API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 30th, 2017
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.70 KB | None | 0 0
raw download clone embed print report
  1. server.port=8443
  2. server.ssl.key-store=path/to/server.jks
  3. server.ssl.trust-store=path/to/trusted.jks
  4. server.ssl.key-store-password=22222222
  5. server.ssl.trust-store-password=22222222
  6. server.ssl.client-auth=need
  7.  
  8. System.setProperty("javax.net.ssl.keyStore","path/to/client.jks");
  9. System.setProperty("javax.net.ssl.keyStorePassword","22222222");
  10. System.setProperty("javax.net.ssl.trustStore","path/to/trusted.jks");
  11. System.setProperty("javax.net.ssl.trustStorePassword","22222222");
  12.  
  13. -Djavax.net.debug=ssl
  14.  
  15. trustStore is: /path/to/trusted.jks
  16.  
  17. adding as trusted cert:
  18. Subject: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
  19. Issuer: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
  20. Algorithm: RSA; Serial number: 0x9952f188496b2545
  21. Valid from Wed Jun 28 15:39:04 MSK 2017 until Sat Jun 26 15:39:04 MSK 2027
  22.  
  23. *** ClientHello, TLSv1.2
  24. //ok
  25. *** ServerHello, TLSv1.2
  26. //ok
  27. *** Certificate chain
  28. //my localhost server cert
  29. ***
  30. Found trusted certificate:
  31.  
  32. Version: V3
  33. Subject: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
  34. Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
  35.  
  36. *** ECDH ServerKeyExchange
  37. //ok
  38. *** CertificateRequest
  39. Cert Types: RSA, DSS, ECDSA
  40. Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
  41. Cert Authorities:
  42.  
  43. *** ServerHelloDone
  44.  
  45. *** Certificate chain
  46. chain [0] = [
  47. [
  48. Version: V3
  49. Subject: EMAILADDRESS=client3@mail.ru, CN=client3, OU=client3, O=client3, L=client3, ST=client3, C=RU
  50. Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
  51.  
  52. chain [1] = [
  53. [
  54. Version: V3
  55. Subject: EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU
  56. Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
  57. *** ECDHClientKeyExchange
  58. *** CertificateVerify
  59. *** Finished
  60.  
  61. DEBUG org.springframework.web.client.RestTemplate - GET request for "https://localhost:8443/chat/info" resulted in 200 (null)
  62. DEBUG org.springframework.web.socket.sockjs.client.WebSocketTransport - Starting WebSocket session on wss://localhost:8443/chat/437/f6158d1ee84b4c53ba55a6810b2f92a8/websocket
  63. DEBUG org.springframework.web.socket.client.standard.StandardWebSocketClient -
  64. Connecting to wss://localhost:8443/chat/437/f6158d1ee84b4c53ba55a6810b2f92a8/websocket
  65.  
  66. *** CertificateRequest
  67. Cert Types: RSA, DSS, ECDSA
  68. Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
  69. Cert Authorities:
  70. <EMAILADDRESS=ca@ca.com, CN=ca, OU=ca, O=ca, L=ca, ST=ca, C=RU>
  71. *** ServerHelloDone
  72. Warning: no suitable certificate found - continuing without client authentication
  73. *** Certificate chain
  74. <Empty>
  75. ***
  76.  
  77. ttps-jsse-nio-8443-exec-9, fatal error: 42: null cert chain
  78. javax.net.ssl.SSLHandshakeException: null cert chain
  79.  
  80. env -i curl -E ./chain.pem --key ./client.key --cacert ca.crt --verbose --user test:test https://localhost:8443/
  81.  
  82. * Trying 127.0.0.1...
  83. * Connected to localhost (127.0.0.1) port 8443 (#0)
  84. * found 1 certificates in ca.crt
  85. * found 704 certificates in /etc/ssl/certs
  86. * ALPN, offering http/1.1
  87. * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
  88. * server certificate verification OK
  89. * server certificate status verification SKIPPED
  90. * common name: localhost (matched)
  91. * server certificate expiration date OK
  92. * server certificate activation date OK
  93. * certificate public key: RSA
  94. * certificate version: #3
  95. * subject:
  96.  
  97. C=RU,ST=localhost,
  98. L=localhost,O=localhost,OU=localhost,
  99. CN=localhost,EMAIL=localhost@mail.com
  100. * start date: Wed, 28 Jun 2017 13:07:14 GMT
  101. * expire date: Thu, 28 Jun 2018 13:07:14 GMT
  102. * issuer: C=RU,ST=ca,L=ca,O=ca,OU=ca,CN=ca,EMAIL=ca@ca.com
  103. * compression: NULL
  104. * ALPN, server did not agree to a protocol
  105. * Server auth using Basic with user 'kitcpp'
  106. > GET / HTTP/1.1
  107. > Host: localhost:8443
  108. > Authorization: Basic a2l0Y3BwOmtpdGNwcA==
  109. > User-Agent: curl/7.47.0
  110. > Accept: */*
  111. >
  112. < HTTP/1.1 200
  113. < X-Content-Type-Options: nosniff
  114. < X-XSS-Protection: 1; mode=block
  115. < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
  116. < Pragma: no-cache
  117. < Expires: 0
  118. < Strict-Transport-Security: max-age=31536000 ; includeSubDomains
  119. < X-Frame-Options: DENY
  120. < Set-Cookie: JSESSIONID=67BACDE78AF68627516075B29C987C86; Path=/; Secure; HttpOnly
  121. < Last-Modified: Wed, 28 Jun 2017 16:29:53 GMT
  122. < Accept-Ranges: bytes
  123. < Content-Type: text/html;charset=UTF-8
  124. < Content-Language: en-US
  125. < Content-Length: 6935
  126. < Date: Fri, 30 Jun 2017 09:30:02 GMT
  127. <
  128. <!DOCTYPE html>
  129. <html>
  130. <head>
  131. //and so on (my web chat page)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!