Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server.port=8443
- server.ssl.key-store=path/to/server.jks
- server.ssl.trust-store=path/to/trusted.jks
- server.ssl.key-store-password=22222222
- server.ssl.trust-store-password=22222222
- server.ssl.client-auth=need
- System.setProperty("javax.net.ssl.keyStore","path/to/client.jks");
- System.setProperty("javax.net.ssl.keyStorePassword","22222222");
- System.setProperty("javax.net.ssl.trustStore","path/to/trusted.jks");
- System.setProperty("javax.net.ssl.trustStorePassword","22222222");
- -Djavax.net.debug=ssl
- trustStore is: /path/to/trusted.jks
- adding as trusted cert:
- Subject: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
- Issuer: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
- Algorithm: RSA; Serial number: 0x9952f188496b2545
- Valid from Wed Jun 28 15:39:04 MSK 2017 until Sat Jun 26 15:39:04 MSK 2027
- *** ClientHello, TLSv1.2
- //ok
- *** ServerHello, TLSv1.2
- //ok
- *** Certificate chain
- //my localhost server cert
- ***
- Found trusted certificate:
- Version: V3
- Subject: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
- Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
- *** ECDH ServerKeyExchange
- //ok
- *** CertificateRequest
- Cert Types: RSA, DSS, ECDSA
- Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
- Cert Authorities:
- *** ServerHelloDone
- *** Certificate chain
- chain [0] = [
- [
- Version: V3
- Subject: EMAILADDRESS=client3@mail.ru, CN=client3, OU=client3, O=client3, L=client3, ST=client3, C=RU
- Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
- chain [1] = [
- [
- Version: V3
- Subject: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
- Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
- *** ECDHClientKeyExchange
- *** CertificateVerify
- *** Finished
- DEBUG org.springframework.web.client.RestTemplate - GET request for "https://localhost:8443/chat/info" resulted in 200 (null)
- DEBUG org.springframework.web.socket.sockjs.client.WebSocketTransport - Starting WebSocket session on wss://localhost:8443/chat/437/f6158d1ee84b4c53ba55a6810b2f92a8/websocket
- DEBUG org.springframework.web.socket.client.standard.StandardWebSocketClient -
- Connecting to wss://localhost:8443/chat/437/f6158d1ee84b4c53ba55a6810b2f92a8/websocket
- *** CertificateRequest
- Cert Types: RSA, DSS, ECDSA
- Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
- Cert Authorities:
- <EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU>
- *** ServerHelloDone
- Warning: no suitable certificate found - continuing without client authentication
- *** Certificate chain
- <Empty>
- ***
- ttps-jsse-nio-8443-exec-9, fatal error: 42: null cert chain
- javax.net.ssl.SSLHandshakeException: null cert chain
- env -i curl -E ./chain.pem --key ./client.key --cacert ca.crt --verbose --user test:test https://localhost:8443/
- * Trying 127.0.0.1...
- * Connected to localhost (127.0.0.1) port 8443 (#0)
- * found 1 certificates in ca.crt
- * found 704 certificates in /etc/ssl/certs
- * ALPN, offering http/1.1
- * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
- * server certificate verification OK
- * server certificate status verification SKIPPED
- * common name: localhost (matched)
- * server certificate expiration date OK
- * server certificate activation date OK
- * certificate public key: RSA
- * certificate version: #3
- * subject:
- C=RU,ST=localhost,
- L=localhost,O=localhost,OU=localhost,
- CN=localhost,EMAIL=localhost@mail.com
- * start date: Wed, 28 Jun 2017 13:07:14 GMT
- * expire date: Thu, 28 Jun 2018 13:07:14 GMT
- * issuer: C=RU,ST=ca,L=ca,O=ca,OU=ca,CN=ca,EMAIL=ca@ca.com
- * compression: NULL
- * ALPN, server did not agree to a protocol
- * Server auth using Basic with user 'kitcpp'
- > GET / HTTP/1.1
- > Host: localhost:8443
- > Authorization: Basic a2l0Y3BwOmtpdGNwcA==
- > User-Agent: curl/7.47.0
- > Accept: */*
- >
- < HTTP/1.1 200
- < X-Content-Type-Options: nosniff
- < X-XSS-Protection: 1; mode=block
- < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
- < Pragma: no-cache
- < Expires: 0
- < Strict-Transport-Security: max-age=31536000 ; includeSubDomains
- < X-Frame-Options: DENY
- < Set-Cookie: JSESSIONID=67BACDE78AF68627516075B29C987C86; Path=/; Secure; HttpOnly
- < Last-Modified: Wed, 28 Jun 2017 16:29:53 GMT
- < Accept-Ranges: bytes
- < Content-Type: text/html;charset=UTF-8
- < Content-Language: en-US
- < Content-Length: 6935
- < Date: Fri, 30 Jun 2017 09:30:02 GMT
- <
- <!DOCTYPE html>
- <html>
- <head>
- //and so on (my web chat page)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement