jayway.restassured.internal.http.HTTPBuilder$request$2.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:124)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendHttpRequest(RequestSpecificationImpl.groovy:1166)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendHttpRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:133)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendRequest(RequestSpecificationImpl.groovy:1008)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128)

at com.jayway.restassured.internal.filter.SendRequestFilter.filter(SendRequestFilter.groovy:31)

at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.log.RequestLoggingFilter.filter(RequestLoggingFilter.java:101)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:124)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.FilterContext$next.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeFilterChain(RequestSpecificationImpl.groovy:883)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:133)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy:1304)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:133)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy:146)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy)

at com.capitalone.apitest.core.GET.shoot(GET.java:51)

at com.capitalone.apitest.core.Driver.main(Driver.java:115)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

at sun.security.validator.Validator.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 110 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

at java.security.cert.CertPathBuilder.build(Unknown Source)

... 116 more

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:436)

at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)

at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)

at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)

at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

at org.apache.http.client.HttpClient$execute$0.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.doRequest(RequestSpecificationImpl.groovy:1638)

at com.jayway.restassured.internal.http.HTTPBuilder.doRequest(HTTPBuilder.java:481)

at com.jayway.restassured.internal.http.HTTPBuilder.request(HTTPBuilder.java:430)

at com.jayway.restassured.internal.http.HTTPBuilder$request$2.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendHttpRequest(RequestSpecificationImpl.groovy:1166)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendHttpRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendRequest(RequestSpecificationImpl.groovy:1008)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128)

at com.jayway.restassured.internal.filter.SendRequestFilter.filter(SendRequestFilter.groovy:31)

at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.log.RequestLoggingFilter.filter(RequestLoggingFilter.java:101)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.FilterContext$next.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeFilterChain(RequestSpecificationImpl.groovy:883)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy:1304)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy:146)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy)

at com.capitalone.apitest.core.GET.shoot(GET.java:51)

at com.capitalone.apitest.core.Driver.main(Driver.java:115)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

at sun.security.validator.Validator.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 92 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

at java.security.cert.CertPathBuilder.build(Unknown Source)

... 98 more

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:436)

at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)

at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)

at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)

at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

at org.apache.http.client.HttpClient$execute$0.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.doRequest(RequestSpecificationImpl.groovy:1638)

at com.jayway.restassured.internal.http.HTTPBuilder.doRequest(HTTPBuilder.java:481)

at com.jayway.restassured.internal.http.HTTPBuilder.request(HTTPBuilder.java:430)

at com.jayway.restassured.internal.http.HTTPBuilder$request$2.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendHttpRequest(RequestSpecificationImpl.groovy:1166)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendHttpRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendRequest(RequestSpecificationImpl.groovy:1008)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128)

at com.jayway.restassured.internal.filter.SendRequestFilter.filter(SendRequestFilter.groovy:31)

at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.log.RequestLoggingFilter.filter(RequestLoggingFilter.java:101)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.FilterContext$next.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeFilterChain(RequestSpecificationImpl.groovy:883)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy:1304)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy:146)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy)

at com.capitalone.apitest.core.GET.shoot(GET.java:51)

at com.capitalone.apitest.core.Driver.main(Driver.java:115)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

at sun.security.validator.Validator.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 92 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

at java.security.cert.CertPathBuilder.build(Unknown Source)

... 98 more

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:436)

at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)

at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)

at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)

at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

at org.apache.http.client.HttpClient$execute$0.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.doRequest(RequestSpecificationImpl.groovy:1638)

at com.jayway.restassured.internal.http.HTTPBuilder.doRequest(HTTPBuilder.java:481)

at com.jayway.restassured.internal.http.HTTPBuilder.request(HTTPBuilder.java:430)

at com.jayway.restassured.internal.http.HTTPBuilder$request$2.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendHttpRequest(RequestSpecificationImpl.groovy:1166)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendHttpRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendRequest(RequestSpecificationImpl.groovy:1008)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128)

at com.jayway.restassured.internal.filter.SendRequestFilter.filter(SendRequestFilter.groovy:31)

at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.log.RequestLoggingFilter.filter(RequestLoggingFilter.java:101)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.FilterContext$next.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeFilterChain(RequestSpecificationImpl.groovy:883)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy:1304)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy:146)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy)

at com.capitalone.apitest.core.GET.shoot(GET.java:51)

at com.capitalone.apitest.core.Driver.main(Driver.java:115)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

at sun.security.validator.Validator.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 92 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

at java.security.cert.CertPathBuilder.build(Unknown Source)

... 98 more

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:436)

at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)

at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)

at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)

at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

at org.apache.http.client.HttpClient$execute$0.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.doRequest(RequestSpecificationImpl.groovy:1638)

at com.jayway.restassured.internal.http.HTTPBuilder.doRequest(HTTPBuilder.java:481)

at com.jayway.restassured.internal.http.HTTPBuilder.request(HTTPBuilder.java:430)

at com.jayway.restassured.internal.http.HTTPBuilder$request$2.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendHttpRequest(RequestSpecificationImpl.groovy:1166)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendHttpRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at com.jayway.restassured.internal.RequestSpecificationImpl.sendRequest(RequestSpecificationImpl.groovy:1008)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128)

at com.jayway.restassured.internal.filter.SendRequestFilter.filter(SendRequestFilter.groovy:31)

at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.log.RequestLoggingFilter.filter(RequestLoggingFilter.java:101)

at com.jayway.restassured.filter.Filter$filter.call(Unknown Source)

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

at com.jayway.restassured.filter.Filter$filter$0.call(Unknown Source)

at com.jayway.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:49)

at com.jayway.restassured.filter.FilterContext$next.call(Unknown Source)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeFilterChain(RequestSpecificationImpl.groovy:883)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy:1304)

at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:149)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy:146)

at com.jayway.restassured.internal.RequestSpecificationImpl.get(RequestSpecificationImpl.groovy)

at com.capitalone.apitest.core.GET.shoot(GET.java:51)

at com.capitalone.apitest.core.Driver.main(Driver.java:115)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(Unknown Source)

at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)

at sun.security.validator.Validator.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 92 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)

at java.security.cert.CertPathBuilder.build(Unknown Source)

... 98 more

[Johan Rask]

And ssl debug?

/Johan

[Pritpal Singh]

That's the only thing i have. If you can tell me how to enable it..I can get it. I'm just using Rest-Assured, so when the get method fails, stacktrace I gave is what it populates.

On Wednesday, June 18, 2014 3:10:08 PM UTC-4, jrask wrote:

And ssl debug?

/Johan

[Johan Haleby]

You should be able to enable SSL debugging by adding -Djavax.net.debug=ssl as a VM argument.

/Johan

--

[Pritpal Singh]

Here is ssl logs

trustStore is: C:\Program Files\Java\jre7\lib\security\jssecacerts

trustStore type is : jks

trustStore provider is : 

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036

adding as trusted cert:

  Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b

  Valid from Thu Jan 12 09:38:43 EST 2006 until Wed Dec 31 17:59:59 EST 2025

adding as trusted cert:

  Subject: CN=rtmdev.kdc.one.com, OU=Web Servers, O= One, C=US

  Issuer:  O= One, C=US

  Algorithm: RSA; Serial number: 0x494d1001

  Valid from Wed Oct 28 10:41:50 EDT 2009 until Sun Aug 11 12:50:23 EDT 2019

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256

main, setSoTimeout(0) called

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

%% No cached client session

*** ClientHello, TLSv1

RandomCookie:  GMT: 1386339340 bytes = { 47, 246, 32, 235, 41, 27, 99, 11, 89, 43, 77, 175, 50, 18, 102, 178, 107, 242, 212, 125, 77, 31, 72, 172, 188, 8, 35, 101 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

***

main, WRITE: TLSv1 Handshake, length = 149

main, READ: TLSv1 Handshake, length = 58

*** ServerHello, TLSv1

RandomCookie:  GMT: 1386339340 bytes = { 206, 148, 200, 52, 161, 87, 165, 230, 148, 49, 147, 225, 107, 113, 75, 229, 252, 118, 114, 56, 108, 240, 58, 189, 181, 185, 222, 92 }

Session ID:  {78, 19, 244, 126, 234, 140, 12, 30, 112, 185, 71, 111, 139, 2, 128, 209}

Cipher Suite: SSL_RSA_WITH_RC4_128_MD5

Compression Method: 0

***

Warning: No renegotiation indication extension in ServerHello

%% Initialized:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]

** SSL_RSA_WITH_RC4_128_MD5

main, READ: TLSv1 Handshake, length = 1732

*** Certificate chain

chain [0] = [

[

  Version: V3

  Subject: CN=rtm-qsb3.kdc.one.com, OU=Web Servers, O= One, C=US

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits

  modulus: 152577555530702067666533557100190021223715100958627363729411792296310687629767685501649993173696170910363458262399392057374104241861265340442773656413889237469278948258755399522063040913134914942475537644163324587494568155009983481957657438679950379533998160195378571411789955420407012253648815897777609659509

  public exponent: 65537

  Validity: [From: Mon Oct 21 10:56:57 EDT 2013,

               To: Sun Aug 11 12:50:23 EDT 2019]

  Issuer: O= One, C=US

  SerialNumber: [    4950e9c8]

Certificate Extensions: 9

[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false

Extension unknown: DER encoded OCTET string =

0000: 04 0C 30 0A 1B 04 56 37   2E 31 03 02 03 A8        ..0...V7.1....

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: FA B2 3E 1B 42 6F F5 5E   AB FA EE AD 1D 5E 85 8B  ..>.Bo.^.....^..

0010: EA B0 B2 C6                                        ....

]

]

[3]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

  CA:false

  PathLen: undefined

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

  [DistributionPoint:

     [CN=CRL479, O= One, C=US]

, DistributionPoint:

     [URIName: ldap://ldapsrv.kdc.one.com/o=%20One,c=US?certificateRevocationList, URIName: ldap://ldapsrv2.kdc.one.com/o=%20One,c=US?certificateRevocationList]

]]

[5]: ObjectId: 2.5.29.15 Criticality=false

KeyUsage [

  DigitalSignature

  Key_Encipherment

]

[6]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false

NetscapeCertType [

   SSL server

]

[7]: ObjectId: 2.5.29.16 Criticality=false

PrivateKeyUsage: [

From: Mon Oct 21 10:56:57 EDT 2013, To: Sun Aug 11 12:26:57 EDT 2019]

[8]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

  DNSName: rtm-qsb3.kdc.one.com

  DNSName: rtmqa.kdc.one.com

]

[9]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 84 48 F0 C5 2E C0 4D 19   48 E7 46 4A 34 A3 60 A0  .H....M.H.FJ4.`.

0010: 61 2D 18 07                                        a-..

]

]

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 63 0E 84 02 5D BC 39 F4   F5 08 48 61 C4 B1 D1 A6  c...].9...Ha....

0010: 55 E0 16 37 33 1A 19 B0   FE 3B BA BF 45 74 B9 CE  U..73....;..Et..

0020: AF ED EF 81 1F 1E 11 59   D3 E7 6F BE A7 95 6A 37  .......Y..o...j7

0030: FF E0 CB 6C A8 3E 82 A7   67 DF E3 43 10 79 80 80  ...l.>..g..C.y..

0040: A4 87 A6 95 FB 3B 53 D5   99 A9 AB 8D 5B 90 8C C5  .....;S.....[...

0050: 52 D6 27 7B A2 52 CF C1   68 BA 9A 61 5F EC EA 95  R.'..R..h..a_...

0060: 32 C4 BD A8 92 3E E8 16   89 96 4D E5 53 2A FF D4  2....>....M.S*..

0070: 84 6C 1B B8 A7 F8 6D 62   25 98 E6 1C 38 47 02 A9  .l....mb%...8G..

]

chain [1] = [

[

  Version: V3

  Subject: O= One, C=US

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits

  modulus: 157280748856292236565897262315649579823089432323838834700777670241968247818835861115957054574363692609541370843748792199825984747911310973121606768183717016834750315322154116742150045482925109626693680075052061300138330019390940022270011240292405962205030193006305258215264230938869191345249508973458673148381

  public exponent: 3

  Validity: [From: Wed Aug 11 12:20:23 EDT 1999,

               To: Sun Aug 11 12:50:23 EDT 2019]

  Issuer: O= One, C=US

  SerialNumber: [    37b1a9ce]

Certificate Extensions: 8

[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false

Extension unknown: DER encoded OCTET string =

0000: 04 0C 30 0A 1B 04 56 34   2E 30 03 02 04 90        ..0...V4.0....

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: FA B2 3E 1B 42 6F F5 5E   AB FA EE AD 1D 5E 85 8B  ..>.Bo.^.....^..

0010: EA B0 B2 C6                                        ....

]

]

[3]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

  CA:true

  PathLen:2147483647

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

  [DistributionPoint:

     [CN=CRL1, O= One, C=US]

]]

[5]: ObjectId: 2.5.29.15 Criticality=false

KeyUsage [

  Key_CertSign

  Crl_Sign

]

[6]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false

NetscapeCertType [

   SSL CA

   S/MIME CA

   Object Signing CA]

[7]: ObjectId: 2.5.29.16 Criticality=false

PrivateKeyUsage: [

From: Wed Aug 11 12:20:23 EDT 1999, To: Sun Aug 11 12:20:23 EDT 2019]

[8]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: FA B2 3E 1B 42 6F F5 5E   AB FA EE AD 1D 5E 85 8B  ..>.Bo.^.....^..

0010: EA B0 B2 C6                                        ....

]

]

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: C8 C7 96 99 58 75 F5 E2   BB 07 77 21 A1 01 60 10  ....Xu....w!..`.

0010: 3E B0 A3 DE F8 C4 24 56   87 8F 5E 71 25 86 9A 08  >.....$V..^q%...

0020: A0 96 2F B9 0F F3 06 BE   DA 35 82 DF C2 F2 B8 A1  ../......5......

0030: 8B 01 78 EA DD 7F 81 6D   73 32 99 17 8C 6F 13 39  ..x....ms2...o.9

0040: 29 EE B6 45 AF D9 C9 F0   49 1B 9C 2B 65 A4 82 D3  )..E....I..+e...

0050: E5 29 97 B5 7D 0B DF F5   2A 49 F0 00 11 4D 79 00  .)......*I...My.

0060: C8 CA D9 BA 9A F7 AA B3   2F B4 EF 9E 05 0A F5 AC  ......../.......

0070: 7E D0 96 22 92 B3 67 0F   5F 38 A0 B8 DF A5 B5 19  ..."..g._8......

]

***

%% Invalidated:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]

main, SEND TLSv1 ALERT:  fatal, description = certificate_unknown

main, WRITE: TLSv1 Alert, length = 2

main, called closeSocket()

main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

main, called close()

main, called closeInternal(true)

[Pritpal Singh]

Here is another SSL log -

trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts

trustStore type is : jks

trustStore provider is : 

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036

adding as trusted cert:

  Subject: EMAILADDRESS=in...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  EMAILADDRESS=in...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT 2019

adding as trusted cert:

  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Issuer:  CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d

  Valid from Thu Nov 16 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US

  Issuer:  CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US

  Algorithm: RSA; Serial number: 0x456b5054

  Valid from Mon Nov 27 15:23:42 EST 2006 until Fri Nov 27 15:53:42 EST 2026

adding as trusted cert:

  Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR

  Issuer:  CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR

  Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285

  Valid from Mon May 25 20:00:00 EDT 2009 until Mon May 25 20:00:00 EDT 2020

adding as trusted cert:

  Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Issuer:  CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce

  Valid from Fri Aug 01 08:31:40 EDT 2008 until Sat Jul 31 08:31:40 EDT 2038

adding as trusted cert:

  Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US

  Issuer:  CN=America Online Root Certification Authority 2, O=America Online Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 28 02:00:00 EDT 2002 until Tue Sep 29 10:08:00 EDT 2037

adding as trusted cert:

  Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Issuer:  CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 30 06:44:50 EDT 2000 until Sat May 30 06:44:50 EDT 2020

adding as trusted cert:

  Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM

  Issuer:  CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM

  Algorithm: RSA; Serial number: 0x3ab6508b

  Valid from Mon Mar 19 13:33:33 EST 2001 until Wed Mar 17 14:33:33 EDT 2021

adding as trusted cert:

  Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b

  Valid from Wed Oct 25 04:32:46 EDT 2006 until Sat Oct 25 04:32:46 EDT 2036

adding as trusted cert:

  Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP

  Issuer:  OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Jun 05 22:12:32 EDT 2007 until Fri Jun 05 22:12:32 EDT 2037

adding as trusted cert:

  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020

adding as trusted cert:

  Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US

  Issuer:  CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US

  Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad

  Valid from Mon Nov 01 12:14:04 EST 2004 until Mon Jan 01 00:37:19 EST 2035

adding as trusted cert:

  Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0

  Valid from Wed Oct 25 04:30:35 EDT 2006 until Sat Oct 25 04:30:35 EDT 2036

adding as trusted cert:

  Subject: EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

  Issuer:  EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x123df0e7da2a2247a43889e08aeec967

  Valid from Sun Dec 31 19:00:00 EST 1995 until Fri Jan 01 18:59:59 EST 2021

adding as trusted cert:

  Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Issuer:  CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb

  Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037

adding as trusted cert:

  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

  Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

  Algorithm: RSA; Serial number: 0x1a5

  Valid from Wed Aug 12 20:29:00 EDT 1998 until Mon Aug 13 19:59:00 EDT 2018

adding as trusted cert:

  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

  Issuer:  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

  Algorithm: RSA; Serial number: 0x20000b9

  Valid from Fri May 12 14:46:00 EDT 2000 until Mon May 12 19:59:00 EDT 2025

adding as trusted cert:

  Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Issuer:  OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd

  Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028

adding as trusted cert:

  Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW

  Issuer:  OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW

  Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d

  Valid from Sun Dec 19 21:31:27 EST 2004 until Tue Dec 19 21:31:27 EST 2034

adding as trusted cert:

  Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Issuer:  CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577

  Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031

adding as trusted cert:

  Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM

  Issuer:  CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM

  Algorithm: RSA; Serial number: 0x509

  Valid from Fri Nov 24 13:27:00 EST 2006 until Mon Nov 24 13:23:33 EST 2031

adding as trusted cert:

  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE

  Issuer:  CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE

  Algorithm: RSA; Serial number: 0x20000bf

  Valid from Wed May 17 10:01:00 EDT 2000 until Sat May 17 19:59:00 EDT 2025

adding as trusted cert:

  Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Issuer:  CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Oct 01 06:29:56 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033

adding as trusted cert:

  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

  Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

  Algorithm: RSA; Serial number: 0x3863def8

  Valid from Fri Dec 24 12:50:51 EST 1999 until Tue Jul 24 10:15:12 EDT 2029

adding as trusted cert:

  Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510

  Valid from Thu Mar 23 09:10:23 EST 2006 until Wed Dec 31 17:59:59 EST 2025

adding as trusted cert:

  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf

  Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028

adding as trusted cert:

  Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US

  Issuer:  CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US

  Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756

  Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert:

  Subject: EMAILADDRESS=server...@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Issuer:  EMAILADDRESS=server...@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x34a4fff630af4ca53c331742a1946675

  Valid from Wed Jul 31 20:00:00 EDT 1996 until Fri Jan 01 18:59:59 EST 2021

adding as trusted cert:

  Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE

  Issuer:  CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE

  Algorithm: RSA; Serial number: 0x26

  Valid from Fri Jul 09 08:11:00 EDT 1999 until Tue Jul 09 19:59:00 EDT 2019

adding as trusted cert:

  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US

  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US

  Algorithm: RSA; Serial number: 0x374ad243

  Valid from Tue May 25 12:09:40 EDT 1999 until Sat May 25 12:39:40 EDT 2019

adding as trusted cert:

  Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Thu Mar 04 00:00:00 EST 2004 until Sun Mar 04 00:00:00 EST 2029

adding as trusted cert:

  Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606

  Valid from Wed Mar 22 10:54:28 EST 2006 until Wed Dec 31 17:59:59 EST 2025

adding as trusted cert:

  Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Issuer:  CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Oct 01 06:40:14 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033

adding as trusted cert:

  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57

  Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: EMAILADDRESS=in...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  EMAILADDRESS=in...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Fri Jun 25 20:19:54 EDT 1999 until Tue Jun 25 20:19:54 EDT 2019

adding as trusted cert:

  Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Issuer:  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a

  Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031

adding as trusted cert:

  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Issuer:  CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 30 06:38:31 EDT 2000 until Sat May 30 06:38:31 EDT 2020

adding as trusted cert:

  Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

  Issuer:  CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 30 06:48:38 EDT 2000 until Sat May 30 06:48:38 EDT 2020

adding as trusted cert:

  Subject: CN=Class 2 Primary CA, O=Certplus, C=FR

  Issuer:  CN=Class 2 Primary CA, O=Certplus, C=FR

  Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423

  Valid from Wed Jul 07 13:05:00 EDT 1999 until Sat Jul 06 19:59:59 EDT 2019

adding as trusted cert:

  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US

  Issuer:  OU=Equifax Secure Certificate Authority, O=Equifax, C=US

  Algorithm: RSA; Serial number: 0x35def4cf

  Valid from Sat Aug 22 12:41:51 EDT 1998 until Wed Aug 22 12:41:51 EDT 2018

adding as trusted cert:

  Subject: O= One, C=US

  Issuer:  O= One, C=US

  Algorithm: RSA; Serial number: 0x37b1a9ce

  Valid from Wed Aug 11 12:20:23 EDT 1999 until Sun Aug 11 12:50:23 EDT 2019

adding as trusted cert:

  Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Issuer:  CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda

  Valid from Fri Aug 01 08:29:50 EDT 2008 until Sat Jul 31 08:29:50 EDT 2038

adding as trusted cert:

  Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a

  Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

  Issuer:  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028

adding as trusted cert:

  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

  Issuer:  CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

  Algorithm: RSA; Serial number: 0x4

  Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020

adding as trusted cert:

  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

  Issuer:  OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Jun 29 13:39:16 EDT 2004 until Thu Jun 29 13:39:16 EDT 2034

adding as trusted cert:

  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192

  Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028

adding as trusted cert:

  Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Issuer:  CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039

  Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031

adding as trusted cert:

  Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

  Issuer:  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

  Algorithm: RSA; Serial number: 0x40000000001154b5ac394

  Valid from Tue Sep 01 08:00:00 EDT 1998 until Fri Jan 28 07:00:00 EST 2028

adding as trusted cert:

  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6

  Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028

adding as trusted cert:

  Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM

  Issuer:  CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM

  Algorithm: RSA; Serial number: 0x5c6

  Valid from Fri Nov 24 14:11:23 EST 2006 until Mon Nov 24 14:06:44 EST 2031

adding as trusted cert:

  Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL

  Issuer:  CN=Certum CA, O=Unizeto Sp. z o.o., C=PL

  Algorithm: RSA; Serial number: 0x10020

  Valid from Tue Jun 11 06:46:39 EDT 2002 until Fri Jun 11 06:46:39 EDT 2027

adding as trusted cert:

  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

  Algorithm: RSA; Serial number: 0x400000000010f8626e60d

  Valid from Fri Dec 15 03:00:00 EST 2006 until Wed Dec 15 03:00:00 EST 2021

adding as trusted cert:

  Subject: EMAILADDRESS=premium...@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Issuer:  EMAILADDRESS=premium...@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954

  Valid from Wed Jul 31 20:00:00 EDT 1996 until Fri Jan 01 18:59:59 EST 2021

adding as trusted cert:

  Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US

  Issuer:  CN=SecureTrust CA, O=SecureTrust Corporation, C=US

  Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0

  Valid from Tue Nov 07 14:31:18 EST 2006 until Mon Dec 31 14:40:55 EST 2029

adding as trusted cert:

  Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU

  Issuer:  CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Sep 30 12:13:43 EDT 2003 until Wed Sep 30 12:13:44 EDT 2037

adding as trusted cert:

  Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

  Issuer:  CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

  Algorithm: RSA; Serial number: 0x4a538c28

  Valid from Tue Jul 07 13:25:54 EDT 2009 until Sat Dec 07 12:55:54 EST 2030

adding as trusted cert:

  Subject: CN=Class 3P Primary CA, O=Certplus, C=FR

  Issuer:  CN=Class 3P Primary CA, O=Certplus, C=FR

  Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879

  Valid from Wed Jul 07 13:10:00 EDT 1999 until Sat Jul 06 19:59:59 EDT 2019

adding as trusted cert:

  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a

  Valid from Tue Nov 07 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d

  Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037

adding as trusted cert:

  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x23456

  Valid from Tue May 21 00:00:00 EDT 2002 until Sat May 21 00:00:00 EDT 2022

adding as trusted cert:

  Subject: CN=rtmqa-client.kdc..com, OU=Web Servers, O= One, C=US

  Issuer:  O= One, C=US

  Algorithm: RSA; Serial number: 0x494e84f6

  Valid from Thu Aug 04 10:50:23 EDT 2011 until Sun Aug 11 12:50:23 EDT 2019

adding as trusted cert:

  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Issuer:  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be

  Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028

adding as trusted cert:

  Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

  Issuer:  CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

  Algorithm: RSA; Serial number: 0x444c0

  Valid from Wed Oct 22 08:07:37 EDT 2008 until Mon Dec 31 07:07:37 EST 2029

adding as trusted cert:

  Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

  Issuer:  OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Sep 30 00:20:49 EDT 2003 until Sat Sep 30 00:20:49 EDT 2023

adding as trusted cert:

  Subject: CN=Sonera Class1 CA, O=Sonera, C=FI

  Issuer:  CN=Sonera Class1 CA, O=Sonera, C=FI

  Algorithm: RSA; Serial number: 0x24

  Valid from Fri Apr 06 06:49:13 EDT 2001 until Tue Apr 06 06:49:13 EDT 2021

adding as trusted cert:

  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Jun 29 13:06:20 EDT 2004 until Thu Jun 29 13:06:20 EDT 2034

adding as trusted cert:

  Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd

  Valid from Fri Jul 09 14:10:42 EDT 1999 until Tue Jul 09 14:19:22 EDT 2019

adding as trusted cert:

  Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989

  Valid from Fri Jul 09 13:28:50 EDT 1999 until Tue Jul 09 13:36:58 EDT 2019

adding as trusted cert:

  Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1

  Valid from Sun Nov 26 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

  Algorithm: RSA; Serial number: 0x4000000000121585308a2

  Valid from Wed Mar 18 06:00:00 EDT 2009 until Sun Mar 18 06:00:00 EDT 2029

adding as trusted cert:

  Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO

  Issuer:  CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO

  Algorithm: RSA; Serial number: 0x2

  Valid from Tue Oct 26 04:28:58 EDT 2010 until Fri Oct 26 04:28:58 EDT 2040

adding as trusted cert:

  Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b

  Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert:

  Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4

  Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US

  Issuer:  CN=America Online Root Certification Authority 1, O=America Online Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 28 02:00:00 EDT 2002 until Thu Nov 19 15:43:00 EST 2037

adding as trusted cert:

  Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP

  Issuer:  OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP

  Algorithm: RSA; Serial number: 0x0

  Valid from Fri May 29 01:00:39 EDT 2009 until Tue May 29 01:00:39 EDT 2029

adding as trusted cert:

  Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO

  Issuer:  CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO

  Algorithm: RSA; Serial number: 0x2

  Valid from Tue Oct 26 04:38:03 EDT 2010 until Fri Oct 26 04:38:03 EDT 2040

adding as trusted cert:

  Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

  Issuer:  CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Dec 31 19:00:00 EST 1996 until Thu Dec 31 18:59:59 EST 2020

adding as trusted cert:

  Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f

  Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037

adding as trusted cert:

  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3

  Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert:

  Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b

  Valid from Fri Jul 09 14:31:20 EDT 1999 until Tue Jul 09 14:40:36 EDT 2019

adding as trusted cert:

  Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69

  Valid from Thu Jun 24 14:57:21 EDT 1999 until Mon Jun 24 15:06:30 EDT 2019

adding as trusted cert:

  Subject: CN=Sonera Class2 CA, O=Sonera, C=FI

  Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI

  Algorithm: RSA; Serial number: 0x1d

  Valid from Fri Apr 06 03:29:40 EDT 2001 until Tue Apr 06 03:29:40 EDT 2021

adding as trusted cert:

  Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b

  Valid from Thu Jan 12 09:38:43 EST 2006 until Wed Dec 31 17:59:59 EST 2025

trigger seeding of SecureRandom

done seeding SecureRandom

trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts

trustStore type is : jks

trustStore provider is : 

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036

adding as trusted cert:

  Subject: EMAILADDRESS=in...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  EMAILADDRESS=in...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT 2019

adding as trusted cert:

  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Issuer:  CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d

  Valid from Thu Nov 16 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US

  Issuer:  CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US

  Algorithm: RSA; Serial number: 0x456b5054

  Valid from Mon Nov 27 15:23:42 EST 2006 until Fri Nov 27 15:53:42 EST 2026

adding as trusted cert:

  Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR

  Issuer:  CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR

  Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285

  Valid from Mon May 25 20:00:00 EDT 2009 until Mon May 25 20:00:00 EDT 2020

adding as trusted cert:

  Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Issuer:  CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce

  Valid from Fri Aug 01 08:31:40 EDT 2008 until Sat Jul 31 08:31:40 EDT 2038

adding as trusted cert:

  Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US

  Issuer:  CN=America Online Root Certification Authority 2, O=America Online Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 28 02:00:00 EDT 2002 until Tue Sep 29 10:08:00 EDT 2037

adding as trusted cert:

  Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Issuer:  CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 30 06:44:50 EDT 2000 until Sat May 30 06:44:50 EDT 2020

adding as trusted cert:

  Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM

  Issuer:  CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM

  Algorithm: RSA; Serial number: 0x3ab6508b

  Valid from Mon Mar 19 13:33:33 EST 2001 until Wed Mar 17 14:33:33 EDT 2021

adding as trusted cert:

  Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b

  Valid from Wed Oct 25 04:32:46 EDT 2006 until Sat Oct 25 04:32:46 EDT 2036

adding as trusted cert:

  Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP

  Issuer:  OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Jun 05 22:12:32 EDT 2007 until Fri Jun 05 22:12:32 EDT 2037

adding as trusted cert:

  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020

adding as trusted cert:

  Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US

  Issuer:  CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US

  Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad

  Valid from Mon Nov 01 12:14:04 EST 2004 until Mon Jan 01 00:37:19 EST 2035

adding as trusted cert:

  Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0

  Valid from Wed Oct 25 04:30:35 EDT 2006 until Sat Oct 25 04:30:35 EDT 2036

adding as trusted cert:

  Subject: EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

  Issuer:  EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x123df0e7da2a2247a43889e08aeec967

  Valid from Sun Dec 31 19:00:00 EST 1995 until Fri Jan 01 18:59:59 EST 2021

adding as trusted cert:

  Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Issuer:  CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb

  Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037

adding as trusted cert:

  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

  Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

  Algorithm: RSA; Serial number: 0x1a5

  Valid from Wed Aug 12 20:29:00 EDT 1998 until Mon Aug 13 19:59:00 EDT 2018

adding as trusted cert:

  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

  Issuer:  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

  Algorithm: RSA; Serial number: 0x20000b9

  Valid from Fri May 12 14:46:00 EDT 2000 until Mon May 12 19:59:00 EDT 2025

adding as trusted cert:

  Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Issuer:  OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd

  Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028

adding as trusted cert:

  Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW

  Issuer:  OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW

  Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d

  Valid from Sun Dec 19 21:31:27 EST 2004 until Tue Dec 19 21:31:27 EST 2034

adding as trusted cert:

  Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Issuer:  CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577

  Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031

adding as trusted cert:

  Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM

  Issuer:  CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM

  Algorithm: RSA; Serial number: 0x509

  Valid from Fri Nov 24 13:27:00 EST 2006 until Mon Nov 24 13:23:33 EST 2031

adding as trusted cert:

  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE

  Issuer:  CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE

  Algorithm: RSA; Serial number: 0x20000bf

  Valid from Wed May 17 10:01:00 EDT 2000 until Sat May 17 19:59:00 EDT 2025

adding as trusted cert:

  Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Issuer:  CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Oct 01 06:29:56 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033

adding as trusted cert:

  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

  Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

  Algorithm: RSA; Serial number: 0x3863def8

  Valid from Fri Dec 24 12:50:51 EST 1999 until Tue Jul 24 10:15:12 EDT 2029

adding as trusted cert:

  Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510

  Valid from Thu Mar 23 09:10:23 EST 2006 until Wed Dec 31 17:59:59 EST 2025

adding as trusted cert:

  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf

  Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028

adding as trusted cert:

  Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US

  Issuer:  CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US

  Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756

  Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert:

  Subject: EMAILADDRESS=server...@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Issuer:  EMAILADDRESS=server...@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x34a4fff630af4ca53c331742a1946675

  Valid from Wed Jul 31 20:00:00 EDT 1996 until Fri Jan 01 18:59:59 EST 2021

adding as trusted cert:

  Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE

  Issuer:  CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE

  Algorithm: RSA; Serial number: 0x26

  Valid from Fri Jul 09 08:11:00 EDT 1999 until Tue Jul 09 19:59:00 EDT 2019

adding as trusted cert:

  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US

  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US

  Algorithm: RSA; Serial number: 0x374ad243

  Valid from Tue May 25 12:09:40 EDT 1999 until Sat May 25 12:39:40 EDT 2019

adding as trusted cert:

  Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Thu Mar 04 00:00:00 EST 2004 until Sun Mar 04 00:00:00 EST 2029

adding as trusted cert:

  Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606

  Valid from Wed Mar 22 10:54:28 EST 2006 until Wed Dec 31 17:59:59 EST 2025

adding as trusted cert:

  Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Issuer:  CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Oct 01 06:40:14 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033

adding as trusted cert:

  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57

  Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: EMAILADDRESS=in...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  EMAILADDRESS=in...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Fri Jun 25 20:19:54 EDT 1999 until Tue Jun 25 20:19:54 EDT 2019

adding as trusted cert:

  Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Issuer:  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a

  Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031

adding as trusted cert:

  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Issuer:  CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 30 06:38:31 EDT 2000 until Sat May 30 06:38:31 EDT 2020

adding as trusted cert:

  Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

  Issuer:  CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 30 06:48:38 EDT 2000 until Sat May 30 06:48:38 EDT 2020

adding as trusted cert:

  Subject: CN=Class 2 Primary CA, O=Certplus, C=FR

  Issuer:  CN=Class 2 Primary CA, O=Certplus, C=FR

  Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423

  Valid from Wed Jul 07 13:05:00 EDT 1999 until Sat Jul 06 19:59:59 EDT 2019

adding as trusted cert:

  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US

  Issuer:  OU=Equifax Secure Certificate Authority, O=Equifax, C=US

  Algorithm: RSA; Serial number: 0x35def4cf

  Valid from Sat Aug 22 12:41:51 EDT 1998 until Wed Aug 22 12:41:51 EDT 2018

adding as trusted cert:

  Subject: O= One, C=US

  Issuer:  O= One, C=US

  Algorithm: RSA; Serial number: 0x37b1a9ce

  Valid from Wed Aug 11 12:20:23 EDT 1999 until Sun Aug 11 12:50:23 EDT 2019

adding as trusted cert:

  Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Issuer:  CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda

  Valid from Fri Aug 01 08:29:50 EDT 2008 until Sat Jul 31 08:29:50 EDT 2038

adding as trusted cert:

  Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a

  Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

  Issuer:  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028

adding as trusted cert:

  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

  Issuer:  CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

  Algorithm: RSA; Serial number: 0x4

  Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020

adding as trusted cert:

  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

  Issuer:  OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Jun 29 13:39:16 EDT 2004 until Thu Jun 29 13:39:16 EDT 2034

adding as trusted cert:

  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192

  Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028

adding as trusted cert:

  Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Issuer:  CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039

  Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031

adding as trusted cert:

  Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

  Issuer:  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

  Algorithm: RSA; Serial number: 0x40000000001154b5ac394

  Valid from Tue Sep 01 08:00:00 EDT 1998 until Fri Jan 28 07:00:00 EST 2028

adding as trusted cert:

  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6

  Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028

adding as trusted cert:

  Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM

  Issuer:  CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM

  Algorithm: RSA; Serial number: 0x5c6

  Valid from Fri Nov 24 14:11:23 EST 2006 until Mon Nov 24 14:06:44 EST 2031

adding as trusted cert:

  Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL

  Issuer:  CN=Certum CA, O=Unizeto Sp. z o.o., C=PL

  Algorithm: RSA; Serial number: 0x10020

  Valid from Tue Jun 11 06:46:39 EDT 2002 until Fri Jun 11 06:46:39 EDT 2027

adding as trusted cert:

  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

  Algorithm: RSA; Serial number: 0x400000000010f8626e60d

  Valid from Fri Dec 15 03:00:00 EST 2006 until Wed Dec 15 03:00:00 EST 2021

adding as trusted cert:

  Subject: EMAILADDRESS=premium...@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Issuer:  EMAILADDRESS=premium...@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954

  Valid from Wed Jul 31 20:00:00 EDT 1996 until Fri Jan 01 18:59:59 EST 2021

adding as trusted cert:

  Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US

  Issuer:  CN=SecureTrust CA, O=SecureTrust Corporation, C=US

  Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0

  Valid from Tue Nov 07 14:31:18 EST 2006 until Mon Dec 31 14:40:55 EST 2029

adding as trusted cert:

  Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU

  Issuer:  CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Sep 30 12:13:43 EDT 2003 until Wed Sep 30 12:13:44 EDT 2037

adding as trusted cert:

  Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

  Issuer:  CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

  Algorithm: RSA; Serial number: 0x4a538c28

  Valid from Tue Jul 07 13:25:54 EDT 2009 until Sat Dec 07 12:55:54 EST 2030

adding as trusted cert:

  Subject: CN=Class 3P Primary CA, O=Certplus, C=FR

  Issuer:  CN=Class 3P Primary CA, O=Certplus, C=FR

  Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879

  Valid from Wed Jul 07 13:10:00 EDT 1999 until Sat Jul 06 19:59:59 EDT 2019

adding as trusted cert:

  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a

  Valid from Tue Nov 07 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d

  Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037

adding as trusted cert:

  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x23456

  Valid from Tue May 21 00:00:00 EDT 2002 until Sat May 21 00:00:00 EDT 2022

adding as trusted cert:

  Subject: CN=rtmqa-client.kdc..com, OU=Web Servers, O= One, C=US

  Issuer:  O= One, C=US

  Algorithm: RSA; Serial number: 0x494e84f6

  Valid from Thu Aug 04 10:50:23 EDT 2011 until Sun Aug 11 12:50:23 EDT 2019

adding as trusted cert:

  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Issuer:  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be

  Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028

adding as trusted cert:

  Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

  Issuer:  CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

  Algorithm: RSA; Serial number: 0x444c0

  Valid from Wed Oct 22 08:07:37 EDT 2008 until Mon Dec 31 07:07:37 EST 2029

adding as trusted cert:

  Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

  Issuer:  OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Sep 30 00:20:49 EDT 2003 until Sat Sep 30 00:20:49 EDT 2023

adding as trusted cert:

  Subject: CN=Sonera Class1 CA, O=Sonera, C=FI

  Issuer:  CN=Sonera Class1 CA, O=Sonera, C=FI

  Algorithm: RSA; Serial number: 0x24

  Valid from Fri Apr 06 06:49:13 EDT 2001 until Tue Apr 06 06:49:13 EDT 2021

adding as trusted cert:

  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Jun 29 13:06:20 EDT 2004 until Thu Jun 29 13:06:20 EDT 2034

adding as trusted cert:

  Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd

  Valid from Fri Jul 09 14:10:42 EDT 1999 until Tue Jul 09 14:19:22 EDT 2019

adding as trusted cert:

  Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989

  Valid from Fri Jul 09 13:28:50 EDT 1999 until Tue Jul 09 13:36:58 EDT 2019

adding as trusted cert:

  Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1

  Valid from Sun Nov 26 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

  Algorithm: RSA; Serial number: 0x4000000000121585308a2

  Valid from Wed Mar 18 06:00:00 EDT 2009 until Sun Mar 18 06:00:00 EDT 2029

adding as trusted cert:

  Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO

  Issuer:  CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO

  Algorithm: RSA; Serial number: 0x2

  Valid from Tue Oct 26 04:28:58 EDT 2010 until Fri Oct 26 04:28:58 EDT 2040

adding as trusted cert:

  Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b

  Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert:

  Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4

  Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert:

  Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US

  Issuer:  CN=America Online Root Certification Authority 1, O=America Online Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 28 02:00:00 EDT 2002 until Thu Nov 19 15:43:00 EST 2037

adding as trusted cert:

  Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP

  Issuer:  OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP

  Algorithm: RSA; Serial number: 0x0

  Valid from Fri May 29 01:00:39 EDT 2009 until Tue May 29 01:00:39 EDT 2029

adding as trusted cert:

  Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO

  Issuer:  CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO

  Algorithm: RSA; Serial number: 0x2

  Valid from Tue Oct 26 04:38:03 EDT 2010 until Fri Oct 26 04:38:03 EDT 2040

adding as trusted cert:

  Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

  Issuer:  CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Dec 31 19:00:00 EST 1996 until Thu Dec 31 18:59:59 EST 2020

adding as trusted cert:

  Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f

  Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037

adding as trusted cert:

  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3

  Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert:

  Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b

  Valid from Fri Jul 09 14:31:20 EDT 1999 until Tue Jul 09 14:40:36 EDT 2019

adding as trusted cert:

  Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69

  Valid from Thu Jun 24 14:57:21 EDT 1999 until Mon Jun 24 15:06:30 EDT 2019

adding as trusted cert:

  Subject: CN=Sonera Class2 CA, O=Sonera, C=FI

  Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI

  Algorithm: RSA; Serial number: 0x1d

  Valid from Fri Apr 06 03:29:40 EDT 2001 until Tue Apr 06 03:29:40 EDT 2021

adding as trusted cert:

  Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b

  Valid from Thu Jan 12 09:38:43 EST 2006 until Wed Dec 31 17:59:59 EST 2025

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256

main, setSoTimeout(0) called

Allow unsafe renegotiation: true

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

%% No cached client session

*** ClientHello, TLSv1

RandomCookie:  GMT: 1386390456 bytes = { 254, 124, 192, 231, 121, 179, 94, 178, 209, 169, 59, 18, 91, 161, 158, 229, 29, 188, 153, 185, 88, 245, 143, 84, 155, 233, 153, 164 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

***

main, WRITE: TLSv1 Handshake, length = 149

main, READ: TLSv1 Handshake, length = 58

*** ServerHello, TLSv1

RandomCookie:  GMT: 1386390456 bytes = { 171, 3, 110, 221, 66, 93, 198, 159, 188, 116, 168, 223, 45, 133, 22, 248, 204, 154, 237, 252, 183, 232, 244, 76, 207, 17, 142, 248 }

Session ID:  {135, 138, 124, 58, 154, 106, 245, 36, 125, 130, 175, 49, 1, 36, 227, 28}

Cipher Suite: SSL_RSA_WITH_RC4_128_MD5

Compression Method: 0

***

Warning: No renegotiation indication extension in ServerHello

%% Initialized:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]

** SSL_RSA_WITH_RC4_128_MD5

main, READ: TLSv1 Handshake, length = 1666

*** Certificate chain

chain [0] = [

[

  Version: V3

  Subject: CN=rtm-qsb3.kdc..com, OU=Web Servers, O= One, C=US

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits

  modulus: 107923848072410072233395750039588808329105763244695681991107045864127143835309559620520108084767996841472395904539227349451954351673707775013088901741369683522664484687322364286356619415475118503453663944689981418701825467035880920806505588159995913380429446812504803822404989045826737983192006260277925951451

  public exponent: 65537

  Validity: [From: Fri Dec 10 09:59:30 EST 2010,

               To: Sun Aug 11 12:50:23 EDT 2019]

  Issuer: O= One, C=US

  SerialNumber: [    494e002b]

Certificate Extensions: 8

[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false

Extension unknown: DER encoded OCTET string =

0000: 04 0C 30 0A 1B 04 56 37   2E 31 03 02 03 A8        ..0...V7.1....

[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: FA B2 3E 1B 42 6F F5 5E   AB FA EE AD 1D 5E 85 8B  ..>.Bo.^.....^..

0010: EA B0 B2 C6                                        ....

]

]

[3]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

  CA:false

  PathLen: undefined

]

[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

  [DistributionPoint:

     [CN=CRL344, O= One, C=US]

, DistributionPoint:

     [URIName: ldap://ldapsrv.kdc..com/o=%20One,c=US?certificateRevocationList, URIName: ldap://ldapsrv2.kdc..com/o=%20One,c=US?certificateRevocationList]

]]

[5]: ObjectId: 2.5.29.15 Criticality=false

KeyUsage [

  DigitalSignature

  Key_Encipherment

]

[6]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false

NetscapeCertType [

   SSL server

]

[7]: ObjectId: 2.5.29.16 Criticality=false

PrivateKeyUsage: [

From: Fri Dec 10 09:59:30 EST 2010, To: Sun Aug 11 12:29:30 EDT 2019]

[8]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 1F EA C6 94 1B BE A1 D6   C7 FB 77 7B 44 FF E6 1B  ..........w.D...

0010: 44 C1 14 04                                        D...

]

]

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 3F FF 6E 76 3E 97 90 F5   10 F5 E1 92 2D 4D 15 EF  ?.nv>.......-M..

0010: CB 6C 1E E4 85 35 7F 75   71 1C 7B 43 7A EC 81 F8  .l...5.uq..Cz...

0020: E0 3B 1F F1 A4 8A CD 82   7D 75 30 22 1E 0A 7D 2C  .;.......u0"...,

0030: 1A 3C 01 5C DA 89 7E A9   08 73 78 67 DC CF AD 7F  .<.\.....sxg....

0040: AE 2C 9C DE BF 4D 24 BF   D1 BB 8E 25 17 38 2D 59  .,...M$....%.8-Y

0050: E0 3F 36 6A EA F8 20 1A   37 84 F6 1C 1A 2A E6 51  .?6j.. .7....*.Q

0060: B5 F4 4A 35 81 91 79 98   04 D0 A2 0E 33 6C 48 E5  ..J5..y.....3lH.

0070: B9 FD D0 40 D7 0A 41 8A   7C 12 C3 5C 4F 42 15 34  ...@..A....\OB.4

Found trusted certificate:

main, READ: TLSv1 Handshake, length = 5611

*** CertificateRequest

Cert Types: RSA, DSS, Ephemeral DH (RSA sig)

Cert Authorities:

<CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US>

<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>

<EMAILADDRESS=persona...@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>

<CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>

<EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>

<EMAILADDRESS=in...@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network>

<CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US>

<OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US>

<CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US>

<EMAILADDRESS=premium...@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>

<CN=COFQA-RootCA1, DC=cofqa, DC=dsqa, DC=, DC=com>

<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>

<CN=GTE CyberTrust Root, O=GTE Corporation, C=US>

<CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net>

<OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>

<O= One, C=US>

<OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US>

<CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>

<EMAILADDRESS=server...@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>

<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>

<CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net>

<CN=GeoTrust Global CA, O=GeoTrust Inc., C=US>

<OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>

<CN=uat.tu.tuconline.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Data Centre, O="Trans Union of Canada, Inc.", L=Hamilton, ST=Ontario, C=CA>

<CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE>

<OU=Equifax Secure Certificate Authority, O=Equifax, C=US>

<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>

<OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>

<CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net>

<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>

<CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>

<CN=tu.tuconline.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=Data Center, O=Trans Union of Canada, L=Hamilton, ST=Ontario, C=CA>

<CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE>

<EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>

<CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US>

<CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US>

<OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US>

<CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US>

main, READ: TLSv1 Handshake, length = 4

*** ServerHelloDone

*** Certificate chain

***

*** ClientKeyExchange, RSA PreMasterSecret, TLSv1

main, WRITE: TLSv1 Handshake, length = 141

SESSION KEYGEN:

PreMaster Secret:

0000: 03 01 41 DF 8D BF E8 D7   E6 93 8A B1 7F 62 88 DE  ..A..........b..

0010: AB 03 C1 D0 87 63 C1 82   4D 60 8B 6A 6E 15 E8 57  .....c..M`.jn..W

0020: 36 2F 49 1C D7 73 48 35   1F 56 7B 63 09 DF A1 0B  6/I..sH5.V.c....

CONNECTION KEYGEN:

Client Nonce:

0000: 53 A3 A4 B8 FE 7C C0 E7   79 B3 5E B2 D1 A9 3B 12  S.......y.^...;.

0010: 5B A1 9E E5 1D BC 99 B9   58 F5 8F 54 9B E9 99 A4  [.......X..T....

Server Nonce:

0000: 53 A3 A4 B8 AB 03 6E DD   42 5D C6 9F BC 74 A8 DF  S.....n.B]...t..

0010: 2D 85 16 F8 CC 9A ED FC   B7 E8 F4 4C CF 11 8E F8  -..........L....

Master Secret:

0000: 16 1F D6 93 69 AB 6C EA   F7 73 E9 66 9B C4 F1 70  ....i.l..s.f...p

0010: 84 B6 4F 8B 82 F8 7F F6   92 D2 C8 FB 60 DA EB 40  ..O.........`..@

0020: 72 9C E9 F8 67 60 5F 9C   E5 79 81 AF 58 5E 1D DB  r...g`_..y..X^..

Client MAC write Secret:

0000: BF C4 A5 51 28 B4 5B 11   4A 55 9D A1 4F AF EE 07  ...Q(.[.JU..O...

Server MAC write Secret:

0000: 4A AD D9 80 C7 9A 6B A5   A9 8D 89 FC D0 AD 47 E7  J.....k.......G.

Client write key:

0000: 20 6D 5B F6 AB B3 11 08   DC 40 38 A6 6D 34 60 D3   m[......@8.m4`.

Server write key:

0000: 97 B5 23 89 91 F7 81 A0   7E 73 85 1F 6E 0C 8B EA  ..#......s..n...

... no IV used for this cipher

main, WRITE: TLSv1 Change Cipher Spec, length = 1

*** Finished

verify_data:  { 114, 253, 206, 16, 223, 86, 235, 152, 100, 50, 29, 145 }

***

main, WRITE: TLSv1 Handshake, length = 32

main, READ: TLSv1 Alert, length = 2

main, RECV TLSv1 ALERT:  fatal, handshake_failure

%% Invalidated:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]

main, called closeSocket()

main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

main, called close()

main, called closeInternal(true)

[Johan Rask]

Ok, lets see if I have interpreted this correct.

1. Not sure, but the second example (with many trusted certs) seems to work regarding to server certificate validation. Perhaps the complete chain exists in that (the cert that signed the CA?)

Anyway, the row below  means that the trusted cert is found (seems to be certificate with subject: Subject: CN=rtmdev.kdc.one.com, OU=Web Servers, O= One, C=US

  Issuer:  O= One, C=US )

*** Found trusted certificate: 

[

[

  Version: V3

  Subject: O= One, C=US

<See debug for info>

2. However, further down, the server send a Certificate request to the client

*** CertificateRequest <See debug for more info>

3. As a response to a certificate request, the client should send a certificate matching this but this is empty ( see log)

*** Certificate chain

[certs that client sends should be here]

***

So, If I understand this correctly you should supply a client certificate, use this in your keystore and it should work.

Do you have a client cert as well that you can use?

When I look in the second example you sent, I can also find this, but this is not in  your first example. Looks like a client cert…?

adding as trusted cert:

  Subject: CN=rtmqa-client.kdc..com, OU=Web Servers, O= One, C=US

  Issuer:  O= One, C=US

  Algorithm: RSA; Serial number: 0x494e84f6

  Valid from Thu Aug 04 10:50:23 EDT 2011 until Sun Aug 11 12:50:23 EDT 2019

/Johan R

[Pritpal Singh]

Thanks Johan for looking into it and helping me out.

I have this pfx certificate. I converted it into .cer.

Here is what it looks like

-----END PRIVATE KEY-----

Bag Attributes

    friendlyName: CN=<some content>,OU=Web Servers,O=<Name of the company>,C=US

    localKeyID: <some content>

subject=/C=US/O=<name of the company>/OU=Web Servers/CN=<name of the company.com>

issuer=/C=US/O=<Name of the company>

-----BEGIN CERTIFICATE-----

<some content>

-----END CERTIFICATE-----

Bag Attributes

    friendlyName: O=<name of the company?,C=US

subject=/C=US/O=<Name of the company>

issuer=/C=US/O=<Name of the company>

-----BEGIN CERTIFICATE-----

<some content>

-----END CERTIFICATE-----

There are 2 certificates in it (Not very familier with certificates, so dont know which one is what). I addded both the certificates to C:\Program Files\Java\jre7\lib\security\cacerts. When i did that, atleast my program found trusted certificate as you say in the second ssl logs i sent.

You suggested that I supply client certificate with the key store. Can you please help me identify, which one would be my client certificate in above example and also send me the sample code?

Thanks a lot for your help.

[Pritpal Singh]

Looks like i made progress with your help. I created keystore to pass client cert. Now i'm getting this error - hostname in certificate didn't match:. Please let me know how this can be resolved.

Here is my code. 

FileInputStream instream1=null;

FileInputStream instream2=null;

KeyStore trustStore=null;

KeyStore keyStore=null;

     instream1 = new FileInputStream 

       (new File(certificate)); 

     keyStore = KeyStore.getInstance("PKCS12"); 

     keyStore.load(instream1, certPassword.toCharArray()); 

     instream2 = new FileInputStream 

       (new File("C:/Program Files/Java/jre7/lib/security/cacerts")); 

     trustStore = KeyStore.getInstance("jks"); 

     trustStore.load(instream2, "changeit".toCharArray()); 

 

 

org.apache.http.conn.ssl.SSLSocketFactory lSchemeSocketFactory=null;

lSchemeSocketFactory = new org.apache.http.conn.ssl.SSLSocketFactory(keyStore, certPassword, trustStore);

       //RestAssured.config = RestAssured.config().sslConfig(sslConfig().sslSocketFactory(lSchemeSocketFactory));

RestAssured.config = RestAssured.config().sslConfig(sslConfig().with().sslSocketFactory(lSchemeSocketFactory).and().allowAllHostnames());

And here is the error i got

%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]

main, called close()

main, called closeInternal(true)

main, SEND TLSv1 ALERT:  warning, description = close_notify

main, WRITE: TLSv1 Alert, length = 18

main, called closeSocket(selfInitiated)

main, called close()

main, called closeInternal(true)

javax.net.ssl.SSLException: hostname in certificate didn't match: <xxxxx> != <xxxxx..com>

at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:227)

at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)

at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:147)

at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)

at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:439)

at com..apitest.core.GET.shoot(GET.java:48)

at com..apitest.core.Driver.main(Driver.java:115)

[Johan Rask]

Is the server cert issued for the host (domain name) that it is running on?

[Pritpal Singh]

There is one server cert...used for all testing environment. We have many servers but one common root certificate.

Is there way to bypass this error?

Thanks,

[Johan Rask]

You should be able to disable host verification, should be easy to figure out. I am not at My computer so I cannot look it up. 

/Johan 

Sent from my iPhone

--

[Pritpal Singh]

I have this statement in the code, but it does not work

RestAssured.config = RestAssured.config().sslConfig(sslConfig().with().sslSocketFactory(lSchemeSocketFactory).and().allowAllHostnames());

I tried following as well but it returns "Error 401--Unauthorized"

lSchemeSocketFactory = new org.apache.http.conn.ssl.SSLSocketFactory(keyStore, certPassword, trustStore);

lSchemeSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

It'll be great if you can offer some suggestions.

Thanks again Johan for all your help!

[Johan Rask]

Are you sure that 401 is incorrect? Perhaps you need to login to access the resource?

Sent from my iPhone

[Pritpal Singh]

No, you don't need to login. I'm able to access the resource through browser and HPST tool.

[Johan Rask]

Ask the server guys why you get the 401?

/Johan 

Sent from my iPhone

[Pritpal Singh]

I created a host name verifier too allow all host names. It worked. Below is the code.

 X509HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

org.apache.http.conn.ssl.SSLSocketFactory lSchemeSocketFactory = new org.apache.http.conn.ssl.SSLSocketFactory(keyStore, certPassword);

lSchemeSocketFactory.setHostnameVerifier(hostnameVerifier);

RestAssured.config = RestAssured.config().sslConfig(sslConfig().with().sslSocketFactory(lSchemeSocketFactory).and().allowAllHostnames());

[Naveen Bezawada]

Did you guys arrive at a solution for this  , I am trying to use a jks trust store and happen to see the same errors (Handshake error and PXIX path building failed).  Some inputs will be deeply appreciated.

On Wednesday, April 2, 2014 7:10:45 AM UTC-5, mohan v wrote:

Hi,

I am using rest assured 2.3.1

It seems I get error while using client certificate while using HTTPS

I understand that similar was  a bug in earlier version. However that bug was related to using server side  related trustore(jks) file

However when you also need to use client side certificate (pkcs12 or jks file), you get new error

As per understand the fix was provided only for server side certificate and not client side certifcate

The code used:

RestAssured.authentication = certificate(keyStorePath, keyStorePassword, certAuthSettings().allowAllHostnames());

The error details

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)

  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)

  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)

  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)

  at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)

  at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

  at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)

  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)

  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)

  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)

  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)

  at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533)

  at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401)

  at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:178)

  at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)

  at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)

  at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)

  at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)

  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)

  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)

  at org.apache.http.client.HttpClient$execute$0.call(Unknown Source)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:120)

  at com.jayway.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.doRequest(RequestSpecificationImpl.groovy:1638)

  at com.jayway.restassured.internal.http.HTTPBuilder.doRequest(HTTPBuilder.java:481)

  at com.jayway.restassured.internal.http.HTTPBuilder.request(HTTPBuilder.java:430)

  at com.jayway.restassured.internal.http.HTTPBuilder$request$2.call(Unknown Source)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:124)

  at com.jayway.restassured.internal.RequestSpecificationImpl.sendHttpRequest(RequestSpecificationImpl.groovy:1166)

  at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendHttpRequest(RequestSpecificationImpl.groovy)

  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:606)

  at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)

  at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)

  at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1085)

  at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:909)

  at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:730)

  at com.jayway.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy)

  at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:45)

  at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:55)

  at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49)

  at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:133)

  at com.jayway.restassured.internal.RequestSpecificationImpl.sendRequest(RequestSpecificationImpl.groovy:1008)

  at com.jayway.restassured.internal.RequestSpecificationImpl.this$2$sendRequest(RequestSpecificationImpl.groovy)

  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:606)