t3s not working on a java app client

Jukka

unread,

Jan 22, 2004, 10:19:25 AM1/22/04

to

Hi!

I'm having a problem with secure t3 protocol (t3s). My java client is
accessing an EJB resided in WLS 7.0 (SP2). Everything works fine on non
secure connection (t3), but I'm not able to configure the server in a way
that would enable the secure connection.

Even the PING is not working on a secure connection:

The command:

"java -cp
C:\bea\weblogic700\server\lib\weblogic.jar -Dweblogic.security.SSL.ignoreHos
tnameVerification=true -Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\webl
ogic700\server\lib\cacerts -Dssl.debug=true weblogic.Admin -url
t3s://localhost:7002 -username user -password pass PING 5"

results the following error message:

"Failed to connect to t3s://localhost:7002 due to: [t3s://localhost:7002:
Destina
tion unreachable; nested exception is:
java.io.IOException: Write Channel Closed, possible SSL handshaking
or t
rust failure; No available router to destination]"

The ssl.debug log is in the end of this message.

I'm using the default certificate that comes with WLS installation.

Web applications works fine when using HTTPS.

I've searched through old messages concerning this problem, but I haven't
found a solution. Any help would be appreciated.

Regards,

Jukka

Here's the log:

####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<SSLListenThread.Default> <kernel identity> <> <000000> <Filtering JSSE
SSLSocket>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<SSLListenThread.Default> <kernel identity> <> <000000>
<SSLIOContextTable.addContext(ctx): 1648745>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<SSLListenThread.Default> <kernel identity> <> <000000> <SSLSocket will be
Muxing>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<SSLListenThread.Default> <kernel identity> <> <000000>
<SSLIOContextTable.findContext(is): 2889730>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<SSLFilter.isActivated: false>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<isMuxerActivated: false>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<SSLFilter.isActivated: false>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<5909941 readRecord()>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<5909941 received SSL_20_RECORD>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<HANDSHAKEMESSAGE: ClientHelloV2>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<write HANDSHAKE offset = 0 length = 58>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<write HANDSHAKE offset = 0 length = 576>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<write HANDSHAKE offset = 0 length = 4>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<SSLFilter.isActivated: false>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<isMuxerActivated: false>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<SSLFilter.isActivated: false>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<5909941 readRecord()>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<5909941 received ALERT>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<NEW ALERT: com.certicom.tls.record.alert.Alert@6ee691 Severity: 2 Type: 42>
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at
com.certicom.net.ssl.CerticomContextWrapper.forceHandshakeOnAcceptedSocket(U
nknown Source)
at weblogic.t3.srvr.SSLListenThread$1.execute(SSLListenThread.java:399)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<Alert received from peer, notifying peer we received it:
com.certicom.tls.record.alert.Alert@6ee691>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<close(): 5909941>
####<22.1.2004 16:56:16 EET> <Debug> <TLS> <WTM11625> <wls_server70>
<ExecuteThread: '10' for queue: 'default'> <kernel identity> <> <000000>
<SSLIOContextTable.removeContext(ctx): 1648745>

tm

unread,

Jan 22, 2004, 11:09:05 AM1/22/04

to

Turn on ssl debugging in the server too. That may give an indication
of the problem. Otherwise, please open a BEA support case for this issue.

Add to the command to startup up the wls server:

-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true

Thanks, -tm

"Jukka" <fakeaddresscauseid...@hotmail.com> wrote in message
news:400fe9ba$1...@newsgroups.bea.com...

Pavel

unread,

Jan 22, 2004, 11:24:33 AM1/22/04

to

Actually the log looks like it did came from the server, and it indicates that
the client did not trust the server's identity certificate. Make sure you are
using the demo certificate, and try setting both ssl debug flags on the client:

-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true

The client debug output should list its trusted certificates, and give more info
about why the server certificate was rejected.

Pavel.

Dan Branley

unread,

Jan 22, 2004, 1:17:40 PM1/22/04

to

Dan Branley

unread,

Jan 22, 2004, 1:17:40 PM1/22/04

to

If you are using the demo certificate, be sure to define the following system property
on your Java client:
-Dweblogic.security.TrustKeyStore=DemoTrust

-Dan

tm

unread,

Jan 22, 2004, 2:48:10 PM1/22/04

to

I think this switch only works for WLS 8.1, not for 7.0.
SSL configuration was reworked in 8.1 since it was so difficult in 7.0.

-tm

"Dan Branley" <dbra...@dharbor.com> wrote in message
news:401013c4$3...@newsgroups.bea.com...

Jukka

unread,

Jan 23, 2004, 4:22:46 AM1/23/04

to

Hi!

Ok, I checked that I am using the demo certificate (Server Certificate File
Name: democert.pem) and turned the debug flags on. Log in the end of this
message (sorry about the huge size). I noticed two "key phrases":

"Certificate chain is incomplete"

and

"A corrupt or unuseable certificate was received."

Can you make something out of it?

Thank you for your help.

Regards,

Jukka

*************************************************
Note: I haven't configured the following line, it's like that in default
*************************************************

<Jan 23, 2004 10:46:38 AM EET> <Debug> <TLS> <000000> <Trusted CA keystore:
C:\XXXXXX\XXXXXX\XXXX\security\cacerts>
<Jan 23, 2004 10:46:38 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V3
Subject: EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal
Freemai
l CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=W
estern Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@3c37f4
Validity: [From: Mon Jan 01 02:00:00 EET 1996,
To: Fri Jan 01 01:59:59 EET 2021]
Issuer: EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal
Freemail
CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=We
stern Cape, C=ZA
SerialNumber: [ 00]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [MD5withRSA]
Signature:
0000: C7 EC 92 7E 4E F8 F5 96 A5 67 62 2A A4 F0 4D 11 ....N....gb*..M.
0010: 60 D0 6F 8D 60 58 61 AC 26 BB 52 35 5C 08 CF 30 `.o.`Xa.&.R5\..0
0020: FB A8 4A 96 8A 1F 62 42 23 8C 17 0F F4 BA 64 9C ..J...bB#.....d.
0030: 17 AC 47 29 DF 9D 98 5E D2 6C 60 71 5C A2 AC DC ..G)...^.l`q\...
0040: 79 E3 E7 6E 00 47 1F B5 0D 28 E8 02 9D E4 9A FD y..n.G...(......
0050: 13 F4 A6 D9 7C B1 F8 DC 5F 23 26 09 91 80 73 D0 ........_#&...s.
0060: 14 1B DE 43 A9 83 25 F2 E6 9C 2F 15 CA FE A6 AB ...C..%.../.....
0070: 8A 07 75 8B 0C DD 51 84 6B E4 F8 D1 CE 77 A2 81 ..u...Q.k....w..

]>
<Jan 23, 2004 10:46:38 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V3
Subject: EMAILADDRESS=persona...@thawte.com, CN=Thawte Personal Basic
CA,
OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western
Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@1f7896f
Validity: [From: Mon Jan 01 02:00:00 EET 1996,
To: Fri Jan 01 01:59:59 EET 2021]
Issuer: EMAILADDRESS=persona...@thawte.com, CN=Thawte Personal Basic
CA, O
U=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Western
Cape, C=ZA
SerialNumber: [ 00]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 2D E2 99 6B B0 3D 7A 89 D7 59 A2 94 01 1F 2B DD -..k.=z..Y....+.
0010: 12 4B 53 C2 AD 7F AA A7 00 5C 91 40 57 25 4A 38 .KS......\.@W%J8
0020: AA 84 70 B9 D9 80 0F A5 7B 5C FB 73 C6 BD D7 8A ..p......\.s....
0030: 61 5C 03 E3 2D 27 A8 17 E0 84 85 42 DC 5E 9B C6 a\..-'.....B.^..
0040: B7 B2 6D BB 74 AF E4 3F CB A7 B7 B0 E0 5D BE 78 ..m.t..?.....].x
0050: 83 25 94 D2 DB 81 0F 79 07 6D 4F F4 39 15 5A 52 .%.....y.mO.9.ZR
0060: 01 7B DE 32 D6 4D 38 F6 12 5C 06 50 DF 05 5B BD ...2.M8..\.P..[.
0070: 14 4B A1 DF 29 BA 3B 41 8D F7 63 56 A1 DF 22 B1 .K..).;A..cV..".

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V3
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore
, C=IE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.rsajca.JSA_RSAPublicKey@9ab0
Validity: [From: Wed May 17 17:01:00 EEST 2000,
To: Sun May 18 02:59:00 EEST 2025]
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore,
C=IE
SerialNumber: [ 020000bf]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 41 34 5C 15 15 04 E5 40 F2 D1 AB 9A 6F 24 92 .A4\....@....o$.
0010: 7A 87 42 5A z.BZ
]
]

[2]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.3]]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:3
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 52 74 AA 95 4B 22 8C C7 3D 96 A4 FE 5D FA 2F B5 Rt..K"..=...]./.
0010: BC EB F0 0B E9 56 38 1D D1 6D 0D A1 BC 68 8B F0 .....V8..m...h..
0020: C5 80 A5 24 34 FD F2 96 18 11 86 A1 36 F5 37 E7 ...$4.......6.7.
0030: 54 40 D5 64 1F C3 5F 70 42 6B 2D 39 C7 9E 52 05 T@.d.._pBk-9..R.
0040: CE E7 6A 72 D2 8D 72 3F 47 50 83 AB C7 8D 25 C9 ..jr..r?GP....%.
0050: B0 E3 A7 53 16 95 A6 6A 53 EA 18 9D 8F 78 A9 77 ...S...jS....x.w
0060: 77 1A F9 B4 97 47 59 88 27 28 B5 CA E1 2E D7 3E w....GY.'(.....>
0070: 0E A2 0D B8 22 44 03 E3 D1 63 B0 41 3A A1 F5 A4 ...."D...c.A:...
0080: 2D F7 76 1E 04 54 99 78 32 40 D7 2B 7C 4D BA A6 -.v..T.x2@.+.M..
0090: 9C B0 79 6E 07 BE 8C EC EE D7 38 69 5B C1 0C 56 ..yn......8i[..V
00A0: 68 9F FE EB D1 E1 C8 88 F9 F2 CD 7F BE 85 B4 44 h..............D
00B0: 67 00 50 3E F4 26 03 64 EA 77 7D E8 5E 3E 1C 37 g.P>.&.d.w..^>.7
00C0: 47 C8 D6 EA A4 F3 36 3C 97 C2 39 72 05 94 19 25 G.....6<..9r...%
00D0: C3 D7 37 41 0F C1 1F 87 8A FD AA BE E9 B1 64 57 ..7A..........dW
00E0: E4 DB 92 A1 CF E1 49 E8 3B 1F 91 13 5A C3 8F D9 ......I.;...Z...
00F0: 25 58 49 80 47 0F C6 03 AE AC E3 BF B7 C0 AA 2A %XI.G..........*

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V1
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc."
, C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: com.sun.rsajca.JSA_RSAPublicKey@13b625b
Validity: [From: Mon Jan 29 02:00:00 EET 1996,
To: Thu Jan 08 01:59:59 EET 2004]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.",
C=US
SerialNumber: [ e49efdf3 3ae80ecf a5113e19 a4240232]

]
Algorithm: [MD2withRSA]
Signature:
0000: 61 70 EC 2F 3F 9E FD 2B E6 68 54 21 B0 67 79 08 ap./?..+.hT!.gy.
0010: 0C 20 96 31 8A 0D 7A BE B6 26 DF 79 2C 22 69 49 . .1..z..&.y,"iI
0020: 36 E3 97 77 62 61 A2 32 D7 7A 54 21 36 BA 02 C9 6..wba.2.zT!6...
0030: 34 E7 25 DA 44 35 B0 D2 5C 80 5D B3 94 F8 F9 AC 4.%.D5..\.].....
0040: EE A4 60 75 2A 1F 95 49 23 B1 4A 7C F4 B3 47 72 ..`u*..I#.J...Gr
0050: 21 5B 7E 97 AB 54 AC 62 E7 5D EC AE 9B D2 C9 B2 ![...T.b.]......
0060: 24 FB 82 AD E9 67 15 4B BA AA A6 F0 97 A0 F6 B0 $....g.K........
0070: 97 57 00 C8 0C 3C 09 A0 82 04 BA 41 DA F7 99 A4 .W...<.....A....

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V1
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O
=GTE Corporation, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@84aa02
Validity: [From: Thu Aug 13 03:29:00 EEST 1998,
To: Tue Aug 14 02:59:00 EEST 2018]
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=
GTE Corporation, C=US
SerialNumber: [ 01a5]

]
Algorithm: [MD5withRSA]
Signature:
0000: 6D EB 1B 09 E9 5E D9 51 DB 67 22 61 A4 2A 3C 48 m....^.Q.g"a.*<H
0010: 77 E3 A0 7C A6 DE 73 A2 14 03 85 3D FB AB 0E 30 w.....s....=...0
0020: C5 83 16 33 81 13 08 9E 7B 34 4E DF 40 C8 74 D7 ...3.....4N.@.t.
0030: B9 7D DC F4 76 55 7D 9B 63 54 18 E9 F0 EA F3 5C ....vU..cT.....\
0040: B1 D9 8B 42 1E B9 C0 95 4E BA FA D5 E2 7C F5 68 ...B....N......h
0050: 61 BF 8E EC 05 97 5F 5B B0 D7 A3 85 34 C4 24 A7 a....._[....4.$.
0060: 0D 0F 95 93 EF CB 94 D8 9E 1F 9D 5C 85 6D C7 AA ...........\.m..
0070: AE 4F 1F 22 B5 CD 95 AD BA A7 CC F9 AB 0B 7A 7F .O."..........z.

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V3
Subject: EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal
Premium
CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=Wes
tern Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@189acb5
Validity: [From: Mon Jan 01 02:00:00 EET 1996,
To: Fri Jan 01 01:59:59 EET 2021]
Issuer: EMAILADDRESS=personal...@thawte.com, CN=Thawte Personal
Premium C
A, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
ST=West
ern Cape, C=ZA
SerialNumber: [ 00]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 69 36 89 F7 34 2A 33 72 2F 6D 3B D4 22 B2 B8 6F i6..4*3r/m;."..o
0010: 9A C5 36 66 0E 1B 3C A1 B1 75 5A E6 FD 35 D3 F8 ..6f..<..uZ..5..
0020: A8 F2 07 6F 85 67 8E DE 2B B9 E2 17 B0 3A A0 F0 ...o.g..+....:..
0030: 0E A2 00 9A DF F3 14 15 6E BB C8 85 5A 98 80 F9 ........n...Z...
0040: FF BE 74 1D 3D F3 FE 30 25 D1 37 34 67 FA A5 71 ..t.=..0%.74g..q
0050: 79 30 61 29 72 C0 E0 2C 4C FB 56 E4 3A A8 6F E5 y0a)r..,L.V.:.o.
0060: 32 59 52 DB 75 28 50 59 0C F8 0B 19 E4 AC D9 AF 2YR.u(PY........
0070: 96 8D 2F 50 DB 07 C3 EA 1F AB 33 E0 F5 2B 31 89 ../P......3..+1.

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V3
Subject: EMAILADDRESS=server...@thawte.com, CN=Thawte Server CA,
OU=Certifi
cation Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
Cape,
C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@19f90e3
Validity: [From: Thu Aug 01 03:00:00 EEST 1996,
To: Fri Jan 01 01:59:59 EET 2021]
Issuer: EMAILADDRESS=server...@thawte.com, CN=Thawte Server CA,
OU=Certific
ation Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western
Cape, C
=ZA
SerialNumber: [ 01]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 .zu...NN.@...2t.
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V1
Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
Inc."
, C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: com.sun.rsajca.JSA_RSAPublicKey@e13e7b
Validity: [From: Mon Jan 29 02:00:00 EET 1996,
To: Sat Jan 01 01:59:59 EET 2000]
Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
Inc.",
C=US
SerialNumber: [ 02a60000 01]

]
Algorithm: [MD2withRSA]
Signature:
0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V3
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.rsajca.JSA_RSAPublicKey@1cd2197
Validity: [From: Fri May 12 21:46:00 EEST 2000,
To: Tue May 13 02:59:00 EEST 2025]
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
SerialNumber: [ 020000b9]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:
0010: B5 04 4D F0 ..M.
]
]

[2]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:3
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 ..]..oQhB....O'%
0010: 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 ....d.-.0......)
0020: 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 ).y?v...#....X..
0030: 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C ap..aj........0.
0040: D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 ...%..@O....8.7.
0050: 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 O..h1.L...t..u^.
0060: 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE H..p..\..y......
0070: 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A e.......R79...1z
0080: 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D ...*.....E..<^..
0090: 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 .........N..Km.p
00A0: 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B mk.c.d..........
00B0: B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E ..P.s.......2...
00C0: 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 .......5...>0.z.
00D0: 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D 3=.e.....b.GD,.]
00E0: BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E ...2.G.8.....2j.
00F0: B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 ..<.......$B.c9.

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V1
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc."
, C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: com.sun.rsajca.JSA_RSAPublicKey@5878d2
Validity: [From: Mon Jan 29 02:00:00 EET 1996,
To: Wed Jan 08 01:59:59 EET 2020]
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.",
C=US
SerialNumber: [ 325033cf 50d156f3 5c81ad65 5c4fc825]

]
Algorithm: [MD2withRSA]
Signature:
0000: 4B 44 66 60 68 64 E4 98 1B F3 B0 72 E6 95 89 7C KDf`hd.....r....
0010: DD 7B B3 95 C0 1D 2E D8 D8 19 D0 2D 34 3D C6 50 ...........-4=.P
0020: 9A 10 86 8C AA 3F 3B A8 04 FC 37 52 95 C3 D9 C9 .....?;...7R....
0030: DB CD F2 86 06 C4 B1 1B F0 82 88 30 42 8E 17 50 ...........0B..P
0040: 1C 64 7A B8 3E 99 49 74 97 FC AC 02 43 FB 96 0C .dz.>.It....C...
0050: 56 04 25 0C 7C 7C 87 9D 24 A7 D8 F0 32 29 B5 A4 V.%.....$...2)..
0060: DF 5D A2 4C C5 16 32 A8 42 F6 45 A6 B6 36 B9 E0 .].L..2.B.E..6..
0070: BF 65 36 93 C2 D2 D7 6B DC DE 59 D6 A2 35 F8 45 .e6....k..Y..5.E

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V1
Subject: OU=Secure Server Certification Authority, O="RSA Data Security,
Inc."
, C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: com.sun.rsajca.JSA_RSAPublicKey@15b55bc
Validity: [From: Wed Nov 09 02:00:00 EET 1994,
To: Fri Jan 08 01:59:59 EET 2010]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security,
Inc.",
C=US
SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0]

]
Algorithm: [MD2withRSA]
Signature:
0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....\
0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V3
Subject: EMAILADDRESS=premium...@thawte.com, CN=Thawte Premium Server
CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=West
ern Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@159d87f
Validity: [From: Thu Aug 01 03:00:00 EEST 1996,
To: Fri Jan 01 01:59:59 EET 2021]
Issuer: EMAILADDRESS=premium...@thawte.com, CN=Thawte Premium Server
CA, O
U=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Weste
rn Cape, C=ZA
SerialNumber: [ 01]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 26 48 2C 16 C2 58 FA E8 16 74 0C AA AA 5F 54 3F &H,..X...t..._T?
0010: F2 D7 C9 78 60 5E 5E 6E 37 63 22 77 36 7E B2 17 ...x`^^n7c"w6...
0020: C4 34 B9 F5 08 85 FC C9 01 38 FF 4D BE F2 16 42 .4.......8.M...B
0030: 43 E7 BB 5A 46 FB C1 C6 11 1F F1 4A B0 28 46 C9 C..ZF......J.(F.
0040: C3 C4 42 7D BC FA AB 59 6E D5 B7 51 88 11 E3 A4 ..B....Yn..Q....
0050: 85 19 6B 82 4C A4 0C 12 AD E9 A4 AE 3F F1 C3 49 ..k.L.......?..I
0060: 65 9A 8C C5 C8 3E 25 B7 94 99 BB 92 32 71 07 F0 e....>%.....2q..
0070: 86 5E ED 50 27 A6 0D A6 23 F9 BB CB A6 07 14 42 .^.P'...#......B

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V1
Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@1949f78
Validity: [From: Sat Feb 24 01:01:00 EET 1996,
To: Fri Feb 24 01:59:00 EET 2006]
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
SerialNumber: [ 01a3]

]
Algorithm: [MD5withRSA]
Signature:
0000: 12 B3 75 C6 5F 1D E1 61 55 80 00 D4 81 4B 7B 31 ..u._..aU....K.1
0010: 0F 23 63 E7 3D F3 03 F9 F4 36 A8 BB D9 E3 A5 97 .#c.=....6......
0020: 4D EA 2B 29 E0 D6 6A 73 81 E6 C0 89 A3 D3 F1 E0 M.+)..js........
0030: A5 A5 22 37 9A 63 C2 48 20 B4 DB 72 E3 C8 F6 D9 .."7.c.H ..r....
0040: 7C BE B1 AF 53 DA 14 B4 21 B8 D6 D5 96 E3 FE 4E ....S...!......N
0050: 0C 59 62 B6 9A 4A F9 42 DD 8C 6F 81 A9 71 FF F4 .Yb..J.B..o..q..
0060: 0A 72 6D 6D 44 0E 9D F3 74 74 A8 D5 34 49 E9 5E .rmmD...tt..4I.^
0070: 9E E9 B4 7A E1 E5 5A 1F 84 30 9C D3 9F A5 25 D8 ...z..Z..0....%.

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V3
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.",
O=GTE
Corporation, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: com.sun.rsajca.JSA_RSAPublicKey@196de29
Validity: [From: Fri Aug 14 17:50:00 EEST 1998,
To: Thu Aug 15 02:59:00 EEST 2013]
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.",
O=GTE C
orporation, C=US
SerialNumber: [ 01b6]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 76 0A 49 21 38 4C 9F DE F8 C4 49 C7 71 71 91 9D v.I!8L....I.qq..
]
]

[2]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.2.840.113763.1.2.1.3]
[] ]
]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:5
]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 41 3A D4 18 5B DA B8 DE 21 1C E1 8E 09 E5 F1 68 A:..[...!......h
0010: 34 FF DE 96 F4 07 F5 A7 3C F3 AC 4A B1 9B FA 92 4.......<..J....
0020: FA 9B ED E6 32 21 AA 4A 76 C5 DC 4F 38 E5 DF D5 ....2!.Jv..O8...
0030: 86 E4 D5 C8 76 7D 98 D7 B1 CD 8F 4D B5 91 23 6C ....v......M..#l
0040: 8B 8A EB EA 7C EF 14 94 C4 C6 F0 1F 4A 2D 32 71 ............J-2q
0050: 63 2B 63 91 26 02 09 B6 80 1D ED E2 CC B8 7F DB c+c.&...........
0060: 87 63 C8 E1 D0 6C 26 B1 35 1D 40 66 10 1B CD 95 .c...l&.5.@f....
0070: 54 18 33 61 EC 13 4F DA 13 F7 99 AF 3E D0 CF 8E T.3a..O.....>...
0080: A6 72 A2 B3 C3 05 9A C9 27 7D 92 CC 7E 52 8D B3 .r......'....R..
0090: AB 70 6D 9E 89 9F 4D EB 1A 75 C2 98 AA D5 02 16 .pm...M..u......
00A0: D7 0C 8A BF 25 E4 EB 2D BC 98 E9 58 38 19 7C B9 ....%..-...X8...
00B0: 37 FE DB E2 99 08 73 06 C7 97 83 6A 7D 10 01 2F 7.....s....j.../
00C0: 32 B9 17 05 4A 65 E6 2F CE BE 5E 53 A6 82 E9 9A 2...Je./..^S....
00D0: 53 0A 84 74 2D 83 CA C8 94 16 76 5F 94 61 28 F0 S..t-.....v_.a(.
00E0: 85 A7 39 BB D7 8B D9 A8 B2 13 1D 54 09 34 24 7D ..9........T.4$.
00F0: 20 81 7D 66 7E A2 90 74 5C 10 C6 BD EC AB 1B C2 ..f...t\.......

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trusted CA: [
[
Version: V1
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
Inc."
, C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

Key: com.sun.rsajca.JSA_RSAPublicKey@1d382ab
Validity: [From: Mon Jan 29 02:00:00 EET 1996,
To: Thu Jan 08 01:59:59 EET 2004]
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
Inc.",
C=US
SerialNumber: [ ba5ac94c 053b92d6 a7b6df4e d053920d]

]
Algorithm: [MD2withRSA]
Signature:
0000: B6 00 1F 93 57 A4 07 A7 40 CE 65 40 3F 55 5E ED ....W...@.e@?U^.
0010: EF FA 54 49 A5 30 D6 21 7C 61 87 EE 83 93 0B BF ..TI.0.!.a......
0020: B4 33 F2 98 AC 9F 06 BF 4E A8 CE 14 81 4C CB 04 .3......N....L..
0030: 4E 58 C3 CF 5F EE 7C D7 9A 6F CB 41 8A B7 7F 81 NX.._....o.A....
0040: B8 FF 84 61 C6 27 43 65 1D 0C EC B1 00 0A DD 1B ...a.'Ce........
0050: A4 BB C7 78 20 28 B2 A2 DD 36 95 2E E1 54 4F BF ...x (...6...TO.
0060: 60 B9 77 68 11 99 23 E8 EA 52 E8 AA 00 4E 67 4E `.wh..#..R...NgN
0070: BB 90 B5 45 9B 46 EB 8E 16 EF C4 33 5B 33 3D D5 ...E.F.....3[3=.

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <clientInfo settings
appli
ed>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Filtering JSSE
SSLSocket>

<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000>
<SSLFilter.isActivated: fa
lse>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <15167987
readRecord()>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <15167987 received
HANDSHA
KE>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
Certifi
cate>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Performing hostname
valid
ation checks: localhost>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <validationCallback:
valid
ateErr = 20>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> < cert[0] = [
[
Version: V3
Subject: EMAILADDRESS=sup...@bea.com, CN=weblogic.bea.com, O=BEA
WebLogic, L=
San Francisco, ST=California, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@b2e752
Validity: [From: Fri Nov 01 22:02:23 EET 2002,
To: Sun Oct 15 23:02:23 EEST 2006]
Issuer: EMAILADDRESS=sup...@bea.com, CN=Demo Certificate Authority
Constraint
s, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
SerialNumber: [ 21]

]
Algorithm: [MD5withRSA]
Signature:
0000: 5E D1 96 8E 01 C8 14 B0 62 16 93 2A 47 38 CF D8 ^.......b..*G8..
0010: 71 EF 75 BC 27 DF 33 0B F8 D5 07 09 36 8D 45 DF q.u.'.3.....6.E.
0020: 2F 27 2C F7 68 9C 8F 2B 10 13 16 07 65 3F 1F 45 /',.h..+....e?.E
0030: 56 9F 62 D8 28 44 E9 86 25 19 8D 0D CB 36 C3 8B V.b.(D..%....6..

]>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Validation error =
20>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Certificate chain is
inco
mplete>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Certificate chain is
untr
usted>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <SSLTrustValidator
returns
: 20>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Trust status (20):
CERT
_CHAIN_INCOMPLETE CERT_CHAIN_UNTRUSTED>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <NEW ALERT:
com.certicom.t
ls.record.alert.Alert@170ec24 Severity: 2 Type: 42

java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at

com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at
com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)

at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)

at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.DataOutputStream.flush(Unknown Source)
at
weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConnection.java:275)
at
weblogic.rjvm.t3.T3SJVMConnection.createConnection(T3SJVMConnection.j
ava:83)
at weblogic.rjvm.Protocol.createConnection(Protocol.java:231)
at
weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionMana
ger.java:1272)
at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:418)

at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:300)

at
weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java
:234)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:191)
at
weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:203
)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:169)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:262)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:323)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:221)
at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialCont
extFactory.java:149)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)

>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <write ALERT offset =
0 le
ngth = 2>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <close(): 15167987>
<Jan 23, 2004 10:46:39 AM EET> <Debug> <TLS> <000000> <Exception during
handshak
e, stack trace follows
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or
unusea
ble certificate was received.
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknow
n Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknow
n Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at
com.certicom.tls.record.handshake.ClientStateReceivedServerHello.hand
le(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)

at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)

at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.DataOutputStream.flush(Unknown Source)
at
weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConnection.java:275)
at
weblogic.rjvm.t3.T3SJVMConnection.createConnection(T3SJVMConnection.j
ava:83)
at weblogic.rjvm.Protocol.createConnection(Protocol.java:231)
at
weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionMana
ger.java:1272)
at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:418)

at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:300)

at
weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java
:234)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:191)
at
weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:203
)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:169)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:262)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:323)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:221)
at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialCont
extFactory.java:149)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)

>
<Jan 23, 2004 10:46:40 AM EET> <Debug> <TLS> <000000> <NEW ALERT:
com.certicom.t
ls.record.alert.Alert@15b4ad2 Severity: 2 Type: 40

java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at

com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Unknown Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages(Unknown Source)

at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at
com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknow
n Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Un
known Source)

at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.DataOutputStream.flush(Unknown Source)
at
weblogic.rjvm.t3.T3JVMConnection.connect(T3JVMConnection.java:275)
at
weblogic.rjvm.t3.T3SJVMConnection.createConnection(T3SJVMConnection.j
ava:83)
at weblogic.rjvm.Protocol.createConnection(Protocol.java:231)
at
weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionMana
ger.java:1272)
at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:418)

at
weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:300)

at
weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java
:234)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:191)
at
weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:203
)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:169)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:262)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:323)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:221)
at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialCont
extFactory.java:149)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
>
javax.naming.CommunicationException. Root exception is
java.net.ConnectExceptio
n: t3s://localhost:7002: Destination unreachable; nested exception is:

java.io.IOException: Write Channel Closed, possible SSL handshaking
or t
rust failure; No available router to destination

at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:180)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:262)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:323)
at
weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:221)
at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialCont
extFactory.java:149)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)

"Pavel" <Pav...@no.spam> wrote in message
news:400ff941$1...@newsgroups.bea.com...

Pavel

unread,

Jan 23, 2004, 10:47:07 AM1/23/04

to

The log shows that the server identity certificate was issued by the Demo Certificate
Authority, but the client's trust does not include this CA. Looks like the trusted
CAs came from the JDK cacerts keystore. Use command line property to specify weblogic's
cacerts keystore on the client:

-Dweblogic.security.SSL.trustedCAKeyStore=<keystore file>

Pavel.

Jukka

unread,

Jan 26, 2004, 8:58:56 AM1/26/04

to

Ok, I did as you adviced (thanks for help btw :) and set that command line
property on my client as follows:

-Dweblogic.security.SSL.trustedCAKeyStore=C:\bea\weblogic700\server\lib\cace

rts

It still complaints about the certificate (this listing comes from the
client):

********************************************************************

<Jan 26, 2004 12:31:10 PM EET> <Debug> <TLS> <000000> <Not in server,

Certicom S
SL license found>

<Jan 26, 2004 12:31:11 PM EET> <Debug> <TLS> <000000> <Weblogic license is
expor
t limited>
<Jan 26, 2004 12:31:12 PM EET> <Debug> <TLS> <000000> <Trusted CA keystore:

C:\b
ea\weblogic700\server\lib\cacerts>

***********************************************************************

So the trusted CAs should be ok?

**********************************************************************
<Jan 26, 2004 12:31:12 PM EET> <Debug> <TLS> <000000> <clientInfo settings
appli
ed>
<Jan 26, 2004 12:31:12 PM EET> <Debug> <TLS> <000000> <Filtering JSSE
SSLSocket>

<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000>
<SSLFilter.isActivated: fa
lse>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <22091943
readRecord()>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <22091943 received
HANDSHA
KE>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
Certifi
cate>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <Performing hostname
valid
ation checks: localhost>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <validationCallback:
valid
ateErr = 1>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> < cert[0] = [

[
Version: V3
Subject: EMAILADDRESS=sup...@bea.com, CN=weblogic.bea.com, O=BEA
WebLogic, L=
San Francisco, ST=California, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@91a4fb

Validity: [From: Fri Nov 01 22:02:23 EET 2002,
To: Sun Oct 15 23:02:23 EEST 2006]
Issuer: EMAILADDRESS=sup...@bea.com, CN=Demo Certificate Authority
Constraint
s, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US
SerialNumber: [ 21]

]
Algorithm: [MD5withRSA]
Signature:
0000: 5E D1 96 8E 01 C8 14 B0 62 16 93 2A 47 38 CF D8 ^.......b..*G8..
0010: 71 EF 75 BC 27 DF 33 0B F8 D5 07 09 36 8D 45 DF q.u.'.3.....6.E.
0020: 2F 27 2C F7 68 9C 8F 2B 10 13 16 07 65 3F 1F 45 /',.h..+....e?.E
0030: 56 9F 62 D8 28 44 E9 86 25 19 8D 0D CB 36 C3 8B V.b.(D..%....6..

]>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> < cert[1] = [
[
Version: V3
Subject: EMAILADDRESS=sup...@bea.com, CN=Demo Certificate Authority
Constrain
ts, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US

Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.rsajca.JSA_RSAPublicKey@1a3b359
Validity: [From: Fri Nov 01 22:02:22 EET 2002,
To: Mon Oct 16 23:02:22 EEST 2006]

Issuer: EMAILADDRESS=sup...@bea.com, CN=Demo Certificate Authority
Constraint
s, OU=Security, O=BEA WebLogic, L=San Francisco, ST=California, C=US

SerialNumber: [ 00]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true

PathLen:1
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 83 57 9E 88 D3 32 26 A9 37 6A 04 B4 31 3B 40 08 .W...2&.7j..1;@.
0010: 24 C1 1E 04 6D 77 64 86 14 98 1B 70 36 17 08 29 $...mwd....p6..)
0020: C5 CC 63 40 7C 24 3D 06 1B 60 5F D0 23 18 A1 F9 ..c@.$=..`_.#...
0030: C5 B1 1E 6B 43 1E 4D 09 54 2C 65 B8 06 8C F6 4E ...kC.M.T,e....N

]>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <Validation error = 1>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <Certificate chain is
inva
lid>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <SSLTrustValidator
returns
: 1>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <Trust status (1):
CERT_
CHAIN_INVALID>
<Jan 26, 2004 12:31:13 PM EET> <Debug> <TLS> <000000> <NEW ALERT:
com.certicom.t
ls.record.alert.Alert@1e6978d Severity: 2 Type: 42

*****************************************************************

The next log is from server startup:

*****************************************************************

<26.1.2004 12:28:00 EET> <Debug> <TLS> <000000> <SSL/Export license found>
<26.1.2004 12:28:00 EET> <Debug> <TLS> <000000> <Certicom SSL license found>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000> <Weblogic license is export
limi
ted>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000>
<SSLListenThread.getSSLManager()
>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000> <SSLManager: getting server
priv
ate key>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000>
<SSLManager.getService(KEYMANAGE
R)>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000>
<SSLManager.getServerPrivateKey(
): key alias: null>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000> <Using 6.x configuration for
SSL
Server PrivateKey>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000>
<SSLManager.getServerCertificate
()>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000> <Server identity
successfully lo
aded>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000>
<SSLManager.getService(KEYMANAGE
R)>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000> <SSLManager, getting trusted
CAs
from TrustedCAFile: trusted-ca.pem>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000> <Cannot find the specified
trust
ed CA file trusted-ca.pem>
<26.1.2004 12:28:01 EET> <Debug> <TLS> <000000> <SSLManager, getting trusted
CAs
from default key store: C:/bea/weblogic700/server\lib\cacerts>
***************************************************************************

Is there some configuration setting etc. that I've missed or what? The WLS
installation is default installation so I haven't configured anything.

Next is from the config.xml that indicates my SSL related (default)
settings.

What could be the problem here?

Regards,

Jukka

"Pavel" <Pav...@no.spam> wrote in message

news:4011...@newsgroups.bea.com...

Pavel

unread,

Jan 26, 2004, 12:59:55 PM1/26/04

to

The log shows that this fixed the original problem, i.e. the client is now able
to build the chain (cert[0], cert[1]). However, the chain validation still fails.
I suspect the reason is that you have jsse classes in your classpath in front
of weblogic.jar, probably in the JDK ext folder. JSSE classes conflict with the
certicom ssl implementation used by weblogic. Try to move the jsse.jar behind
weblogic.jar in the classpath.

Pavel.

Jukka

unread,

Jan 28, 2004, 7:57:14 AM1/28/04

to

I haven't explicitly included jsse.jar in my classpath. However, I did empty
the classpath explicitly and included weblogic.jar first. I still receive
the same error message. Strange, I'd say. Any ideas on this?

Regards,

Jukka

"Pavel" <Pav...@no.spam> wrote in message

news:4015559b$1...@newsgroups.bea.com...

Pavel

unread,

Jan 28, 2004, 11:20:45 AM1/28/04

to

Have you checked the JDK ext folder? Are you running on JDK 1.4. JSSE is included
with 1.4 in its jre/lib folder.
You can test whether jsse.jar is in the jdk classpath, by clearing the CLASSPATH
env variable and running: javap javax.security.cert.X509Certificate

Pavel.

Jukka

unread,

Jan 29, 2004, 11:54:30 AM1/29/04

to

Yes, I'm using JRE1.4.1_02, but the jsse.jar seems not to be in my
classpath, because I get the following message when I run that command you
provided.

"Class 'javax.security.cert.X509Certificate' not found"

When I added weblogic.jar to my classpath, it (the javap command) worked as
it is supposed to.

Regards,

Jukka

"Pavel" <Pav...@no.spam> wrote in message

news:4017e15d$1...@newsgroups.bea.com...

Pavel

unread,

Jan 29, 2004, 4:51:03 PM1/29/04

to

The error you are getting matches the error you would see with the jdk1.4.1 and
the jsse.jar in its jre/lib directory. This issue is listed here:
http://e-docs.bea.com/wls/docs70/notes/issues.html#1135756

To exhaust this you can try the following: check the class name spelling, and
confirm that you are running javap command on the same jvm you run your client
in case you have multiple jvms installed, or search jdk folder for jsse.jar, and
make sure it is not there. Or try runnining the client on jdk1.3 without jsse
installed and see if the problem goes away.

If this proves this to be a different issue, I'd suggest opening a support case.

Pavel.

Jukka

unread,

Jan 30, 2004, 7:02:39 AM1/30/04

to

Indeed, now it works!! Great!! I really appreciate your help! :)

Regards,

Jukka

"Pavel" <Pav...@no.spam> wrote in message

news:40198047$1...@newsgroups.bea.com...

Shuba Simha

unread,

Dec 17, 2004, 12:19:24 PM12/17/04

to

Hi,
I have the same problem still. I am running this command on JDK1.3. Here's my command & the output:
===========================
[www@iserv47 www]$ /opt/bea/jrockit70sp5_131_10/bin/java -classpath /opt/bea/weblogic700/server/lib/weblogic.jar weblogic.Admin -url https://ushhints-mt.merck.com:8143 -username admin PING
Enter the password for user admin :password

Failed to connect to https://ushhints-mt.merck.com:8143: Destination unreachable; nested exception is:
java.io.IOException: Write Channel Closed, possible SSL handshaking or trust failure; No available router to destination
[www@iserv47 www]$
=========================================

the only jsse.jar is in the dir - weblogic700/workshop/jdk1.4/jre/lib/jsse.jar. Could this be affecting somehow?

Anybody has any ideas??

Thanks
~s

psmelkov

unread,

Dec 17, 2004, 2:54:50 PM12/17/04

to

See http://e-docs.bea.com/wls/docs70/secmanage/ssl.html#1187931 for info on how to configure trust of weblogic.Admin client. Make sure its trusted certificates include certificate of the CA that issued the server identity certificate.
Also read the section about hostname verification.
If this does not help try running with ssl debug on:
-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
This should output more info about the error.

Pavel.