This discussion is archived
2 Replies Latest reply: May 18, 2012 2:49 AM by EJP RSS

javax.net.ssl.SSLException: Received fatal alert: unexpected_message

296146 Newbie
Currently Being Moderated
We have an application that connects to a webservice over ssl. This works fine with Java 1.6.
Last week we tried to switch to Java 1.7. Unfortunately the application is no longer able to connect to the webservice.
The application throws an exception

main, handling exception: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: unexpected_message
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)


Here a sample program that demonstrates the problem.
First you have to import the certificate from https://portal.conextrade.com into a keystore
keytool.exe -import -trustcacerts -file thecertificate.cer -keystore keystore
          
          System.setProperty("javax.net.ssl.trustStore", "c:/keystore");     
          System.setProperty("javax.net.debug", "all");
          
          URL url = new URL("https://portal.conextrade.com");
          URLConnection connection = url.openConnection();
          connection.setDoInput(true);
          InputStream is = connection.getInputStream();
          
          BufferedReader in = new BufferedReader(new InputStreamReader(is));
          String inputLine;
          while ((inputLine = in.readLine()) != null) {
               System.out.println(inputLine);
          }
          
          is.close();


OUTPUT: JAVA 1.7
java version "1.7.0_03"
Java(TM) SE Runtime Environment (build 1.7.0_03-b05)
Java HotSpot(TM) 64-Bit Server VM (build 22.1-b02, mixed mode)

keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: c:\keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=operation.it@swisscom.com, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Algorithm: RSA; Serial number: 0xf4911d1fc64c897b5ee0327a7cac4fc4
Valid from Thu Jul 01 15:35:31 CEST 2010 until Mon Jul 01 15:35:31 CEST 2013

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1329727169 bytes = { 225, 84, 71, 58, 44, 100, 166, 254, 58, 11, 159, 183, 32, 12, 183, 80, 122, 84, 96, 117, 22, 182, 172, 178, 140, 16, 122, 133 }
Session ID: {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: portal.conextrade.com]
***
[write] MD5 and SHA1 hashes: len = 179
0000: 01 00 00 AF 03 01 4F 42 07 C1 E1 54 47 3A 2C 64 ......OB...TG:,d
0010: A6 FE 3A 0B 9F B7 20 0C B7 50 7A 54 60 75 16 B6 ..:... ..PzT`u..
0020: AC B2 8C 10 7A 85 00 00 2A 00 33 C0 04 00 16 00 ....z...*.3.....
0030: 05 C0 03 C0 11 C0 02 C0 07 C0 13 C0 08 C0 0C 00 ................
0040: FF C0 0D C0 0E C0 09 00 2F C0 12 00 04 00 32 00 ......../.....2.
0050: 13 00 0A 01 00 00 5C 00 0A 00 34 00 32 00 17 00 ......\...4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0B 00 02 01 00 00 00 00 1A 00 18 00 00 15 70 6F ..............po
00A0: 72 74 61 6C 2E 63 6F 6E 65 78 74 72 61 64 65 2E rtal.conextrade.
00B0: 63 6F 6D com
main, WRITE: TLSv1 Handshake, length = 179
[Raw write]: length = 184
0000: 16 03 01 00 B3 01 00 00 AF 03 01 4F 42 07 C1 E1 ...........OB...
0010: 54 47 3A 2C 64 A6 FE 3A 0B 9F B7 20 0C B7 50 7A TG:,d..:... ..Pz
0020: 54 60 75 16 B6 AC B2 8C 10 7A 85 00 00 2A 00 33 T`u......z...*.3
0030: C0 04 00 16 00 05 C0 03 C0 11 C0 02 C0 07 C0 13 ................
0040: C0 08 C0 0C 00 FF C0 0D C0 0E C0 09 00 2F C0 12 ............./..
0050: 00 04 00 32 00 13 00 0A 01 00 00 5C 00 0A 00 34 ...2.......\...4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
0090: 00 08 00 16 00 0B 00 02 01 00 00 00 00 1A 00 18 ................
00A0: 00 00 15 70 6F 72 74 61 6C 2E 63 6F 6E 65 78 74 ...portal.conext
00B0: 72 61 64 65 2E 63 6F 6D rade.com
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 0A ..
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, unexpected_message
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: une
xpected_message
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at ListQ.main(ListQ.java:29)



OUTPUT: JAVA 1.6 (Stripped because of the forum message size limit)
java version "1.6.0_31"
Java(TM) SE Runtime Environment (build 1.6.0_31-b05)
Java HotSpot(TM) 64-Bit Server VM (build 20.6-b01, mixed mode)

keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: c:\keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=operation.it@swisscom.com, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Algorithm: RSA; Serial number: 0xf4911d1fc64c897b5ee0327a7cac4fc4
Valid from Thu Jul 01 15:35:31 CEST 2010 until Mon Jul 01 15:35:31 CEST 2013

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1329727349 bytes = { 89, 13, 21, 51, 8, 96, 232, 222, 110, 133, 251, 168, 17, 9, 52, 113, 67, 2, 231, 189, 197, 135, 151, 110, 167, 65, 169, 83 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 75

main, WRITE: TLSv1 Handshake, length = 75
[write] MD5 and SHA1 hashes: len = 101

main, WRITE: SSLv2 client hello message, length = 101
[Raw write]: length = 103

[Raw read]: length = 5
0000: 16 03 01 0B 6A ....j
[Raw read]: length = 1447

[Raw read]: length = 23
0000: 1E DE 5A 40 9D 4D A0 43 85 89 8E 71 BD 23 DC F2 ..Z@.M.C...q.#..
0010: 9C 32 EB 0E 00 00 00 .2.....
main, READ: TLSv1 Handshake, length = 2922
*** ServerHello, TLSv1
RandomCookie: GMT: 1329727351 bytes = { 244, 254, 202, 89, 42, 196, 210, 251, 171, 157, 178, 130, 217, 222, 133, 246, 159, 217, 145, 109, 172, 246, 3, 217, 238, 9, 204, 173 }
Session ID: {222, 38, 194, 184, 34, 248, 213, 233, 159, 199, 30, 155, 246, 156, 15, 25}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 58
0000: 02 00 00 36 03 01 4F 42 07 77 F4 FE CA 59 2A C4 ...6..OB.w...Y*.
0010: D2 FB AB 9D B2 82 D9 DE 85 F6 9F D9 91 6D AC F6 .............m..
0020: 03 D9 EE 09 CC AD 10 DE 26 C2 B8 22 F8 D5 E9 9F ........&.."....
0030: C7 1E 9B F6 9C 0F 19 00 04 00 ..........
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=operation.it@swisscom.com, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 21433107734581350948415011107642111998968948635016996101529201817477356098190703519214444230870553866961794931689472656773083868993023071906065291462967301034070995998179232469090572408180285996779457465853528719789593776958911956176849867203743472526831968939510639422609748373231273083973527207291753627469531232077546076513481096173590383365996865535130592362780009661364636052667964251546797013622260176991917434054941639659462253950497493898323092218019470807906000206169023508468934218728151859020203746306455108128579269913518404756170452254192030880912209635594177277670022168378900628787129170950386994169253
public exponent: 65537
Validity: [From: Thu Jul 01 15:35:31 CEST 2010,
               To: Mon Jul 01 15:35:31 CEST 2013]
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
SerialNumber: [    f4911d1f c64c897b 5ee0327a 7cac4fc4]

Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D9 63 7A 45 DE 12 94 BD 6A 72 11 63 D3 1E 3D 48 .czE....jr.c..=H
0010: 7B F0 98 96 ....
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
0010: D4 E9 AC C0 ....
]

]

[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: operation.it@swisscom.com
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.83.4]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 25 68 74 74 70 3A 2F   2F 77 77 77 2E 73 77 69  .%http://www.swi
0010: 73 73 64 69 67 69 63 65   72 74 2E 63 68 2F 64 6F  ssdigicert.ch/do
0020: 63 75 6D 65 6E 74 73                               cuments

]] ]
]

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.swissdigicert.ch/rubin,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://www.swissdigicert.ch/download]
]

Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:ldap://ldap.swissdigicert.ch/CN=Swisscom Rubin CA 1,dc=rubin,dc=swissdigicert,dc=ch?certificateRevocationList?



]
Algorithm: [SHA1withRSA]
Signature:


]
chain [1] = [
[
Version: V3
Subject: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 25039181334177605665348188361384833284338454108451495379200756462611895777158645543181949916265045590435493889720475627207791179169954955932481075804934694229656067476750176621610916419730241635071599980372508406907822967879952412966361208896535687501205989988554923283919063444000961625863777730630694843738526055013062610787052880764817172123818980265982116651440707330608214186344449994988418573585484196446045181530492632957068420320525053465414361272768949453838692999587744234298628319868552240073297523752438525890789997972406162077539546657549688432375280630924322955925303111883020966788257941025503691489683
public exponent: 65537
Validity: [From: Thu Feb 23 10:53:12 CET 2006,
               To: Tue Feb 23 10:53:12 CET 2016]
Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
SerialNumber: [    261d9475 0f6c9d82 d4efcce3 b90f613a]

Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
0010: D4 E9 AC C0 ....
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 25 2F DE 6F 82 01 3A 5C 2C DC 2B A1 69 B5 67 .%/.o..:\,.+.i.g
0010: D4 8C D3 FD ....
]

]

[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://www.swissdigicert.ch/download/sdcs-root.crl]
]]

[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.83.4]
[] ]
]

[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://www.swissdigicert.ch/download]
]

]
Algorithm: [SHA1withRSA]
Signature:


]
***
Found trusted certificate:
[
[
Version: V3
Subject: EMAILADDRESS=operation.it@swisscom.com, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 21433107734581350948415011107642111998968948635016996101529201817477356098190703519214444230870553866961794931689472656773083868993023071906065291462967301034070995998179232469090572408180285996779457465853528719789593776958911956176849867203743472526831968939510639422609748373231273083973527207291753627469531232077546076513481096173590383365996865535130592362780009661364636052667964251546797013622260176991917434054941639659462253950497493898323092218019470807906000206169023508468934218728151859020203746306455108128579269913518404756170452254192030880912209635594177277670022168378900628787129170950386994169253
public exponent: 65537
Validity: [From: Thu Jul 01 15:35:31 CEST 2010,
               To: Mon Jul 01 15:35:31 CEST 2013]
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
SerialNumber: [    f4911d1f c64c897b 5ee0327a 7cac4fc4]

Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D9 63 7A 45 DE 12 94 BD 6A 72 11 63 D3 1E 3D 48 .czE....jr.c..=H
0010: 7B F0 98 96 ....
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
0010: D4 E9 AC C0 ....
]

]

[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: operation.it@swisscom.com
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.83.4]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 25 68 74 74 70 3A 2F   2F 77 77 77 2E 73 77 69  .%http://www.swi
0010: 73 73 64 69 67 69 63 65   72 74 2E 63 68 2F 64 6F  ssdigicert.ch/do
0020: 63 75 6D 65 6E 74 73                               cuments

]] ]
]

[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.swissdigicert.ch/rubin,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://www.swissdigicert.ch/download]
]

Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:ldap://ldap.swissdigicert.ch/CN=Swisscom Rubin CA 1,dc=rubin,dc=swissdigicert,dc=ch?certificateRevocationList?

Exception in thread "main" java.io.IOException: Server returned HTTP response code: 401 for URL: https://portal.conextrade.com
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
     at ListQ.main(ListQ.java:29)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points