2 Replies Latest reply: May 18, 2012 4:49 AM by EJP RSS

    javax.net.ssl.SSLException: Received fatal alert: unexpected_message

    296146
      We have an application that connects to a webservice over ssl. This works fine with Java 1.6.
      Last week we tried to switch to Java 1.7. Unfortunately the application is no longer able to connect to the webservice.
      The application throws an exception

      main, handling exception: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
      Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: unexpected_message
      at sun.security.ssl.Alerts.getSSLException(Unknown Source)
      at sun.security.ssl.Alerts.getSSLException(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)


      Here a sample program that demonstrates the problem.
      First you have to import the certificate from https://portal.conextrade.com into a keystore
      keytool.exe -import -trustcacerts -file thecertificate.cer -keystore keystore
                
                System.setProperty("javax.net.ssl.trustStore", "c:/keystore");     
                System.setProperty("javax.net.debug", "all");
                
                URL url = new URL("https://portal.conextrade.com");
                URLConnection connection = url.openConnection();
                connection.setDoInput(true);
                InputStream is = connection.getInputStream();
                
                BufferedReader in = new BufferedReader(new InputStreamReader(is));
                String inputLine;
                while ((inputLine = in.readLine()) != null) {
                     System.out.println(inputLine);
                }
                
                is.close();


      OUTPUT: JAVA 1.7
      java version "1.7.0_03"
      Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
      Java HotSpot(TM) 64-Bit Server VM (build 22.1-b02, mixed mode)

      keyStore is :
      keyStore type is : jks
      keyStore provider is :
      init keystore
      init keymanager of type SunX509
      trustStore is: c:\keystore
      trustStore type is : jks
      trustStore provider is :
      init truststore
      adding as trusted cert:
      Subject: EMAILADDRESS=operation.it@swisscom.com, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
      Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
      Algorithm: RSA; Serial number: 0xf4911d1fc64c897b5ee0327a7cac4fc4
      Valid from Thu Jul 01 15:35:31 CEST 2010 until Mon Jul 01 15:35:31 CEST 2013

      trigger seeding of SecureRandom
      done seeding SecureRandom
      Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
      Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
      Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
      Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
      Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
      Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
      Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
      Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
      Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
      Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
      Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
      Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
      Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
      Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
      Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
      Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
      Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
      Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
      Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
      Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
      Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
      Allow unsafe renegotiation: false
      Allow legacy hello messages: true
      Is initial handshake: true
      Is secure renegotiation: false
      main, setSoTimeout(0) called
      %% No cached client session
      *** ClientHello, TLSv1
      RandomCookie: GMT: 1329727169 bytes = { 225, 84, 71, 58, 44, 100, 166, 254, 58, 11, 159, 183, 32, 12, 183, 80, 122, 84, 96, 117, 22, 182, 172, 178, 140, 16, 122, 133 }
      Session ID: {}
      Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
      Compression Methods: { 0 }
      Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
      Extension ec_point_formats, formats: [uncompressed]
      Extension server_name, server_name: [host_name: portal.conextrade.com]
      ***
      [write] MD5 and SHA1 hashes: len = 179
      0000: 01 00 00 AF 03 01 4F 42 07 C1 E1 54 47 3A 2C 64 ......OB...TG:,d
      0010: A6 FE 3A 0B 9F B7 20 0C B7 50 7A 54 60 75 16 B6 ..:... ..PzT`u..
      0020: AC B2 8C 10 7A 85 00 00 2A 00 33 C0 04 00 16 00 ....z...*.3.....
      0030: 05 C0 03 C0 11 C0 02 C0 07 C0 13 C0 08 C0 0C 00 ................
      0040: FF C0 0D C0 0E C0 09 00 2F C0 12 00 04 00 32 00 ......../.....2.
      0050: 13 00 0A 01 00 00 5C 00 0A 00 34 00 32 00 17 00 ......\...4.2...
      0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
      0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
      0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
      0090: 0B 00 02 01 00 00 00 00 1A 00 18 00 00 15 70 6F ..............po
      00A0: 72 74 61 6C 2E 63 6F 6E 65 78 74 72 61 64 65 2E rtal.conextrade.
      00B0: 63 6F 6D com
      main, WRITE: TLSv1 Handshake, length = 179
      [Raw write]: length = 184
      0000: 16 03 01 00 B3 01 00 00 AF 03 01 4F 42 07 C1 E1 ...........OB...
      0010: 54 47 3A 2C 64 A6 FE 3A 0B 9F B7 20 0C B7 50 7A TG:,d..:... ..Pz
      0020: 54 60 75 16 B6 AC B2 8C 10 7A 85 00 00 2A 00 33 T`u......z...*.3
      0030: C0 04 00 16 00 05 C0 03 C0 11 C0 02 C0 07 C0 13 ................
      0040: C0 08 C0 0C 00 FF C0 0D C0 0E C0 09 00 2F C0 12 ............./..
      0050: 00 04 00 32 00 13 00 0A 01 00 00 5C 00 0A 00 34 ...2.......\...4
      0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
      0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
      0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
      0090: 00 08 00 16 00 0B 00 02 01 00 00 00 00 1A 00 18 ................
      00A0: 00 00 15 70 6F 72 74 61 6C 2E 63 6F 6E 65 78 74 ...portal.conext
      00B0: 72 61 64 65 2E 63 6F 6D rade.com
      [Raw read]: length = 5
      0000: 15 03 01 00 02 .....
      [Raw read]: length = 2
      0000: 02 0A ..
      main, READ: TLSv1 Alert, length = 2
      main, RECV TLSv1 ALERT: fatal, unexpected_message
      main, called closeSocket()
      main, handling exception: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
      Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: une
      xpected_message
      at sun.security.ssl.Alerts.getSSLException(Unknown Source)
      at sun.security.ssl.Alerts.getSSLException(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
      at ListQ.main(ListQ.java:29)



      OUTPUT: JAVA 1.6 (Stripped because of the forum message size limit)
      java version "1.6.0_31"
      Java(TM) SE Runtime Environment (build 1.6.0_31-b05)
      Java HotSpot(TM) 64-Bit Server VM (build 20.6-b01, mixed mode)

      keyStore is :
      keyStore type is : jks
      keyStore provider is :
      init keystore
      init keymanager of type SunX509
      trustStore is: c:\keystore
      trustStore type is : jks
      trustStore provider is :
      init truststore
      adding as trusted cert:
      Subject: EMAILADDRESS=operation.it@swisscom.com, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
      Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
      Algorithm: RSA; Serial number: 0xf4911d1fc64c897b5ee0327a7cac4fc4
      Valid from Thu Jul 01 15:35:31 CEST 2010 until Mon Jul 01 15:35:31 CEST 2013

      trigger seeding of SecureRandom
      done seeding SecureRandom
      Allow unsafe renegotiation: false
      Allow legacy hello messages: true
      Is initial handshake: true
      Is secure renegotiation: false
      %% No cached client session
      *** ClientHello, TLSv1
      RandomCookie: GMT: 1329727349 bytes = { 89, 13, 21, 51, 8, 96, 232, 222, 110, 133, 251, 168, 17, 9, 52, 113, 67, 2, 231, 189, 197, 135, 151, 110, 167, 65, 169, 83 }
      Session ID: {}
      Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
      Compression Methods: { 0 }
      ***
      [write] MD5 and SHA1 hashes: len = 75

      main, WRITE: TLSv1 Handshake, length = 75
      [write] MD5 and SHA1 hashes: len = 101

      main, WRITE: SSLv2 client hello message, length = 101
      [Raw write]: length = 103

      [Raw read]: length = 5
      0000: 16 03 01 0B 6A ....j
      [Raw read]: length = 1447

      [Raw read]: length = 23
      0000: 1E DE 5A 40 9D 4D A0 43 85 89 8E 71 BD 23 DC F2 ..Z@.M.C...q.#..
      0010: 9C 32 EB 0E 00 00 00 .2.....
      main, READ: TLSv1 Handshake, length = 2922
      *** ServerHello, TLSv1
      RandomCookie: GMT: 1329727351 bytes = { 244, 254, 202, 89, 42, 196, 210, 251, 171, 157, 178, 130, 217, 222, 133, 246, 159, 217, 145, 109, 172, 246, 3, 217, 238, 9, 204, 173 }
      Session ID: {222, 38, 194, 184, 34, 248, 213, 233, 159, 199, 30, 155, 246, 156, 15, 25}
      Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
      Compression Method: 0
      ***
      Warning: No renegotiation indication extension in ServerHello
      %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
      ** SSL_RSA_WITH_RC4_128_MD5
      [read] MD5 and SHA1 hashes: len = 58
      0000: 02 00 00 36 03 01 4F 42 07 77 F4 FE CA 59 2A C4 ...6..OB.w...Y*.
      0010: D2 FB AB 9D B2 82 D9 DE 85 F6 9F D9 91 6D AC F6 .............m..
      0020: 03 D9 EE 09 CC AD 10 DE 26 C2 B8 22 F8 D5 E9 9F ........&.."....
      0030: C7 1E 9B F6 9C 0F 19 00 04 00 ..........
      *** Certificate chain
      chain [0] = [
      [
      Version: V3
      Subject: EMAILADDRESS=operation.it@swisscom.com, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: Sun RSA public key, 2048 bits
      modulus: 21433107734581350948415011107642111998968948635016996101529201817477356098190703519214444230870553866961794931689472656773083868993023071906065291462967301034070995998179232469090572408180285996779457465853528719789593776958911956176849867203743472526831968939510639422609748373231273083973527207291753627469531232077546076513481096173590383365996865535130592362780009661364636052667964251546797013622260176991917434054941639659462253950497493898323092218019470807906000206169023508468934218728151859020203746306455108128579269913518404756170452254192030880912209635594177277670022168378900628787129170950386994169253
      public exponent: 65537
      Validity: [From: Thu Jul 01 15:35:31 CEST 2010,
                     To: Mon Jul 01 15:35:31 CEST 2013]
      Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
      SerialNumber: [    f4911d1f c64c897b 5ee0327a 7cac4fc4]

      Certificate Extensions: 7
      [1]: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: D9 63 7A 45 DE 12 94 BD 6A 72 11 63 D3 1E 3D 48 .czE....jr.c..=H
      0010: 7B F0 98 96 ....
      ]
      ]

      [2]: ObjectId: 2.5.29.35 Criticality=false
      AuthorityKeyIdentifier [
      KeyIdentifier [
      0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
      0010: D4 E9 AC C0 ....
      ]

      ]

      [3]: ObjectId: 2.5.29.17 Criticality=false
      SubjectAlternativeName [
      RFC822Name: operation.it@swisscom.com
      ]

      [4]: ObjectId: 2.5.29.37 Criticality=false
      ExtendedKeyUsages [
      serverAuth
      clientAuth
      2.16.840.1.113730.4.1
      ]

      [5]: ObjectId: 2.5.29.15 Criticality=true
      KeyUsage [
      DigitalSignature
      Key_Encipherment
      ]

      [6]: ObjectId: 2.5.29.32 Criticality=false
      CertificatePolicies [
      [CertificatePolicyId: [2.16.756.1.83.4]
      [PolicyQualifierInfo: [
        qualifierID: 1.3.6.1.5.5.7.2.1
        qualifier: 0000: 16 25 68 74 74 70 3A 2F   2F 77 77 77 2E 73 77 69  .%http://www.swi
      0010: 73 73 64 69 67 69 63 65   72 74 2E 63 68 2F 64 6F  ssdigicert.ch/do
      0020: 63 75 6D 65 6E 74 73                               cuments

      ]] ]
      ]

      [7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
      AuthorityInfoAccess [
      [
      accessMethod: 1.3.6.1.5.5.7.48.1
      accessLocation: URIName: http://ocsp.swissdigicert.ch/rubin,
      accessMethod: 1.3.6.1.5.5.7.48.2
      accessLocation: URIName: http://www.swissdigicert.ch/download]
      ]

      Unparseable certificate extensions: 1
      [1]: ObjectId: 2.5.29.31 Criticality=false
      Unparseable CRLDistributionPoints extension due to
      java.io.IOException: invalid URI name:ldap://ldap.swissdigicert.ch/CN=Swisscom Rubin CA 1,dc=rubin,dc=swissdigicert,dc=ch?certificateRevocationList?



      ]
      Algorithm: [SHA1withRSA]
      Signature:


      ]
      chain [1] = [
      [
      Version: V3
      Subject: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: Sun RSA public key, 2048 bits
      modulus: 25039181334177605665348188361384833284338454108451495379200756462611895777158645543181949916265045590435493889720475627207791179169954955932481075804934694229656067476750176621610916419730241635071599980372508406907822967879952412966361208896535687501205989988554923283919063444000961625863777730630694843738526055013062610787052880764817172123818980265982116651440707330608214186344449994988418573585484196446045181530492632957068420320525053465414361272768949453838692999587744234298628319868552240073297523752438525890789997972406162077539546657549688432375280630924322955925303111883020966788257941025503691489683
      public exponent: 65537
      Validity: [From: Thu Feb 23 10:53:12 CET 2006,
                     To: Tue Feb 23 10:53:12 CET 2016]
      Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
      SerialNumber: [    261d9475 0f6c9d82 d4efcce3 b90f613a]

      Certificate Extensions: 7
      [1]: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
      0010: D4 E9 AC C0 ....
      ]
      ]

      [2]: ObjectId: 2.5.29.35 Criticality=false
      AuthorityKeyIdentifier [
      KeyIdentifier [
      0000: 03 25 2F DE 6F 82 01 3A 5C 2C DC 2B A1 69 B5 67 .%/.o..:\,.+.i.g
      0010: D4 8C D3 FD ....
      ]

      ]

      [3]: ObjectId: 2.5.29.31 Criticality=false
      CRLDistributionPoints [
      [DistributionPoint:
      [URIName: http://www.swissdigicert.ch/download/sdcs-root.crl]
      ]]

      [4]: ObjectId: 2.5.29.15 Criticality=true
      KeyUsage [
      Key_CertSign
      Crl_Sign
      ]

      [5]: ObjectId: 2.5.29.32 Criticality=false
      CertificatePolicies [
      [CertificatePolicyId: [2.16.756.1.83.4]
      [] ]
      ]

      [6]: ObjectId: 2.5.29.19 Criticality=true
      BasicConstraints:[
      CA:true
      PathLen:0
      ]

      [7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
      AuthorityInfoAccess [
      [
      accessMethod: 1.3.6.1.5.5.7.48.2
      accessLocation: URIName: http://www.swissdigicert.ch/download]
      ]

      ]
      Algorithm: [SHA1withRSA]
      Signature:


      ]
      ***
      Found trusted certificate:
      [
      [
      Version: V3
      Subject: EMAILADDRESS=operation.it@swisscom.com, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key: Sun RSA public key, 2048 bits
      modulus: 21433107734581350948415011107642111998968948635016996101529201817477356098190703519214444230870553866961794931689472656773083868993023071906065291462967301034070995998179232469090572408180285996779457465853528719789593776958911956176849867203743472526831968939510639422609748373231273083973527207291753627469531232077546076513481096173590383365996865535130592362780009661364636052667964251546797013622260176991917434054941639659462253950497493898323092218019470807906000206169023508468934218728151859020203746306455108128579269913518404756170452254192030880912209635594177277670022168378900628787129170950386994169253
      public exponent: 65537
      Validity: [From: Thu Jul 01 15:35:31 CEST 2010,
                     To: Mon Jul 01 15:35:31 CEST 2013]
      Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
      SerialNumber: [    f4911d1f c64c897b 5ee0327a 7cac4fc4]

      Certificate Extensions: 7
      [1]: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: D9 63 7A 45 DE 12 94 BD 6A 72 11 63 D3 1E 3D 48 .czE....jr.c..=H
      0010: 7B F0 98 96 ....
      ]
      ]

      [2]: ObjectId: 2.5.29.35 Criticality=false
      AuthorityKeyIdentifier [
      KeyIdentifier [
      0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
      0010: D4 E9 AC C0 ....
      ]

      ]

      [3]: ObjectId: 2.5.29.17 Criticality=false
      SubjectAlternativeName [
      RFC822Name: operation.it@swisscom.com
      ]

      [4]: ObjectId: 2.5.29.37 Criticality=false
      ExtendedKeyUsages [
      serverAuth
      clientAuth
      2.16.840.1.113730.4.1
      ]

      [5]: ObjectId: 2.5.29.15 Criticality=true
      KeyUsage [
      DigitalSignature
      Key_Encipherment
      ]

      [6]: ObjectId: 2.5.29.32 Criticality=false
      CertificatePolicies [
      [CertificatePolicyId: [2.16.756.1.83.4]
      [PolicyQualifierInfo: [
        qualifierID: 1.3.6.1.5.5.7.2.1
        qualifier: 0000: 16 25 68 74 74 70 3A 2F   2F 77 77 77 2E 73 77 69  .%http://www.swi
      0010: 73 73 64 69 67 69 63 65   72 74 2E 63 68 2F 64 6F  ssdigicert.ch/do
      0020: 63 75 6D 65 6E 74 73                               cuments

      ]] ]
      ]

      [7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
      AuthorityInfoAccess [
      [
      accessMethod: 1.3.6.1.5.5.7.48.1
      accessLocation: URIName: http://ocsp.swissdigicert.ch/rubin,
      accessMethod: 1.3.6.1.5.5.7.48.2
      accessLocation: URIName: http://www.swissdigicert.ch/download]
      ]

      Unparseable certificate extensions: 1
      [1]: ObjectId: 2.5.29.31 Criticality=false
      Unparseable CRLDistributionPoints extension due to
      java.io.IOException: invalid URI name:ldap://ldap.swissdigicert.ch/CN=Swisscom Rubin CA 1,dc=rubin,dc=swissdigicert,dc=ch?certificateRevocationList?

      Exception in thread "main" java.io.IOException: Server returned HTTP response code: 401 for URL: https://portal.conextrade.com
           at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
           at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
           at ListQ.main(ListQ.java:29)