Hi.
We're using Thawte-signed certificate for our web site. This year (March)
they have used a newer intermediate certificate to sign our request. Also,
they asked us to add that intermediate certificate to the Apache's
SSLCertificateChainFile directive. And all is working great in Apache.
But a bit earlier, in the February, we've migrated to the Tomcat 5.0.28,
Apache is going to be deinstalled after a while.
The problem is --- I cannot configure Tomcat so, that he would work just like
Apache, at the moment all browsers show me "Unknown certificate" warning.
I've tried various combinations of verisign, thawte and our certificates
beeing in both keystores used here. I've tried changing aliases -- it doesn't
helps. And I cannot find a good article/document on how to config Tomcat for
using intermediate certificates.
The certificate chain is: verisign -> thawte -> mpi (our host).
Neither verisign's CA, nor thawt's intermediate certificates are found in
browsers' list of know CAs.
Can you, please, assist me with setting up our Tomcat server? Thanks.
Here's a part of my server.xml:
> <Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
> port="443"
> minProcessors="5"
> maxProcessors="75"
> enableLookups="true"
> acceptCount="100"
> debug="0"
> scheme="https"
> secure="true"
> useURIValidationHack="false"
> disableUploadTimeout="true"
> clientAuth="false"
> sslProtocol="TLS"
> keystoreFile="certs/mpi.keystore"
> keystorePass="..."
> truststoreFile="certs/intermediate.keystore"
> truststoreType="JKS"
> truststorePass="..." />
and here what both mentioned keystores contain:
1) mpi.keystore
> Your keystore contains 3 entries:
>
> Alias name: subca
> Creation date: Tue Mar 29 11:59:34 EEST 2005
> Entry type: trustedCertEntry
>
> Owner: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
> Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
> Inc.", C=US
> Serial number: 30000002
> Valid from: Thu May 13 03:00:00 EEST 2004 until: Tue May 13 02:59:59 EEST 2014
> Certificate fingerprints:
> MD5: 84:84:03:56:10:85:53:ED:9A:CA:60:B5:FA:99:D3:31
> SHA1: EC:07:10:03:D8:F5:A3:7F:42:C4:55:7F:65:6A:AE:86:65:FA:4B:02
>
>
> *******************************************
> *******************************************
>
>
> Alias name: cacert
> Creation date: Tue Mar 29 11:59:44 EEST 2005
> Entry type: trustedCertEntry
>
> Owner: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.",
> C=US
> Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
> Inc.", C=US
> Serial number: 70bae41d10d92934b638ca7b03ccbabf
> Valid from: Mon Jan 29 02:00:00 EET 1996 until: Wed Aug 02 02:59:59 EEST 2028
> Certificate fingerprints:
> MD5: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
> SHA1: 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
>
>
> *******************************************
> *******************************************
>
>
> Alias name: sslcertificate
> Creation date: Tue Mar 29 09:12:08 EEST 2005
> Entry type: keyEntry
> Certificate chain length: 1
> Certificate[1]:
> Owner: [EMAIL PROTECTED], CN=mpi.nordlb.lv, OU=IT Department, O=NORD/LB
> Latvija, L=Riga, ST=Riga, C=LV
> Issuer: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
> Serial number: 20f1a6
> Valid from: Thu Mar 03 18:59:28 EET 2005 until: Thu Mar 23 14:12:02 EET 2006
> Certificate fingerprints:
> MD5: AB:EE:BD:41:69:3C:40:BD:04:DE:BD:89:5F:79:E9:A4
> SHA1: 07:DD:8B:B7:22:AF:DF:A9:42:B0:C9:11:4C:89:A2:F2:13:B6:22:88
>
>
> *******************************************
> *******************************************
2) intermediate.keystore
> Your keystore contains 2 entries:
>
> Alias name: thawft
> Creation date: Fri Apr 08 17:59:20 EEST 2005
> Entry type: trustedCertEntry
>
> Owner: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
> Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
> Inc.", C=US
> Serial number: 30000002
> Valid from: Thu May 13 03:00:00 EEST 2004 until: Tue May 13 02:59:59 EEST 2014
> Certificate fingerprints:
> MD5: 84:84:03:56:10:85:53:ED:9A:CA:60:B5:FA:99:D3:31
> SHA1: EC:07:10:03:D8:F5:A3:7F:42:C4:55:7F:65:6A:AE:86:65:FA:4B:02
>
>
> *******************************************
> *******************************************
>
>
> Alias name: verisignca3
> Creation date: Fri Apr 08 17:56:55 EEST 2005
> Entry type: trustedCertEntry
>
> Owner: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.",
> C=US
> Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
> Inc.", C=US
> Serial number: 70bae41d10d92934b638ca7b03ccbabf
> Valid from: Mon Jan 29 02:00:00 EET 1996 until: Wed Aug 02 02:59:59 EEST 2028
> Certificate fingerprints:
> MD5: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
> SHA1: 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
>
>
> *******************************************
> *******************************************
Also, I've attached catalina.out with SSL debug information.
Waiting for your reply.
--
Victor Y. Yegorov
Software Developer, NORD/LB Latvija JSC
Phone (+371) 7077142, Mobile (+371) 9131883
***
found key for : sslcertificate
chain [0] = [
[
Version: V3
Subject: [EMAIL PROTECTED], CN=mpi.nordlb.lv, OU=IT Department, O=NORD/LB
Latvija, L=Riga, ST=Riga, C=LV
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: [EMAIL PROTECTED]
Validity: [From: Thu Mar 03 18:59:28 EET 2005,
To: Thu Mar 23 14:12:02 EET 2006]
Issuer: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
SerialNumber: [ 20f1a6]
Certificate Extensions: 4
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 66 30 64 30 22 06 08 2B 06 01 05 05 07 30 01 .f0d0"..+.....0.
0010: 86 16 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 74 68 ..http://ocsp.th
0020: 61 77 74 65 2E 63 6F 6D 30 3E 06 08 2B 06 01 05 awte.com0>..+...
0030: 05 07 30 02 86 32 68 74 74 70 3A 2F 2F 77 77 77 ..0..2http://www
0040: 2E 74 68 61 77 74 65 2E 63 6F 6D 2F 72 65 70 6F .thawte.com/repo
0050: 73 69 74 6F 72 79 2F 54 68 61 77 74 65 5F 53 47 sitory/Thawte_SG
0060: 43 5F 43 41 2E 63 72 74 C_CA.crt
[2]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2F 30 2D 30 2B A0 29 A0 27 86 25 68 74 74 70 ./0-0+.).'.%http
0010: 3A 2F 2F 63 72 6C 2E 74 68 61 77 74 65 2E 63 6F ://crl.thawte.co
0020: 6D 2F 54 68 61 77 74 65 53 47 43 43 41 2E 63 72 m/ThawteSGCCA.cr
0030: 6C l
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.37 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 21 30 1F 06 08 2B 06 01 05 05 07 03 01 06 08 .!0...+.........
0010: 2B 06 01 05 05 07 03 02 06 09 60 86 48 01 86 F8 +.........`.H...
0020: 42 04 01 B..
]
Algorithm: [MD5withRSA]
Signature:
0000: 12 2B 55 6B 4A 11 94 74 7C B9 9C 9E 82 D1 C2 D5 .+UkJ..t........
0010: 6D 3C EA A3 9D EE B1 77 6B F6 7E 2F B4 09 97 11 m<.....wk../....
0020: 81 8C 02 72 86 9B 02 E8 18 48 7F 58 20 2E 53 FC ...r.....H.X .S.
0030: 8B DF 5E 84 32 9C BE 8C 88 9D FE 39 5A 6A 03 91 ..^.2......9Zj..
0040: A6 33 4A 97 CA C9 B6 04 AD 0D 3C D8 CB 04 55 E0 .3J.......<...U.
0050: 36 36 FC A9 11 6B 3E 1C BC 49 0A 8B F2 04 A0 2E 66...k>..I......
0060: A5 42 49 6C DA DA E3 4D 47 85 F1 F1 0A 03 BA 8E .BIl...MG.......
0070: C3 0D 3C 66 23 4E CD 36 73 FB D2 DA 2F E8 BA 04 ..<f#N.6s.../...
]
***
adding as trusted cert: [
[
Version: V3
Subject: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: [EMAIL PROTECTED]
Validity: [From: Thu May 13 03:00:00 EEST 2004,
To: Tue May 13 02:59:59 EEST 2014]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
SerialNumber: [ 30000002 ]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 26 30 24 30 22 06 08 2B 06 01 05 05 07 30 01 .&0$0"..+.....0.
0010: 86 16 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 74 68 ..http://ocsp.th
0020: 61 77 74 65 2E 63 6F 6D awte.com
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
]
[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2A 30 28 30 26 A0 24 A0 22 86 20 68 74 74 70 .*0(0&.$.". http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33 2E 63 72 6C com/pca3.crl
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=PrivateLabel3-15]]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 2.5.29.37 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2D 30 2B 06 08 2B 06 01 05 05 07 03 01 06 08 .-0+..+.........
0010: 2B 06 01 05 05 07 03 02 06 09 60 86 48 01 86 F8 +.........`.H...
0020: 42 04 01 06 0A 60 86 48 01 86 F8 45 01 08 01 B....`.H...E...
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 55 AC 63 EA DE A1 DD D2 90 5F 9F 0B CE 76 BE 13 U.c......_...v..
0010: 51 8F 93 D9 05 2B C8 1B 77 4B AD 69 50 A1 EE DE Q....+..wK.iP...
0020: DC FD DB 07 E9 E8 39 94 DC AB 72 79 2F 06 BF AB ......9...ry/...
0030: 81 70 C4 A8 ED EA 53 34 ED EF 1E 53 D9 06 C7 56 .p....S4...S...V
0040: 2B D1 5C F4 D1 8A 8E B4 2B B1 37 90 48 08 42 25 +.\.....+.7.H.B%
0050: C5 3E 8A CB 7F EB 6F 04 D1 6D C5 74 A2 F7 A2 7C .>....o..m.t....
0060: 7B 60 3C 77 CD 0E CE 48 02 7F 01 2F B6 9B 37 E0 .`<w...H.../..7.
0070: 2A 2A 36 DC D5 85 D6 AC E5 3F 54 6F 96 1E 05 AF **6......?To....
]
adding as trusted cert: [
[
Version: V1
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: [EMAIL PROTECTED]
Validity: [From: Mon Jan 29 02:00:00 EET 1996,
To: Wed Aug 02 02:59:59 EEST 2028]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
SerialNumber: [ 70bae41d 10d92934 b638ca7b 03ccbabf ]
]
Algorithm: [MD2withRSA]
Signature:
0000: BB 4C 12 2B CF 2C 26 00 4F 14 13 DD A6 FB FC 0A .L.+.,&.O.......
0010: 11 84 8C F3 28 1C 67 92 2F 7C B6 C5 FA DF F0 E8 ....(.g./.......
0020: 95 BC 1D 8F 6C 2C A8 51 CC 73 D8 A4 C0 53 F0 4E ....l,.Q.s...S.N
0030: D6 26 C0 76 01 57 81 92 5E 21 F1 D1 B1 FF E7 D0 .&.v.W..^!......
0040: 21 58 CD 69 17 E3 44 1C 9C 19 44 39 89 5C DC 9C !X.i..D...D9.\..
0050: 00 0F 56 8D 02 99 ED A2 90 45 4C E4 BB 10 A4 3D ..V......EL....=
0060: F0 32 03 0E F1 CE F8 E8 C9 51 8C E6 62 9F E6 9F .2.......Q..b...
0070: C0 7D B7 72 9C C9 36 3A 6B 9F 4E A8 FF 64 0D 64 ...r..6:k.N..d.d
]
trigger seeding of SecureRandom
done seeding SecureRandom
[INFO] Http11Protocol - Initializing Coyote HTTP/1.1 on http-443
***
found key for : ps
chain [0] = [
[
Version: V1
Subject: CN=mpi.nordlb.lv, OU=IT Department, O=NORD/LB Latvija JSC, L=Riga,
ST=Latvia, C=LV
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: [EMAIL PROTECTED]
Validity: [From: Fri Sep 17 17:13:46 EEST 2004,
To: Fri Sep 23 17:13:46 EEST 2005]
Issuer: CN=Certificate Authority, OU=IT Department, O=NORD/LB Latvija JSC,
L=Riga, ST=Latvia, C=LV
SerialNumber: [ 3d]
]
Algorithm: [MD5withRSA]
Signature:
0000: B6 29 42 F6 90 44 4C 6B FC E1 2F B5 44 97 64 AD .)B..DLk../.D.d.
0010: A6 63 C0 E0 9A E8 DC B2 4F 15 CD 7C 02 CE 3A DB .c......O.....:.
0020: 4E C6 4F D5 5D FF 04 25 84 68 07 09 E3 0B B9 13 N.O.]..%.h......
0030: A2 37 F4 53 7E 07 E5 F5 F2 E4 E9 7C 9C 31 0B C4 .7.S.........1..
0040: 9F 1F 0A 8A 61 54 B0 A8 26 59 4B 6A B8 2C C3 F4 ....aT..&YKj.,..
0050: 1F 90 46 FF 0D AC FB 28 7E 3C 6B 55 B5 D9 19 93 ..F....(.<kU....
0060: 1B D3 08 76 E9 A6 8B 35 04 79 0F E9 24 21 22 42 ...v...5.y..$!"B
0070: CD 62 5F 0E 92 D3 1E 1E 6C 38 57 8F 0C 4B BB BE .b_.....l8W..K..
]
chain [1] = [
[
Version: V3
Subject: CN=Certificate Authority, OU=IT Department, O=NORD/LB Latvija JSC,
L=Riga, ST=Latvia, C=LV
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: [EMAIL PROTECTED]
Validity: [From: Wed Sep 24 16:51:49 EEST 2003,
To: Sat Sep 21 16:51:49 EEST 2013]
Issuer: CN=Certificate Authority, OU=IT Department, O=NORD/LB Latvija JSC,
L=Riga, ST=Latvia, C=LV
SerialNumber: [ 0 ]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B2 B6 76 20 FF A2 02 95 E8 26 92 DE 68 3B 86 B3 ..v .....&..h;..
0010: 53 0B 3A A8 S.:.
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B2 B6 76 20 FF A2 02 95 E8 26 92 DE 68 3B 86 B3 ..v .....&..h;..
0010: 53 0B 3A A8 S.:.
]
[CN=Certificate Authority, OU=IT Department, O=NORD/LB Latvija JSC, L=Riga,
ST=Latvia, C=LV]
SerialNumber: [ 0 ]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: 88 F4 D5 1A ED 40 06 76 D2 E7 BE 6A 48 3C C8 7B [EMAIL PROTECTED]<..
0010: 05 9E F8 53 CC 75 63 C9 62 13 8B 91 DA A0 75 F6 ...S.uc.b.....u.
0020: FA 87 07 98 D1 1D EE DD B5 6E EA 6B 1A 90 2E C0 .........n.k....
0030: 01 8D 41 8F 03 4E B5 F9 68 B0 35 8A D4 90 80 84 ..A..N..h.5.....
0040: 3D 57 D9 98 A4 C0 01 64 86 35 0C AA 1C A1 E2 F0 =W.....d.5......
0050: A3 A7 2C 41 BD 89 8E 87 1D 3D 97 DA 5D 9F A8 23 ..,A.....=..]..#
0060: 42 16 C4 41 D9 CF 6E 64 FD 9B EF 38 DE EF 29 7A B..A..nd...8..)z
0070: 5A 17 7A 5E 20 EE 1D 4E D2 FE 8A 11 C6 FA 29 39 Z.z^ ..N......)9
]
***
adding as trusted cert: [
[
Version: V3
Subject: CN=Certificate Authority, OU=IT Department, O=NORD/LB Latvija JSC,
L=Riga, ST=Latvia, C=LV
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: [EMAIL PROTECTED]
Validity: [From: Wed Sep 24 16:51:49 EEST 2003,
To: Sat Sep 21 16:51:49 EEST 2013]
Issuer: CN=Certificate Authority, OU=IT Department, O=NORD/LB Latvija JSC,
L=Riga, ST=Latvia, C=LV
SerialNumber: [ 0 ]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B2 B6 76 20 FF A2 02 95 E8 26 92 DE 68 3B 86 B3 ..v .....&..h;..
0010: 53 0B 3A A8 S.:.
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B2 B6 76 20 FF A2 02 95 E8 26 92 DE 68 3B 86 B3 ..v .....&..h;..
0010: 53 0B 3A A8 S.:.
]
[CN=Certificate Authority, OU=IT Department, O=NORD/LB Latvija JSC, L=Riga,
ST=Latvia, C=LV]
SerialNumber: [ 0 ]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: 88 F4 D5 1A ED 40 06 76 D2 E7 BE 6A 48 3C C8 7B [EMAIL PROTECTED]<..
0010: 05 9E F8 53 CC 75 63 C9 62 13 8B 91 DA A0 75 F6 ...S.uc.b.....u.
0020: FA 87 07 98 D1 1D EE DD B5 6E EA 6B 1A 90 2E C0 .........n.k....
0030: 01 8D 41 8F 03 4E B5 F9 68 B0 35 8A D4 90 80 84 ..A..N..h.5.....
0040: 3D 57 D9 98 A4 C0 01 64 86 35 0C AA 1C A1 E2 F0 =W.....d.5......
0050: A3 A7 2C 41 BD 89 8E 87 1D 3D 97 DA 5D 9F A8 23 ..,A.....=..]..#
0060: 42 16 C4 41 D9 CF 6E 64 FD 9B EF 38 DE EF 29 7A B..A..nd...8..)z
0070: 5A 17 7A 5E 20 EE 1D 4E D2 FE 8A 11 C6 FA 29 39 Z.z^ ..N......)9
]
adding as trusted cert: [
[
Version: V1
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: [EMAIL PROTECTED]
Validity: [From: Mon Jan 29 02:00:00 EET 1996,
To: Wed Aug 02 02:59:59 EEST 2028]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
SerialNumber: [ 70bae41d 10d92934 b638ca7b 03ccbabf ]
]
Algorithm: [MD2withRSA]
Signature:
0000: BB 4C 12 2B CF 2C 26 00 4F 14 13 DD A6 FB FC 0A .L.+.,&.O.......
0010: 11 84 8C F3 28 1C 67 92 2F 7C B6 C5 FA DF F0 E8 ....(.g./.......
0020: 95 BC 1D 8F 6C 2C A8 51 CC 73 D8 A4 C0 53 F0 4E ....l,.Q.s...S.N
0030: D6 26 C0 76 01 57 81 92 5E 21 F1 D1 B1 FF E7 D0 .&.v.W..^!......
0040: 21 58 CD 69 17 E3 44 1C 9C 19 44 39 89 5C DC 9C !X.i..D...D9.\..
0050: 00 0F 56 8D 02 99 ED A2 90 45 4C E4 BB 10 A4 3D ..V......EL....=
0060: F0 32 03 0E F1 CE F8 E8 C9 51 8C E6 62 9F E6 9F .2.......Q..b...
0070: C0 7D B7 72 9C C9 36 3A 6B 9F 4E A8 FF 64 0D 64 ...r..6:k.N..d.d
]
trigger seeding of SecureRandom
done seeding SecureRandom
[INFO] Http11Protocol - Initializing Coyote HTTP/1.1 on http-8443
[INFO] Catalina - Initialization processed in 6853 ms
[INFO] StandardService - Starting service Tomcat-Standalone
[INFO] StandardEngine - Starting Servlet Engine: Apache Tomcat/5.0.28
[INFO] StandardHost - XML validation disabled
[INFO] StandardHost - Create Host deployer for direct deployment ( non-jmx )
[INFO] StandardHostDeployer - Processing Context configuration file URL
file:/home/me/tomcat/conf/nordlb/mpi/ecomm.xml
[INFO] StandardHostDeployer - Processing Context configuration file URL
file:/home/me/tomcat/conf/nordlb/mpi/mdpaympi.xml
mdpaympi: DB with db schema mdmdb37 found: eventlen=65535 jatkolen=65535
pieceslen=65535 type=mysql
mdpaympi: MDpay MPI Server started successfully
[INFO] StandardHostDeployer - Processing Context configuration file URL
file:/home/me/tomcat/conf/nordlb/mpi/mpiadmin.xml
mpiadmin(3.2.0.5): MDpay MPI Admin started
[INFO] StandardHostDeployer - Installing web application at context path from
URL file:/home/me/tomcat/webapps/ROOT
[INFO] StandardHostDeployer - Installing web application at context path /ecomm
from URL file:/home/me/tomcat/webapps/ecomm
[INFO] Http11Protocol - Starting Coyote HTTP/1.1 on http-443
[INFO] Http11Protocol - Starting Coyote HTTP/1.1 on http-8443
[INFO] Catalina - Server startup in 6278 ms
matching server alias : sslcertificate
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 100
0000: 00 4E 00 00 00 10 01 00 80 03 00 80 07 00 C0 06 .N..............
0010: 00 40 02 00 80 04 00 80 00 00 39 00 00 38 00 00 [EMAIL PROTECTED]
0020: 35 00 00 33 00 00 32 00 00 04 00 00 05 00 00 2F 5..3..2......../
0030: 00 00 16 00 00 13 00 FE FF 00 00 0A 00 00 15 00 ................
0040: 00 12 00 FE FE 00 00 09 00 00 64 00 00 62 00 00 ..........d..b..
0050: 03 00 00 06 08 AB B4 E9 45 69 98 29 D3 96 25 61 ........Ei.)..%a
0060: 2C 4C FD C8 ,L..
http-443-Processor4, READ: SSL v2, contentType = 22, translated length = 83
*** ClientHello, v3.1
RandomCookie: GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 8, 171,
180, 233, 69, 105, 152, 41, 211, 150, 37, 97, 44, 76, 253, 200 }
Session ID: {}
Cipher Suites: { 0, 57, 0, 56, 0, 53, 0, 51, 0, 50, 0, 4, 0, 5, 0, 47, 0, 22,
0, 19, -2, -1, 0, 10, 0, 21, 0, 18, -2, -2, 0, 9, 0, 100, 0, 98, 0, 3, 0, 6 }
Compression Methods: { 0 }
***
%% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching server alias : ps
*** ServerHello, v3.1
RandomCookie: GMT: 1112907176 bytes = { 28, 155, 206, 61, 235, 157, 35, 133,
70, 106, 3, 80, 206, 47, 100, 6, 30, 4, 169, 34, 36, 164, 122, 250, 199, 80,
28, 33 }
Session ID: {66, 86, 158, 168, 28, 152, 7, 236, 219, 20, 94, 127, 50, 54, 174,
143, 88, 163, 207, 187, 83, 87, 116, 231, 37, 118, 70, 117, 118, 174, 219, 52}
Cipher Suite: { 0, 4 }
Compression Method: 0
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: [EMAIL PROTECTED], CN=mpi.nordlb.lv, OU=IT Department, O=NORD/LB
Latvija, L=Riga, ST=Riga, C=LV
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: [EMAIL PROTECTED]
Validity: [From: Thu Mar 03 18:59:28 EET 2005,
To: Thu Mar 23 14:12:02 EET 2006]
Issuer: CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
SerialNumber: [ 20f1a6]
Certificate Extensions: 4
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 66 30 64 30 22 06 08 2B 06 01 05 05 07 30 01 .f0d0"..+.....0.
0010: 86 16 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 74 68 ..http://ocsp.th
0020: 61 77 74 65 2E 63 6F 6D 30 3E 06 08 2B 06 01 05 awte.com0>..+...
0030: 05 07 30 02 86 32 68 74 74 70 3A 2F 2F 77 77 77 ..0..2http://www
0040: 2E 74 68 61 77 74 65 2E 63 6F 6D 2F 72 65 70 6F .thawte.com/repo
0050: 73 69 74 6F 72 79 2F 54 68 61 77 74 65 5F 53 47 sitory/Thawte_SG
0060: 43 5F 43 41 2E 63 72 74 C_CA.crt
[2]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2F 30 2D 30 2B A0 29 A0 27 86 25 68 74 74 70 ./0-0+.).'.%http
0010: 3A 2F 2F 63 72 6C 2E 74 68 61 77 74 65 2E 63 6F ://crl.thawte.co
0020: 6D 2F 54 68 61 77 74 65 53 47 43 43 41 2E 63 72 m/ThawteSGCCA.cr
0030: 6C l
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.37 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 21 30 1F 06 08 2B 06 01 05 05 07 03 01 06 08 .!0...+.........
0010: 2B 06 01 05 05 07 03 02 06 09 60 86 48 01 86 F8 +.........`.H...
0020: 42 04 01 B..
]
Algorithm: [MD5withRSA]
Signature:
0000: 12 2B 55 6B 4A 11 94 74 7C B9 9C 9E 82 D1 C2 D5 .+UkJ..t........
0010: 6D 3C EA A3 9D EE B1 77 6B F6 7E 2F B4 09 97 11 m<.....wk../....
0020: 81 8C 02 72 86 9B 02 E8 18 48 7F 58 20 2E 53 FC ...r.....H.X .S.
0030: 8B DF 5E 84 32 9C BE 8C 88 9D FE 39 5A 6A 03 91 ..^.2......9Zj..
0040: A6 33 4A 97 CA C9 B6 04 AD 0D 3C D8 CB 04 55 E0 .3J.......<...U.
0050: 36 36 FC A9 11 6B 3E 1C BC 49 0A 8B F2 04 A0 2E 66...k>..I......
0060: A5 42 49 6C DA DA E3 4D 47 85 F1 F1 0A 03 BA 8E .BIl...MG.......
0070: C3 0D 3C 66 23 4E CD 36 73 FB D2 DA 2F E8 BA 04 ..<f#N.6s.../...
]
***
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 929
0000: 02 00 00 46 03 01 42 56 9E A8 1C 9B CE 3D EB 9D ...F..BV.....=..
0010: 23 85 46 6A 03 50 CE 2F 64 06 1E 04 A9 22 24 A4 #.Fj.P./d...."$.
0020: 7A FA C7 50 1C 21 20 42 56 9E A8 1C 98 07 EC DB z..P.! BV.......
0030: 14 5E 7F 32 36 AE 8F 58 A3 CF BB 53 57 74 E7 25 .^.26..X...SWt.%
0040: 76 46 75 76 AE DB 34 00 04 00 0B 00 03 4F 00 03 vFuv..4......O..
0050: 4C 00 03 49 30 82 03 45 30 82 02 AE A0 03 02 01 L..I0..E0.......
0060: 02 02 03 20 F1 A6 30 0D 06 09 2A 86 48 86 F7 0D ... ..0...*.H...
0070: 01 01 04 05 00 30 4C 31 0B 30 09 06 03 55 04 06 .....0L1.0...U..
0080: 13 02 5A 41 31 25 30 23 06 03 55 04 0A 13 1C 54 ..ZA1%0#..U....T
0090: 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 6E 67 hawte Consulting
00A0: 20 28 50 74 79 29 20 4C 74 64 2E 31 16 30 14 06 (Pty) Ltd.1.0..
00B0: 03 55 04 03 13 0D 54 68 61 77 74 65 20 53 47 43 .U....Thawte SGC
00C0: 20 43 41 30 1E 17 0D 30 35 30 33 30 33 31 36 35 CA0...050303165
00D0: 39 32 38 5A 17 0D 30 36 30 33 32 33 31 32 31 32 928Z..0603231212
00E0: 30 32 5A 30 81 98 31 0B 30 09 06 03 55 04 06 13 02Z0..1.0...U...
00F0: 02 4C 56 31 0D 30 0B 06 03 55 04 08 13 04 52 69 .LV1.0...U....Ri
0100: 67 61 31 0D 30 0B 06 03 55 04 07 13 04 52 69 67 ga1.0...U....Rig
0110: 61 31 18 30 16 06 03 55 04 0A 13 0F 4E 4F 52 44 a1.0...U....NORD
0120: 2F 4C 42 20 4C 61 74 76 69 6A 61 31 16 30 14 06 /LB Latvija1.0..
0130: 03 55 04 0B 13 0D 49 54 20 44 65 70 61 72 74 6D .U....IT Departm
0140: 65 6E 74 31 16 30 14 06 03 55 04 03 13 0D 6D 70 ent1.0...U....mp
0150: 69 2E 6E 6F 72 64 6C 62 2E 6C 76 31 21 30 1F 06 i.nordlb.lv1!0..
0160: 09 2A 86 48 86 F7 0D 01 09 01 16 12 6C 61 7A 61 .*.H........laza
0170: 72 65 6E 6B 40 6E 6F 72 64 6C 62 2E 6C 76 30 81 [EMAIL PROTECTED]
0180: 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 .0...*.H........
0190: 03 81 8D 00 30 81 89 02 81 81 00 DE 5A 93 A0 65 ....0.......Z..e
01A0: A2 64 ED 8F D3 19 50 27 C6 56 0D 04 30 28 69 DE .d....P'.V..0(i.
01B0: 70 F6 A2 20 D9 EC BA 6B 23 2E 79 B1 40 2B 8B 0E p.. [EMAIL PROTECTED]
01C0: DD CF 7E 98 41 4F 7F B8 B1 6D 3D 17 B8 13 DC 67 ....AO...m=....g
01D0: 1E 0E F7 BE A6 13 E4 42 74 D4 9D 55 90 BE 7A 49 .......Bt..U..zI
01E0: C7 78 CA 81 6E 52 9B 94 44 17 89 B3 6F 4B C8 DF .x..nR..D...oK..
01F0: 25 82 4D 22 85 68 74 41 C0 D9 16 7B 5F 9D 6A BA %.M".htA...._.j.
0200: 4D 83 95 F3 C4 8D 13 B7 02 F8 B4 97 D1 7E B8 26 M..............&
0210: D2 C5 47 7B CD B4 68 0E FF A4 8F 02 03 01 00 01 ..G...h.........
0220: A3 81 E7 30 81 E4 30 28 06 03 55 1D 25 04 21 30 ...0..0(..U.%.!0
0230: 1F 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 ...+.........+..
0240: 05 05 07 03 02 06 09 60 86 48 01 86 F8 42 04 01 .......`.H...B..
0250: 30 36 06 03 55 1D 1F 04 2F 30 2D 30 2B A0 29 A0 06..U.../0-0+.).
0260: 27 86 25 68 74 74 70 3A 2F 2F 63 72 6C 2E 74 68 '.%http://crl.th
0270: 61 77 74 65 2E 63 6F 6D 2F 54 68 61 77 74 65 53 awte.com/ThawteS
0280: 47 43 43 41 2E 63 72 6C 30 72 06 08 2B 06 01 05 GCCA.crl0r..+...
0290: 05 07 01 01 04 66 30 64 30 22 06 08 2B 06 01 05 .....f0d0"..+...
02A0: 05 07 30 01 86 16 68 74 74 70 3A 2F 2F 6F 63 73 ..0...http://ocs
02B0: 70 2E 74 68 61 77 74 65 2E 63 6F 6D 30 3E 06 08 p.thawte.com0>..
02C0: 2B 06 01 05 05 07 30 02 86 32 68 74 74 70 3A 2F +.....0..2http:/
02D0: 2F 77 77 77 2E 74 68 61 77 74 65 2E 63 6F 6D 2F /www.thawte.com/
02E0: 72 65 70 6F 73 69 74 6F 72 79 2F 54 68 61 77 74 repository/Thawt
02F0: 65 5F 53 47 43 5F 43 41 2E 63 72 74 30 0C 06 03 e_SGC_CA.crt0...
0300: 55 1D 13 01 01 FF 04 02 30 00 30 0D 06 09 2A 86 U.......0.0...*.
0310: 48 86 F7 0D 01 01 04 05 00 03 81 81 00 12 2B 55 H.............+U
0320: 6B 4A 11 94 74 7C B9 9C 9E 82 D1 C2 D5 6D 3C EA kJ..t........m<.
0330: A3 9D EE B1 77 6B F6 7E 2F B4 09 97 11 81 8C 02 ....wk../.......
0340: 72 86 9B 02 E8 18 48 7F 58 20 2E 53 FC 8B DF 5E r.....H.X .S...^
0350: 84 32 9C BE 8C 88 9D FE 39 5A 6A 03 91 A6 33 4A .2......9Zj...3J
0360: 97 CA C9 B6 04 AD 0D 3C D8 CB 04 55 E0 36 36 FC .......<...U.66.
0370: A9 11 6B 3E 1C BC 49 0A 8B F2 04 A0 2E A5 42 49 ..k>..I.......BI
0380: 6C DA DA E3 4D 47 85 F1 F1 0A 03 BA 8E C3 0D 3C l...MG.........<
0390: 66 23 4E CD 36 73 FB D2 DA 2F E8 BA 04 0E 00 00 f#N.6s.../......
03A0: 00 .
http-443-Processor4, WRITE: SSL v3.1 Handshake, length = 929
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
