Hi,
In this demonstration we will see how to configure Https connector using CLI commands on JBossAS 7.1.2 sothat we can access server deployed resources over SSL on secure port 8443. We will also see how to access the resources over HTTPS through a simple standalone java based client program.
NOTE: This demo can be downloaded from Github:
https://github.com/jaysensharma/MiddlewareMagicDemos/tree/master/SSL_With_CLI_&_JavaBased_TestClient
Step1). First if all we will create Security certificates with the help of JDK provided utility “keytool”, So make sure that the JDK’s bin directory is added in your shell/command prompts PATH variable like following (We are creating the “chap8.keystore” inside “$JBOSS_HOME/standalone/configuration” directory):
. [userone@localhost ~]$ cd /home/userone/jboss-as-7.1.2.Final/standalone/configuration/ [userone@localhost configuration]$ export PATH=/home/userone/MyJdks/jdk1.6.0_21/bin:$PATH [userone@localhost configuration] keytool -genkey -keystore chap8.keystore -storepass rmi+ssl -keypass rmi+ssl -keyalg RSA -alias chapter8 -validity 3650 -dname "cn=chapter8 example,ou=admin book,dc=jboss,dc=org" .
Step2). Make sure that the JBoss AS7.1.2 is running, In our case we started JBossAS7.1.2 “standalone-full.xml” profile.
. [userone@localhost bin]$ ./standalone.sh -c standalone-full.xml .
Step3). Now We will configure the Https connector to listen on Secured port “8443” on our JBoss, we will take help of the CLI utility in order to configure the same:
[userone@localhost bin]$ cd /home/userone/jboss-as-7.1.2.Final/bin [userone@localhost bin]$ ./jboss-cli.sh -c --controller=localhost:9999 [standalone@localhost:9999 /] /subsystem=web/connector=https/:add(socket-binding=https,scheme=https,protocol=HTTP/1.1,secure=true,enabled=true,enable-lookups=false) {"outcome" => "success"} [standalone@localhost:9999 /] /subsystem=web/connector=https/ssl=configuration:add(name="ssl",key-alias="chapter8",password="rmi+ssl",certificate-key-file="${jboss.server.config.dir}/chap8.keystore",protocol="TLSv1",verify-client="false",certificate-file="${jboss.server.config.dir}/chap8.keystore") {"outcome" => "success"}
Once your above CLI command is executed successfully you will notice the following in your JBossAS 7.1.2 configuration file “standalone-full.xml”:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false"> <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/> <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="ssl" key-alias="chapter8" password="rmi+ssl" certificate-key-file="${jboss.server.config.dir}/chap8.keystore" protocol="TLSv1" verify-client="false" certificate-file="${jboss.server.config.dir}/chap8.keystore"/> </connector> <virtual-server name="default-host" enable-welcome-root="true"> <alias name="localhost"/> <alias name="example.com"/> </virtual-server> </subsystem>
You will notice the following kind of message in your JBossAS7.1.2 console which says that HTTPS connector is started and listening on 8443 port.
. 20:37:05,691 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-7) Starting Coyote HTTP/1.1 on http-localhost/127.0.0.1:8443 .
Step4). Still it is better to restart your JBoss Server and then deploy any Test Web Application on it which we will try to access over SSL through a simple JAVA based standalone client.
Testing with a Https Based Standalone Java Client
Step5). Now write a simple Java program “TestHttpsClient.java” as following:
import java.io.*; import java.net.*; import java.security.cert.X509Certificate; import javax.net.ssl.*; public class TestHttpsClient implements javax.net.ssl.X509TrustManager { public static void main(String[] args) throws Exception { TestHttpsClient test=new TestHttpsClient(); String resourceURL="https://localhost:8443/test/index.jsp"; String UserName = "test"; // this is just dummy credentials we dont need it until WebApplication asks for Basic Auth Credentials String Password = "test"; InputStream InputStream=test.doHttpsUrlConnectionAction(resourceURL, UserName, Password); } public InputStream doHttpsUrlConnectionAction(String resourceURL,String UserName,String Password) throws Exception { URL url; int responseCode = 0; // ########### SSLContext sc = SSLContext.getInstance("SSLv3"); TrustManager[] tma = { new TestHttpsClient() }; sc.init(null, tma, null); SSLSocketFactory ssf = sc.getSocketFactory(); HttpsURLConnection.setDefaultSSLSocketFactory(ssf); // ########### HttpsURLConnection connection = null; String nurl = resourceURL; System.out.println("nt resourceURL = " + resourceURL); HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String urlHostName, SSLSession session) { System.out.println("Warning: URL Host: " + urlHostName+ " vs. " + session.getPeerHost()); return true; } }; HttpsURLConnection.setDefaultHostnameVerifier(hv); try { url = new URL(nurl); connection = (HttpsURLConnection) url.openConnection(); // Following two lines can be uncommented if you want your client to pass Basic Authentication Credentials as well // // String encoding = encodeUsernamePasswordBase64(UserName,Password); // connection.setRequestProperty("Authorization", "Basic " + encoding); // System.out.println("Conn established " + connection); connection.setDoInput(true); connection.setDoOutput(true); connection.setRequestMethod("GET"); responseCode = connection.getResponseCode(); System.out.println("response code : " + responseCode); connection.connect(); } catch (Exception e) { System.err.println(e); } InputStream inputStream = null; try { inputStream = connection.getInputStream(); System.out.println("Received Data: as Following:nn"); StringBuilder sb=new StringBuilder(); BufferedInputStream bis = new BufferedInputStream(inputStream); while (bis.available() > 0) { System.out.print((char)bis.read()); } bis.close(); inputStream.close(); } catch (Exception e) { System.err.println(e); } return inputStream; } public void checkClientTrusted(X509Certificate[] chain, String authType) { } public void checkServerTrusted(X509Certificate[] chain, String authType) { } public X509Certificate[] getAcceptedIssuers() { return null; } // Following method can be uncommented if you want to sent the Basic authentication credential as well //public String encodeUsernamePasswordBase64(String UserName,String Password) { // String userPassword = UserName + ":" + Password; // byte[] encodedByte = org.apache.commons.codec.binary.Base64.encodeBase64(userPassword.getBytes()); // String encodedBase64String = new String(encodedByte); // return encodedBase64String; //} }
Step6). Now we will compile and test the above program as following:
[userone@localhost standalone]$ javac -d . TestHttpsClient.java [userone@localhost standalone]$ java TestHttpsClient resourceURL = https://localhost:8443/test/index.jsp Conn established sun.net.www.protocol.https.DelegateHttpsURLConnection:https://localhost:8443/test/index.jsp javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure [userone@localhost standalone]$
We can see that the program is throwing SSL Error and the Handshake is failing. So we need to know how to debug it and what kind of trouble shooting steps are needed.
Troubleshooting “Received fatal alert: handshake_failure”
Step7). As we do not know what is failing and how to troubleshoot this issue so lets add the following JAVA_OPTS on both client and server side. Edit the “$JBOSS_HOME/bin/standalone.conf” file and then add the following java option somewhere at the end of the file then restart your JBossAS 7.1.2:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=all"
Step8). Now add the same JAVA_OPTION on the client side as well to see what we get:
[userone@localhost standalone]$ java -Djavax.net.debug=all TestHttpsClient . . trigger seeding of SecureRandom done seeding SecureRandom resourceURL = https://localhost:8443/test/index.jsp Conn established sun.net.www.protocol.https.DelegateHttpsURLConnection:https://localhost:8443/test/index.jsp %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1345238221 bytes = { 105, 167, 167, 204, 97, 58, 22, 192, 82, 217, 200, 202, 181, 7, 25, 79, 228, 159, 44, 247, 106, 185, 240, 130, 26, 152, 20, 178 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] Compression Methods: { 0 } *** [write] MD5 and SHA1 hashes: len = 73 0000: 01 00 00 45 03 01 50 2F B5 CD 69 A7 A7 CC 61 3A ...E..P/..i...a: 0010: 16 C0 52 D9 C8 CA B5 07 19 4F E4 9F 2C F7 6A B9 ..R......O..,.j. 0020: F0 82 1A 98 14 B2 00 00 1E 00 04 00 05 00 2F 00 ............../. 0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2............. 0040: 03 00 08 00 14 00 11 01 00 ......... main, WRITE: TLSv1 Handshake, length = 73 [write] MD5 and SHA1 hashes: len = 98 0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... ....... 0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2..... 0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@... 0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................ 0040: 00 11 50 2F B5 CD 69 A7 A7 CC 61 3A 16 C0 52 D9 ..P/..i...a:..R. 0050: C8 CA B5 07 19 4F E4 9F 2C F7 6A B9 F0 82 1A 98 .....O..,.j..... 0060: 14 B2 .. main, WRITE: SSLv2 client hello message, length = 98 [Raw write]: length = 100 0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... ..... 0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2... 0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@. 0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................ 0040: 14 00 00 11 50 2F B5 CD 69 A7 A7 CC 61 3A 16 C0 ....P/..i...a:.. 0050: 52 D9 C8 CA B5 07 19 4F E4 9F 2C F7 6A B9 F0 82 R......O..,.j... 0060: 1A 98 14 B2 .... [Raw read]: length = 5 0000: 15 03 01 00 02 ..... [Raw read]: length = 2 0000: 02 28 .( main, READ: TLSv1 Alert, length = 2 main, RECV TLSv1 ALERT: fatal, handshake_failure main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Step9). On the JBossAS7.1.2 console i was able to see the following kind of reason for the SSL Handshake after enabling the debug:
21:03:33,010 INFO [stdout] (http-localhost/127.0.0.1:8443-Acceptor-0) Allow unsafe renegotiation: false 21:03:33,010 INFO [stdout] (http-localhost/127.0.0.1:8443-Acceptor-0) Allow legacy hello messages: true 21:03:33,010 INFO [stdout] (http-localhost/127.0.0.1:8443-Acceptor-0) Is initial handshake: true 21:03:33,010 INFO [stdout] (http-localhost/127.0.0.1:8443-Acceptor-0) Is secure renegotiation: false 21:03:33,012 INFO [stdout] (http-localhost/127.0.0.1:8443-1) http-localhost/127.0.0.1:8443-1, setSoTimeout(60000) called 21:03:33,069 INFO [stdout] (http-localhost/127.0.0.1:8443-1) [Raw read]: length = 5 21:03:33,070 INFO [stdout] (http-localhost/127.0.0.1:8443-1) 0000: 80 62 01 03 01 .b... 21:03:33,070 INFO [stdout] (http-localhost/127.0.0.1:8443-1) http-localhost/127.0.0.1:8443-1, handling exception: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled 21:03:33,071 INFO [stdout] (http-localhost/127.0.0.1:8443-1) http-localhost/127.0.0.1:8443-1, SEND TLSv1 ALERT: fatal, description = handshake_failure 21:03:33,071 INFO [stdout] (http-localhost/127.0.0.1:8443-1) http-localhost/127.0.0.1:8443-1, WRITE: TLSv1 Alert, length = 2 21:03:33,072 INFO [stdout] (http-localhost/127.0.0.1:8443-1) [Raw write]: length = 7 21:03:33,072 INFO [stdout] (http-localhost/127.0.0.1:8443-1) 0000: 15 03 01 00 02 02 28 ......( 21:03:33,072 INFO [stdout] (http-localhost/127.0.0.1:8443-1) http-localhost/127.0.0.1:8443-1, called closeSocket() 21:03:33,073 INFO [stdout] (http-localhost/127.0.0.1:8443-1) http-localhost/127.0.0.1:8443-1, IOException in getSession(): javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled 21:03:33,073 INFO [stdout] (http-localhost/127.0.0.1:8443-1) http-localhost/127.0.0.1:8443-1, called close() 21:03:33,073 INFO [stdout] (http-localhost/127.0.0.1:8443-1) http-localhost/127.0.0.1:8443-1, called closeInternal(true) .
What was the Cause of handshake failure ?
Notice JBossAS 7.1.2 is cmplaining that “SSLv2Hello” is disabled which means the client is not sending a proper SSL Protocol.
http-localhost/127.0.0.1:8443-1, handling exception: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
Step10). So now as we know that the client is not using a proper protocol to send the request so we will try adding the following JAVA_OPTS [ -Dhttps.protocols=TLSv1 ] on the client side in order to use the TLSv1 protocol for communication:
[userone@localhost standalone]$ java -Djavax.net.debug=all -Dhttps.protocols=TLSv1 TestHttpsClient . . trigger seeding of SecureRandom done seeding SecureRandom resourceURL = https://localhost:8443/test/index.jsp Conn established sun.net.www.protocol.https.DelegateHttpsURLConnection:https://localhost:8443/test/index.jsp %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1345238823 bytes = { 59, 48, 212, 175, 197, 249, 200, 221, 96, 72, 203, 206, 27, 95, 71, 211, 123, 182, 131, 91, 91, 236, 19, 6, 159, 175, 93, 210 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] Compression Methods: { 0 } *** [write] MD5 and SHA1 hashes: len = 73 0000: 01 00 00 45 03 01 50 2F B7 27 3B 30 D4 AF C5 F9 ...E..P/.';0.... 0010: C8 DD 60 48 CB CE 1B 5F 47 D3 7B B6 83 5B 5B EC ..`H..._G....[[. 0020: 13 06 9F AF 5D D2 00 00 1E 00 04 00 05 00 2F 00 ....]........./. 0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2............. 0040: 03 00 08 00 14 00 11 01 00 ......... main, WRITE: TLSv1 Handshake, length = 73 [Raw write]: length = 78 0000: 16 03 01 00 49 01 00 00 45 03 01 50 2F B7 27 3B ....I...E..P/.'; 0010: 30 D4 AF C5 F9 C8 DD 60 48 CB CE 1B 5F 47 D3 7B 0......`H..._G.. 0020: B6 83 5B 5B EC 13 06 9F AF 5D D2 00 00 1E 00 04 ..[[.....]...... 0030: 00 05 00 2F 00 33 00 32 00 0A 00 16 00 13 00 09 .../.3.2........ 0040: 00 15 00 12 00 03 00 08 00 14 00 11 01 00 .............. [Raw read]: length = 5 0000: 16 03 01 02 8B ..... [Raw read]: length = 651 0000: 02 00 00 46 03 01 50 2F B7 27 A2 82 8C F5 F3 F7 ...F..P/.'...... 0010: 5F EE 55 CA 25 5E 83 5A 1D C8 39 2E 07 8C FE E0 _.U.%^.Z..9..... 0020: 67 8C 41 0C F4 01 20 50 2F B7 27 01 EA 77 CD 5D g.A... P/.'..w.] 0030: 66 82 11 AC 11 96 9B 6E 8B AD 8D 8E 59 81 C9 D4 f......n....Y... 0040: 62 A0 CD 96 1F 96 0F 00 04 00 0B 00 02 39 00 02 b............9.. 0050: 36 00 02 33 30 82 02 2F 30 82 01 98 A0 03 02 01 6..30../0....... 0060: 02 02 04 50 2F AE 0A 30 0D 06 09 2A 86 48 86 F7 ...P/..0...*.H.. 0070: 0D 01 01 05 05 00 30 5C 31 13 30 11 06 0A 09 92 ......01.0..... 0080: 26 89 93 F2 2C 64 01 19 16 03 6F 72 67 31 15 30 &...,d....org1.0 0090: 13 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 05 6A .....&...,d....j 00A0: 62 6F 73 73 31 13 30 11 06 03 55 04 0B 13 0A 61 boss1.0...U....a 00B0: 64 6D 69 6E 20 62 6F 6F 6B 31 19 30 17 06 03 55 dmin book1.0...U 00C0: 04 03 13 10 63 68 61 70 74 65 72 38 20 65 78 61 ....chapter8 exa 00D0: 6D 70 6C 65 30 1E 17 0D 31 32 30 38 31 38 31 35 mple0...12081815 00E0: 30 30 32 36 5A 17 0D 32 32 30 38 31 36 31 35 30 0026Z..220816150 00F0: 30 32 36 5A 30 5C 31 13 30 11 06 0A 09 92 26 89 026Z01.0.....&. 0100: 93 F2 2C 64 01 19 16 03 6F 72 67 31 15 30 13 06 ..,d....org1.0.. 0110: 0A 09 92 26 89 93 F2 2C 64 01 19 16 05 6A 62 6F ...&...,d....jbo 0120: 73 73 31 13 30 11 06 03 55 04 0B 13 0A 61 64 6D ss1.0...U....adm 0130: 69 6E 20 62 6F 6F 6B 31 19 30 17 06 03 55 04 03 in book1.0...U.. 0140: 13 10 63 68 61 70 74 65 72 38 20 65 78 61 6D 70 ..chapter8 examp 0150: 6C 65 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 le0..0...*.H.... 0160: 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9F ........0....... 0170: F5 D8 05 FD 40 7F E8 BB 92 10 39 EB 19 C9 E5 58 ....@.....9....X 0180: 4E 11 18 32 75 8A 49 53 4A 18 BF 3E C1 09 5C F1 N..2u.ISJ..>... 0190: 1D C2 96 8C 86 29 A2 1D 8F 51 2E B8 15 7F 6E C0 .....)...Q....n. 01A0: 20 8A 50 47 C8 A1 4A C7 77 CD CC EB 9C 11 24 E2 .PG..J.w.....$. 01B0: EE E6 98 9A 38 C9 9E FF AF AC E7 8C D4 29 17 4E ....8........).N 01C0: 8A 7E 89 C8 52 27 A0 D1 9F DF 7D D0 D9 7B EB 22 ....R'........." 01D0: 9E 80 6F 11 DD 5B 60 9C 74 DB A5 77 F4 B6 F2 46 ..o..[`.t..w...F 01E0: DC D1 18 A4 E9 16 73 43 F6 ED 11 5B 1C 25 5B 02 ......sC...[.%[. 01F0: 03 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ....0...*.H..... 0200: 05 05 00 03 81 81 00 09 0F C7 47 4C 20 61 FF 59 ..........GL a.Y 0210: 2F 8C 3E 46 B1 32 CE 09 36 F3 25 AF 2C 37 D5 DA /.>F.2..6.%.,7.. 0220: 54 78 D3 4B EA 78 78 F4 B4 C1 DC BF 4E 11 CE 03 Tx.K.xx.....N... 0230: 6D 57 F5 07 2F CA 02 B6 23 B3 40 26 F4 3C 9E 09 mW../...#.@&.<.. 0240: 75 16 F9 94 AF B4 EF C4 C1 0E A7 F9 5F 2F 70 18 u..........._/p. 0250: C0 B5 09 16 E2 A6 BC 86 EF 7F A4 E1 F5 C2 35 C6 ..............5. 0260: F4 09 BB 93 A8 23 91 E4 F1 42 59 53 89 47 F1 04 .....#...BYS.G.. 0270: B5 CE 30 C0 BE 7A 9E D0 D2 57 B5 61 B0 F1 1A D2 ..0..z...W.a.... 0280: C6 C5 4E 10 4C FC 6F 0E 00 00 00 ..N.L.o.... main, READ: TLSv1 Handshake, length = 651 *** ServerHello, TLSv1 RandomCookie: GMT: 1345238823 bytes = { 162, 130, 140, 245, 243, 247, 95, 238, 85, 202, 37, 94, 131, 90, 29, 200, 57, 46, 7, 140, 254, 224, 103, 140, 65, 12, 244, 1 } Session ID: {80, 47, 183, 39, 1, 234, 119, 205, 93, 102, 130, 17, 172, 17, 150, 155, 110, 139, 173, 141, 142, 89, 129, 201, 212, 98, 160, 205, 150, 31, 150, 15} Cipher Suite: SSL_RSA_WITH_RC4_128_MD5 Compression Method: 0 *** %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5] ** SSL_RSA_WITH_RC4_128_MD5 [read] MD5 and SHA1 hashes: len = 74 0000: 02 00 00 46 03 01 50 2F B7 27 A2 82 8C F5 F3 F7 ...F..P/.'...... 0010: 5F EE 55 CA 25 5E 83 5A 1D C8 39 2E 07 8C FE E0 _.U.%^.Z..9..... 0020: 67 8C 41 0C F4 01 20 50 2F B7 27 01 EA 77 CD 5D g.A... P/.'..w.] 0030: 66 82 11 AC 11 96 9B 6E 8B AD 8D 8E 59 81 C9 D4 f......n....Y... 0040: 62 A0 CD 96 1F 96 0F 00 04 00 b......... *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=chapter8 example, OU=admin book, DC=jboss, DC=org Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits modulus: 112327961955793427294788693539127054708342991554979642795375341813812315606410953443425170876453687812657572324528850546265317609032949186934642585274247999052696216659140187935451881753515565277516661450297298499364056248126550289023310877209666305304254207350144517608476196856386756508895595865011272820059 public exponent: 65537 Validity: [From: Sat Aug 18 20:30:26 IST 2012, To: Tue Aug 16 20:30:26 IST 2022] Issuer: CN=chapter8 example, OU=admin book, DC=jboss, DC=org SerialNumber: [ 502fae0a] ] Algorithm: [SHA1withRSA] Signature: 0000: 09 0F C7 47 4C 20 61 FF 59 2F 8C 3E 46 B1 32 CE ...GL a.Y/.>F.2. 0010: 09 36 F3 25 AF 2C 37 D5 DA 54 78 D3 4B EA 78 78 .6.%.,7..Tx.K.xx 0020: F4 B4 C1 DC BF 4E 11 CE 03 6D 57 F5 07 2F CA 02 .....N...mW../.. 0030: B6 23 B3 40 26 F4 3C 9E 09 75 16 F9 94 AF B4 EF .#.@&.<..u...... 0040: C4 C1 0E A7 F9 5F 2F 70 18 C0 B5 09 16 E2 A6 BC ....._/p........ 0050: 86 EF 7F A4 E1 F5 C2 35 C6 F4 09 BB 93 A8 23 91 .......5......#. 0060: E4 F1 42 59 53 89 47 F1 04 B5 CE 30 C0 BE 7A 9E ..BYS.G....0..z. 0070: D0 D2 57 B5 61 B0 F1 1A D2 C6 C5 4E 10 4C FC 6F ..W.a......N.L.o ] *** [read] MD5 and SHA1 hashes: len = 573 0000: 0B 00 02 39 00 02 36 00 02 33 30 82 02 2F 30 82 ...9..6..30../0. 0010: 01 98 A0 03 02 01 02 02 04 50 2F AE 0A 30 0D 06 .........P/..0.. 0020: 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 5C 31 13 .*.H........01. 0030: 30 11 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 03 0.....&...,d.... 0040: 6F 72 67 31 15 30 13 06 0A 09 92 26 89 93 F2 2C org1.0.....&..., 0050: 64 01 19 16 05 6A 62 6F 73 73 31 13 30 11 06 03 d....jboss1.0... 0060: 55 04 0B 13 0A 61 64 6D 69 6E 20 62 6F 6F 6B 31 U....admin book1 0070: 19 30 17 06 03 55 04 03 13 10 63 68 61 70 74 65 .0...U....chapte 0080: 72 38 20 65 78 61 6D 70 6C 65 30 1E 17 0D 31 32 r8 example0...12 0090: 30 38 31 38 31 35 30 30 32 36 5A 17 0D 32 32 30 0818150026Z..220 00A0: 38 31 36 31 35 30 30 32 36 5A 30 5C 31 13 30 11 816150026Z01.0. 00B0: 06 0A 09 92 26 89 93 F2 2C 64 01 19 16 03 6F 72 ....&...,d....or 00C0: 67 31 15 30 13 06 0A 09 92 26 89 93 F2 2C 64 01 g1.0.....&...,d. 00D0: 19 16 05 6A 62 6F 73 73 31 13 30 11 06 03 55 04 ...jboss1.0...U. 00E0: 0B 13 0A 61 64 6D 69 6E 20 62 6F 6F 6B 31 19 30 ...admin book1.0 00F0: 17 06 03 55 04 03 13 10 63 68 61 70 74 65 72 38 ...U....chapter8 0100: 20 65 78 61 6D 70 6C 65 30 81 9F 30 0D 06 09 2A example0..0...* 0110: 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 .H............0. 0120: 89 02 81 81 00 9F F5 D8 05 FD 40 7F E8 BB 92 10 ..........@..... 0130: 39 EB 19 C9 E5 58 4E 11 18 32 75 8A 49 53 4A 18 9....XN..2u.ISJ. 0140: BF 3E C1 09 5C F1 1D C2 96 8C 86 29 A2 1D 8F 51 .>........)...Q 0150: 2E B8 15 7F 6E C0 20 8A 50 47 C8 A1 4A C7 77 CD ....n. .PG..J.w. 0160: CC EB 9C 11 24 E2 EE E6 98 9A 38 C9 9E FF AF AC ....$.....8..... 0170: E7 8C D4 29 17 4E 8A 7E 89 C8 52 27 A0 D1 9F DF ...).N....R'.... 0180: 7D D0 D9 7B EB 22 9E 80 6F 11 DD 5B 60 9C 74 DB ....."..o..[`.t. 0190: A5 77 F4 B6 F2 46 DC D1 18 A4 E9 16 73 43 F6 ED .w...F......sC.. 01A0: 11 5B 1C 25 5B 02 03 01 00 01 30 0D 06 09 2A 86 .[.%[.....0...*. 01B0: 48 86 F7 0D 01 01 05 05 00 03 81 81 00 09 0F C7 H............... 01C0: 47 4C 20 61 FF 59 2F 8C 3E 46 B1 32 CE 09 36 F3 GL a.Y/.>F.2..6. 01D0: 25 AF 2C 37 D5 DA 54 78 D3 4B EA 78 78 F4 B4 C1 %.,7..Tx.K.xx... 01E0: DC BF 4E 11 CE 03 6D 57 F5 07 2F CA 02 B6 23 B3 ..N...mW../...#. 01F0: 40 26 F4 3C 9E 09 75 16 F9 94 AF B4 EF C4 C1 0E @&.<..u......... 0200: A7 F9 5F 2F 70 18 C0 B5 09 16 E2 A6 BC 86 EF 7F .._/p........... 0210: A4 E1 F5 C2 35 C6 F4 09 BB 93 A8 23 91 E4 F1 42 ....5......#...B 0220: 59 53 89 47 F1 04 B5 CE 30 C0 BE 7A 9E D0 D2 57 YS.G....0..z...W 0230: B5 61 B0 F1 1A D2 C6 C5 4E 10 4C FC 6F .a......N.L.o *** ServerHelloDone [read] MD5 and SHA1 hashes: len = 4 0000: 0E 00 00 00 .... *** ClientKeyExchange, RSA PreMasterSecret, TLSv1 [write] MD5 and SHA1 hashes: len = 134 0000: 10 00 00 82 00 80 32 75 DE 6E 2E 5A F9 1C 5E AF ......2u.n.Z..^. 0010: F9 58 7C 27 5D 83 3A 08 4C 09 1E 31 9C E9 DF F3 .X.'].:.L..1.... 0020: E9 C9 7F 78 04 73 FA 43 F1 8F 2C 9F D0 F8 E1 4D ...x.s.C..,....M 0030: 5E C8 A4 17 EB C9 68 B5 67 DE CD 34 3E 4B 55 E5 ^.....h.g..4>KU. 0040: 38 F3 AD 5A 23 D1 5D 11 89 B5 3C F5 F7 B3 A8 A9 8..Z#.]...<..... 0050: EE 79 BD B5 5D 96 F1 B1 48 4F BF E8 16 81 A1 EB .y..]...HO...... 0060: 65 77 ED 21 9C 29 4A 80 12 86 1D 82 9D A8 1E 63 ew.!.)J........c 0070: 7F 2A AA 40 06 97 70 4D BF D7 C0 D2 27 87 F0 11 .*.@..pM....'... 0080: 3A C2 99 ED 87 1C :..... main, WRITE: TLSv1 Handshake, length = 134 [Raw write]: length = 139 0000: 16 03 01 00 86 10 00 00 82 00 80 32 75 DE 6E 2E ...........2u.n. 0010: 5A F9 1C 5E AF F9 58 7C 27 5D 83 3A 08 4C 09 1E Z..^..X.'].:.L.. 0020: 31 9C E9 DF F3 E9 C9 7F 78 04 73 FA 43 F1 8F 2C 1.......x.s.C.., 0030: 9F D0 F8 E1 4D 5E C8 A4 17 EB C9 68 B5 67 DE CD ....M^.....h.g.. 0040: 34 3E 4B 55 E5 38 F3 AD 5A 23 D1 5D 11 89 B5 3C 4>KU.8..Z#.]...< 0050: F5 F7 B3 A8 A9 EE 79 BD B5 5D 96 F1 B1 48 4F BF ......y..]...HO. 0060: E8 16 81 A1 EB 65 77 ED 21 9C 29 4A 80 12 86 1D .....ew.!.)J.... 0070: 82 9D A8 1E 63 7F 2A AA 40 06 97 70 4D BF D7 C0 ....c.*.@..pM... 0080: D2 27 87 F0 11 3A C2 99 ED 87 1C .'...:..... SESSION KEYGEN: PreMaster Secret: 0000: 03 01 7E AA A8 36 E5 83 D8 6B 8E 5D 58 FD 7F CD .....6...k.]X... 0010: D0 3F 2E 13 22 AA F0 4B DB FB 69 DF 49 D6 41 94 .?.."..K..i.I.A. 0020: 25 69 46 F4 41 4E 35 26 5F 24 83 31 A3 81 4B 8D %iF.AN5&_$.1..K. CONNECTION KEYGEN: Client Nonce: 0000: 50 2F B7 27 3B 30 D4 AF C5 F9 C8 DD 60 48 CB CE P/.';0......`H.. 0010: 1B 5F 47 D3 7B B6 83 5B 5B EC 13 06 9F AF 5D D2 ._G....[[.....]. Server Nonce: 0000: 50 2F B7 27 A2 82 8C F5 F3 F7 5F EE 55 CA 25 5E P/.'......_.U.%^ 0010: 83 5A 1D C8 39 2E 07 8C FE E0 67 8C 41 0C F4 01 .Z..9.....g.A... Master Secret: 0000: 53 99 13 E9 DE C8 EB 85 D8 4F E4 52 D9 9E 91 DE S........O.R.... 0010: FD FE F0 2E B5 E2 65 F6 96 A4 48 C1 E0 4D 74 EB ......e...H..Mt. 0020: 3E AC 50 84 3A C0 5C 08 ED 7F BC 39 DF E5 FA 02 >.P.:.....9.... Client MAC write Secret: 0000: 93 58 54 31 D6 18 0A FE BC FF 40 86 66 1C 95 A5 .XT1......@.f... Server MAC write Secret: 0000: F5 F9 2E 64 12 A2 F3 6B 6B 69 C2 AA 36 14 AA 2C ...d...kki..6.., Client write key: 0000: 0F AF E3 10 1C 9B 24 A4 C8 0C 01 E1 FC 64 4F 55 ......$......dOU Server write key: 0000: 72 04 94 3B 1E 2C DA 21 35 D7 ED CA A7 B7 3C 02 r..;.,.!5.....<. ... no IV used for this cipher main, WRITE: TLSv1 Change Cipher Spec, length = 1 [Raw write]: length = 6 0000: 14 03 01 00 01 01 ...... *** Finished verify_data: { 199, 153, 29, 209, 100, 86, 200, 134, 249, 145, 192, 14 } *** [write] MD5 and SHA1 hashes: len = 16 0000: 14 00 00 0C C7 99 1D D1 64 56 C8 86 F9 91 C0 0E ........dV...... Padded plaintext before ENCRYPTION: len = 32 0000: 14 00 00 0C C7 99 1D D1 64 56 C8 86 F9 91 C0 0E ........dV...... 0010: E0 C0 5C E7 78 59 C8 72 7C 8E A5 C8 6B 90 C0 75 ...xY.r....k..u main, WRITE: TLSv1 Handshake, length = 32 [Raw write]: length = 37 0000: 16 03 01 00 20 1C 00 C9 12 EE AE 76 26 82 5F CC .... ......v&._. 0010: 65 93 CA 0C 84 70 A0 34 94 46 C9 86 AE AC A2 23 e....p.4.F.....# 0020: A4 6F EF DB 64 .o..d [Raw read]: length = 5 0000: 14 03 01 00 01 ..... [Raw read]: length = 1 0000: 01 . main, READ: TLSv1 Change Cipher Spec, length = 1 [Raw read]: length = 5 0000: 16 03 01 00 20 .... [Raw read]: length = 32 0000: 38 14 9D A8 51 FA B5 58 CE 7A E2 8A 0F E6 5E 45 8...Q..X.z....^E 0010: D3 4D 65 CF 1C 7B 44 C6 01 BD 69 42 2A 66 DB 8A .Me...D...iB*f.. main, READ: TLSv1 Handshake, length = 32 Padded plaintext after DECRYPTION: len = 32 0000: 14 00 00 0C 76 99 74 92 C7 45 2B ED AC 2D 2F 7A ....v.t..E+..-/z 0010: 24 3E 7A 7A F9 1B 07 9F 1F 99 E6 DC 3C 2C 2B 7E $>zz........<,+. *** Finished verify_data: { 118, 153, 116, 146, 199, 69, 43, 237, 172, 45, 47, 122 } *** %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5] [read] MD5 and SHA1 hashes: len = 16 0000: 14 00 00 0C 76 99 74 92 C7 45 2B ED AC 2D 2F 7A ....v.t..E+..-/z Warning: URL Host: localhost vs. localhost Padded plaintext before ENCRYPTION: len = 183 0000: 47 45 54 20 2F 74 65 73 74 2F 69 6E 64 65 78 2E GET /test/index. 0010: 6A 73 70 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 jsp HTTP/1.1..Us 0020: 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 2F 31 er-Agent: Java/1 0030: 2E 36 2E 30 5F 32 31 0D 0A 48 6F 73 74 3A 20 6C .6.0_21..Host: l 0040: 6F 63 61 6C 68 6F 73 74 3A 38 34 34 33 0D 0A 41 ocalhost:8443..A 0050: 63 63 65 70 74 3A 20 74 65 78 74 2F 68 74 6D 6C ccept: text/html 0060: 2C 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D 61 , image/gif, ima 0070: 67 65 2F 6A 70 65 67 2C 20 2A 3B 20 71 3D 2E 32 ge/jpeg, *; q=.2 0080: 2C 20 2A 2F 2A 3B 20 71 3D 2E 32 0D 0A 43 6F 6E , */*; q=.2..Con 0090: 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C nection: keep-al 00A0: 69 76 65 0D 0A 0D 0A C9 B3 D8 80 FB 69 A2 16 CA ive.........i... 00B0: 87 1A DD 7B 85 29 77 .....)w main, WRITE: TLSv1 Application Data, length = 183 [Raw write]: length = 188 0000: 17 03 01 00 B7 9C 55 72 D7 0D 18 85 09 23 B7 2D ......Ur.....#.- 0010: E9 8A A7 B7 A2 48 44 B3 7D CB 60 DE 44 7E F8 9C .....HD...`.D... 0020: FE E8 46 DD 99 25 90 44 B3 8B CE B2 6A 83 38 2E ..F..%.D....j.8. 0030: F8 F0 DF 4B 4E 08 58 37 D2 39 5F EB 44 B7 38 86 ...KN.X7.9_.D.8. 0040: A2 9A 70 74 33 AA 02 0F 62 05 29 57 7E C5 DF 87 ..pt3...b.)W.... 0050: 35 06 EF 5C 4D 96 CF F0 84 73 10 60 BD B0 10 BF 5..M....s.`.... 0060: 1C 18 FE 81 AD B8 08 DD CF 2C 69 42 41 09 11 AD .........,iBA... 0070: ED 48 45 8D A7 E2 F8 8D 9B 89 BF 9A F4 00 1F BB .HE............. 0080: 21 02 10 FE B5 4E 55 BD 63 4C 2E 4B E0 8B C9 84 !....NU.cL.K.... 0090: C6 E3 18 39 3F A9 F3 87 52 67 F7 6E 44 91 12 98 ...9?...Rg.nD... 00A0: C3 3C 87 AD 82 9C EF F2 8B E2 A6 C2 FA 96 10 08 .<.............. 00B0: F0 D9 82 EA F8 9B 26 44 2F 04 09 A5 ......&D/... [Raw read]: length = 5 0000: 17 03 01 01 20 .... [Raw read]: length = 288 0000: DF F0 E4 38 81 CE 54 3B AD 8E 58 08 4D F8 2F 32 ...8..T;..X.M./2 0010: A6 1A 79 EC 5F 5D CC 77 FD 71 65 9B DC C5 A2 40 ..y._].w.qe....@ 0020: B0 1A 52 5B BD 46 1F DD 18 85 95 FC F3 82 8E 6A ..R[.F.........j 0030: D3 DC DB A1 F9 8B A8 C1 62 63 C2 6B BB 95 78 C7 ........bc.k..x. 0040: 89 59 A4 02 D9 C0 35 66 11 7E 6E B8 43 96 7C FD .Y....5f..n.C... 0050: AE 47 CB 64 52 AB FA DA 40 01 2A 4B AD FD 30 10 .G.dR...@.*K..0. 0060: 40 2A 8D 4B E4 B5 49 E3 CA C5 02 8E 5B C8 66 84 @*.K..I.....[.f. 0070: D2 75 49 48 28 77 90 26 92 E1 48 A9 F1 9A 78 23 .uIH(w.&..H...x# 0080: 90 D1 02 15 89 0F 4D 8A D7 30 04 17 F5 6E F0 ED ......M..0...n.. 0090: 32 92 1A 9D 5D 27 68 FD 9E BA 52 AD DA 45 2E 66 2...]'h...R..E.f 00A0: 33 A5 D6 B5 05 96 25 6C F4 C0 20 24 24 A9 A1 87 3.....%l.. $$... 00B0: 02 DE 05 7E DA 9F 7A B3 7F 00 E2 CB 87 1B 6F 09 ......z.......o. 00C0: 1E 3E 6C 90 7C 3E 34 34 F3 FD B5 29 8F 8D 6D 88 .>l..>44...)..m. 00D0: 12 BE 0A B4 B2 5A 12 C4 4F 96 3F 8B 9A 2A 30 46 .....Z..O.?..*0F 00E0: 4C D5 8C C5 03 78 B9 36 AD FA 0A 9E BB 85 35 E0 L....x.6......5. 00F0: E6 AD 70 74 2D E2 F7 BF 7B B8 12 F8 7F 83 E1 92 ..pt-........... 0100: 4F 40 A8 30 BF 4C E6 5D 47 1A 0B 5C 5A 47 A4 6E O@.0.L.]G..ZG.n 0110: 35 89 0E E7 42 18 AC F5 26 1B DD B1 7A A9 FC 99 5...B...&...z... main, READ: TLSv1 Application Data, length = 288 Padded plaintext after DECRYPTION: len = 288 0000: 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D HTTP/1.1 200 OK. 0010: 0A 53 65 72 76 65 72 3A 20 41 70 61 63 68 65 2D .Server: Apache- 0020: 43 6F 79 6F 74 65 2F 31 2E 31 0D 0A 58 2D 50 6F Coyote/1.1..X-Po 0030: 77 65 72 65 64 2D 42 79 3A 20 4A 53 50 2F 32 2E wered-By: JSP/2. 0040: 32 0D 0A 53 65 74 2D 43 6F 6F 6B 69 65 3A 20 4A 2..Set-Cookie: J 0050: 53 45 53 53 49 4F 4E 49 44 3D 53 75 79 36 68 4E SESSIONID=Suy6hN 0060: 50 4B 49 31 54 5A 56 36 36 6A 46 78 4D 76 70 41 PKI1TZV66jFxMvpA 0070: 55 70 3B 20 50 61 74 68 3D 2F 74 65 73 74 3B 20 Up; Path=/test; 0080: 53 65 63 75 72 65 0D 0A 43 6F 6E 74 65 6E 74 2D Secure..Content- 0090: 54 79 70 65 3A 20 74 65 78 74 2F 68 74 6D 6C 3B Type: text/html; 00A0: 63 68 61 72 73 65 74 3D 49 53 4F 2D 38 38 35 39 charset=ISO-8859 00B0: 2D 31 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 -1..Content-Leng 00C0: 74 68 3A 20 33 33 0D 0A 44 61 74 65 3A 20 53 61 th: 33..Date: Sa 00D0: 74 2C 20 31 38 20 41 75 67 20 32 30 31 32 20 31 t, 18 Aug 2012 1 00E0: 35 3A 33 39 3A 32 31 20 47 4D 54 0D 0A 0D 0A 48 5:39:21 GMT....H 00F0: 65 6C 6C 6C 6C 6C 6C 6C 6C 6C 6C 6C 6C 6F 6F 6F ellllllllllllooo 0100: 6F 6F 6F 6F 6F 6F 6F 6F 6F 6F 6F 6F 6F 6F 6F 0A ooooooooooooooo. 0110: FF EB 8A CF 9F 1D 78 F3 94 ED 45 9A B2 B0 A9 DB ......x...E..... response code : 200 Received Data: as Following: Helllllllllllloooooooooooooooooo
.
.
Thanks ๐
MiddlewareMagic Team