[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: AW: [iaik-ssl]cu|| Why no client side certificate is available?



Hello Lei,

seems you are using the SUN provider. Is it sure that any of the security
providers you have installed supports a RSA Cipher engine?

Regards,
Dieter


-----Ursprungliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Lei Gu
Gesendet: Dienstag, 19. Marz 2002 14:44
An: Dieter Bratko; iaik-ssl@iaik.at
Betreff: Re: AW: [iaik-ssl]cu|| Why no client side certificate is
available?


Hi Dieter,

Below is the debug output of my program. I also printed out the certificate
I used.

The root of the chain clearly states :
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US

Any ideas? Thanks for your help.
-- Lei

----------------------------- Debug output
---------------------------------------

============== Certificate Element [0] ================
[
[
   Version: V3
   Subject: C=US, ST=Massachusettes, L=Burlington, OU=Engineering,
CN=Lightbridge Inc., OU=Digital ID Class 3 - Java Object Signing,
OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)99",
OU=VeriSign Trust Network, O="VeriSign, Inc."
   Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
   Key:  com.sun.rsajca.JSA_RSAPublicKey@58957f
   Validity: [From: Mon Sep 24 20:00:00 EDT 2001,
                To: Wed Sep 25 19:59:59 EDT 2002]
   Issuer: CN=VeriSign Class 3 CA - Commercial Content/Software Publisher,
OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98",
OU=VeriSign Trust Network, O="VeriSign, Inc."
   SerialNumber: [    53a74ccd ea997ca6 9597792a e72d8a52 ]
Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 03 7E 16 82 03 7A   54 68 69 73 20 63 65 72  .......zThis cer
0010: 74 69 66 69 63 61 74 65   20 69 6E 63 6F 72 70 6F  tificate incorpo
0020: 72 61 74 65 73 20 62 79   20 72 65 66 65 72 65 6E  rates by referen
0030: 63 65 2C 20 61 6E 64 20   0A 69 74 73 20 75 73 65  ce, and .its use
0040: 20 69 73 20 73 74 72 69   63 74 6C 79 20 73 75 62   is strictly sub
0050: 6A 65 63 74 20 74 6F 2C   20 74 68 65 20 56 65 72  ject to, the Ver
0060: 69 53 69 67 6E 20 0A 43   65 72 74 69 66 69 63 61  iSign .Certifica
0070: 74 69 6F 6E 20 50 72 61   63 74 69 63 65 20 53 74  tion Practice St
0080: 61 74 65 6D 65 6E 74 20   28 43 50 53 29 2C 20 61  atement (CPS), a
0090: 76 61 69 6C 61 62 6C 65   0A 69 6E 20 74 68 65 20  vailable.in the
00A0: 56 65 72 69 53 69 67 6E   20 72 65 70 6F 73 69 74  VeriSign reposit
00B0: 6F 72 79 20 61 74 3A 20   0A 68 74 74 70 73 3A 2F  ory at: .https:/
00C0: 2F 77 77 77 2E 76 65 72   69 73 69 67 6E 2E 63 6F  /www.verisign.co
00D0: 6D 3B 20 62 79 20 45 2D   6D 61 69 6C 20 61 74 0A  m; by E-mail at.
00E0: 43 50 53 2D 72 65 71 75   65 73 74 73 40 76 65 72  CPS-requests@ver
00F0: 69 73 69 67 6E 2E 63 6F   6D 3B 20 6F 72 20 62 79  isign.com; or by
0100: 20 6D 61 69 6C 20 61 74   20 56 65 72 69 53 69 67   mail at VeriSig
0110: 6E 2C 0A 49 6E 63 2E 2C   20 32 35 39 33 20 43 6F  n,.Inc., 2593 Co
0120: 61 73 74 20 41 76 65 2E   2C 20 4D 6F 75 6E 74 61  ast Ave., Mounta
0130: 69 6E 20 56 69 65 77 2C   20 43 41 20 39 34 30 34  in View, CA 9404
0140: 33 20 55 53 41 0A 0A 43   6F 70 79 72 69 67 68 74  3 USA..Copyright
0150: 20 28 63 29 31 39 39 36   20 56 65 72 69 53 69 67   (c)1996 VeriSig
0160: 6E 2C 20 49 6E 63 2E 20   20 41 6C 6C 20 52 69 67  n, Inc.  All Rig
0170: 68 74 73 20 0A 52 65 73   65 72 76 65 64 2E 20 0A  hts .Reserved. .
0180: 0A 57 41 52 4E 49 4E 47   3A 20 54 48 45 20 55 53  .WARNING: THE US
0190: 45 20 4F 46 20 54 48 49   53 20 43 45 52 54 49 46  E OF THIS CERTIF
01A0: 49 43 41 54 45 20 49 53   20 53 54 52 49 43 54 4C  ICATE IS STRICTL
01B0: 59 0A 53 55 42 4A 45 43   54 20 54 4F 20 54 48 45  Y.SUBJECT TO THE
01C0: 20 56 45 52 49 53 49 47   4E 20 43 45 52 54 49 46   VERISIGN CERTIF
01D0: 49 43 41 54 49 4F 4E 20   50 52 41 43 54 49 43 45  ICATION PRACTICE
01E0: 0A 53 54 41 54 45 4D 45   4E 54 2E 20 20 54 48 45  .STATEMENT.  THE
01F0: 20 49 53 53 55 49 4E 47   20 41 55 54 48 4F 52 49   ISSUING AUTHORI
0200: 54 59 20 44 49 53 43 4C   41 49 4D 53 20 43 45 52  TY DISCLAIMS CER
0210: 54 41 49 4E 0A 49 4D 50   4C 49 45 44 20 41 4E 44  TAIN.IMPLIED AND
0220: 20 45 58 50 52 45 53 53   20 57 41 52 52 41 4E 54   EXPRESS WARRANT
0230: 49 45 53 2C 20 49 4E 43   4C 55 44 49 4E 47 20 57  IES, INCLUDING W
0240: 41 52 52 41 4E 54 49 45   53 0A 4F 46 20 4D 45 52  ARRANTIES.OF MER
0250: 43 48 41 4E 54 41 42 49   4C 49 54 59 20 4F 52 20  CHANTABILITY OR
0260: 46 49 54 4E 45 53 53 20   46 4F 52 20 41 20 50 41  FITNESS FOR A PA
0270: 52 54 49 43 55 4C 41 52   0A 50 55 52 50 4F 53 45  RTICULAR.PURPOSE
0280: 2C 20 41 4E 44 20 57 49   4C 4C 20 4E 4F 54 20 42  , AND WILL NOT B
0290: 45 20 4C 49 41 42 4C 45   20 46 4F 52 20 43 4F 4E  E LIABLE FOR CON
02A0: 53 45 51 55 45 4E 54 49   41 4C 2C 0A 50 55 4E 49  SEQUENTIAL,.PUNI
02B0: 54 49 56 45 2C 20 41 4E   44 20 43 45 52 54 41 49  TIVE, AND CERTAI
02C0: 4E 20 4F 54 48 45 52 20   44 41 4D 41 47 45 53 2E  N OTHER DAMAGES.
02D0: 20 53 45 45 20 54 48 45   20 43 50 53 0A 46 4F 52   SEE THE CPS.FOR
02E0: 20 44 45 54 41 49 4C 53   2E 0A 0A 43 6F 6E 74 65   DETAILS...Conte
02F0: 6E 74 73 20 6F 66 20 74   68 65 20 56 65 72 69 53  nts of the VeriS
0300: 69 67 6E 20 72 65 67 69   73 74 65 72 65 64 0A 6E  ign registered.n
0310: 6F 6E 76 65 72 69 66 69   65 64 53 75 62 6A 65 63  onverifiedSubjec
0320: 74 41 74 74 72 69 62 75   74 65 73 20 65 78 74 65  tAttributes exte
0330: 6E 73 69 6F 6E 20 76 61   6C 75 65 20 73 68 61 6C  nsion value shal
0340: 6C 20 0A 6E 6F 74 20 62   65 20 63 6F 6E 73 69 64  l .not be consid
0350: 65 72 65 64 20 61 73 20   61 63 63 75 72 61 74 65  ered as accurate
0360: 20 69 6E 66 6F 72 6D 61   74 69 6F 6E 20 76 61 6C   information val
0370: 69 64 61 74 65 64 20 0A   62 79 20 74 68 65 20 49  idated .by the I
0380: 41 2E                                              A.

[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
    Object Signing
]
[3]: ObjectId: 1.3.6.1.4.1.311.2.1.27 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 08 30 06 01 01 00 01   01 FF                    ..0.......

[4]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 29 16 27 68 74 74 70   73 3A 2F 2F 77 77 77 2E  .).'https://www.
0010: 76 65 72 69 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  verisign.com/rep
0020: 6F 73 69 74 6F 72 79 2F   43 50 53                 ository/CPS

[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
   DigitalSignature
   Key_Encipherment
]
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
   Algorithm: [MD5withRSA]
   Signature:
0000: 4E 45 6D 5E DA 5A 5D 5F   10 5B 75 73 5E 82 F7 D4  NEm^.Z]_.[us^...
0010: EB E3 68 D0 AF BE C5 DF   BF 27 BE 0E 6C 5E 28 92  ..h......'..l^(.
0020: 4F 13 CD 48 7C 15 E0 62   5C 2A 33 6C 1E A6 37 6F  O..H...b\*3l..7o
0030: CA 89 35 D2 F5 B8 48 18   D1 9D 63 37 C6 76 7E 84  ..5...H...c7.v..
0040: D2 7E 38 F8 42 5C E2 75   EA 36 8A 5C C5 C4 DE 4C  ..8.B\.u.6.\...L
0050: 65 21 8D 60 ED 8D 58 8C   91 75 CD DB A8 B2 9E DD  e!.`..X..u......
0060: BD 14 20 20 DF 09 D1 35   87 D0 5D F2 7B F6 08 0F  ..  ...5..].....
0070: BA 7D BD B5 C2 C6 E0 B8   90 B7 82 9C BE 54 F5 86  .............T..

]
================================================================
============== Certificate Element [1] ================
[
[
   Version: V3
   Subject: CN=VeriSign Class 3 CA - Commercial Content/Software Publisher,
OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98",
OU=VeriSign Trust Network, O="VeriSign, Inc."
   Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
   Key:  com.sun.rsajca.JSA_RSAPublicKey@6a9d42
   Validity: [From: Wed Dec 30 19:00:00 EST 1998,
                To: Wed Dec 31 18:59:59 EST 2008]
   Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
   SerialNumber: [    49249b60 aea19b7b 0ed22603 bf43a9c1 ]
Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
    Object Signing CA]
[2]: ObjectId: 2.5.29.32 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 40 30 3E 30 3C 06 0B   60 86 48 01 86 F8 45 01  .@0>0<..`.H...E.
0010: 07 01 01 30 2D 30 2B 06   08 2B 06 01 05 05 07 02  ...0-0+..+......
0020: 01 16 1F 77 77 77 2E 76   65 72 69 73 69 67 6E 2E  ...www.verisign.
0030: 63 6F 6D 2F 72 65 70 6F   73 69 74 6F 72 79 2F 52  com/repository/R
0040: 50 41                                              PA

[3]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2E 30 2C 30 2A A0 28   A0 26 86 24 68 74 74 70  ..0,0*.(.&.$http
0010: 3A 2F 2F 63 72 6C 2E 76   65 72 69 73 69 67 6E 2E  ://crl.verisign.
0020: 63 6F 6D 2F 70 63 61 33   2E 31 2E 31 2E 63 72 6C  com/pca3.1.1.crl

[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[CN=Class3CA1-3]]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
   Key_CertSign
   Crl_Sign
]
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:0
]
]
   Algorithm: [MD2withRSA]
   Signature:
0000: 72 A4 98 F2 99 F7 9F F5   65 26 7B B7 05 C0 12 E8  r.......e&......
0010: 53 F0 8E 5C 28 9B 10 30   67 E0 02 98 69 9A CE BF  S..\(..0g...i...
0020: 1B EB 12 AC 2B BA F1 E2   36 38 56 51 03 14 7F A7  ....+...68VQ....
0030: D2 72 AB AA 40 96 E4 D8   1B D6 CC EE 63 88 DB 2F  .r..@.......c../
0040: C3 DC 94 04 C4 6F 8A 3E   8C FA 80 4B 1E F4 0D 0E  .....o.>...K....
0050: 35 6F 2B 3E 04 0E 0A 3C   E9 4F EF EC 1D 91 6D D9  5o+>...<.O....m.
0060: 83 E7 66 8B C4 64 E8 C6   DF C2 7C 78 FD E7 61 A9  ..f..d.....x..a.
0070: FE E2 02 0A 8E 72 65 D4   6D C7 7F D7 55 BE 84 69  .....re.m...U..i

]
================================================================
============== Certificate Element [2] ================
[
[
   Version: V1
   Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
   Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
   Key:  com.sun.rsajca.JSA_RSAPublicKey@2aa14a
   Validity: [From: Sun Jan 28 19:00:00 EST 1996,
                To: Wed Jan 07 18:59:59 EST 2004]
   Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
   SerialNumber: [    e49efdf3 3ae80ecf a5113e19 a4240232 ]
]
   Algorithm: [MD2withRSA]
   Signature:
0000: 61 70 EC 2F 3F 9E FD 2B   E6 68 54 21 B0 67 79 08  ap./?..+.hT!.gy.
0010: 0C 20 96 31 8A 0D 7A BE   B6 26 DF 79 2C 22 69 49  . .1..z..&.y,"iI
0020: 36 E3 97 77 62 61 A2 32   D7 7A 54 21 36 BA 02 C9  6..wba.2.zT!6...
0030: 34 E7 25 DA 44 35 B0 D2   5C 80 5D B3 94 F8 F9 AC  4.%.D5..\.].....
0040: EE A4 60 75 2A 1F 95 49   23 B1 4A 7C F4 B3 47 72  ..`u*..I#.J...Gr
0050: 21 5B 7E 97 AB 54 AC 62   E7 5D EC AE 9B D2 C9 B2  ![...T.b.]......
0060: 24 FB 82 AD E9 67 15 4B   BA AA A6 F0 97 A0 F6 B0  $....g.K........
0070: 97 57 00 C8 0C 3C 09 A0   82 04 BA 41 DA F7 99 A4  .W...<.....A....

]
================================================================
ssl_debug(1): Starting handshake (iSaSiLk 3.03)...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.1.
ssl_debug(1): Server created new session 48:71:F3:A5:A1:6E:A5:F5...
ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server
certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(1): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(1): Received certificate_request handshake message.
ssl_debug(1): Accepted certificate types: RSA, DSA
ssl_debug(1): Accepted certificate authorities:
ssl_debug(1):   CN=VeriSign Class 3 Public Primary Certification Authority
- G3,OU=(c) 1999 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust
Network,O=VeriSign, Inc.,C=US
ssl_debug(1):   OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For
authorized use only,OU=Class 3 Public Primary Certification Authority -
G2,O=VeriSign, Inc.,C=US
ssl_debug(1):   OU=Class 3 Public Primary Certification
Authority,O=VeriSign, Inc.,C=US
ssl_debug(1): Received server_hello_done handshake message.
ssl_debug(1): No client certificate available, sending empty certificate
message...
ssl_debug(1): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(1): Sending change_cipher_spec message...
ssl_debug(1): Sending finished message...
ssl_debug(1): Received change_cipher_spec message.
ssl_debug(1): Received finished message.
ssl_debug(1): Session added to session cache.
ssl_debug(1): Handshake completed, statistics:
ssl_debug(1): Read 2281 bytes in 3 records, wrote 281 bytes in 4 records.
F
Time: 7.912

FAILURES!!!
Test Results:
Run: 1 Failures: 1 Errors: 0
There was 1 failure:
1) testPost(com.lightbridge.webpost.test.LbWebPostSSLClientTestCase)
"Exception occurred while running testPost: HTTP client error: 403:
https://cyclops.lightbridge.com/lbportal [[LbWebPost.receive]]"


At 09:18 AM 3/19/2002 +0000, Dieter Bratko wrote:

>Hello,
>
> > I positively added a Class 3 Verisgin certificate to the client side
>context.
>Does client cert you have added via addClientCredentials belong to a chain
>that leads to any of the CAs accepted by the server?:
>
>CN=VeriSign Class 3 Public Primary Certification Authority - G3,
>OU=(c) 1999 VeriSign, Inc. - For authorized use only,
>OU=VeriSign Trust Network,
>O=VeriSign, Inc.,
>C=US
>
>OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For authorized use
>only,
>OU=Class 3 Public Primary Certification Authority - G2,
>O=VeriSign, Inc.,
>C=US
>
>OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,
>C=US
>
>Regards,
>Dieter Bratko
>
>-----Ursprungliche Nachricht-----
>Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
>von Lei Gu
>Gesendet: Dienstag, 19. Marz 2002 03:44
>An: iaik-ssl@iaik.at
>Betreff: [iaik-ssl]cu|| Why no client side certificate is available?
>
>
>Hello,
>I ran into a problem when I turn out client side certificate authentication
>using HTTPS.
>I add the client side certificate and private key to SSLClientContext but
>the debug message
>saying "no certificate was sent".
>I know this question has been posted a few times and no one has given an
>answer.
>
>Please help.
>Thanks.
>
>Below is the output of the debug info:
>--------------------------
>sl_debug(1): Starting handshake (iSaSiLk 3.03)...
>ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
>ssl_debug(1): Received v3 server_hello handshake message.
>ssl_debug(1): Server selected SSL version 3.1.
>ssl_debug(1): Server created new session 48:71:3E:2A:26:D8:FA:75...
>ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_3DES_EDE_CBC_SHA
>ssl_debug(1): CompressionMethod selected by server: NULL
>ssl_debug(1): Received certificate handshake message with server
>certificate.
>ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 2 elements.
>ssl_debug(1): ChainVerifier: No trusted certificate found, OK anyway.
>ssl_debug(1): Received certificate_request handshake message.
>ssl_debug(1): Accepted certificate types: RSA, DSA
>ssl_debug(1): Accepted certificate authorities:
>ssl_debug(1):   CN=VeriSign Class 3 Public Primary Certification Authority
>- G3,
>OU=(c) 1999 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust
>Network,O
>=VeriSign, Inc.,C=US
>ssl_debug(1):   OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For
>autho
>rized use only,OU=Class 3 Public Primary Certification Authority -
>G2,O=VeriSign
>, Inc.,C=US
>ssl_debug(1):   OU=Class 3 Public Primary Certification
>Authority,O=VeriSign, In
>c.,C=US
>ssl_debug(1): Received server_hello_done handshake message.
>ssl_debug(1): No client certificate available, sending empty certificate
>message
>...
>ssl_debug(1): Sending client_key_exchange handshake message (1024 bit)...
>ssl_debug(1): Sending change_cipher_spec message...
>ssl_debug(1): Sending finished message...
>ssl_debug(1): Received change_cipher_spec message.
>ssl_debug(1): Received finished message.
>ssl_debug(1): Session added to session cache.
>ssl_debug(1): Handshake completed, statistics:
>ssl_debug(1): Read 2281 bytes in 3 records, wrote 281 bytes in 4 records.
>F
>Time: 11.266
>
>FAILURES!!!
>============
>
>I positively added a Class 3 Verisgin certificate to the client side
>context.
>
>Thanks again.
>
>
>=====================
>Lei Gu @ 4055
>lgu@lightbridge.com
>=====================
>
>--
>Mailinglist-archive at
>http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
>To unsubscribe send an email to listserv@iaik.at with the folowing content:
>UNSUBSCRIBE iaik-ssl

=====================
Lei Gu @ 4055
lgu@lightbridge.com
=====================

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl



Attachment: smime.p7s
Description: application/pkcs7-signature