I got the following from s_client:
didn't found starttls in server response, try anyway...
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=GB/ST=Foo/L=Bar/O=The University of FooBar/OU=The University of
FooBar/CN=The University of FooBar CA/emailAddress=postmas...@foobar.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
500 Command EHLO unregcognized
read:errno=0
SSL3 alert write:warning:close notify
I presume it worked up until the SMTP protocol started.
It confirms that the certificate I got was self-signed, but then seems to
proceed without issue, so
unfortunately I'm still no wiser as to why my client gets
"SSLHandshakeException: Received fatal alert: unknown_ca"
On Apr 16, 2013, at 3:51 PM, Chris Hecker <chec...@d6.com> wrote:
>
> Have you gotten openssl s_client working with it for starters? I always
> do that first to make sure things are working.
>
> Chris
>
> On 2013-04-15 22:47, George Francis wrote:
>> I was able to resolve my previous issue regarding the message 'No
>> trusted certificate found' but obtaining a self-signed root certificate
>> from the customer, now I get further through the handshake procedure but
>> still get an exception during ClientKeyExchange as follows:
>>
>> main, WRITE: TLSv1 Handshake, length = 32
>> main, READ: TLSv1 Alert, length = 2
>> main, RECV TLSv1 ALERT: fatal, unknown_ca
>> main, called closeSocket()
>> main, handling exception: javax.net.ssl.SSLHandshakeException: Received
>> fatal alert: unknown_ca
>>
>> I gather that this is to do with the server certificate being signed by
>> the organization who owns the cosign server themselves, as opposed to a
>> trusted 3rd party signing authority. Is that correct? What are the
>> steps for my client to resolve it?
>> I'd be very grateful for any advice, as I have spent several days trying
>> to get this handshake to work.
>>
>> --
>> George
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Precog is a next-generation analytics platform capable of advanced
>> analytics on semi-structured data. The platform includes APIs for building
>> apps and a phenomenal toolset for data science. Developers can use
>> our toolset for easy data analysis & visualization. Get a free account!
>> http://www2.precog.com/precogplatform/slashdotnewsletter
>>
>>
>>
>> _______________________________________________
>> Cosign-discuss mailing list
>> Cosign-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Cosign-discuss mailing list
> Cosign-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
