1
Ich habe das Zertifikat bereits in den Truststore importiert, aber kann nicht erfolgreich Verbindung zu dieser URL herstellen. Ich habe alle Wege versucht, kann jemand die Ausgabe sehen und helfen, was los ist?Java SSL-Handshake-Fehler (SSLPoke)
java -Djavax.net.debug=all SSLPoke services.americanexpress.com 443
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: /usr/java/jdk1.8.0_60/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
......
adding as trusted cert:
Subject: CN=services.americanexpress.com, OU=Web Hosting, O=American Express Company, L=Phoenix, ST=Arizona, C=US
Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x35f39c9233cdc61333b1d58614e578b2
Valid from Wed Jun 26 00:00:00 UTC 2013 until Fri Sep 01 23:59:59 UTC 2017
....
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1464494977 bytes = { 253, 148, 218, 101, 153, 160, 57, 246, 36, 129, 111, 62, 106, 226, 141, 140, 102, 47, 123, 244, 108, 192, 12, 140, 187, 249, 208, 106 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, 28_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=services.americanexpress.com]
***
[write] MD5 and SHA1 hashes: len = 232
00B0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................
00C0: 02 01 01 00 00 00 21 00 1F 00 00 1C 73 65 72 76 ......!.....serv
00D0: 69 63 65 73 2E 61 6D 65 72 69 63 61 6E 65 78 70 ices.americanexp
00E0: 72 65 73 73 2E 63 6F 6D ress.com
main, WRITE: TLSv1.2 Handshake, length = 232
[Raw write]: length = 237
0000: 16 03 03 00 E8 01 00 00 E4 03 03 57 4A 6C 81 FD ...........WJl..
0010: 94 DA 65 99 A0 39 F6 24 81 6F 3E 6A E2 8D 8C 66 ..e..9.$.o>j...f
0020: 2F 7B F4 6C C0 0C 8C BB F9 D0 6A 00 00 3A C0 23 /..l......j..:.#
0030: C0 27 00 3C C0 25 C0 29 00 67 00 40 C0 09 C0 13 .'.<.%.)[email protected]
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 2B C0 2F 00 9C ./.....3.2.+./..
00D0: 1C 73 65 72 76 69 63 65 73 2E 61 6D 65 72 69 63 .services.americ
00E0: 61 6E 65 78 70 72 65 73 73 2E 63 6F 6D anexpress.com
[Raw read]: length = 5
0000: 16 03 03 00 51 ....Q
[Raw read]: length = 81
0000: 02 00 00 4D 03 03 90 E6 BB 39 B7 B1 8E 67 DA 71 ...M.....9...g.q
0010: 65 74 25 D1 B7 CF ED D4 1A 6C 2B 0B 06 8C 0E 5E et%......l+....^
0020: 25 07 3F 8D E3 6F 20 49 AD 22 CA E7 8B 8A E5 41 %.?..o I.".....A
0030: BE 9A B5 25 E0 70 D8 F9 73 A0 E0 5D 2F F3 3C AD ...%.p..s..]/.<.
0040: DE 1E 88 98 3B 65 B1 00 3C 00 00 05 FF 01 00 01 ....;e..<.......
0050: 00 .
main, READ: TLSv1.2 Handshake, length = 81
*** ServerHello, TLSv1.2
RandomCookie: GMT: -1880769735 bytes = { 183, 177, 142, 103, 218, 113, 101, 116, 37, 209, 183, 207, 237, 212, 26, 108, 43, 11, 6, 140, 14, 94, 37, 7, 63, 141, 227, 111 }
Session ID: {73, 173, 34, 202, 231, 139, 138, 229, 65, 190, 154, 181, 37, 224, 112, 216, 249, 115, 160, 224, 93, 47, 243, 60, 173, 222, 30, 136, 152, 59, 101, 177}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA256]
** TLS_RSA_WITH_AES_128_CBC_SHA256
[read] MD5 and SHA1 hashes: len = 81
0000: 02 00 00 4D 03 03 90 E6 BB 39 B7 B1 8E 67 DA 71 ...M.....9...g.q
0010: 65 74 25 D1 B7 CF ED D4 1A 6C 2B 0B 06 8C 0E 5E et%......l+....^
0020: 25 07 3F 8D E3 6F 20 49 AD 22 CA E7 8B 8A E5 41 %.?..o I.".....A
0030: BE 9A B5 25 E0 70 D8 F9 73 A0 E0 5D 2F F3 3C AD ...%.p..s..]/.<.
0040: DE 1E 88 98 3B 65 B1 00 3C 00 00 05 FF 01 00 01 ....;e..<.......
0050: 00 .
[Raw read]: length = 5
0000: 16 03 03 10 8E .....
[Raw read]: length = 4238
0310: 03 55 1D 0F 01 01 FF 04 04 03 02 05 A0 30 34 06 .U...........04.
0320: 03 55 1D 25 04 2D 30 2B 06 08 2B 06 01 05 05 07 .U.%.-0+..+.....
0450: 33 2D 61 69 61 2E 76 65 72 69 73 69 67 6E 2E 63 3-aia.verisign.c
0460: 6F 6D 2F 53 56 52 49 6E 74 6C 47 33 2E 63 65 72 om/SVRIntlG3.cer
main, READ: TLSv1.2 Handshake, length = 4238
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=services.americanexpress.com, OU=Web Hosting, O=American Express Company, L=Phoenix, ST=Arizona, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 30229676159696194917135440681975777728948709702479449945212097279930911021756291412408692828743836980749310830284879195994844527811837445892117218165863252223136982773
public exponent: 65537
Validity: [From: Wed Jun 26 00:00:00 UTC 2013,
To: Fri Sep 01 23:59:59 UTC 2017]
Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 35f39c92 33cdc613 33b1d586 14e578b2]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
,
accessMethod: caIssuers
accessLocation: URIName: http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D7 9B 7C D8 22 A0 15 F7 DD AD 5F CE 29 9B 58 C3 ...."....._.).X.
0010: BC 46 00 B5 .F..
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
1.3.6.1.4.1.311.10.3.3
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: services.americanexpress.com
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 2D E6 45 41 B1 52 D9 55 57 04 45 DC 07 51 E5 8E -.EA.R.UW.E..Q..
0010: 5C 00 41 5F AB D5 84 A4 64 4D 55 CC 38 88 18 4E \.A_....dMU.8..N
00D0: FD E9 93 D2 6A 55 24 F3 62 BE BD 99 EE 24 53 F5 ....jU$.b....$S.
00E0: 96 E7 2E DE 3E D2 7B 1C 77 9A 45 C7 FA 68 A1 76 ....>...w.E..h.v
00F0: 67 BA EC 81 83 FF 54 E2 A4 7E 47 AD 2C 39 62 F2 g.....T...G.,9b.
]
chain [1] = [
[
Version: V3
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 19420289231323388569960227299938029487260953720447310437792509462236918786001726710037662040142546936643383523519471181931421354900828966157275086870493679916429749573
public exponent: 65537
Validity: [From: Mon Feb 08 00:00:00 UTC 2010,
To: Fri Feb 07 23:59:59 UTC 2020]
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 641be820 ce020813 f32d4d2d 95d67e67]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
0060: 67 69 66 gif
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7F D3 65 A7 C2 DD EC BB F0 30 09 F3 43 39 FA 02 ..e......0..C9..
0010: AF 33 31 33 .313
]
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.verisign.com/pca3-g5.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 1E 1A 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 0...https://www.
0010: 76 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 verisign.com/rpa
]] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
2.16.840.1.113733.1.8.1
]
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=VeriSignMPKI-2-7
]
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 9B 7C D8 22 A0 15 F7 DD AD 5F CE 29 9B 58 C3 ...."....._.).X.
0010: BC 46 00 B5 .F..
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 71 B5 7D 73 52 4A DD D7 4D 34 2B 2E AF 94 46 A5 q..sRJ..M4+...F.
0010: 49 50 02 4F F8 2F 17 70 F2 13 DC 1F 21 86 AA C2 IP.O./.p....!...
0020: 4F 7C 37 3C D4 46 78 AE 5D 78 6F D1 BA 5A BC 10 O.7<.Fx.]xo..Z..
0030: AB 58 36 C5 8C 62 15 45 60 17 21 E2 D5 42 A8 77 .X6..b.E`.!..B.w
0040: A1 55 D8 43 04 51 F6 6E BA 48 E6 5D 4C B7 44 D3 .U.C.Q.n.H.]L.D.
0050: 3E A4 D5 D6 33 9A 9F 0D E6 D7 4E 96 44 95 5A 6C >...3.....N.D.Zl
0060: D6 A3 16 53 0E 98 43 CE A4 B8 C3 66 7A 05 5C 62 ...S..C....fz.\b
0070: 10 E8 1B 12 DB 7D 2E 76 50 FF DF D7 6B 1B CC 8A .......vP...k...
0080: CC 71 FA B3 40 56 7C 33 7A 77 94 5B F5 0B 53 FB [email protected][..S.
0090: 0E 5F BC 68 FB AF 2A EE 30 37 79 16 93 25 7F 4D ._.h..*.07y..%.M
00A0: 10 FF 57 FB BF 6E 3B 33 21 DE 79 DC 86 17 59 2D ..W..n;3!.y...Y-
00B0: 43 64 B7 A6 66 87 EA BC 96 46 19 1A 86 8B 6F D7 Cd..f....F....o.
00C0: B7 49 00 5B DB A3 BF 29 9A EE F7 D3 33 AE A3 F4 .I.[...)....3...
00D0: 9E 4C CA 5E 69 D4 1B AD B7 90 77 6A D8 59 6F 79 .L.^i.....wj.Yoy
00E0: AB 01 FA 55 F0 8A 21 66 E5 65 6E FD 7C D3 DF 1E ...U..!f.en.....
00F0: EB 7E 3F 06 90 FB 19 0B D3 06 02 1B 78 43 99 A8 ..?.........xC..
]
chain [2] = [
[
Version: V3
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 22109471102059671383796642714942393631149792360856487955190294587841800871022486252652612163196360832938367608763978013876844944237576704237206902072810376180366897841695320192789360300658269712766474225042097261456189264772686300705672328691871464945536513831768596383894122798581104077921511815271705394605095257256954381366139644740877956016759414080557948459417160074173313082409422023967584984099389949088073277478112907997447136173994433125025479812790590943737038696590266840534396683337181295383175344548120097700121250428676269067140626584500149856482388498317203907790209503513966223821253856296202557465877
public exponent: 65537
Validity: [From: Wed Nov 08 00:00:00 UTC 2006,
To: Wed Jul 16 23:59:59 UTC 2036]
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 18dad19e 267de8bb 4a2158cd cc6b3b4a]
Certificate Extensions: 4
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
0060: 67 69 66 gif
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7F D3 65 A7 C2 DD EC BB F0 30 09 F3 43 39 FA 02 ..e......0..C9..
0010: AF 33 31 33 .313
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 93 24 4A 30 5F 62 CF D8 1A 98 2F 3D EA DC 99 2D .$J0_b..../=...-
00C0: EF A5 7D 45 40 72 8E B7 0E 6B 0E 06 FB 33 35 48 [email protected]
00D0: 71 B8 9D 27 8B C4 65 5F 0D 86 76 9C 44 7A F6 95 q..'..e_..v.Dz..
00E0: 5C F6 5D 32 08 33 A4 54 B6 18 3F 68 5C F2 42 4A \.]2.3.T..?h\.BJ
00F0: 85 38 54 83 5F D1 E8 2C F2 AC 11 D6 A8 ED 63 6A .8T._..,......cj
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=services.americanexpress.com, OU=Web Hosting, O=American Express Company, L=Phoenix, ST=Arizona, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 30229676159696194917135440681975777728948709702479449945212097279930911021756291412408692828743836980749310830284879195994844527811837445892117218165863252223136982773
public exponent: 65537
Validity: [From: Wed Jun 26 00:00:00 UTC 2013,
To: Fri Sep 01 23:59:59 UTC 2017]
Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 35f39c92 33cdc613 33b1d586 14e578b2]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
,
accessMethod: caIssuers
accessLocation: URIName: http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D7 9B 7C D8 22 A0 15 F7 DD AD 5F CE 29 9B 58 C3 ...."....._.).X.
0010: BC 46 00 B5 .F..
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
1.3.6.1.4.1.311.10.3.3
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: services.americanexpress.com
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 2D E6 45 41 B1 52 D9 55 57 04 45 DC 07 51 E5 8E -.EA.R.UW.E..Q..
0010: 5C 00 41 5F AB D5 84 A4 64 4D 55 CC 38 88 18 4E \.A_....dMU.8..N
0020: 1D CB 0D 88 D5 02 A5 E2 73 72 62 B3 51 49 6F 20 ........srb.QIo
00C0: B7 1E 87 B7 AE D8 AB 29 83 A5 69 00 D3 07 BE 45 .......)..i....E
00D0: FD E9 93 D2 6A 55 24 F3 62 BE BD 99 EE 24 53 F5 ....jU$.b....$S.
00E0: 96 E7 2E DE 3E D2 7B 1C 77 9A 45 C7 FA 68 A1 76 ....>...w.E..h.v
00F0: 67 BA EC 81 83 FF 54 E2 A4 7E 47 AD 2C 39 62 F2 g.....T...G.,9b.
]
[read] MD5 and SHA1 hashes: len = 4238
0000: 0B 00 10 8A 00 10 87 00 05 7A 30 82 05 76 30 82 .........z0..v0.
0010: 04 5E A0 03 02 01 02 02 10 35 F3 9C 92 33 CD C6 .^.......5...3..
0020: 13 33 B1 D5 86 14 E5 78 B2 30 0D 06 09 2A 86 48 .3.....x.0...*.H
0030: 86 F7 0D 01 01 05 05 00 30 81 BC 31 0B 30 09 06 ........0..1.0..
0040: 03 55 04 06 13 02 55 53 31 17 30 15 06 03 55 04 .U....US1.0...U.
0050: 0A 13 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 ...VeriSign, Inc
0060: 2E 31 1F 30 1D 06 03 55 04 0B 13 16 56 65 72 69 .1.0...U....Veri
0070: 53 69 67 6E 20 54 72 75 73 74 20 4E 65 74 77 6F Sign Trust Netwo
07A0: C4 28 C6 E3 AD 79 1F 27 10 98 B8 BB 20 97 C1 28 .(...y.'.... ..(
07B0: 44 41 0F EA A9 A8 52 CF 4D 4E 1B 8B BB B5 C4 76 DA....R.MN.....v
07C0: D9 CC 56 06 EE B3 55 20 2A DE 15 8D 71 CB 54 C8 ..V...U *...q.T.
07D0: 6F 17 CD 89 00 E4 DC FF E1 C0 1F 68 71 E9 C7 29 o..........hq..)
07E0: 2E 7E BC 3B FC E5 BB AB 26 54 8B 66 90 CD F6 92 ...;....&T.f....
07F0: B9 31 24 80 BC 9E 6C D5 FC 7E D2 E1 4B 8C DC 42 .1$...l.....K..B
1080: 54 83 5F D1 E8 2C F2 AC 11 D6 A8 ED 63 6A T._..,......cj
[Raw read]: length = 5
0000: 16 03 03 00 2E .....
[Raw read]: length = 46
0000: 0D 00 00 26 03 01 02 40 00 1E 06 01 06 02 06 03 ...&[email protected]
0010: 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 ................
0020: 03 03 02 01 02 02 02 03 00 00 0E 00 00 00 ..............
main, READ: TLSv1.2 Handshake, length = 46
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<Empty>
[read] MD5 and SHA1 hashes: len = 42
0000: 0D 00 00 26 03 01 02 40 00 1E 06 01 06 02 06 03 ...&[email protected]
0010: 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 ................
0020: 03 03 02 01 02 02 02 03 00 00 ..........
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
[write] MD5 and SHA1 hashes: len = 269
0000: 0B 00 00 03 00 00 00 10 00 01 02 01 00 BE 4B B7 ..............K.
0110: 8F 98 ..
SESSION KEYGEN:
PreMaster Secret:
0000: 03 03 8D 61 C0 F9 AC 11 FA 20 C4 6D 78 C0 2E 3F ...a..... .mx..?
0010: 0A 60 C6 BA 36 C2 E6 28 AE B3 12 38 EC F0 52 E0 .`..6..(...8..R.
0020: 72 BC 31 16 34 B5 88 3C 4E BB C8 E2 50 EA 20 00 r.1.4..<N...P. .
CONNECTION KEYGEN:
Client Nonce:
0000: 57 4A 6C 81 FD 94 DA 65 99 A0 39 F6 24 81 6F 3E WJl....e..9.$.o>
0010: 6A E2 8D 8C 66 2F 7B F4 6C C0 0C 8C BB F9 D0 6A j...f/..l......j
Server Nonce:
0000: 90 E6 BB 39 B7 B1 8E 67 DA 71 65 74 25 D1 B7 CF ...9...g.qet%...
0010: ED D4 1A 6C 2B 0B 06 8C 0E 5E 25 07 3F 8D E3 6F ...l+....^%.?..o
Master Secret:
0000: 38 C7 96 B8 C2 C3 51 55 49 E2 95 C2 D8 23 28 E9 8.....QUI....#(.
0010: 9D 08 40 21 3F C6 85 E9 3E 3B B7 67 6A 76 26 7E [email protected]!?...>;.gjv&.
0020: 97 E6 2C 80 FF 81 C4 33 D1 9F BF 42 35 2D AB 73 ..,....3...B5-.s
Client MAC write Secret:
0000: 67 7E 5C C7 7B 2B 5F 5E 38 42 A1 21 2C FE F1 F2 g.\..+_^8B.!,...
0010: DD E4 BB 46 7D 35 BF C6 29 40 A8 8B B5 D6 DE 11 ...F.5..)@......
Server MAC write Secret:
0000: AD 34 13 00 5F 27 F1 21 AA 3B 63 75 76 1A 1A 89 .4.._'.!.;cuv...
0010: 9A CD 4D E3 1B DB 7F 83 65 1A 6A EE 0A 6F 33 86 ..M.....e.j..o3.
Client write key:
0000: E7 8D 41 0F FB 52 FF BF A1 D4 DB E8 BB 25 91 96 ..A..R.......%..
Server write key:
0000: 3E 09 29 43 AF F4 AB 98 2A C3 4D 53 B1 9D 33 5D >.)C....*.MS..3]
... no IV derived for this protocol
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 03 00 01 01 ......
*** Finished
verify_data: { 82, 58, 56, 177, 242, 110, 34, 212, 168, 243, 94, 249 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 52 3A 38 B1 F2 6E 22 D4 A8 F3 5E F9 ....R:8..n"...^.
Padded plaintext before ENCRYPTION: len = 80
0000: 8C E5 C6 F2 8F A1 37 D2 7B 43 6A 26 FD 9F 23 48 ......7..Cj&..#H
0010: 14 00 00 0C 52 3A 38 B1 F2 6E 22 D4 A8 F3 5E F9 ....R:8..n"...^.
0020: EE EF 79 2B C0 62 2A 7B C9 63 A3 71 41 F3 CE E2 ..y+.b*..c.qA...
0030: C2 6D EA 72 78 3C B5 10 FE BF D1 10 E8 A8 C1 BA .m.rx<..........
0040: 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F ................
main, WRITE: TLSv1.2 Handshake, length = 80
[Raw write]: length = 85
0000: 16 03 03 00 50 A5 DE 9B 39 37 C5 1F 81 3E E4 00 ....P...97...>..
0010: 18 C8 89 6B F3 46 9B 89 73 4A 64 20 52 0E BD 93 ...k.F..sJd R...
0020: 4D F3 AF D8 6B 90 56 60 4F 9E DE 96 06 EE 05 F3 M...k.V`O.......
0030: 32 CC 7A A6 85 C9 22 72 59 A9 05 B3 D4 A5 A9 E2 2.z..."rY.......
0040: A9 6A B5 51 49 B8 E9 DC CC 56 DB EF DB DB 06 8E .j.QI....V......
0050: 37 BB F4 48 7F 7..H.
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA256]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Kann nicht herausfinden, was das ist, Anwendung mit java1.6 arbeitete aber SSLPoke können beide Szenarien nicht
Danke für Ihre Antwort @Steffen. Ich bin sicher, dass ich das CERT importiert habe, und ich habe den anderen Truststore auch benutzt, den java1.6 benutzt, plus Gewohnheit, die wir haben. Alle 3 geben die gleiche Antwort. Ich habe das Zertifikat mit diesem Befehl erhalten, und es ist genau dasselbe Zertifikat, das sie zur Verfügung gestellt haben: openssl s_client -connect services.americanexpress.com:443 public.crt –
'openssl s_client -connect services.americanexpress.com:443 public.crt' 'sudo/usr/java/aktuell/jre/bin/keytool -import -trustcacerts -alias s.amex. com -file public.crt -keystore /usr/java/jdk1.8.0_60/jre/lib/security/cacerts Das Zertifikat wurde zum Schlüsselspeicher' hinzugefügt. 'java SSLPoke services.americanexpress.com 443 javax.net.ssl.SSLHandshakeException : Erhaltene fatale Warnung: handshake_failure' –
Da es cert gibt, beschwert es sich nicht, dass das Zertifikat nicht vorhanden ist: 'java -Djavax.net.ssl.trustStore =/usr/java/jdk1.8.0_60/jre/lib/Sicherheit/cacerts SSLPoke services.americanexpress.com 443 javax.net.ssl.SSLHandshakeException: Empfangene fatale Warnung: handshake_failure \t bei SSLPoke.main (SSLPoke.java:31) ' Sonst hätte sich beschwert wie: ' sun.security.validator.ValidatorException: PKIX-Pfad Gebäude fehlgeschlagen: sun.security.provider.certpath.SunCertPathBuilderException: nicht in der Lage, gültige Zertifizierung Pfad zum angeforderten Ziel zu finden ' –