Strange. I was expecting to see an error in this log. The server has definitely sent the certificate chain, so the client and server are communicating.
At the end, it says "SSL v3.0 Handshake", so check that you have got your "Use SSL 3.0" option checked in your Internet Options (Advanced tab). A long shot, I know. If this is the end of the log, it looks like the server is waiting for more information from the client. This may be the point where IE is supposed to bring up a dialog asking you if you accept the certificate, or a dialog asking you for the client certificate to send to the server. I'm not sure. Andy -----Original Message----- From: Donie Kelly To: 'Bodycombe, Andrew'; Donie Kelly; ''Tomcat Users List' ' Sent: 12/12/2002 16:14 Subject: [OT] RE: Creating a signed SSL certificate with my own CA Here's a trace of the SSL using CATALINA_OPTS="-Djavax.net.debug=ALL" It's large so I'd appreciate if somebody who can understand this stuff could point me in some direction. Thanks Donie Apache Tomcat/4.0.4 12 Dec 16:04:24 [RELAYSTARTUP] [INFO Alarms.144] BACKGOUND_THREADS alarm has been switched OFF 12 Dec 16:04:24 [LDAP Operator-MESSAGE-STORE] [INFO Alarms.144] MESSAGE_STORE alarm has been switched OFF 12 Dec 16:04:25 [LDAP Operator-LDAP-CACHE] [INFO Alarms.144] LDAP_CACHES alarm has been switched OFF Finalizer, SEND SSL v3.1 ALERT: warning, description = close_notify Finalizer, WRITE: SSL v3.1 Alert, length = 2 [read] MD5 and SHA1 hashes: len = 3 0000: 01 03 00 ... [read] MD5 and SHA1 hashes: len = 73 0000: 00 33 00 00 00 10 00 00 04 00 00 05 00 00 0A 01 .3.............. 0010: 00 80 07 00 C0 03 00 80 00 00 09 06 00 40 00 00 .............@.. 0020: 64 00 00 62 00 00 03 00 00 06 02 00 80 04 00 80 d..b............ 0030: 00 00 13 00 00 12 00 00 63 78 91 B2 8F 94 4C 65 ........cx....Le 0040: EE F2 AD 21 F5 18 D7 A5 BB ...!..... HttpProcessor[443][4], READ: SSL v2, contentType = 22, translated length = 65 *** ClientHello, v3.0 RandomCookie: GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 120, 145, 178, 143, 148, 76, 101, 238, 242, 173, 33, 245, 24, 215, 165, 187 } Session ID: {} Cipher Suites: { 0, 4, 0, 5, 0, 10, 0, 9, 0, 100, 0, 98, 0, 3, 0, 6, 0, 19, 0, 18, 0, 99 } Compression Methods: { 0 } *** %% Created: [Session-1, SSL_NULL_WITH_NULL_NULL] matching server alias : client *** ServerHello, v3.0 RandomCookie: GMT: 1022866086 bytes = { 75, 187, 79, 84, 25, 0, 159, 141, 94, 87, 237, 18, 177, 217, 24, 51, 123, 66, 77, 118, 51, 41, 57, 155, 56, 165, 203, 208 } Session ID: {61, 248, 179, 166, 219, 88, 242, 12, 148, 68, 61, 81, 220, 184, 52, 137, 146, 135, 207, 23, 128, 188, 14, 47, 246, 149, 54, 36, 82, 54, 255, 253} Cipher Suite: { 0, 19 } Compression Method: 0 *** Cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=xenia.tecnomen.ie, OU=dad, O=tecnomen, ST=clare, C=IE Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun DSA Public Key Parameters:DSA p: fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 b6512669 455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7 6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb 83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7 q: 9760508f 15230bcc b292b982 a2eb840b f0581cf5 g: f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 3d078267 5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1 3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a y: 89fd70d7 22014032 6e0b42d6 50a1a02c 65ee48da c7497916 bd0c9042 e8f6cd36 54bd2e02 4a0af933 0b4135fe fae96972 a50bad43 920ec9ff f48ed90a 4f786f9b 89758fca a48330fa b55340ed b4d3edc2 ee8133ff ba083e46 6bee41cc f47620ee 14d2762a 9f271fd9 6ced97ba e48abe17 286430f1 8dc36dea 5342ca5f ff53abad Validity: [From: Thu Dec 12 12:20:39 GMT+00:00 2002, To: Fri Dec 12 12:20:39 GMT+00:00 2003] Issuer: CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE SerialNumber: [ 01] Certificate Extensions: 4 [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene 0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat 0020: 65 e [2]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: FC 88 B1 F0 C6 7F 17 E0 FC CD B2 14 99 B1 2A AA ..............*. 0010: 8D 67 53 51 .gSQ ] ] [3]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 2C .."............, 0010: E3 AA 0C 2E .... ] [CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE] SerialNumber: [ 0 ] ] [4]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:false PathLen: undefined ] ] Algorithm: [MD5withRSA] Signature: 0000: 5C E5 FB 21 12 2B 68 E9 1F EC 42 B2 C4 B4 1B FE \..!.+h...B..... 0010: FE 8A 44 9F 21 A1 B5 13 F5 74 C7 AC DE D7 F6 19 ..D.!....t...... 0020: B2 69 F6 4A 4C 6D FF 34 69 CC 7D F2 C1 7A DC 19 .i.JLm.4i....z.. 0030: EF 9C 13 DB 97 9E 03 E2 2B F2 F5 BA 90 45 A6 33 ........+....E.3 0040: 31 E9 02 B6 E7 88 50 5A 42 9D 52 6C 12 59 AA 5D 1.....PZB.Rl.Y.] 0050: BC 65 F0 AD E9 72 48 1C 71 02 D3 EF 71 0A FC E1 .e...rH.q...q... 0060: 45 04 D5 AE 23 2A E7 13 1D 3D B6 CA 5B 4A 75 BC E...#*...=..[Ju. 0070: 81 F2 1B 3D A2 C7 69 77 2D 15 45 CC B7 B8 B3 0D ...=..iw-.E..... ] chain [1] = [ [ Version: V3 Subject: CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: com.sun.rsajca.JSA_RSAPublicKey@60a26f Validity: [From: Thu Dec 12 12:18:29 GMT+00:00 2002, To: Fri Dec 12 12:18:29 GMT+00:00 2003] Issuer: CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE SerialNumber: [ 0 ] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 2C .."............, 0010: E3 AA 0C 2E .... ] ] [2]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 2C .."............, 0010: E3 AA 0C 2E .... ] [CN=tecnomen ca, OU=dad, O=tecnomen, L=shannon, ST=clare, C=IE] SerialNumber: [ 0 ] ] [3]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] ] Algorithm: [MD5withRSA] Signature: 0000: 4A EC C3 08 97 C3 C9 D3 E4 56 DA C1 11 FF D7 36 J........V.....6 0010: 7D F0 2A E0 C2 B4 D9 86 6E 94 6D 52 50 4C CF E2 ..*.....n.mRPL.. 0020: A1 C2 63 F1 95 CE 61 5C 76 4C 6D C0 A9 C5 50 66 ..c...a\vLm...Pf 0030: 1C D1 B3 1D 02 EE B2 EB C0 DC F5 ED B1 32 A1 0F .............2.. 0040: F1 94 29 CD 37 11 BC 3B 90 85 BD BE 1F A8 39 44 ..).7..;......9D 0050: 5E BC 1C 6F 21 65 DD 9C 1F 98 0A 07 88 4C F1 CE ^..o!e.......L.. 0060: 46 1D 8F 73 40 F5 52 E0 C4 88 A7 00 EA EE 20 E6 F..s@.R....... . 0070: 05 5D A1 3C DF 5D C4 F9 EF 86 8B 3C C9 D6 99 3F .].<.].....<...? ] *** *** Diffie-Hellman ServerKeyExchange DH Modulus = { 0, 244, 136, 253, 88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56, 13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35, 192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52, 253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255, 60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134, 196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10, 80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137, 75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 } DH Base = { 2 } Server DH Public Key = { 62, 89, 155, 129, 104, 55, 141, 77, 209, 130, 52, 11, 217, 217, 202, 16, 69, 80, 115, 88, 62, 149, 1, 16, 171, 253, 12, 73, 89, 239, 153, 44, 101, 44, 30, 24, 9, 12, 188, 14, 191, 74, 147, 189, 81, 187, 6, 45, 193, 35, 110, 30, 84, 55, 144, 102, 85, 64, 179, 93, 78, 66, 21, 165, 32, 254, 29, 126, 24, 117, 169, 33, 237, 30, 221, 19, 168, 206, 29, 216, 120, 170, 121, 96, 186, 50, 111, 30, 203, 71, 238, 60, 185, 23, 115, 71, 89, 54, 138, 115, 199, 97, 114, 139, 132, 125, 243, 18, 66, 138, 0, 82, 115, 108, 93, 67, 99, 252, 88, 101, 214, 103, 33, 27, 74, 116, 244, 79 } Signed with a DSA or RSA public key *** ServerHelloDone [write] MD5 and SHA1 hashes: len = 2276 0000: 02 00 00 46 03 00 3D F8 B3 A6 4B BB 4F 54 19 00 ...F..=...K.OT.. 0010: 9F 8D 5E 57 ED 12 B1 D9 18 33 7B 42 4D 76 33 29 ..^W.....3.BMv3) 0020: 39 9B 38 A5 CB D0 20 3D F8 B3 A6 DB 58 F2 0C 94 9.8... =....X... 0030: 44 3D 51 DC B8 34 89 92 87 CF 17 80 BC 0E 2F F6 D=Q..4......../. 0040: 95 36 24 52 36 FF FD 00 13 00 0B 00 07 56 00 07 .6$R6........V.. 0050: 53 00 04 43 30 82 04 3F 30 82 03 A8 A0 03 02 01 S..C0..?0....... 0060: 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H..... 0070: 04 05 00 30 66 31 0B 30 09 06 03 55 04 06 13 02 ...0f1.0...U.... 0080: 49 45 31 0E 30 0C 06 03 55 04 08 13 05 63 6C 61 IE1.0...U....cla 0090: 72 65 31 10 30 0E 06 03 55 04 07 13 07 73 68 61 re1.0...U....sha 00A0: 6E 6E 6F 6E 31 11 30 0F 06 03 55 04 0A 13 08 74 nnon1.0...U....t 00B0: 65 63 6E 6F 6D 65 6E 31 0C 30 0A 06 03 55 04 0B ecnomen1.0...U.. 00C0: 13 03 64 61 64 31 14 30 12 06 03 55 04 03 13 0B ..dad1.0...U.... 00D0: 74 65 63 6E 6F 6D 65 6E 20 63 61 30 1E 17 0D 30 tecnomen ca0...0 00E0: 32 31 32 31 32 31 32 32 30 33 39 5A 17 0D 30 33 21212122039Z..03 00F0: 31 32 31 32 31 32 32 30 33 39 5A 30 5A 31 0B 30 1212122039Z0Z1.0 0100: 09 06 03 55 04 06 13 02 49 45 31 0E 30 0C 06 03 ...U....IE1.0... 0110: 55 04 08 13 05 63 6C 61 72 65 31 11 30 0F 06 03 U....clare1.0... 0120: 55 04 0A 13 08 74 65 63 6E 6F 6D 65 6E 31 0C 30 U....tecnomen1.0 0130: 0A 06 03 55 04 0B 13 03 64 61 64 31 1A 30 18 06 ...U....dad1.0.. 0140: 03 55 04 03 13 11 78 65 6E 69 61 2E 74 65 63 6E .U....xenia.tecn 0150: 6F 6D 65 6E 2E 69 65 30 82 01 B8 30 82 01 2C 06 omen.ie0...0..,. 0160: 07 2A 86 48 CE 38 04 01 30 82 01 1F 02 81 81 00 .*.H.8..0....... 0170: FD 7F 53 81 1D 75 12 29 52 DF 4A 9C 2E EC E4 E7 ..S..u.)R.J..... 0180: F6 11 B7 52 3C EF 44 00 C3 1E 3F 80 B6 51 26 69 ...R<.D...?..Q&i 0190: 45 5D 40 22 51 FB 59 3D 8D 58 FA BF C5 F5 BA 30 E]@"Q.Y=.X.....0 01A0: F6 CB 9B 55 6C D7 81 3B 80 1D 34 6F F2 66 60 B7 ...Ul..;..4o.f`. 01B0: 6B 99 50 A5 A4 9F 9F E8 04 7B 10 22 C2 4F BB A9 k.P........".O.. 01C0: D7 FE B7 C6 1B F8 3B 57 E7 C6 A8 A6 15 0F 04 FB ......;W........ 01D0: 83 F6 D3 C5 1E C3 02 35 54 13 5A 16 91 32 F6 75 .......5T.Z..2.u 01E0: F3 AE 2B 61 D7 2A EF F2 22 03 19 9D D1 48 01 C7 ..+a.*.."....H.. 01F0: 02 15 00 97 60 50 8F 15 23 0B CC B2 92 B9 82 A2 ....`P..#....... 0200: EB 84 0B F0 58 1C F5 02 81 81 00 F7 E1 A0 85 D6 ....X........... 0210: 9B 3D DE CB BC AB 5C 36 B8 57 B9 79 94 AF BB FA .=....\6.W.y.... 0220: 3A EA 82 F9 57 4C 0B 3D 07 82 67 51 59 57 8E BA :...WL.=..gQYW.. 0230: D4 59 4F E6 71 07 10 81 80 B4 49 16 71 23 E8 4C .YO.q.....I.q#.L 0240: 28 16 13 B7 CF 09 32 8C C8 A6 E1 3C 16 7A 8B 54 (.....2....<.z.T 0250: 7C 8D 28 E0 A3 AE 1E 2B B3 A6 75 91 6E A3 7F 0B ..(....+..u.n... 0260: FA 21 35 62 F1 FB 62 7A 01 24 3B CC A4 F1 BE A8 .!5b..bz.$;..... 0270: 51 90 89 A8 83 DF E1 5A E5 9F 06 92 8B 66 5E 80 Q......Z.....f^. 0280: 7B 55 25 64 01 4C 3B FE CF 49 2A 03 81 85 00 02 .U%d.L;..I*..... 0290: 81 81 00 89 FD 70 D7 22 01 40 32 6E 0B 42 D6 50 .....p."[EMAIL PROTECTED] 02A0: A1 A0 2C 65 EE 48 DA C7 49 79 16 BD 0C 90 42 E8 ..,e.H..Iy....B. 02B0: F6 CD 36 54 BD 2E 02 4A 0A F9 33 0B 41 35 FE FA ..6T...J..3.A5.. 02C0: E9 69 72 A5 0B AD 43 92 0E C9 FF F4 8E D9 0A 4F .ir...C........O 02D0: 78 6F 9B 89 75 8F CA A4 83 30 FA B5 53 40 ED B4 xo..u....0..S@.. 02E0: D3 ED C2 EE 81 33 FF BA 08 3E 46 6B EE 41 CC F4 .....3...>Fk.A.. 02F0: 76 20 EE 14 D2 76 2A 9F 27 1F D9 6C ED 97 BA E4 v ...v*.'..l.... 0300: 8A BE 17 28 64 30 F1 8D C3 6D EA 53 42 CA 5F FF ...(d0...m.SB._. 0310: 53 AB AD A3 81 EE 30 81 EB 30 09 06 03 55 1D 13 S.....0..0...U.. 0320: 04 02 30 00 30 2C 06 09 60 86 48 01 86 F8 42 01 ..0.0,..`.H...B. 0330: 0D 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E .....OpenSSL Gen 0340: 65 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 erated Certifica 0350: 74 65 30 1D 06 03 55 1D 0E 04 16 04 14 FC 88 B1 te0...U......... 0360: F0 C6 7F 17 E0 FC CD B2 14 99 B1 2A AA 8D 67 53 ...........*..gS 0370: 51 30 81 90 06 03 55 1D 23 04 81 88 30 81 85 80 Q0....U.#...0... 0380: 14 D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 ..."............ 0390: 2C E3 AA 0C 2E A1 6A A4 68 30 66 31 0B 30 09 06 ,.....j.h0f1.0.. 03A0: 03 55 04 06 13 02 49 45 31 0E 30 0C 06 03 55 04 .U....IE1.0...U. 03B0: 08 13 05 63 6C 61 72 65 31 10 30 0E 06 03 55 04 ...clare1.0...U. 03C0: 07 13 07 73 68 61 6E 6E 6F 6E 31 11 30 0F 06 03 ...shannon1.0... 03D0: 55 04 0A 13 08 74 65 63 6E 6F 6D 65 6E 31 0C 30 U....tecnomen1.0 03E0: 0A 06 03 55 04 0B 13 03 64 61 64 31 14 30 12 06 ...U....dad1.0.. 03F0: 03 55 04 03 13 0B 74 65 63 6E 6F 6D 65 6E 20 63 .U....tecnomen c 0400: 61 82 01 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 a...0...*.H..... 0410: 04 05 00 03 81 81 00 5C E5 FB 21 12 2B 68 E9 1F .......\..!.+h.. 0420: EC 42 B2 C4 B4 1B FE FE 8A 44 9F 21 A1 B5 13 F5 .B.......D.!.... 0430: 74 C7 AC DE D7 F6 19 B2 69 F6 4A 4C 6D FF 34 69 t.......i.JLm.4i 0440: CC 7D F2 C1 7A DC 19 EF 9C 13 DB 97 9E 03 E2 2B ....z..........+ 0450: F2 F5 BA 90 45 A6 33 31 E9 02 B6 E7 88 50 5A 42 ....E.31.....PZB 0460: 9D 52 6C 12 59 AA 5D BC 65 F0 AD E9 72 48 1C 71 .Rl.Y.].e...rH.q 0470: 02 D3 EF 71 0A FC E1 45 04 D5 AE 23 2A E7 13 1D ...q...E...#*... 0480: 3D B6 CA 5B 4A 75 BC 81 F2 1B 3D A2 C7 69 77 2D =..[Ju....=..iw- 0490: 15 45 CC B7 B8 B3 0D 00 03 0A 30 82 03 06 30 82 .E........0...0. 04A0: 02 6F A0 03 02 01 02 02 01 00 30 0D 06 09 2A 86 .o........0...*. 04B0: 48 86 F7 0D 01 01 04 05 00 30 66 31 0B 30 09 06 H........0f1.0.. 04C0: 03 55 04 06 13 02 49 45 31 0E 30 0C 06 03 55 04 .U....IE1.0...U. 04D0: 08 13 05 63 6C 61 72 65 31 10 30 0E 06 03 55 04 ...clare1.0...U. 04E0: 07 13 07 73 68 61 6E 6E 6F 6E 31 11 30 0F 06 03 ...shannon1.0... 04F0: 55 04 0A 13 08 74 65 63 6E 6F 6D 65 6E 31 0C 30 U....tecnomen1.0 0500: 0A 06 03 55 04 0B 13 03 64 61 64 31 14 30 12 06 ...U....dad1.0.. 0510: 03 55 04 03 13 0B 74 65 63 6E 6F 6D 65 6E 20 63 .U....tecnomen c 0520: 61 30 1E 17 0D 30 32 31 32 31 32 31 32 31 38 32 a0...02121212182 0530: 39 5A 17 0D 30 33 31 32 31 32 31 32 31 38 32 39 9Z..031212121829 0540: 5A 30 66 31 0B 30 09 06 03 55 04 06 13 02 49 45 Z0f1.0...U....IE 0550: 31 0E 30 0C 06 03 55 04 08 13 05 63 6C 61 72 65 1.0...U....clare 0560: 31 10 30 0E 06 03 55 04 07 13 07 73 68 61 6E 6E 1.0...U....shann 0570: 6F 6E 31 11 30 0F 06 03 55 04 0A 13 08 74 65 63 on1.0...U....tec 0580: 6E 6F 6D 65 6E 31 0C 30 0A 06 03 55 04 0B 13 03 nomen1.0...U.... 0590: 64 61 64 31 14 30 12 06 03 55 04 03 13 0B 74 65 dad1.0...U....te 05A0: 63 6E 6F 6D 65 6E 20 63 61 30 81 9F 30 0D 06 09 cnomen ca0..0... 05B0: 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 *.H............0 05C0: 81 89 02 81 81 00 C9 3D 71 EE 3F 00 3F C4 03 6E .......=q.?.?..n 05D0: D1 7B 4D D2 E5 65 CC 02 44 77 71 77 04 E9 2C 4F ..M..e..Dwqw..,O 05E0: D2 9E 33 64 61 76 0A 38 C2 60 F0 91 33 32 E7 C9 ..3dav.8.`..32.. 05F0: 80 31 EC CF BB 04 AA CD 0C 3A B0 EA F7 F3 E0 AE .1.......:...... 0600: 54 CC F0 31 C2 63 26 86 18 ED 8A 7A 28 E4 8B B7 T..1.c&....z(... 0610: 08 BE A1 A7 AA 7D 02 98 6F 67 4C 80 E7 06 B5 EF ........ogL..... 0620: 6B 3C F4 F9 B2 45 87 8C FB DD C6 2C 9D 2D A4 8C k<...E.....,.-.. 0630: 12 12 4E E7 4C 9C 7C 3E FB 0D 64 D9 B9 43 3A DE ..N.L..>..d..C:. 0640: 3D BD 16 B7 5F 13 02 03 01 00 01 A3 81 C3 30 81 =..._.........0. 0650: C0 30 1D 06 03 55 1D 0E 04 16 04 14 D8 18 22 CF .0...U........". 0660: F1 9D DE E6 0E 83 D3 04 E7 96 09 2C E3 AA 0C 2E ...........,.... 0670: 30 81 90 06 03 55 1D 23 04 81 88 30 81 85 80 14 0....U.#...0.... 0680: D8 18 22 CF F1 9D DE E6 0E 83 D3 04 E7 96 09 2C .."............, 0690: E3 AA 0C 2E A1 6A A4 68 30 66 31 0B 30 09 06 03 .....j.h0f1.0... 06A0: 55 04 06 13 02 49 45 31 0E 30 0C 06 03 55 04 08 U....IE1.0...U.. 06B0: 13 05 63 6C 61 72 65 31 10 30 0E 06 03 55 04 07 ..clare1.0...U.. 06C0: 13 07 73 68 61 6E 6E 6F 6E 31 11 30 0F 06 03 55 ..shannon1.0...U 06D0: 04 0A 13 08 74 65 63 6E 6F 6D 65 6E 31 0C 30 0A ....tecnomen1.0. 06E0: 06 03 55 04 0B 13 03 64 61 64 31 14 30 12 06 03 ..U....dad1.0... 06F0: 55 04 03 13 0B 74 65 63 6E 6F 6D 65 6E 20 63 61 U....tecnomen ca 0700: 82 01 00 30 0C 06 03 55 1D 13 04 05 30 03 01 01 ...0...U....0... 0710: FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 .0...*.H........ 0720: 03 81 81 00 4A EC C3 08 97 C3 C9 D3 E4 56 DA C1 ....J........V.. 0730: 11 FF D7 36 7D F0 2A E0 C2 B4 D9 86 6E 94 6D 52 ...6..*.....n.mR 0740: 50 4C CF E2 A1 C2 63 F1 95 CE 61 5C 76 4C 6D C0 PL....c...a\vLm. 0750: A9 C5 50 66 1C D1 B3 1D 02 EE B2 EB C0 DC F5 ED ..Pf............ 0760: B1 32 A1 0F F1 94 29 CD 37 11 BC 3B 90 85 BD BE .2....).7..;.... 0770: 1F A8 39 44 5E BC 1C 6F 21 65 DD 9C 1F 98 0A 07 ..9D^..o!e...... 0780: 88 4C F1 CE 46 1D 8F 73 40 F5 52 E0 C4 88 A7 00 .L..F..s@.R..... 0790: EA EE 20 E6 05 5D A1 3C DF 5D C4 F9 EF 86 8B 3C .. ..].<.].....< 07A0: C9 D6 99 3F 0C 00 01 38 00 81 00 F4 88 FD 58 4E ...?...8......XN 07B0: 49 DB CD 20 B4 9D E4 91 07 36 6B 33 6C 38 0D 45 I.. .....6k3l8.E 07C0: 1D 0F 7C 88 B3 1C 7C 5B 2D 8E F6 F3 C9 23 C0 43 .......[-....#.C 07D0: F0 A5 5B 18 8D 8E BB 55 8C B8 5D 38 D3 34 FD 7C ..[....U..]8.4.. 07E0: 17 57 43 A3 1D 18 6C DE 33 21 2C B5 2A FF 3C E1 .WC...l.3!,.*.<. 07F0: B1 29 40 18 11 8D 7C 84 A7 0A 72 D6 86 C4 03 19 .)@.......r..... 0800: C8 07 29 7A CA 95 0C D9 96 9F AB D0 0A 50 9B 02 ..)z.........P.. 0810: 46 D3 08 3D 66 A4 5D 41 9F 9C 7C BD 89 4B 22 19 F..=f.]A.....K". 0820: 26 BA AB A2 5E C3 55 E9 2F 78 C7 00 01 02 00 80 &...^.U./x...... 0830: 3E 59 9B 81 68 37 8D 4D D1 82 34 0B D9 D9 CA 10 >Y..h7.M..4..... 0840: 45 50 73 58 3E 95 01 10 AB FD 0C 49 59 EF 99 2C EPsX>......IY.., 0850: 65 2C 1E 18 09 0C BC 0E BF 4A 93 BD 51 BB 06 2D e,.......J..Q..- 0860: C1 23 6E 1E 54 37 90 66 55 40 B3 5D 4E 42 15 A5 .#n.T7.fU@.]NB.. 0870: 20 FE 1D 7E 18 75 A9 21 ED 1E DD 13 A8 CE 1D D8 ....u.!........ 0880: 78 AA 79 60 BA 32 6F 1E CB 47 EE 3C B9 17 73 47 x.y`.2o..G.<..sG 0890: 59 36 8A 73 C7 61 72 8B 84 7D F3 12 42 8A 00 52 Y6.s.ar.....B..R 08A0: 73 6C 5D 43 63 FC 58 65 D6 67 21 1B 4A 74 F4 4F sl]Cc.Xe.g!.Jt.O 08B0: 00 2E 30 2C 02 14 5C 63 BD 47 6C D0 A1 62 98 1F ..0,..\c.Gl..b.. 08C0: FB 4D 5D EA BE 1B AB 2E 42 64 02 14 5B 9E 4D D5 .M].....Bd..[.M. 08D0: 5D 25 49 A0 53 99 2C B8 8B 5F A9 BF 90 B0 24 63 ]%I.S.,.._....$c 08E0: 0E 00 00 00 .... HttpProcessor[443][4], WRITE: SSL v3.0 Handshake, length = 2276 -----Original Message----- From: Bodycombe, Andrew [mailto:[EMAIL PROTECTED]] Sent: 12 December 2002 14:58 To: 'Donie Kelly '; ''Tomcat Users List' ' Subject: RE: Creating a signed SSL certificate with my own CA You can turn SSL debugging by setting the following environment variable CATALINA_OPTS="-Djavax.net.debug=ALL" Then, restart tomcat. You will then see much more info in the log. This might help you to debug your problem. Andy. -----Original Message----- From: Donie Kelly To: 'Tomcat Users List' Sent: 12/12/2002 14:11 Subject: RE: Creating a signed SSL certificate with my own CA Just to clarify, when I try to connect via SSL the SSL Handshake fails. Donie -----Original Message----- From: Donie Kelly [mailto:[EMAIL PROTECTED]] Sent: 12 December 2002 12:08 To: 'Tomcat Users List' Subject: Creating a signed SSL certificate with my own CA Hi all I'm really stuck here and I'd appreciate some help. To summarise, I've followed the instructions below to generate a CA key so that I can sign my own certificates for use with tomcat. The instructions below work and the ca.crt and client.crs.der certs that pop out are viewable in IE. If I import the CA key it shows the client.crs.der key with the CA above. Everything looks great. Then I use the testkeys with tomcat <Connector className="org.apache.catalina.connector.http.HttpConnector" address="192.168.1.4" port="443" enableLookups="true" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="c:\tomcat4.0\conf\testkeys" keystorePass="changeit" /> </Connector> Now when I try to connect with SLL from IE it just shows Cannot find server or DNS Error What am I doing wrong? Are the certs I am creating suitable for SLL with Tomcat. I'd really appreciate some help. Donie PS: Instructions from http://www.ddj.com/documents/s=870/ddj0102a/0102a.htm Certificate Authority In a nutshell, what I'm suggesting is that you create your own Certificate Authority (CA) to sign your keys. This gets complicated because nothing in the Java Development Kit or JSSE lets you set up a CA and sign keys. You have to go elsewhere for tools to do this. I chose to go with the OpenSSL toolkit (http://www.openssl.org/) running on Linux. There are toolsets available from other vendors and platforms, however. If you choose to use a different toolset, you will just have to substitute the appropriate commands; the theory is the same no matter what. First, you need to generate your CA's key. That key is used to sign all the other application keys. The OpenSSL toolkit comes configured to setup a CA from whatever directory you start it in. This means that you need to use all the CA commands from the same directory. In the sample code, you'll find the CA directory that I used to generate the CA key and sign all the application keys: 1.Generate the CA key $ openssl genrsa -rand -des -out ca.key 1024 2.Create a self signed certificate $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt You are prompted for location information for the certificate. Enter whatever you want, but make sure you enter something for each field: 3.Setup the OpenSSL CA tools $ mkdir demoCA $ mkdir demoCA/newcerts $ touch demoCA/index.txt $ cp ca.crt demoCA/ $ echo "01" > demoCA/serial You now can create the client application's key store and export its public key so your CA can sign it. You can enter whatever you want for all the location information, but again make sure you enter something - standard alphanumeric characters and spaces, but no underscores or other special characters - for every field: 4.Create a new key store for the client application $ keytool -keystore testkeys -genkey - alias client When prompted, enter passphrase for the password to use this keystore with the sample applications. 5.Export the client's public key $ keytool -keystore testkeys -certreq -alias client -file client.crs 6.Sign the client's key with our CA key $ openssl ca -config /etc/openssl.cnf -in client.crs -out client.crs.pem -keyfile ca.key -cert ca.crt At this point, you should have a file called "client.crs.pem," which is the signed public key. It needs to be converted to a format suitable for the JDK's keytool command, and then imported into the testkeys keystore: 7.Convert to DER format $ openssl x509 -in client.crs.pem -out client.crs.der -outform DER 8.Import CA certificate into client's key store $ keytool -keystore testkeys -alias jsse_article_ca -import -file ca.crt 9.Import signed key into client's key store $ keytool -keystore testkeys -alias client -import -file client.crs.der Step 8 must be completed so that the keytool command agrees to import the signed key. While importing the signed key, keytool checks the signatories to ensure that their signatures can be validated. They can be validated if their public keys are in the key store. Once you have completed all of these steps, move the testkeys key store to the client directory. Start over with step 4 and create a key store for the server process. Just substitute "server" everywhere you see "client." Make sure you enter something different in one of the location fields (organizational unit would be a good choice). -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>