[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] Unable to create certificate verify!



This exception occurs if an error occurs in the RSA operation. You should
make sure that the RSA cipher returned by your security provider knows
how to handle the RSA private key returned by your ClientTrustDecider
(you seem to be using some non IAIK RSA code).

Regards,

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at


-----Ursprüngliche Nachricht-----
Von: Nell Rehn <nellrehn@midway.uchicago.edu>
An: <iaik-ssl@iaik.tu-graz.ac.at>
Gesendet: Dienstag, 31. August 1999 18:01
Betreff: [iaik-ssl] Unable to create certificate verify!


> Hello-
>
> I have the following problem connecting to our server which _requires_
> the client to authenticate.  Can anyone please tell me what the cause
> of this exception is?  Here is the handshake.  Thank you, Helen Rehn
>
> /sandbox/jdk1.2/bin/java -classpath
>
.:./lib/jndi.jar:./lib/providerutil.jar:./lib/ldap.jar:/sandbox/jdk1.2/jr
e/lib/rt.jar:.:/homes/rehn/iaik_jce_full.jar:/homes/rehn/iSaSiLk2.51/lib/
iaik_ssl.jar:/homes/rehn/iSaSiLk2.51/src
> https_test pitcairn.mcs.anl.gov 48492
> [
> [
>   Version: V3
>   Subject: CN=Nell Rehn, OU=Mathematics and Computer Science Division,
> O=Argonne National Laboratory, O=Globus, C=US
>   Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
>
>   Key:  com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@bca7b701
>   Validity: [From: Mon Aug 30 10:41:31 CDT 1999,
>                To: Mon Aug 30 22:46:31 CDT 1999]
>   Issuer: CN=Nell Rehn, OU=Mathematics and Computer Science Division,
> O=Argonne National Laboratory, O=Globus, C=US
>   SerialNumber: [    04d5]
>
> Certificate Extensions: 1
> [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
> NetscapeCertType [
>    SSL server
> ]
>
> ]
>   Algorithm: [MD5withRSA]
>   Signature:
> 0000: B5 E1 FF 4A F3 1B 5D A4   F7 29 68 D7 BC 89 3C 3F
...J..]..)h...<?
> 0010: 02 1B 26 B0 26 D1 CB C2   EC C0 9A 9D 72 BC 15 CE
..&.&.......r...
> 0020: 80 46 37 A0 71 3D 5F 0C   15 E9 76 84 68 7B AD B0
.F7.q=_...v.h...
> 0030: 4A 60 E5 D7 9E 89 52 19   30 F0 5A B9 31 83 8E 02
J`....R.0.Z.1...
> 0040: 9D E7 DB 5C 8F C0 AA 87   3A DD 0B 82 7F F1 00 D1
...\....:.......
> 0050: 67 13 E5 2D C5 E3 82 7E   CA 3E 4E 36 C9 09 3B BC
g..-.....>N6..;.
> 0060: 74 2D 24 59 8F A4 F7 E1   D8 93 B6 C5 2D 81 81 E4
t-$Y........-...
> 0070: 47 BC FE D4 9B DD 52 36   C0 7C 2E 00 78 82 BD 0A
G.....R6....x...
>
> ]
> [
> [
>   Version: V3
>   Subject: CN=Nell Rehn, OU=Mathematics and Computer Science Division,
> O=Argonne National Laboratory, O=Globus, C=US
>   Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
>
>   Key:  com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a4abb701
>   Validity: [From: Mon Aug 23 13:14:15 CDT 1999,
>                To: Tue Aug 22 13:14:15 CDT 2000]
>   Issuer: CN=Globus Certification Authority, O=Globus, C=US
>   SerialNumber: [    04d5]
>
> Certificate Extensions: 1
> [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
> NetscapeCertType [
>    SSL server
> ]
>
> ]
>   Algorithm: [MD5withRSA]
>   Signature:
> 0000: 90 43 BE 9D 58 8D 43 AB   E3 E9 50 80 73 90 51 39
.C..X.C...P.s.Q9
> 0010: D8 92 EC 0D DE 5E 22 DB   18 F3 59 55 43 C1 97 CD
.....^"...YUC...
> 0020: D0 87 FC F2 70 DD 5D 70   9D F6 E1 2D 5B FC BA C1
....p.]p...-[...
> 0030: 64 AD 82 C1 A3 03 61 89   C2 21 79 32 CF 41 CE E6
d.....a..!y2.A..
> 0040: 3D 4D D9 5F C7 C4 7E 30   3C 12 E6 AC F6 EC 19 A1
=M._...0<.......
> 0050: A9 67 0F 8A A8 6E 90 1B   90 5B 49 03 EA 1E 34 E0
.g...n...[I...4.
> 0060: C8 62 CB C9 76 20 DC A9   83 C7 D3 29 30 DA D8 A1  .b..v
.....)0...
> 0070: 10 13 E1 37 29 81 8F ED   61 E8 1D CD 63 C0 E5 15
...7)...a...c...
>
> ]
> create new SSLSocket to: pitcairn.mcs.anl.gov:48492
> InputRecord locked.
> OutputRecord locked.
> starting handshake.
> send client_hello...
> v3ClientHello, version: 3.0
> received server_hello...
> Server doesn't want to resume a previous session.
> CipherSuite selected by server: SSL_RSA_WITH_NULL_MD5
> CompressionMethod selected by server: NULL
> received Certificate...
> Server certificate chain
> CN=proxy, OU=Mathematics and Computer Science Division, O=Argonne
National
> Laboratory, O=Globus, C=US
> CN=Nell Rehn, OU=Mathematics and Computer Science Division, O=Argonne
> National Laboratory, O=Globus, C=US
> CN=Globus Certification Authority, O=Globus, C=US
> received certificate_request...
> received server_hello_done...
> Key exchange algorithm: RSA
> Server accepts the following CAs:
> Server requests the following certificate types:
> rsa_sign
> dss_sign
> return RSA certificate...
> send SSLCertificate...
> send ClientKeyExchange...
> send CertificateVerify...
> iaik.security.ssl.SSLException: Unable to create certificate verify!
>         at iaik.security.ssl.x.a(Compiled Code)
>         at iaik.security.ssl.x.f(Compiled Code)
>         at iaik.security.ssl.r.c(Compiled Code)
>         at iaik.security.ssl.SSLSocket.startHandshake(Compiled Code)
>         at iaik.security.ssl.SSLSocket.getOutputStream(Compiled Code)
>         at https_test.main(Compiled Code)
>
> Connection established...
>
> Active cipher suite: SSL_RSA_WITH_NULL_MD5
> Active compression method: NULL
>
> Server certificate chain:
> Certificate 0: CN=proxy, OU=Mathematics and Computer Science Division,
> O=Argonne National Laboratory, O=Globus, C=US
> Certificate 1: CN=Nell Rehn, OU=Mathematics and Computer Science
Division,
> O=Argonne National Laboratory, O=Globus, C=US
> Certificate 2: CN=Globus Certification Authority, O=Globus, C=US
>
> -----------------------------------------------------------------------
--------------
> http://www.mcs.anl.gov/~rehn
>
>
>
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-ssl
>
>
>


smime.p7s