Re: [jetty-users] ssl setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] ssl setup

From: Miten Mehta <Miten.Mehta@xxxxxxxxxxxxxxxxx>
Date: Wed, 19 Jan 2011 15:41:48 +0530
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hi,

I added the CA cert to browsers CA list and now I get bad_certificate error. Probably one who knows bit more of SSL/TLS handshake can guide. It seems that server send the alias jetty certificate to browser which reports bad_certificate.

I also also tried to import the server certificate (using keytool export for alias jetty) into browser and it imported fine.

Using SSLEngineImpl.
2011-01-19 14:30:39.705:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:3832]
2011-01-19 14:30:39.705:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 158
2011-01-19 14:30:39.705:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
[Raw read]: length = 5
0000: 16 03 01 00 99                                     .....
[Raw read]: length = 153
0000: 01 00 00 95 03 01 4D 36   A8 37 C7 63 FC DB 45 74 ......M6.7.c..Et
0010: 04 EB 63 D3 D0 E1 97 FC   BF 4A 13 6C B8 63 8D 08 ..c......J.l.c..
0020: 30 8D 49 5B 3C A0 00 00   48 00 FF C0 0A C0 14 00 0.I[<...H.......
0030: 88 00 87 00 38 C0 0F C0   05 00 84 00 35 00 39 C0 ....8.......5.9.
0040: 07 C0 09 C0 11 C0 13 00   45 00 44 00 33 00 32 C0 ........E.D.3.2.
0050: 0C C0 0E C0 02 C0 04 00   96 00 41 00 04 00 05 00 ..........A.....
0060: 2F C0 08 C0 12 00 16 00   13 C0 0D C0 03 FE FF 00 /...............
0070: 0A 01 00 00 24 00 00 00   0E 00 0C 00 00 09 6C 6F ....$.........lo
0080: 63 61 6C 68 6F 73 74 00   0A 00 08 00 06 00 17 00 calhost.........
0090: 18 00 19 00 0B 00 02 01   00                       .........
qtp1683934-30, READ: TLSv1 Handshake, length = 153
2011-01-19 14:30:39.705:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap unwrap Status = OK HandshakeStatus = NEED_TASK|bytesConsumed = 158 bytesProduced = 0
*** ClientHello, TLSv1
RandomCookie: GMT: 1295362103 bytes = { 199, 99, 252, 219, 69, 116, 4, 235, 99, 211, 208, 225, 151, 252, 191, 74, 19, 108, 184, 99, 141, 8, 48, 141, 73, 91, 60, 160 }
Session ID: {}
Cipher Suites: [Unknown 0x0:0xff, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, Unknown 0x0:0x87, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x45, Unknown 0x0:0x44, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension server_name, [host_name: localhost]
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes: len = 153
0000: 01 00 00 95 03 01 4D 36   A8 37 C7 63 FC DB 45 74 ......M6.7.c..Et
0010: 04 EB 63 D3 D0 E1 97 FC   BF 4A 13 6C B8 63 8D 08 ..c......J.l.c..
0020: 30 8D 49 5B 3C A0 00 00   48 00 FF C0 0A C0 14 00 0.I[<...H.......
0030: 88 00 87 00 38 C0 0F C0   05 00 84 00 35 00 39 C0 ....8.......5.9.
0040: 07 C0 09 C0 11 C0 13 00   45 00 44 00 33 00 32 C0 ........E.D.3.2.
0050: 0C C0 0E C0 02 C0 04 00   96 00 41 00 04 00 05 00 ..........A.....
0060: 2F C0 08 C0 12 00 16 00   13 C0 0D C0 03 FE FF 00 /...............
0070: 0A 01 00 00 24 00 00 00   0E 00 0C 00 00 09 6C 6F ....$.........lo
0080: 63 61 6C 68 6F 73 74 00   0A 00 08 00 06 00 17 00 calhost.........
0090: 18 00 19 00 0B 00 02 01   00                       .........
matching alias: jetty
%% Created: [Session-1, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1295362103 bytes = { 18, 133, 165, 101, 90, 8, 249, 198, 227, 34, 183, 52, 45, 182, 84, 146, 15, 30, 222, 28, 31, 197, 49, 189, 143, 200, 242, 31 }
Session ID: {77, 54, 168, 55, 24, 11, 172, 113, 137, 69, 10, 93, 96, 97, 67, 108, 208, 226, 5, 67, 108, 230, 96, 151, 74, 171, 252, 80, 133, 181, 138, 108}
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
***
Cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=imiten@xxxxxxxxx, CN=NRIMITMITENMD.ms.com, O=Miten Mehta Pvt Ltd, ST=Mumbai, C=IN
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: Sun RSA public key, 1024 bits
modulus: 116166747336192237877642500685043107937151069684464186128886791733820778053373605432849200642360756748380470161902385124432913588937655422139801503826637203979525990636439308053159247210995277069508751413454969655267757174453237732064382729997988984906249874577933517675910325711352226437944556806781235570203
public exponent: 65537
Validity: [From: Tue Jan 18 11:43:44 IST 2011,
               To: Fri Jan 15 11:43:44 IST 2021]
Issuer: EMAILADDRESS=imiten@xxxxxxxxx, CN=Miten Mehta CA, O=Miten Mehta Pvt Ltd, L=Goregaon, ST=Mumbai, C=IN
SerialNumber: [    02]

Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E   53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65   72 74 69 66 69 63 61 74 rated Certificat
0020: 65                                                 e

[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: EA 32 85 0B DC C7 70 E2   D0 1B BC 8B FB 62 A3 D6 .2....p......b..
0010: 37 2C B9 8B                                        7,..
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[EMAILADDRESS=imiten@xxxxxxxxx, CN=Miten Mehta CA, O=Miten Mehta Pvt Ltd, L=Goregaon, ST=Mumbai, C=IN]
SerialNumber: [    00]
]

[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]

]
Algorithm: [MD5withRSA]
Signature:
0000: 8B B7 C8 7F 9A BF 32 D8   9D D1 F3 10 EF B3 B4 8D ......2.........
0010: AB 07 17 42 5C FF 57 CE   86 91 7C F4 92 12 70 65 ...B\.W.......pe
0020: EE 48 2C 45 24 96 43 FE   E1 CF B2 8C 88 C9 FC 63 .H,E$.C........c
0030: 17 10 D9 FA 4E 4F 20 98   69 C5 F4 03 A3 4C CB 45 ....NO .i....L.E
0040: F0 2F E4 75 51 10 F1 0B   CE 8A 95 29 01 62 DD 21 ./.uQ......).b.!
0050: E8 E9 0E 5F 06 A3 FA F3   D8 4A BE 17 F4 D7 69 13 ..._.....J....i.
0060: 8D 19 FE 49 F9 0E 5C 17   73 82 CD D0 D9 16 79 B3 ...I..\.s.....y.
0070: 1D 0E 7E 55 2F FF 1F A7   37 65 1D A0 72 73 B4 84 ...U/...7e..rs..

]
***
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 233, 230, 66, 89, 157, 53, 95, 55, 201, 127, 253, 53, 103, 18, 11, 142, 37, 201, 205, 67, 233, 39, 179, 169, 103, 15, 190, 197, 216, 144, 20, 25, 34, 210, 195, 179, 173, 36, 128, 9, 55, 153, 134, 157, 30, 132, 106, 171, 73, 250, 176, 173, 38, 210, 206, 106, 34, 33, 157, 71, 11, 206, 125, 119, 125, 74, 33, 251, 233, 194, 112, 181, 127, 96, 112, 2, 243, 206, 248, 57, 54, 148, 207, 69, 238, 54, 136, 193, 26, 140, 86, 171, 18, 122, 61, 175 }
DH Base: { 48, 71, 10, 213, 160, 5, 251, 20, 206, 45, 157, 205, 135, 227, 139, 199, 209, 177, 197, 250, 203, 174, 203, 233, 95, 25, 10, 167, 163, 29, 35, 196, 219, 188, 190, 6, 23, 69, 68, 64, 26, 91, 44, 2, 9, 101, 216, 194, 189, 33, 113, 211, 102, 132, 69, 119, 31, 116, 186, 8, 77, 32, 41, 216, 60, 28, 21, 133, 71, 243, 169, 241, 162, 113, 91, 226, 61, 81, 174, 77, 62, 90, 31, 106, 112, 100, 243, 22, 147, 58, 52, 109, 63, 82, 146, 82 }
Server DH Public Key: { 220, 130, 141, 37, 54, 23, 240, 81, 64, 223, 230, 31, 73, 8, 162, 5, 0, 239, 11, 8, 20, 47, 154, 143, 180, 140, 232, 15, 6, 33, 39, 113, 204, 122, 1, 174, 73, 37, 53, 36, 26, 32, 105, 148, 94, 196, 49, 232, 5, 110, 214, 52, 114, 128, 187, 74, 64, 105, 103, 108, 154, 140, 170, 153, 92, 203, 79, 141, 240, 228, 20, 6, 137, 54, 119, 177, 104, 228, 30, 33, 87, 149, 158, 150, 168, 78, 77, 93, 93, 166, 138, 11, 48, 116, 244, 173 }
Signed with a DSA or RSA public key
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 1411
0000: 02 00 00 46 03 01 4D 36   A8 37 12 85 A5 65 5A 08 ...F..M6.7...eZ.
0010: F9 C6 E3 22 B7 34 2D B6   54 92 0F 1E DE 1C 1F C5 ...".4-.T.......
0020: 31 BD 8F C8 F2 1F 20 4D   36 A8 37 18 0B AC 71 89 1..... M6.7...q.
0030: 45 0A 5D 60 61 43 6C D0   E2 05 43 6C E6 60 97 4A E.]`aCl...Cl.`.J
0040: AB FC 50 85 B5 8A 6C 00   33 00 0B 00 03 85 00 03 ..P...l.3.......
0050: 82 00 03 7F 30 82 03 7B   30 82 02 E4 A0 03 02 01 ....0...0.......
0060: 02 02 01 02 30 0D 06 09   2A 86 48 86 F7 0D 01 01 ....0...*.H.....
0070: 04 05 00 30 81 89 31 0B   30 09 06 03 55 04 06 13 ...0..1.0...U...
0080: 02 49 4E 31 0F 30 0D 06   03 55 04 08 13 06 4D 75 .IN1.0...U....Mu
0090: 6D 62 61 69 31 11 30 0F   06 03 55 04 07 13 08 47 mbai1.0...U....G
00A0: 6F 72 65 67 61 6F 6E 31   1C 30 1A 06 03 55 04 0A oregaon1.0...U..
00B0: 13 13 4D 69 74 65 6E 20   4D 65 68 74 61 20 50 76 ..Miten Mehta Pv
00C0: 74 20 4C 74 64 31 17 30   15 06 03 55 04 03 13 0E t Ltd1.0...U....
00D0: 4D 69 74 65 6E 20 4D 65   68 74 61 20 43 41 31 1F Miten Mehta CA1.
00E0: 30 1D 06 09 2A 86 48 86   F7 0D 01 09 01 16 10 69 0...*.H........i
00F0: 6D 69 74 65 6E 40 79 61   68 6F 6F 2E 63 6F 6D 30 miten@yahoo.com0
0100: 1E 17 0D 31 31 30 31 31   38 30 36 31 33 34 34 5A ...110118061344Z
0110: 17 0D 32 31 30 31 31 35   30 36 31 33 34 34 5A 30 ..210115061344Z0
0120: 7C 31 0B 30 09 06 03 55   04 06 13 02 49 4E 31 0F .1.0...U....IN1.
0130: 30 0D 06 03 55 04 08 13   06 4D 75 6D 62 61 69 31 0...U....Mumbai1
0140: 1C 30 1A 06 03 55 04 0A   13 13 4D 69 74 65 6E 20 .0...U....Miten
0150: 4D 65 68 74 61 20 50 76   74 20 4C 74 64 31 1D 30 Mehta Pvt Ltd1.0
0160: 1B 06 03 55 04 03 13 14   4E 52 49 4D 49 54 4D 49 ...U....NRIMITMI
0170: 54 45 4E 4D 44 2E 6D 73   2E 63 6F 6D 31 1F 30 1D TENMD.ms.com1.0.
0180: 06 09 2A 86 48 86 F7 0D   01 09 01 16 10 69 6D 69 ..*.H........imi
0190: 74 65 6E 40 79 61 68 6F   6F 2E 63 6F 6D 30 81 9F ten@yahoo.com0..
01A0: 30 0D 06 09 2A 86 48 86   F7 0D 01 01 01 05 00 03 0...*.H.........
01B0: 81 8D 00 30 81 89 02 81   81 00 A5 6D 4B E5 99 6D ...0.......mK..m
01C0: DC E4 AD 3D D5 8D AB 39   EB F8 1B 77 DE 14 90 D9 ...=...9...w....
01D0: E2 B5 60 85 A6 BB 74 83   7A 4F F3 C1 84 1E 19 9B ..`...t.zO......
01E0: D8 68 23 D5 73 07 3C E1   C7 07 78 0C 79 B9 33 DF .h#.s.<...x.y.3.
01F0: 1F E5 0C 34 3D 24 C4 EB   09 C3 13 9E A8 2A 00 28 ...4=$.......*.(
0200: 14 84 0C 72 F1 AC 17 3B   23 B4 C6 4E 53 6D 8C 9D ...r...;#..NSm..
0210: 86 FD D7 DD AD F4 2D 19   5A 4C 45 24 D7 29 82 48 ......-.ZLE$.).H
0220: 09 B5 F4 06 BE FA E3 96   DC 0B 4B 2D FF 7D C8 78 ..........K-...x
0230: 6B 47 A8 2A 2F 40 6D F3   26 1B 02 03 01 00 01 A3 kG.*/@m.&.......
0240: 81 FE 30 81 FB 30 09 06   03 55 1D 13 04 02 30 00 ..0..0...U....0.
0250: 30 2C 06 09 60 86 48 01   86 F8 42 01 0D 04 1F 16 0,..`.H...B.....
0260: 1D 4F 70 65 6E 53 53 4C   20 47 65 6E 65 72 61 74 .OpenSSL Generat
0270: 65 64 20 43 65 72 74 69   66 69 63 61 74 65 30 1D ed Certificate0.
0280: 06 03 55 1D 0E 04 16 04   14 EA 32 85 0B DC C7 70 ..U.......2....p
0290: E2 D0 1B BC 8B FB 62 A3   D6 37 2C B9 8B 30 81 A0 ......b..7,..0..
02A0: 06 03 55 1D 23 04 81 98   30 81 95 A1 81 8F A4 81 ..U.#...0.......
02B0: 8C 30 81 89 31 0B 30 09   06 03 55 04 06 13 02 49 .0..1.0...U....I
02C0: 4E 31 0F 30 0D 06 03 55   04 08 13 06 4D 75 6D 62 N1.0...U....Mumb
02D0: 61 69 31 11 30 0F 06 03   55 04 07 13 08 47 6F 72 ai1.0...U....Gor
02E0: 65 67 61 6F 6E 31 1C 30   1A 06 03 55 04 0A 13 13 egaon1.0...U....
02F0: 4D 69 74 65 6E 20 4D 65   68 74 61 20 50 76 74 20 Miten Mehta Pvt
0300: 4C 74 64 31 17 30 15 06   03 55 04 03 13 0E 4D 69 Ltd1.0...U....Mi
0310: 74 65 6E 20 4D 65 68 74   61 20 43 41 31 1F 30 1D ten Mehta CA1.0.
0320: 06 09 2A 86 48 86 F7 0D   01 09 01 16 10 69 6D 69 ..*.H........imi
0330: 74 65 6E 40 79 61 68 6F   6F 2E 63 6F 6D 82 01 00 ten@xxxxxxxxx...
0340: 30 0D 06 09 2A 86 48 86   F7 0D 01 01 04 05 00 03 0...*.H.........
0350: 81 81 00 8B B7 C8 7F 9A   BF 32 D8 9D D1 F3 10 EF .........2......
0360: B3 B4 8D AB 07 17 42 5C   FF 57 CE 86 91 7C F4 92 ......B\.W......
0370: 12 70 65 EE 48 2C 45 24   96 43 FE E1 CF B2 8C 88 .pe.H,E$.C......
0380: C9 FC 63 17 10 D9 FA 4E   4F 20 98 69 C5 F4 03 A3 ..c....NO .i....
0390: 4C CB 45 F0 2F E4 75 51   10 F1 0B CE 8A 95 29 01 L.E./.uQ......).
03A0: 62 DD 21 E8 E9 0E 5F 06   A3 FA F3 D8 4A BE 17 F4 b.!..._.....J...
03B0: D7 69 13 8D 19 FE 49 F9   0E 5C 17 73 82 CD D0 D9 .i....I..\.s....
03C0: 16 79 B3 1D 0E 7E 55 2F   FF 1F A7 37 65 1D A0 72 .y....U/...7e..r
03D0: 73 B4 84 0C 00 01 A8 00   60 E9 E6 42 59 9D 35 5F s.......`..BY.5_
03E0: 37 C9 7F FD 35 67 12 0B   8E 25 C9 CD 43 E9 27 B3 7...5g...%..C.'.
03F0: A9 67 0F BE C5 D8 90 14   19 22 D2 C3 B3 AD 24 80 .g......."....$.
0400: 09 37 99 86 9D 1E 84 6A   AB 49 FA B0 AD 26 D2 CE .7.....j.I...&..
0410: 6A 22 21 9D 47 0B CE 7D   77 7D 4A 21 FB E9 C2 70 j"!.G...w.J!...p
0420: B5 7F 60 70 02 F3 CE F8   39 36 94 CF 45 EE 36 88 ..`p....96..E.6.
0430: C1 1A 8C 56 AB 12 7A 3D   AF 00 60 30 47 0A D5 A0 ...V..z=..`0G...
0440: 05 FB 14 CE 2D 9D CD 87   E3 8B C7 D1 B1 C5 FA CB ....-...........
0450: AE CB E9 5F 19 0A A7 A3   1D 23 C4 DB BC BE 06 17 ..._.....#......
0460: 45 44 40 1A 5B 2C 02 09   65 D8 C2 BD 21 71 D3 66 ED@.[,..e...!q.f
0470: 84 45 77 1F 74 BA 08 4D   20 29 D8 3C 1C 15 85 47 .Ew.t..M ).<...G
0480: F3 A9 F1 A2 71 5B E2 3D   51 AE 4D 3E 5A 1F 6A 70 ....q[.=Q.M>Z.jp
0490: 64 F3 16 93 3A 34 6D 3F   52 92 52 00 60 DC 82 8D d...:4m?R.R.`...
04A0: 25 36 17 F0 51 40 DF E6   1F 49 08 A2 05 00 EF 0B %6..Q@...I......
04B0: 08 14 2F 9A 8F B4 8C E8   0F 06 21 27 71 CC 7A 01 ../.......!'q.z.
04C0: AE 49 25 35 24 1A 20 69   94 5E C4 31 E8 05 6E D6 .I%5$. i.^.1..n.
04D0: 34 72 80 BB 4A 40 69 67   6C 9A 8C AA 99 5C CB 4F 4r..J@igl....\.O
04E0: 8D F0 E4 14 06 89 36 77   B1 68 E4 1E 21 57 95 9E ......6w.h..!W..
04F0: 96 A8 4E 4D 5D 5D A6 8A   0B 30 74 F4 AD 00 80 7F ..NM]]...0t.....
0500: 33 6D 99 87 02 38 20 EB   29 8C 3C 6A F8 4A 18 E8 3m...8 .).<j.J..
0510: 8E CC 90 03 6C DA FD 51   CE 4E 02 5C D1 DF 5F DB ....l..Q.N.\.._.
0520: 76 A2 3F B2 17 83 74 6A   28 35 0F 76 04 EB E7 A5 v.?...tj(5.v....
0530: D0 06 B2 2D F4 E7 BE 29   F9 0C CB 3D DF DA 74 E0 ...-...)...=..t.
0540: EC 9F 87 FA E1 F6 BB 98   88 AF 12 9C 06 71 55 E1 .............qU.
0550: 2E EE C9 6E 0E D0 83 D6   73 BB 23 9F 0D 2F D6 26 ...n....s.#../.&
0560: 4E 64 D7 0F 06 60 F9 AB   47 3B FA A5 B3 D0 EF 1C Nd...`..G;......
0570: 02 04 92 1E 75 62 58 97   81 4B 14 5A 10 00 41 0E ....ubX..K.Z..A.
0580: 00 00 00                                           ...
qtp1683934-30, WRITE: TLSv1 Handshake, length = 1411
[Raw write]: length = 1416
0000: 16 03 01 05 83 02 00 00   46 03 01 4D 36 A8 37 12 ........F..M6.7.
0010: 85 A5 65 5A 08 F9 C6 E3   22 B7 34 2D B6 54 92 0F ..eZ....".4-.T..
0020: 1E DE 1C 1F C5 31 BD 8F   C8 F2 1F 20 4D 36 A8 37 .....1..... M6.7
0030: 18 0B AC 71 89 45 0A 5D   60 61 43 6C D0 E2 05 43 ...q.E.]`aCl...C
0040: 6C E6 60 97 4A AB FC 50   85 B5 8A 6C 00 33 00 0B l.`.J..P...l.3..
0050: 00 03 85 00 03 82 00 03   7F 30 82 03 7B 30 82 02 .........0...0..
0060: E4 A0 03 02 01 02 02 01   02 30 0D 06 09 2A 86 48 .........0...*.H
0070: 86 F7 0D 01 01 04 05 00   30 81 89 31 0B 30 09 06 ........0..1.0..
0080: 03 55 04 06 13 02 49 4E   31 0F 30 0D 06 03 55 04 .U....IN1.0...U.
0090: 08 13 06 4D 75 6D 62 61   69 31 11 30 0F 06 03 55 ...Mumbai1.0...U
00A0: 04 07 13 08 47 6F 72 65   67 61 6F 6E 31 1C 30 1A ....Goregaon1.0.
00B0: 06 03 55 04 0A 13 13 4D   69 74 65 6E 20 4D 65 68 ..U....Miten Meh
00C0: 74 61 20 50 76 74 20 4C   74 64 31 17 30 15 06 03 ta Pvt Ltd1.0...
00D0: 55 04 03 13 0E 4D 69 74   65 6E 20 4D 65 68 74 61 U....Miten Mehta
00E0: 20 43 41 31 1F 30 1D 06   09 2A 86 48 86 F7 0D 01   CA1.0...*.H....
00F0: 09 01 16 10 69 6D 69 74   65 6E 40 79 61 68 6F 6F ....imiten@yahoo
0100: 2E 63 6F 6D 30 1E 17 0D   31 31 30 31 31 38 30 36 .com0...11011806
0110: 31 33 34 34 5A 17 0D 32   31 30 31 31 35 30 36 31 1344Z..210115061
0120: 33 34 34 5A 30 7C 31 0B   30 09 06 03 55 04 06 13 344Z0.1.0...U...
0130: 02 49 4E 31 0F 30 0D 06   03 55 04 08 13 06 4D 75 .IN1.0...U....Mu
0140: 6D 62 61 69 31 1C 30 1A   06 03 55 04 0A 13 13 4D mbai1.0...U....M
0150: 69 74 65 6E 20 4D 65 68   74 61 20 50 76 74 20 4C iten Mehta Pvt L
0160: 74 64 31 1D 30 1B 06 03   55 04 03 13 14 4E 52 49 td1.0...U....NRI
0170: 4D 49 54 4D 49 54 45 4E   4D 44 2E 6D 73 2E 63 6F MITMITENMD.ms.co
0180: 6D 31 1F 30 1D 06 09 2A   86 48 86 F7 0D 01 09 01 m1.0...*.H......
0190: 16 10 69 6D 69 74 65 6E   40 79 61 68 6F 6F 2E 63 ..imiten@yahoo.c
01A0: 6F 6D 30 81 9F 30 0D 06   09 2A 86 48 86 F7 0D 01 om0..0...*.H....
01B0: 01 01 05 00 03 81 8D 00   30 81 89 02 81 81 00 A5 ........0.......
01C0: 6D 4B E5 99 6D DC E4 AD   3D D5 8D AB 39 EB F8 1B mK..m...=...9...
01D0: 77 DE 14 90 D9 E2 B5 60   85 A6 BB 74 83 7A 4F F3 w......`...t.zO.
01E0: C1 84 1E 19 9B D8 68 23   D5 73 07 3C E1 C7 07 78 ......h#.s.<...x
01F0: 0C 79 B9 33 DF 1F E5 0C   34 3D 24 C4 EB 09 C3 13 .y.3....4=$.....
0200: 9E A8 2A 00 28 14 84 0C   72 F1 AC 17 3B 23 B4 C6 ..*.(...r...;#..
0210: 4E 53 6D 8C 9D 86 FD D7   DD AD F4 2D 19 5A 4C 45 NSm........-.ZLE
0220: 24 D7 29 82 48 09 B5 F4   06 BE FA E3 96 DC 0B 4B $.).H..........K
0230: 2D FF 7D C8 78 6B 47 A8   2A 2F 40 6D F3 26 1B 02 -...xkG.*/@m.&..
0240: 03 01 00 01 A3 81 FE 30   81 FB 30 09 06 03 55 1D .......0..0...U.
0250: 13 04 02 30 00 30 2C 06   09 60 86 48 01 86 F8 42 ...0.0,..`.H...B
0260: 01 0D 04 1F 16 1D 4F 70   65 6E 53 53 4C 20 47 65 ......OpenSSL Ge
0270: 6E 65 72 61 74 65 64 20   43 65 72 74 69 66 69 63 nerated Certific
0280: 61 74 65 30 1D 06 03 55   1D 0E 04 16 04 14 EA 32 ate0...U.......2
0290: 85 0B DC C7 70 E2 D0 1B   BC 8B FB 62 A3 D6 37 2C ....p......b..7,
02A0: B9 8B 30 81 A0 06 03 55   1D 23 04 81 98 30 81 95 ..0....U.#...0..
02B0: A1 81 8F A4 81 8C 30 81   89 31 0B 30 09 06 03 55 ......0..1.0...U
02C0: 04 06 13 02 49 4E 31 0F   30 0D 06 03 55 04 08 13 ....IN1.0...U...
02D0: 06 4D 75 6D 62 61 69 31   11 30 0F 06 03 55 04 07 .Mumbai1.0...U..
02E0: 13 08 47 6F 72 65 67 61   6F 6E 31 1C 30 1A 06 03 ..Goregaon1.0...
02F0: 55 04 0A 13 13 4D 69 74   65 6E 20 4D 65 68 74 61 U....Miten Mehta
0300: 20 50 76 74 20 4C 74 64   31 17 30 15 06 03 55 04   Pvt Ltd1.0...U.
0310: 03 13 0E 4D 69 74 65 6E   20 4D 65 68 74 61 20 43 ...Miten Mehta C
0320: 41 31 1F 30 1D 06 09 2A   86 48 86 F7 0D 01 09 01 A1.0...*.H......
0330: 16 10 69 6D 69 74 65 6E   40 79 61 68 6F 6F 2E 63 ..imiten@yahoo.c
0340: 6F 6D 82 01 00 30 0D 06   09 2A 86 48 86 F7 0D 01 om...0...*.H....
0350: 01 04 05 00 03 81 81 00   8B B7 C8 7F 9A BF 32 D8 ..............2.
0360: 9D D1 F3 10 EF B3 B4 8D   AB 07 17 42 5C FF 57 CE ...........B\.W.
0370: 86 91 7C F4 92 12 70 65   EE 48 2C 45 24 96 43 FE ......pe.H,E$.C.
0380: E1 CF B2 8C 88 C9 FC 63   17 10 D9 FA 4E 4F 20 98 .......c....NO .
0390: 69 C5 F4 03 A3 4C CB 45   F0 2F E4 75 51 10 F1 0B i....L.E./.uQ...
03A0: CE 8A 95 29 01 62 DD 21   E8 E9 0E 5F 06 A3 FA F3 ...).b.!..._....
03B0: D8 4A BE 17 F4 D7 69 13   8D 19 FE 49 F9 0E 5C 17 .J....i....I..\.
03C0: 73 82 CD D0 D9 16 79 B3   1D 0E 7E 55 2F FF 1F A7 s.....y....U/...
03D0: 37 65 1D A0 72 73 B4 84   0C 00 01 A8 00 60 E9 E6 7e..rs.......`..
03E0: 42 59 9D 35 5F 37 C9 7F   FD 35 67 12 0B 8E 25 C9 BY.5_7...5g...%.
03F0: CD 43 E9 27 B3 A9 67 0F   BE C5 D8 90 14 19 22 D2 .C.'..g.......".
0400: C3 B3 AD 24 80 09 37 99   86 9D 1E 84 6A AB 49 FA ...$..7.....j.I.
0410: B0 AD 26 D2 CE 6A 22 21   9D 47 0B CE 7D 77 7D 4A ..&..j"!.G...w.J
0420: 21 FB E9 C2 70 B5 7F 60   70 02 F3 CE F8 39 36 94 !...p..`p....96.
0430: CF 45 EE 36 88 C1 1A 8C   56 AB 12 7A 3D AF 00 60 .E.6....V..z=..`
0440: 30 47 0A D5 A0 05 FB 14   CE 2D 9D CD 87 E3 8B C7 0G.......-......
0450: D1 B1 C5 FA CB AE CB E9   5F 19 0A A7 A3 1D 23 C4 ........_.....#.
0460: DB BC BE 06 17 45 44 40   1A 5B 2C 02 09 65 D8 C2 .....ED@.[,..e..
0470: BD 21 71 D3 66 84 45 77   1F 74 BA 08 4D 20 29 D8 .!q.f.Ew.t..M ).
0480: 3C 1C 15 85 47 F3 A9 F1   A2 71 5B E2 3D 51 AE 4D <...G....q[.=Q.M
0490: 3E 5A 1F 6A 70 64 F3 16   93 3A 34 6D 3F 52 92 52 >Z.jpd...:4m?R.R
04A0: 00 60 DC 82 8D 25 36 17   F0 51 40 DF E6 1F 49 08 .`...%6..Q@...I.
04B0: A2 05 00 EF 0B 08 14 2F   9A 8F B4 8C E8 0F 06 21 ......./.......!
04C0: 27 71 CC 7A 01 AE 49 25   35 24 1A 20 69 94 5E C4 'q.z..I%5$. i.^.
04D0: 31 E8 05 6E D6 34 72 80   BB 4A 40 69 67 6C 9A 8C 1..n.4r..J@igl..
04E0: AA 99 5C CB 4F 8D F0 E4   14 06 89 36 77 B1 68 E4 ..\.O......6w.h.
04F0: 1E 21 57 95 9E 96 A8 4E   4D 5D 5D A6 8A 0B 30 74 .!W....NM]]...0t
0500: F4 AD 00 80 7F 33 6D 99   87 02 38 20 EB 29 8C 3C .....3m...8 .).<
0510: 6A F8 4A 18 E8 8E CC 90   03 6C DA FD 51 CE 4E 02 j.J......l..Q.N.
0520: 5C D1 DF 5F DB 76 A2 3F   B2 17 83 74 6A 28 35 0F \.._.v.?...tj(5.
0530: 76 04 EB E7 A5 D0 06 B2   2D F4 E7 BE 29 F9 0C CB v.......-...)...
0540: 3D DF DA 74 E0 EC 9F 87   FA E1 F6 BB 98 88 AF 12 =..t............
0550: 9C 06 71 55 E1 2E EE C9   6E 0E D0 83 D6 73 BB 23 ..qU....n....s.#
0560: 9F 0D 2F D6 26 4E 64 D7   0F 06 60 F9 AB 47 3B FA ../.&Nd...`..G;.
0570: A5 B3 D0 EF 1C 02 04 92   1E 75 62 58 97 81 4B 14 .........ubX..K.
0580: 5A 10 00 41 0E 00 00 00                            Z..A....
2011-01-19 14:30:39.752:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] fill wrap Status = OK HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 1416
2011-01-19 14:30:39.752:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 1416/1416
2011-01-19 14:30:39.752:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
[Raw read]: length = 5
0000: 15 03 01 00 02                                     .....
[Raw read]: length = 2
0000: 02 2A                                              .*
qtp1683934-29, READ: TLSv1 Alert, length = 2
qtp1683934-29, RECV TLSv1 ALERT: fatal, bad_certificate
qtp1683934-29, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
qtp1683934-29, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
2011-01-19 14:30:39.799:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 7
2011-01-19 14:30:39.799:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled -1
2011-01-19 14:30:39.799:WARN::javax.net.ssl.SSLException: Received fatal alert: bad_certificate
2011-01-19 14:30:39.799:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: bad_certificate
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
qtp1683934-29, called closeOutbound()
qtp1683934-29, closeOutboundInternal()
qtp1683934-29, SEND TLSv1 ALERT: warning, description = close_notify
qtp1683934-29, WRITE: TLSv1 Alert, length = 2
2011-01-19 14:30:39.815:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: bad_certificate
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-19 14:30:39.815:DBUG::EOF org.eclipse.jetty.io.EofException
2011-01-19 14:31:08.815:DBUG::org.eclipse.jetty.io.nio.SelectorManager$SelectSet@98350a JVM BUG(s) - cancelled keys 1 times

Regards,

Miten Mehta

On Wed, Jan 19, 2011 at 12:49 PM, Miten Mehta <mitenm@xxxxxxxxxxxxxxxxx> wrote:

Hi,

does SSL really need certificates ? cannot we have mere SSL encryption without server authentication ?

Based on reply I would need to add CA (self signed) certificate into .jetty_cacerts keystore and CA signed server certificate jetty.pkcs12 into .jetty_keystore. I am not sure how I can link up the keystore to cacerts because it seems from error that when jetty is trying to use server/keystore certificate its not able to validate it to ca/cacerts certificate. I used below command to get the pkcs12 cert into keystore and then changed alias to jetty (default is 1).

keytool -importkeystore -srckeystore server\certificates\jetty.pkcs12 -srcstoretype PKCS12 -destkeystore C:\working\mykeystore\.jetty_keystore

trust store (I tried fresh as well as cacerts provided with jre)
keytool -list -keystore c:\working\mykeystore\.jetty_cacerts -storepass storePass123

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

ca, Jan 19, 2011, trustedCertEntry,
Certificate fingerprint (MD5): 92:26:1B:1F:C3:CB:3F:7B:0C:83:1D:5D:32:12:E8:F5

Here are some more details that show on how the trust store shows ca entry (from jre provided cacerts which I copied over):

keytool -exportcert -keystore c:\working\mykeystore\.jetty_cacerts -storepass changeit -alias ca -file c:\tmp\mitenmehtaCA.crt
Certificate stored in file <c:\tmp\mitenmehtaCA.crt>

keytool -printcert -file c:\tmp\mitenmehtaCA.crt
Owner: EMAILADDRESS=imiten@xxxxxxxxx, CN=Miten Mehta CA, O=Miten Mehta Pvt Ltd,
L=Goregaon, ST=Mumbai, C=IN
Issuer: EMAILADDRESS=imiten@xxxxxxxxx, CN=Miten Mehta CA, O=Miten Mehta Pvt Ltd,
L=Goregaon, ST=Mumbai, C=IN
Serial number: 0
Valid from: Mon Jan 17 15:07:39 IST 2011 until: Thu Jan 14 15:07:39 IST 2021
Certificate fingerprints:
         MD5: 92:26:1B:1F:C3:CB:3F:7B:0C:83:1D:5D:32:12:E8:F5
         SHA1: 00:35:86:F8:5C:BD:D0:5C:1C:6C:5B:76:06:B1:EC:83:D6:C6:39:7E
         Signature algorithm name: MD5withRSA
         Version: 1

keystore
keytool -list -alias jetty -keystore c:\working\mykeystore\.jetty_keystore -storepass storePass123
jetty, Jan 19, 2011, PrivateKeyEntry,

Certificate fingerprint (MD5): A9:F8:27:50:72:78:A4:2C:04:0E:88:96:48:42:2C:CF

Now I get following error of unknown_ca.

2011-01-19 11:53:40.288:DBUG::STARTED org.eclipse.jetty.server.Server@1b15692
2011-01-19 11:53:40.851:DBUG::loaded class org.eclipse.jetty.io.nio.SelectorManager$SelectSet$2 from ContextLoader@Test WebApp([file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/classes/, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-client-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-continuation-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-http-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-io-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-servlets-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-util-7.1.4.v20100610.jar]) / StartLoader[file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/com.sun.el_1.0.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/ecj-3.6RC4.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.el_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.servlet.jsp_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.servlet.jsp.jstl_1.2.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/jetty-jsp-2.1-7.1.4.v20100610.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/org.apache.jasper.glassfish_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/org.apache.taglibs.standard.glassfish_1.2.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/resources/]
2011-01-19 11:58:12.635:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:3129]
2011-01-19 11:58:12.635:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 158
2011-01-19 11:58:12.635:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-19 11:58:12.667:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap unwrap Status = OK HandshakeStatus = NEED_TASK|bytesConsumed = 158 bytesProduced = 0
2011-01-19 11:58:12.760:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] fill wrap Status = OK HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 1416
2011-01-19 11:58:12.760:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 1416/1416
2011-01-19 11:58:12.760:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-19 11:58:12.760:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 7
2011-01-19 11:58:12.760:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled -1
2011-01-19 11:58:12.792:WARN::javax.net.ssl.SSLException: Received fatal alert: unknown_ca
2011-01-19 11:58:12.792:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)

2011-01-19 11:58:12.792:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-19 11:58:12.792:DBUG::EOF org.eclipse.jetty.io.EofException
2011-01-19 11:58:41.792:DBUG::org.eclipse.jetty.io.nio.SelectorManager$SelectSet@1fb3211 JVM BUG(s) - cancelled keys 1 times

Miten Mehta

On Tue, Jan 18, 2011 at 8:52 PM, Justin Sands <justin_sands2000@xxxxxxxxx> wrote:

In Java "KeyStore" and "TrustStore" are different concepts.
Your private keys should be in the "keystore", and certificates for your trusted authorities (CA's) should be in your "truststore".

From: Miten Mehta <Miten.Mehta@xxxxxxxxxxxxxxxxx>
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Sent: Tue, January 18, 2011 2:24:59 AM
Subject: Re: [jetty-users] ssl setup

Hi,

Without the jetty alias private key in keystore how will jetty decrypt ssl communication ? I assume the server certificate public key will be used to sign content send to server and server would need to use private key to decrypt.

Regards,

Miten

On Mon, Jan 17, 2011 at 8:47 PM, Justin Sands <justin_sands2000@xxxxxxxxx> wrote:

Most likely your client certificate is self signed. This won't work.

> javax.net.ssl.SSLException: Received fatal alert: unknown_ca
Your certificate authority (ca) must sign the client cert. The CA's certificate (not private key)
should be the only thing in your truststore.

From: Miten Mehta <Miten.Mehta@xxxxxxxxxxxxxxxxx>
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Sent: Mon, January 17, 2011 7:45:38 AM
Subject: [jetty-users] ssl setup

Hi,

I have c:\working\mykeystore\.jetty_keystore in which I created and imported certificate using openssl and commands from
http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
http://docs.codehaus.org/display/JETTY/How+to+configure+SSL

The keystore imported pkcs12 as entry with alias 1 so I changed it to alias jetty. I am trying clear text passwords but I am just doing things locally on pc.

The keystore is only keystore I have setup and I have jetty-ssl.xml as below:
<Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
    <Set name="Port">8443</Set>
    <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>
    <Set name="Keystore">C:/working/mykeystore/.jetty_keystore</Set>
    <Set name="Password">storePass123</Set>
    <Set name="KeyPassword">password</Set>
        <Set name="truststore">C:/working/mykeystore/.jetty_keystore</Set>
        <Set name="trustPassword">storePass123</Set>
      </New>
    </Arg>
</Call>

is it a problem that both keystore and truststore are same ?

I get below in jetty logs:

2011-01-17 17:57:54.500:INFO::Started SslSelectChannelConnector@0.0.0.0:8443
2011-01-17 17:57:54.500:DBUG::STARTED SslSelectChannelConnector@0.0.0.0:8443
org.eclipse.jetty.server.Server@9e5c73 STOPPED
+-DebugHandler@4fc156 started
    +-HandlerCollection@1a06e38 started
       +-ContextHandlerCollection@2200d5 started
       +-DefaultHandler@64ab4d started

2011-01-17 17:57:54.500:DBUG::STARTED org.eclipse.jetty.server.Server@9e5c73
2011-01-17 17:57:54.921:DBUG::loaded class org.eclipse.jetty.io.nio.SelectorManager$SelectSet$2 from ContextLoader@Test WebApp([file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/classes/, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-client-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-continuation-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-http-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-io-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-servlets-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-util-7.1.4.v20100610.jar]) / StartLoader[file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/com.sun.el_1.0.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/ecj-3.6RC4.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.el_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.servlet.jsp_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.servlet.jsp.jstl_1.2.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/jetty-jsp-2.1-7.1.4.v20100610.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/org.apache.jasper.glassfish_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/org.apache.taglibs.standard.glassfish_1.2.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/resources/]
2011-01-17 18:00:17.908:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:2856]
2011-01-17 18:00:17.908:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 158
2011-01-17 18:00:17.908:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:00:17.955:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap unwrap Status = OK HandshakeStatus = NEED_TASK|bytesConsumed = 158 bytesProduced = 0
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] fill wrap Status = OK HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 1419
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 1419/1419
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 7
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled -1
2011-01-17 18:00:18.095:WARN::javax.net.ssl.SSLException: Received fatal alert: unknown_ca
2011-01-17 18:00:18.095:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:00:18.095:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:00:18.095:DBUG::EOF org.eclipse.jetty.io.EofException
2011-01-17 18:00:55.096:DBUG::org.eclipse.jetty.io.nio.SelectorManager$SelectSet@bd09e8 JVM BUG(s) - cancelled keys 1 times
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:2884]
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 158
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap unwrap Status = OK HandshakeStatus = NEED_TASK|bytesConsumed = 158 bytesProduced = 0
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] fill wrap Status = OK HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 1419
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 1419/1419
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 7
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled -1
2011-01-17 18:05:24.833:WARN::javax.net.ssl.SSLException: Received fatal alert: access_denied
2011-01-17 18:05:24.833:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: access_denied
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:05:24.833:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: access_denied
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:05:24.833:DBUG::EOF org.eclipse.jetty.io.EofException

Regards,

Miten

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users

References:
- [jetty-users] ssl setup
  - From: Miten Mehta
- Re: [jetty-users] ssl setup
  - From: Justin Sands
- Re: [jetty-users] ssl setup
  - From: Miten Mehta
- Re: [jetty-users] ssl setup
  - From: Justin Sands
- Re: [jetty-users] ssl setup
  - From: Miten Mehta

Prev by Date: Re: [jetty-users] Handling several /path* with different handler in the most efficient method possible
Next by Date: Re: [jetty-users] can't start jetty 7.2.0.v20101020
Previous by thread: Re: [jetty-users] ssl setup
Next by thread: [jetty-users] HTTPS: Equivalent to HostnameVerifier?
Index(es):
- Date
- Thread

Breadcrumbs