I have a JAVA Web Application in a Tomcat 7 with JDK 8 . My cacert file path and password is defined in setenv.sh file and has all needed certificates.
My initiates and is able to make some HTTPS connections with a server, but, after some time, a javax.net.ssl.SSLHandshakeException starts do occurs. If I reestart the server or redeploy the applications, everything works again.
I am using commons-httpclient-3.1-jbossorg-1.jar.
Here my setenv.sh configuration:
-Djavax.net.ssl.trustStore=/mypath/cacerts -Djavax.net.ssl.trustStorePassword=changeit
Here the code that starts the connection:
private Object execute(HttpMethod method, boolean returnAsString) throws HTTPMetodosException {
MultiThreadedHttpConnectionManager cm = new MultiThreadedHttpConnectionManager();
HttpConnectionManagerParams param = cm.getParams();
param.setConnectionTimeout(60000);
param.setSoTimeout(60000);
HttpClient client = new HttpClient(cm);
try {
int httpStatus = client.executeMethod(method);
if (httpStatus != 200) {
if (httpStatus == 401) {
throw new HTTPMetodosException(
String.format("A requisição não foi autorizada. Verifique os paramêtros de autenticação e/ou seu certificado digital.;HTTP Status: %d.;", httpStatus) + method.getResponseBodyAsString());
} else if (httpStatus > 220) {
throw new HTTPMetodosException(String.format("A requisição falhou.;HTTP Status: %d.;", httpStatus) + method.getResponseBodyAsString());
}
}
if (returnAsString)
return new String(IOUtils.toByteArray(method.getResponseBodyAsStream()));
else {
byte[] targetArray = method.getResponseBody();
return targetArray;
}
} catch (Exception e) {
e.printStackTrace();
logger.error(e, e.getCause());
throw new HTTPMetodosException("A requisição falhou. Tente novamente.; Mensagem Erro:" + e.getMessage());
} finally {
method.releaseConnection();
}
}
And here when the error presents:
2022-05-20 13:35:51 ERROR MontarWSdoRPS_SpeedNotas:191 - Enviando plugnotasnnfse para o link https://api.plugnotas.com.br/nfse.
2022-05-20 13:35:51 ERROR MontarWSdoRPS_SpeedNotas:198 - /usr/sisdedetizadora/cacerts
2022-05-20 13:35:51 ERROR MontarWSdoRPS_SpeedNotas:200 - /usr/sisdedetizadora/cacerts
%% Initialized: [Session-97933, SSL_NULL_WITH_NULL_NULL]
https-jsse-nio-443-exec-298, WRITE: TLSv1.2 Application Data, length = 356
https-jsse-nio-443-exec-392, WRITE: TLSv1.2 Application Data, length = 16384
https-jsse-nio-443-exec-392, WRITE: TLSv1.2 Application Data, length = 532
https-jsse-nio-443-exec-392, WRITE: TLSv1.2 Application Data, length = 144
https-jsse-nio-443-exec-392, WRITE: TLSv1.2 Application Data, length = 20
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
pool-852-thread-1, setSoTimeout(60000) called
pool-852-thread-1, setSoTimeout(60000) called
%% No cached client session
update handshake state: client_hello[1]
upcoming handshake states: server_hello[2]
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1636221799 bytes = { 89, 12, 141, 138, 239, 130, 132, 3, 155, 160, 110, 251, 189, 199, 214, 198, 223, 100, 136, 110, 229, 176, 55, 118, 146, 112, 246, 192 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=api.plugnotas.com.br]
***
pool-852-thread-1, WRITE: TLSv1.2 Handshake, length = 214
pool-852-thread-1, READ: TLSv1.2 Handshake, length = 89
check handshake state: server_hello[2]
*** ServerHello, TLSv1.2
RandomCookie: GMT: -9111016 bytes = { 147, 179, 122, 135, 245, 85, 72, 73, 185, 226, 237, 128, 4, 223, 207, 149, 28, 220, 215, 70, 160, 236, 93, 196, 195, 1, 71, 162 }
Session ID: {205, 150, 163, 123, 123, 77, 89, 161, 188, 108, 79, 108, 210, 105, 217, 47, 134, 90, 46, 195, 13, 198, 104, 228, 202, 171, 160, 241, 147, 193, 22, 232}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
***
%% Initialized: [Session-97934, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
update handshake state: server_hello[2]
upcoming handshake states: server certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
pool-852-thread-1, READ: TLSv1.2 Handshake, length = 4957
check handshake state: certificate[11]
update handshake state: certificate[11]
upcoming handshake states: server_key_exchange[12](optional)
upcoming handshake states: certificate_request[13](optional)
upcoming handshake states: server_hello_done[14]
upcoming handshake states: client certificate[11](optional)
upcoming handshake states: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=plugnotas.com.br
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
params: null
modulus: 25275817432164159188092905493909437431745047507363725161465662192710974126816332884177370972183896578600148795516757424856364983578227315864150947308858744638947050621070019746052002081793411816135044216483886970037904632848744166094170528463639391421688859163800465117643032932130837975453307807295827667498933024189180702003465623892493683585168290462883591006792972310045853670938684106440909857396544283925427102557489956448440904880877091849683420836240372479899244518686629414116203275633912554887492687516631983179828469667359200404483103411172953483157552445842951420602558283538666576109204624685467972771433
public exponent: 65537
Validity: [From: Sun Jul 11 21:00:00 BRT 2021,
To: Wed Aug 10 20:59:59 BRT 2022]
Issuer: CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
SerialNumber: [ 025d1f06 53b5bbab 6449a0a0 0344de0e]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 6E 04 82 01 6A 01 68 00 76 00 29 79 BE ...n...j.h.v.)y.
0010: F0 9E 39 39 21 F0 56 73 9F 63 A5 77 E5 BE 57 7D ..99!.Vs.c.w..W.
0020: 9C 60 0A F8 F9 4D 5D 26 5C 25 5D C7 84 00 00 01 .`...M]&\%].....
0030: 7A 98 F2 5C B1 00 00 04 03 00 47 30 45 02 20 19 z..\......G0E. .
0040: 9C 63 D5 A7 F8 11 E7 9E B2 06 E0 C4 88 19 F3 0F .c..............
0050: 6A EE C5 24 0A 36 37 6F 92 D8 6A EC D3 F6 1B 02 j..$.67o..j.....
0060: 21 00 CC 30 22 25 EE F3 00 24 98 58 60 BF 32 4A !..0"%...$.X`.2J
0070: F5 29 7C B5 75 DB FF AB 54 33 19 85 F0 C5 83 E0 .)..u...T3......
0080: 8A 4C 00 76 00 51 A3 B0 F5 FD 01 79 9C 56 6D B8 .L.v.Q.....y.Vm.
0090: 37 78 8F 0C A4 7A CC 1B 27 CB F7 9E 88 42 9A 0D 7x...z..'....B..
00A0: FE D4 8B 05 E5 00 00 01 7A 98 F2 5C EB 00 00 04 ........z..\....
00B0: 03 00 47 30 45 02 20 1F 14 B0 C6 67 53 47 CB 3C ..G0E. ....gSG.<
00C0: 8A D4 2F D2 76 D9 F8 C7 46 CE 9A 49 E7 FF B6 51 ../.v...F..I...Q
00D0: 25 8A 3F C5 9D 42 C6 02 21 00 E2 55 50 66 25 35 %.?..B..!..UPf%5
00E0: C5 CE B2 6B C1 A5 2B AB 71 D9 C3 EA E9 85 BA 27 ...k..+.q......'
00F0: 5A 9C 41 C7 13 55 15 D7 BE 7E 00 76 00 41 C8 CA Z.A..U.....v.A..
0100: B1 DF 22 46 4A 10 C6 A1 3A 09 42 87 5E 4E 31 8B .."FJ...:.B.^N1.
0110: 1B 03 EB EB 4B C7 68 F0 90 62 96 06 F6 00 00 01 ....K.h..b......
0120: 7A 98 F2 5C 76 00 00 04 03 00 47 30 45 02 20 07 z..\v.....G0E. .
0130: 62 59 7B 8D FA 25 FD B7 17 D7 B5 29 7A 24 EE 21 bY...%.....)z$.!
0140: 7F 97 65 D2 40 8B B0 95 17 F2 39 77 B8 22 B5 02 [email protected]."..
0150: 21 00 A1 B2 C7 90 67 2C E9 BD C8 44 12 75 42 79 !.....g,...D.uBy
0160: AA 1A 01 BA 39 97 9F 92 F1 B8 F7 66 20 77 1B 7B ....9......f w..
0170: CE F0 ..
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.sca1b.amazontrust.com
,
accessMethod: caIssuers
accessLocation: URIName: http://crt.sca1b.amazontrust.com/sca1b.crt
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 59 A4 66 06 52 A0 7B 95 92 3C A3 94 07 27 96 74 Y.f.R....<...'.t
0010: 5B F9 3D D0 [.=.
]
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.sca1b.amazontrust.com/sca1b.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: plugnotas.com.br
DNSName: *.plugnotas.com.br
]
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 83 A0 E2 75 5E D0 C7 AC 46 87 3C 62 75 A7 52 AE ...u^...F.<bu.R.
0010: 9E 2B 49 C7 .+I.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 61 B4 E0 FC 2E 79 ED 34 87 26 B5 FE BF 3A 41 C3 a....y.4.&...:A.
0010: 84 8C 51 48 80 6F 9D B8 17 C8 2B F3 B9 DF 3E D1 ..QH.o....+...>.
0020: 53 69 A4 45 F0 15 79 36 62 08 75 CF EB C0 49 E7 Si.E..y6b.u...I.
0030: 5A 33 2B 77 8E 87 D3 36 F3 E4 6C DC D1 D8 DB 87 Z3+w...6..l.....
0040: 01 B4 9A C1 6B 78 12 1F 07 38 E0 4D 9E 42 DF 43 ....kx...8.M.B.C
0050: A5 21 D9 15 A1 80 E0 8E 47 FF 1D 6F E1 1C 7A 9E .!......G..o..z.
0060: 91 CF A2 4D DA E4 97 F9 A3 FD AD E6 3F C5 4D FD ...M........?.M.
0070: B5 E7 73 93 34 7C F9 5D EE 00 24 61 7B 82 57 3D ..s.4..]..$a..W=
0080: BF 53 75 A7 86 A8 F0 41 CF AB 1A 51 7F 6C 23 25 .Su....A...Q.l#%
0090: 0A 54 0D 53 5B C6 5C DC 73 0D CE C1 DF BC AD 8F .T.S[.\.s.......
00A0: 8C 07 A2 D6 03 1B B0 90 88 CC 0D AA DA 2D AF EE .............-..
00B0: 4F C4 32 11 B3 B8 DE 16 A5 CC D8 4F 64 8A FE FA O.2........Od...
00C0: 77 DF 08 BD 4F 25 E0 2F DE CC 38 BC 83 ED 8D D0 w...O%./..8.....
00D0: 4B 56 20 92 97 CF BB 5A F6 55 6E 90 F7 A2 F2 E7 KV ....Z.Un.....
00E0: C3 C7 1C FF FD 35 46 4F 74 68 25 FD 74 1E FB F2 .....5FOth%.t...
00F0: E4 54 F3 CF 1D 61 3D B5 28 BD 36 49 3F 68 35 D5 .T...a=.(.6I?h5.
]
chain [1] = [
[
Version: V3
Subject: CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
params: null
modulus: 24528737555851895213919827617064808536856788789868126310716752303420041319710819680867697306230985630039655096548324364189962675576756038921107965025585889330528490649228935527969954506874750514159926943451238689552458142167021149788529783891257271028002485075630471793111207960868638365698705018555597520367289025831586046483446904825820575805338475813865444295353094097022678376192149453480223428943386514159000527368947588174705227657134217583008630047462959260157651883088072156905420231950318110240318878613016990846576820326568049365612395397183597930457965295993595011597251067348997341253617591444999389873893
public exponent: 65537
Validity: [From: Wed Oct 21 22:00:00 BRST 2015,
To: Sat Oct 18 21:00:00 BRT 2025]
Issuer: CN=Amazon Root CA 1, O=Amazon, C=US
SerialNumber: [ 067f9457 8587e8ac 77deb253 325bbc99 8b560d]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.rootca1.amazontrust.com
,
accessMethod: caIssuers
accessLocation: URIName: http://crt.rootca1.amazontrust.com/rootca1.cer
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 84 18 CC 85 34 EC BC 0C 94 94 2E 08 59 9C C7 B2 ....4.......Y...
0010: 10 4E 0A 08 .N..
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.rootca1.amazontrust.com/rootca1.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 59 A4 66 06 52 A0 7B 95 92 3C A3 94 07 27 96 74 Y.f.R....<...'.t
0010: 5B F9 3D D0 [.=.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 85 92 BE 35 BB 79 CF A3 81 42 1C E4 E3 63 73 53 ...5.y...B...csS
0010: 39 52 35 E7 D1 AD FD AE 99 8A AC 89 12 2F BB E7 9R5........../..
0020: 6F 9A D5 4E 72 EA 20 30 61 F9 97 B2 CD A5 27 02 o..Nr. 0a.....'.
0030: 45 A8 CA 76 3E 98 4A 83 9E B6 E6 45 E0 F2 43 F6 E..v>.J....E..C.
0040: 08 DE 6D E8 6E DB 31 07 13 F0 2F 31 0D 93 6D 61 ..m.n.1.../1..ma
0050: 37 7B 58 F0 FC 51 98 91 28 02 4F 05 76 B7 D3 F0 7.X..Q..(.O.v...
0060: 1B C2 E6 5E D0 66 85 11 0F 2E 81 C6 10 81 29 FE ...^.f........).
0070: 20 60 48 F3 F2 F0 84 13 53 65 35 15 11 6B 82 51 `H.....Se5..k.Q
0080: 40 55 57 5F 18 B5 B0 22 3E AD F2 5E A3 01 E3 C3 @UW_...">..^....
0090: B3 F9 CB 41 5A E6 52 91 BB E4 36 87 4F 2D A9 A4 ...AZ.R...6.O-..
00A0: 07 68 35 BA 94 72 CD 0E EA 0E 7D 57 F2 79 FC 37 .h5..r.....W.y.7
00B0: C5 7B 60 9E B2 EB C0 2D 90 77 0D 49 10 27 A5 38 ..`....-.w.I.'.8
00C0: AD C4 12 A3 B4 A3 C8 48 B3 15 0B 1E E2 E2 19 DC .......H........
00D0: C4 76 52 C8 BC 8A 41 78 70 D9 6D 97 B3 4A 8B 78 .vR...Axp.m..J.x
00E0: 2D 5E B4 0F A3 4C 60 CA E1 47 CB 78 2D 12 17 B1 -^...L`..G.x-...
00F0: 52 8B CA 39 2C BD B5 2F C2 33 02 96 AB DA 94 7F R..9,../.3......
]
chain [2] = [
[
Version: V3
Subject: CN=Amazon Root CA 1, O=Amazon, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
params: null
modulus: 22529839904807742196558773392430766620630713202204326167346456925862066285712069978308045976033918808540171076811098215136401323342247576789054764683787147408289170989302937775178809187827657352584557953877946352196797789035355954596527030584944622221752357105572088106020206921431118198373122638305846252087992561841631797199384157902018140720267433956687491591657652730221337591680012205319549572614035105482287002884850178224609018864719685310905426619874727796905080238179726224664042154200651710137931048812546957419686875805576245376866031854569863410951649630469236463991472642618512857920826701027482532358669
public exponent: 65537
Validity: [From: Mon May 25 09:00:00 BRT 2015,
To: Wed Dec 30 22:00:00 BRT 2037]
Issuer: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
SerialNumber: [ 067f944a 2a27cdf3 fac2ae2b 01f908ee b9c4c6]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.rootg2.amazontrust.com
,
accessMethod: caIssuers
accessLocation: URIName: http://crt.rootg2.amazontrust.com/rootg2.cer
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9C 5F 00 DF AA 01 D7 30 2B 38 88 A2 B8 6D 4A 9C ._.....0+8...mJ.
0010: F2 11 91 83 ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.rootg2.amazontrust.com/rootg2.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 84 18 CC 85 34 EC BC 0C 94 94 2E 08 59 9C C7 B2 ....4.......Y...
0010: 10 4E 0A 08 .N..
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 62 37 42 5C BC 10 B5 3E 8B 2C E9 0C 9B 6C 45 E2 b7B\...>.,...lE.
0010: 07 00 7A F9 C5 58 0B B9 08 8C 3E ED B3 25 3C B5 ..z..X....>..%<.
0020: 6F 50 E4 CD 35 6A A7 93 34 96 32 21 A9 48 44 AB oP..5j..4.2!.HD.
0030: 9C ED 3D B4 AA 73 6D E4 7F 16 80 89 6C CF 28 03 ..=..sm.....l.(.
0040: 18 83 47 79 A3 10 7E 30 5B AC 3B B0 60 E0 77 D4 ..Gy...0[.;.`.w.
0050: 08 A6 E1 1D 7C 5E C0 BB F9 9A 7B 22 9D A7 00 09 .....^....."....
0060: 7E AC 46 17 83 DC 9C 26 57 99 30 39 62 96 8F ED ..F....&W.09b...
0070: DA DE AA C5 CC 1B 3E CA 43 68 6C 57 16 BC D5 0E ......>.ChlW....
0080: 20 2E FE FF C2 6A 5D 2E A0 4A 6D 14 58 87 94 E6 ....j]..Jm.X...
0090: 39 31 5F 7C 73 CB 90 88 6A 84 11 96 27 A6 ED D9 91_.s...j...'...
00A0: 81 46 A6 7E A3 72 00 0A 52 3E 83 88 07 63 77 89 .F...r..R>...cw.
00B0: 69 17 0F 39 85 D2 AB 08 45 4D D0 51 3A FD 5D 5D i..9....EM.Q:.]]
00C0: 37 64 4C 7E 30 B2 55 24 42 9D 36 B0 5D 9C 17 81 7dL.0.U$B.6.]...
00D0: 61 F1 CA F9 10 02 24 AB EB 0D 74 91 8D 7B 45 29 a.....$...t...E)
00E0: 50 39 88 B2 A6 89 35 25 1E 14 6A 47 23 31 2F 5C P9....5%..jG#1/\
00F0: 9A FA AD 9A 0E 62 51 A4 2A A9 C4 F9 34 9D 21 18 .....bQ.*...4.!.
]
chain [3] = [
[
Version: V3
Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
params: null
modulus: 26894789576491863019171445242018370132029525033879210664513024255165308689836081694724912552986436241602345929261854187816625921774943728567119070351838976265193901442169339571326613928339955106648223197498035701437846440970934704192382084561469274550003268570741310868032789070264835003681318445644941362885752628282968349509706358865971392279088395067847314610178969555804359319567178098112935181143559364150874524817692694181296058297355335204675211145990489303168553611700020424738364579606192390834705213026692659672388567853246354560726855054573503174641583891075106464210711468427779853334564691648681991700229
public exponent: 65537
Validity: [From: Tue Sep 01 21:00:00 BRT 2009,
To: Wed Jun 28 14:39:16 BRT 2034]
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
SerialNumber: [ a70e4a4c 3482b77f]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://o.ss2.us/
,
accessMethod: caIssuers
accessLocation: URIName: http://x.ss2.us/x.cer
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: BF 5F B7 D1 CE DD 1F 86 F4 5B 55 AC DC D7 10 C2 ._.......[U.....
0010: 0E A9 88 E7 ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://s.ss2.us/r.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9C 5F 00 DF AA 01 D7 30 2B 38 88 A2 B8 6D 4A 9C ._.....0+8...mJ.
0010: F2 11 91 83 ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 23 1D E3 8A 57 CA 7D E9 17 79 4C F1 1E 55 FD CC #...W....yL..U..
0010: 53 6E 3E 47 0F DF C6 55 F2 B2 04 36 ED 80 1F 53 Sn>G...U...6...S
0020: C4 5D 34 28 6B BE C7 55 FC 67 EA CB 3F 7F 90 B2 .]4(k..U.g..?...
0030: 33 CD 1B 58 10 82 02 F8 F8 2F F5 13 60 D4 05 CE 3..X...../..`...
0040: F1 81 08 C1 DD A7 75 97 4F 18 B9 6D DE F7 93 91 ......u.O..m....
0050: 08 BA 7E 40 2C ED C1 EA BB 76 9E 33 06 77 1D 0D ...@,....v.3.w..
0060: 08 7F 53 DD 1B 64 AB 82 27 F1 69 D5 4D 5E AE F4 ..S..d..'.i.M^..
0070: A1 C3 75 A7 58 44 2D F2 3C 70 98 AC BA 69 B6 95 ..u.XD-.<p...i..
0080: 77 7F 0F 31 5E 2C FC A0 87 3A 47 69 F0 79 5F F4 w..1^,...:Gi.y_.
0090: 14 54 A4 95 5E 11 78 12 60 27 CE 9F C2 77 FF 23 .T..^.x.`'...w.#
00A0: 53 77 5D BA FF EA 59 E7 DB CF AF 92 96 EF 24 9A Sw]...Y.......$.
00B0: 35 10 7A 9C 91 C6 0E 7D 99 F6 3F 19 DF F5 72 54 5.z.......?...rT
00C0: E1 15 A9 07 59 7B 83 BF 52 2E 46 8C B2 00 64 76 ....Y...R.F...dv
00D0: 1C 48 D3 D8 79 E8 6E 56 CC AE 2C 03 90 D7 19 38 .H..y.nV..,....8
00E0: 99 E4 CA 09 19 5B FF 07 96 B0 A8 7F 34 49 DF 56 .....[......4I.V
00F0: A9 F7 B0 5F ED 33 ED 8C 47 B7 30 03 5D F4 03 8C ..._.3..G.0.]...
]
***
%% Invalidated: [Session-97933, SSL_NULL_WITH_NULL_NULL]
%% Invalidated: [Session-97934, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
pool-852-thread-1, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
pool-852-thread-1, WRITE: TLSv1.2 Alert, length = 2
pool-852-thread-1, called closeSocket()
pool-852-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
pool-852-thread-1, called close()
pool-852-thread-1, called closeInternal(true)
pool-852-thread-1, called close()
pool-852-thread-1, called closeInternal(true)
pool-852-thread-1, called close()
pool-852-thread-1, called closeInternal(true)
All needed certificates are alredy in cacert and we have no idea what else can we do to solve this problem.
Any help will be very appreciated
certificate_unknownwould be unusual, unless you were using HTTPS with client certificate authentication.