0
У меня есть сертификат pfx, который я установил в хранилище сертификатов Windows, и я могу подключить его в https rest call с помощью C#.Как подключить сертификат .pfx в запросе на соединение https с использованием Java?
Теперь мне нужно сделать то же самое, используя Java. Я прочитал, что сертификат .pfx имеет закрытый ключ вместе с одним или несколькими сертификатами.
Я получаю следующее сообщение об ошибке: Не удалось создать путь к PKIX: sun.security.provider.certpath.SunCertPathBuilderException: не удалось найти допустимый путь сертификации для запрошенной цели.
Вещи, которые я попробовал в Java
Я сразу взял сертификат из магазина Windows, используя KeyStore кс = KeyStore.getInstance ("Windows-MY", "SunMSCAPI") и создал SSLContext, который я используется в HTTPS вызове
Я импортировал сертификат из магазина Windows, в качестве .cer файла и прочитать его из кода в виде файла и прикрепил его HTTPS называет
Я прочитал файл .pfx из кода и приложил его к вызову.
Я добавил сертификат в файл cacerts Java-Home (C: /Work/certi/jre1.8.0_91/lib/security/cacerts) с помощью KeyTool.
Полный код Java приведен ниже.
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
public class TestElk {
public static void main(String[] args) throws ClientProtocolException, IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException, NoSuchProviderException {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate certificate = certificateFactory.generateCertificate(new FileInputStream(new File("C:/Work/certi/jre1.8.0_91/lib/security/elkcert.cer")));//exported certificate
/* KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
ks.load(null,null);
Enumeration enumeration = ks.aliases();
while(enumeration.hasMoreElements()) {
String alias = (String)enumeration.nextElement();
System.out.println("alias name: " + alias); }
Certificate[] certificate = ks.getCertificateChain("alias");
*/
// Create TrustStore
KeyStore trustStoreContainingTheCertificate = KeyStore.getInstance(KeyStore.getDefaultType());
trustStoreContainingTheCertificate.load(null, null);
trustStoreContainingTheCertificate.setCertificateEntry("cert", certificate);
// Create SSLContext
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStoreContainingTheCertificate);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null,trustManagerFactory.getTrustManagers(),new SecureRandom());
SSLContext.setDefault(sslContext);
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
URL url = new URL("https://server-link");
//System.setProperty("http.proxyHost", "53.88.72.33");
//System.setProperty("http.proxyPort", "3128");
System.setProperty("https.proxyHost", "53.54.242.1"); //53.54.242.1 //53.88.72.33
System.setProperty("https.proxyPort", "3128");
HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko");
con.setConnectTimeout(10000);
con.setSSLSocketFactory(sslContext.getSocketFactory());
con.connect();
BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream()));
StringBuilder sb = new StringBuilder();
String line;
while ((line = br.readLine()) != null) {
sb.append(line+"\n");
}
br.close();
System.out.println(sb.toString());
//int s= con.getResponseCode(); }
// Обновленный журнал ***
found key for : le-73c3dc43-59cf-4670-bd18-f45e494b4665
chain [0] = [
[
Version: V3
Subject: [email protected], CN=jeevan prabhu, O=Daimler, C=CN
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 27368449866914129723500503176831478007296758168967589692889832762141659805146912560065876097551667853854011001887379985708828243516550492949959665979237307625901517971433539548139765152375422038619092079719846982034708966248696229974855061319416256122459045953600019539455344497602710553644389901419699415034477278853563543972370068295173539163760041683704471473667954137282277855152231315090389078024842488439822756894989037644423269151549823320319860308586281589011540904600487459719471619164161115336257392616608918310119763980611633724027902526388937052770554470978373859860887225893702554027311795151439916311633
public exponent: 65537
Validity: [From: Thu Jun 23 08:26:16 IST 2016,
To: Mon Jun 17 08:26:16 IST 2041]
Issuer: CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=CN
SerialNumber: [ 59b45942 00000003 63ab]
Certificate Extensions: 9
[1]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 37 30 35 30 0E 06 08 2A 86 48 86 F7 0D 03 02 .7050...*.H.....
0010: 02 02 00 80 30 0E 06 08 2A 86 48 86 F7 0D 03 04 ....0...*.H.....
0020: 02 02 00 80 30 07 06 05 2B 0E 03 02 07 30 0A 06 ....0...+....0..
0030: 08 2A 86 48 86 F7 0D 03 07 .*.H.....
[2]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1A 30 18 30 0A 06 08 2B 06 01 05 05 08 02 02 ..0.0...+.......
0010: 30 0A 06 08 2B 06 01 05 05 07 03 02 0...+.......
[3]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2F 30 2D 06 25 2B 06 01 04 01 82 37 15 08 81 ./0-.%+.....7...
0010: BD C0 5F D3 D6 7F 81 BD 89 13 86 8E E3 12 81 D1 .._.............
0020: 86 44 52 81 88 BB 72 84 93 C4 6D 02 01 64 02 01 .DR...r...m..d..
0030: 0D .
[4]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=MBIIS%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=daivb,DC=local?cACertificate?base?objectClass=certificationAuthority
]
]
[5]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: BF 92 E7 25 6F 14 53 76 7F 0A B1 BF F8 BE 45 79 ...%o.Sv......Ey
0010: 1F 6E 06 A6 .n..
]
]
[6]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=MBIIS%20CA,CN=dai1p9aw,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=daivb,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint]
]]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
1.3.6.1.5.5.8.2.2
clientAuth
]
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CA 01 74 A8 09 E7 66 42 51 25 FF B6 D0 F2 FC C4 ..t...fBQ%......
0010: 82 2B F1 96 .+..
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 0D BD 80 85 88 95 01 95 02 91 BD 26 7A 68 53 64 ...........&zhSd
0010: E4 D3 CA 75 2A 8E A5 28 B2 00 23 9B 2A 27 47 26 ...u*..(..#.*'G&
0020: 43 78 07 67 FF D5 6E 59 81 36 CF 8A 1A E8 E2 02 Cx.g..nY.6......
0030: FB 43 B9 59 5C 03 33 B4 F8 CF B0 56 F7 B4 5A A4 .C.Y\.3....V..Z.
0040: 41 CA A9 19 49 FC E7 5A 0E A2 7F AF E1 F0 01 08 A...I..Z........
0050: 31 2A 6A 7C 37 AD A8 19 00 84 80 FA F8 CA 17 ED 1*j.7...........
0060: C6 25 11 5C 1F D7 6E 4B 39 D0 FA 40 6C 12 45 68 .%.\[email protected]
0070: 8B C0 28 D4 2A E6 46 22 A6 51 9C B0 16 19 F2 57 ..(.*.F".Q.....W
0080: 1E 09 26 02 1C 78 D0 E4 A2 9D DC B0 61 1C 40 AC ..&[email protected]
0090: 28 E6 D0 DC AC 81 4E 85 E8 30 AA D5 C8 3E ED 3F (.....N..0...>.?
00A0: 06 E0 20 55 67 D3 8D 4D 53 CE 81 2E 92 1F 4C 63 .. Ug..MS.....Lc
00B0: 72 46 A1 78 DF B0 A9 04 F9 CE DA A1 7A B2 0F 89 rF.x........z...
00C0: 90 11 8D 65 A2 EC 06 74 7D 73 2F 7A 80 95 DE 99 ...e...t.s/z....
00D0: A8 F7 94 36 54 B6 1B D5 67 05 CD 64 ED 02 30 1B ...6T...g..d..0.
00E0: C0 64 0A 50 B1 EA 5F 3F 9B 58 DC 08 C4 53 B0 C3 .d.P.._?.X...S..
00F0: 35 DB A6 C6 FB 37 BC B8 F8 26 3A 27 42 93 0D E2 5....7...&:'B...
]
***
adding as trusted cert:
Subject: CN=MBIIS5 CA, OU=MBIIS, O=DAIMLER, C=DE
Issuer: CN=MBIIS5 CA, OU=MBIIS, O=DAIMLER, C=DE
Algorithm: RSA; Serial number: 0x5a4d1fc313760d9148d17af906efeece
Valid from Tue Mar 20 22:16:26 IST 2012 until Mon Mar 20 22:26:24 IST 2062
adding as trusted cert:
Subject: CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=DE
Issuer: CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=DE
Algorithm: RSA; Serial number: 0x1715e55f2a9240a94dc80c59bae2ca25
Valid from Mon Jun 28 20:26:48 IST 2010 until Mon Jun 28 20:36:48 IST 2060
adding as trusted cert:
Subject: [email protected], CN=Prabhu Jeevan, OU=MBIIS-CERT, O=Daimler AG, L=Stuttgart, ST=Baden-W?rttemberg, C=DE
Issuer: CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=DE
Algorithm: RSA; Serial number: 0x130d73a10000009ccf30
Valid from Tue May 17 23:34:57 IST 2016 until Wed Nov 08 23:34:57 IST 2017
adding as trusted cert:
Subject: [email protected], CN=Jeevan Prabhu, OU=MBIIS-CERT, O=Daimler AG, L=Stuttgart, ST=Baden-W?rttemberg, C=DE
Issuer: CN=MBIIS5 CA, OU=MBIIS, O=DAIMLER, C=DE
Algorithm: RSA; Serial number: 0x13d2e9cd0000001e719a
Valid from Tue May 17 23:35:28 IST 2016 until Wed Nov 08 23:35:28 IST 2017
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1..... continue
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1484670378 bytes = { 207, 125, 5, 137, 224, 245, 21, 31, 27, 197, 224, 146, 119, 53, 202, 62, 114, 111, 201, 143, 85, 170, 231, 99, 175, 51, 124, 119 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, ............, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
main, WRITE: TLSv1.2 Handshake, length = 235
main, READ: TLSv1.2 Handshake, length = 81
*** ServerHello, TLSv1.2
RandomCookie: GMT: -867125540 bytes = { 115, 225, 152, 34, 222, 214, 163, 26, 245, 190, 80, 83, 60, 205, 212, 236, 103, 136, 1, 12, 169, 55, 49, 102, 113, 126, 217, 44 }
Session ID: {97, 121, 127, 194, 27, 107, 56, 21, 210, 120, 20, 234, 30, 118, 220, 20, 221, 222, 26, 226, 171, 39, 189, 184, 130, 182, 25, 1, 47, 97, 10, 152}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA256]
** TLS_RSA_WITH_AES_256_CBC_SHA256
main, READ: TLSv1.2 Handshake, length = 2408
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=*.dvb.corpinter.net, OU=ITC/TO, O=Daimler AG, L=Stuttgart, ST=Baden Wuerttemberg, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 27748736100587112928860921597825332626980929915520784685042550135051945153020262837011152755968232631564348081573874555059694010785459833949759074107544815807591835706969030908865057160990890033919360376081549329263588415634998430387329604208252889894923996912582837256308406946604969674095221598510307519906003810527522159363925477842753046260677420002481084352637477100300908795314306185946907790828276818923859602022327605689150384341018359352351466842416265938386496771089863881354409527670520673087153098645268124872704139545973458128115720565263685381721502024366306554684741951286391387579159419918837245401529
public exponent: 65537
Validity: [From: Thu Apr 16 19:34:34 IST 2015,
To: Sun Apr 15 19:34:34 IST 2018]
Issuer: CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=DE
SerialNumber: [ 7e80a183 0000002d 1c1e]
Certificate Extensions: 9
[1]: ObjectId: 1.2.840.113549.1.9.15 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 37 30 35 30 0E 06 08 2A 86 48 86 F7 0D 03 02 .7050...*.H.....
0010: 02 02 00 80 30 0E 06 08 2A 86 48 86 F7 0D 03 04 ....0...*.H.....
0020: 02 02 00 80 30 07 06 05 2B 0E 03 02 07 30 0A 06 ....0...+....0..
0030: 08 2A 86 48 86 F7 0D 03 07 .*.H.....
[2]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1A 30 18 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......
0010: 30 0A 06 08 2B 06 01 05 05 08 02 02 0...+.......
[3]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2E 30 2C 06 24 2B 06 01 04 01 82 37 15 08 81 ..0,.$+.....7...
0010: BD C0 5F D3 D6 7F 81 BD 89 13 86 8E E3 12 81 D1 .._.............
0020: 86 44 52 86 C8 C0 56 E3 E4 6C 02 01 64 02 01 0C .DR...V..l..d...
[4]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=MBIIS%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=daivb,DC=local?cACertificate?base?objectClass=certificationAuthority
]
]
[5]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 62 00 67 F4 5C 0E 5C 0A 0A B9 2B E5 AE CC D7 8B b.g.\.\...+.....
0010: 2D 4A 24 9D -J$.
]
]
[6]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=MBIIS%20CA,CN=dai1p9aw,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=daivb,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint]
]]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
1.3.6.1.5.5.8.2.2
]
[8]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 37 FE D2 7E 8E 27 3B 5B BF 21 08 41 17 6B BD A5 7....';[.!.A.k..
0010: B2 FA 5F B6 .._.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 44 05 1B 42 E1 E1 C2 F9 DB 58 B9 53 22 D3 33 FD D..B.....X.S".3.
0010: 83 60 2A 25 82 ED CA F1 44 F2 89 7B 9A 28 63 79 .`*%....D....(cy
0020: 88 F5 4D 20 AF 83 92 BB 66 5D 78 59 FB 0C 99 2E ..M ....f]xY....
0030: D5 8C 91 E2 22 1A 9B 47 5E 56 C4 E5 9D A7 DE 34 ...."..G^V.....4
0040: AB CA 14 E5 34 B3 C8 4A 6E F7 AD 78 68 99 8B 22 ....4..Jn..xh.."
0050: E4 05 4F 1F 27 2A B3 92 B8 A4 7C BD 18 38 C4 CA ..O.'*.......8..
0060: 19 45 81 8B CE A8 08 D8 DF 04 48 8B E2 54 F9 64 .E........H..T.d
0070: 98 61 FE 3A 45 B3 AA A2 69 3B 03 86 5D 7E EF E7 .a.:E...i;..]...
0080: AC E0 6C 2D 02 0A 73 82 F7 C0 29 7E C7 E5 60 93 ..l-..s...)...`.
0090: 42 D8 79 46 8A FC C8 84 D0 6D 72 EA 92 C5 B7 B2 B.yF.....mr.....
00A0: 0D 73 B7 B0 42 FF FB 0D CC 00 AA FC B3 88 D5 33 .s..B..........3
00B0: 95 57 4E 4F 39 90 FC 58 60 67 FA 50 D7 73 6D A4 .WNO9..X`g.P.sm.
00C0: 0F FA 7E 3C FE 49 06 9C 5D B8 C1 DD 64 EA 22 75 ...<.I..]...d."u
00D0: B0 61 03 08 A5 A9 4B 87 2D EB 5E FA D0 8F 11 5F .a....K.-.^...._
00E0: E2 79 34 5C 77 EC 37 5A 22 F9 71 9F 7B 79 35 70 .y4\w.7Z".q..y5p
00F0: 98 6F E6 5D EC C0 40 54 5D 54 57 A0 47 AF CD D0 .o.][email protected]]TW.G...
]
chain [1] = [
[
Version: V3
Subject: CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 24104444811143326267130264023577178680973916470831280759643531973257629222168916359016172218857182756716104899411258925904845079510424720911554607511000840573800841346260746233428415412108916467592622741040015062915309728808081914667410275899644465817818675053205357635217014340797848471757892414383337049519358899230045078298081469328516241639340529766193360233016562533555532864203497360114503678900837817656910563576987410015507748763852488285680964594948614778252464651499333166901713056248957614571140149838273872906414760362673881121428181376522799266908340968816891352553671095337663133976488159987228336805871
public exponent: 65537
Validity: [From: Mon Jun 28 20:26:48 IST 2010,
To: Mon Jun 28 20:36:48 IST 2060]
Issuer: CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=DE
SerialNumber: [ 1715e55f 2a9240a9 4dc80c59 bae2ca25]
Certificate Extensions: 4
[1]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 03 02 01 00 .....
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 62 00 67 F4 5C 0E 5C 0A 0A B9 2B E5 AE CC D7 8B b.g.\.\...+.....
0010: 2D 4A 24 9D -J$.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 80 3F 6C 37 E5 B2 23 A5 00 2D 11 9E 5D 1A E8 2F .?l7..#..-..]../
0010: D7 E8 56 E4 86 FF B9 8A F8 E7 1A 70 49 66 CA E7 ..V........pIf..
0020: 4B 64 46 9B 17 31 AC 05 F2 44 28 38 79 08 54 F6 KdF..1...D(8y.T.
0030: CD 08 1E 05 DC 8C 01 41 70 C3 6D 45 89 92 16 39 .......Ap.mE...9
0040: 5A 45 9F 0E 10 B6 85 6A C2 3B 52 1F 0B 8E F7 CD ZE.....j.;R.....
0050: 4A D9 67 FC 04 25 A8 E6 75 99 31 C5 7E 9D A9 0E J.g..%..u.1.....
0060: 7C 4F CE 87 E6 9B 0B D7 EC 2E 05 10 8F 2A 0C 70 .O...........*.p
0070: 01 C2 F1 5E F2 06 10 0B 9F C9 AE 0C C4 A6 18 40 ...^[email protected]
0080: D4 98 38 CC D0 8E 97 1F 23 07 15 D2 FF 32 75 2D ..8.....#....2u-
0090: F6 3E DF 50 A5 75 4A EC E1 E7 4A FD 01 6E 98 0E .>.P.uJ...J..n..
00A0: DB 6A 41 55 BC 64 D7 B4 26 6E E9 76 65 F0 98 3E .jAU.d..&n.ve..>
00B0: 5B 62 12 C7 7E 1C 4F 97 4E 85 B6 5D C3 B9 CA D8 [b....O.N..]....
00C0: 39 3F BB 30 F4 0F 3D C9 C1 26 B2 30 42 F5 9F 6A 9?.0..=..&.0B..j
00D0: C0 94 F2 5F 9D 91 D7 EB 44 4D 6C B1 CE 09 AA A0 ..._....DMl.....
00E0: D8 39 11 4C 59 C5 68 2D D8 5A 37 FA 0D E1 28 F1 .9.LY.h-.Z7...(.
00F0: 45 09 F4 CD 94 18 8F BA CC A6 99 56 99 CC E8 85 E..........V....
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 24104444811143326267130264023577178680973916470831280759643531973257629222168916359016172218857182756716104899411258925904845079510424720911554607511000840573800841346260746233428415412108916467592622741040015062915309728808081914667410275899644465817818675053205357635217014340797848471757892414383337049519358899230045078298081469328516241639340529766193360233016562533555532864203497360114503678900837817656910563576987410015507748763852488285680964594948614778252464651499333166901713056248957614571140149838273872906414760362673881121428181376522799266908340968816891352553671095337663133976488159987228336805871
public exponent: 65537
Validity: [From: Mon Jun 28 20:26:48 IST 2010,
To: Mon Jun 28 20:36:48 IST 2060]
Issuer: CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=DE
SerialNumber: [ 1715e55f 2a9240a9 4dc80c59 bae2ca25]
Certificate Extensions: 4
[1]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 03 02 01 00 .....
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 62 00 67 F4 5C 0E 5C 0A 0A B9 2B E5 AE CC D7 8B b.g.\.\...+.....
0010: 2D 4A 24 9D -J$.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 80 3F 6C 37 E5 B2 23 A5 00 2D 11 9E 5D 1A E8 2F .?l7..#..-..]../
0010: D7 E8 56 E4 86 FF B9 8A F8 E7 1A 70 49 66 CA E7 ..V........pIf..
0020: 4B 64 46 9B 17 31 AC 05 F2 44 28 38 79 08 54 F6 KdF..1...D(8y.T.
0030: CD 08 1E 05 DC 8C 01 41 70 C3 6D 45 89 92 16 39 .......Ap.mE...9
0040: 5A 45 9F 0E 10 B6 85 6A C2 3B 52 1F 0B 8E F7 CD ZE.....j.;R.....
0050: 4A D9 67 FC 04 25 A8 E6 75 99 31 C5 7E 9D A9 0E J.g..%..u.1.....
0060: 7C 4F CE 87 E6 9B 0B D7 EC 2E 05 10 8F 2A 0C 70 .O...........*.p
0070: 01 C2 F1 5E F2 06 10 0B 9F C9 AE 0C C4 A6 18 40 ...^[email protected]
0080: D4 98 38 CC D0 8E 97 1F 23 07 15 D2 FF 32 75 2D ..8.....#....2u-
0090: F6 3E DF 50 A5 75 4A EC E1 E7 4A FD 01 6E 98 0E .>.P.uJ...J..n..
00A0: DB 6A 41 55 BC 64 D7 B4 26 6E E9 76 65 F0 98 3E .jAU.d..&n.ve..>
00B0: 5B 62 12 C7 7E 1C 4F 97 4E 85 B6 5D C3 B9 CA D8 [b....O.N..]....
00C0: 39 3F BB 30 F4 0F 3D C9 C1 26 B2 30 42 F5 9F 6A 9?.0..=..&.0B..j
00D0: C0 94 F2 5F 9D 91 D7 EB 44 4D 6C B1 CE 09 AA A0 ..._....DMl.....
00E0: D8 39 11 4C 59 C5 68 2D D8 5A 37 FA 0D E1 28 F1 .9.LY.h-.Z7...(.
00F0: 45 09 F4 CD 94 18 8F BA CC A6 99 56 99 CC E8 85 E..........V....
]
main, READ: TLSv1.2 Handshake, length = 100
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA
Cert Authorities:
<CN=MBIIS CA, OU=MBIIS, O=DAIMLER, C=DE>
main, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
main, WRITE: TLSv1.2 Handshake, length = 269
SESSION KEYGEN:
PreMaster Secret:
0000: 03 03 65 3D 93 A0 BE CF D9 EF 55 43 5F F7 7E CA ..e=......UC_...
0010: 91 72 3F 89 30 5E CE E6 09 3C A6 0C 14 45 B8 E9 .r?.0^...<...E..
0020: A3 79 3D 88 D0 44 42 D1 D1 D2 D1 8B 7E E4 F3 F4 .y=..DB.........
CONNECTION KEYGEN:
Client Nonce:
0000: 58 7E 46 AA CF 7D 05 89 E0 F5 15 1F 1B C5 E0 92 X.F.............
0010: 77 35 CA 3E 72 6F C9 8F 55 AA E7 63 AF 33 7C 77 w5.>ro..U..c.3.w
Server Nonce:
0000: CC 51 B7 DC 73 E1 98 22 DE D6 A3 1A F5 BE 50 53 .Q..s.."......PS
0010: 3C CD D4 EC 67 88 01 0C A9 37 31 66 71 7E D9 2C <...g....71fq..,
Master Secret:
0000: 04 FA 3B FD E8 88 FF 8F 49 75 76 93 80 29 B4 47 ..;.....Iuv..).G
0010: 95 EB BA 3A 83 30 3E 06 46 E2 76 15 03 43 1C BD ...:.0>.F.v..C..
0020: 71 AE 7F E7 20 54 1A 18 D6 19 62 6D 1B 25 8C 29 q... T....bm.%.)
Client MAC write Secret:
0000: 15 32 CD F5 83 39 1C 23 4A 7D 4E D7 DD F1 89 A0 .2...9.#J.N.....
0010: B5 8B 89 A6 2C 93 9F 9F FD 38 35 E5 8A 23 4E 03 ....,....85..#N.
Server MAC write Secret:
0000: 35 B2 17 66 89 D1 61 3F 95 7D 0D 87 1E 8C EE 0B 5..f..a?........
0010: 30 BC 49 06 8E 44 D4 34 8E 08 9F 22 45 9C 57 47 0.I..D.4..."E.WG
Client write key:
0000: B8 38 9E C9 C1 9C 60 F3 A9 0B 4C FC 12 1F 93 4E .8....`...L....N
0010: AC 1D 81 C2 5E B7 5B 94 D7 99 93 5D 7A B9 4A F5 ....^.[....]z.J.
Server write key:
0000: B7 72 1B 4A 7F C9 9A B8 B2 9B DD 01 2F 83 4E 18 .r.J......../.N.
0010: 2D DC 42 87 1E E7 0C 28 0D A6 2D 9F 5C 11 25 1C -.B....(..-.\.%.
... no IV derived for this protocol
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 138, 223, 134, 235, 140, 89, 127, 163, 191, 12, 217, 72 }
***
main, WRITE: TLSv1.2 Handshake, length = 80
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA256]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Я добавляю только один сертификат в доверительном менеджер т.е. Тема: [email protected], CN = Прабху Дживан, OU = MBIIS-CERT, O = Daimler AG, L = Штутгарт, ST = B aden-W? rttemberg, C = DE Эмитент: CN = MBIIS CA, OU = MBIIS, O = DAIMLER, C = DE Алгоритм: RSA; Серийный номер: 0x130d73a10000009ccf30 Действительно с понедельника 17 мая 23:34:57 IST 2016 до Сре ноября 08 23:34:57 IST 2017. Как два сертификата появляются в цепочке сертификатов.? Я не добавляю их. – Jeev
«Не удалось найти допустимый путь сертификации к запрашиваемой цели» указывает, что Root/Sub CA не доверяется. В вашем случае вы не доверяете Root (CA MBIIS), который выдал сертификат сервера для пункта назначения «CN = *. Dvb.corpinter.net» ... –
Я новичок в этом. можете ли вы сказать мне, как мне доверять Корню? Я уже добавил сертификат MBIIS CA ti cacerts. – Jeev