1 Reply Latest reply on Aug 13, 2003 11:37 AM by 3004

    SSL client issue

    3004

      We are in the process of migrating from WLS 5.1 to WLS 7.2 and we are having issues
      with using SSL client(i.e. call other secured URLs from WebLogic 7.2 - Self Signed
      and from commerical CAs) This is a working code in WLS 5.1.

      THis is what we used to do in WLS 5.1, JDK1.2.2 on Solairs 7 with 1.0.2 versions
      of jnet.jar, jsse.jar and jcert.jar.

      1) Import client certs from self signed using keytool into <installed jdk>/jre/lib/security/jssecacerts.
      2) Ensure that jsse.jar, jnet.jar and jcert.jar are in the class path.
      3) Following code snippet works like a charm:-

      System.setProperty"java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
      Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

      String fullUrlStr = (m_useHTTPS ? HTTPS : HTTP) + m_url;
      m_logger.log("full url str=" + fullUrlStr, LogLevel.DEBUG, methodName);

      URL url = new URL( fullUrlStr );

      HttpURLConnection conn = (HttpURLConnection)url.openConnection();
      conn.setDoInput( true );
      conn.setDoOutput( true );
      conn.setUseCaches( false );
      if( dataType == DATA_XML ){
      conn.setRequestProperty("Content-Type", "text/xml");
      }else {
      //
      // netscape & .Net workaround
      //
      conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
      }
      //
      // post data
      //
      DataOutputStream output = null;
      output = new DataOutputStream( conn.getOutputStream() );
      output.writeBytes( data );
      output.flush();
      output.close();

      // Return codes
      // 2** SUCCESS
      // 3** REDIRECTION
      // 4** CLIENT ERROR
      // 5** SERVER ERROR
      if( conn.getResponseCode() >= 400 ) {
      throw new IOException( conn.getResponseMessage() );
      }
      BufferedReader input = new BufferedReader( new InputStreamReader(
      conn.getInputStream() ) );

      String str = null;
      while( ((str = input.readLine())) != null ) {
      respData.append( str );
      }
      input.close();

      return respData.toString();



      When we do the same with WLS7.2, JDK 1.3.1_06 on Solaris 8 with jsse.jar version
      1.0.3 then we get the
      following exception. ( WebLogic seems to be intercepting SSL - BEA uses certicom
      to do this ). BEA has suggested removing jsse.jar and remove registering of "com.sun.net.ssl.internal.www.protocol"
      as security provider and add "weblogic.net" into security provider and use weblogic.net.http.HttpURLConnection
      instead of HttpURLConnection. This only seems to work with versign or thawte but
      not with Self Signed sites and we have alot of vendors that we connect that are
      self signed. Any clues?:



      Home class name = com.juniper.bus.decision.ejb.DecisionHome
      JDK Protocol Handlers and Security Providers:
      java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
      provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing; SHA-1,
      MD5 digests; SecureRandom; X.509 certificates; JKS keystore)
      provider[1] - SunRsaSign - SUN's provider for RSA signatures
      provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures, PKCS12,
      SunX509 key/trust factories, SSLv3, TLSv1)


      <Jul 8, 2003 10:10:03 AM EDT> <Debug> <TLS> <000000> <Weblogic license is export
      limited>
      <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <clientInfo settings applied>
      <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <Filtering JSSE SSLSocket>
      <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.addContext(ctx):
      8109733>
      <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <SSLSocket will be Muxing>
      <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <SSLIOContextTable.findContext(is):
      2189658>
      <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <write HANDSHAKE offset =
      0 length = 77>
      <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
      <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <isMuxerActivated: false>
      <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <SSLFilter.isActivated: false>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <7837106 readRecord()>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <7837106 received HANDSHAKE>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: ServerHello>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE: Certificate>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Performing hostname validation
      checks: 205.174.35.197>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <validationCallback: validateErr
      = 4>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> < cert[0] = Serial number:
      246526388047040191922181
      Issuer:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support, CN=TransactWebCertificate
      Subject:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support, CN=205.174.35.197
      Not Valid Before:Thu Jul 03 11:32:43 EDT 2003
      Not Valid After:Sat Jul 03 11:42:43 EDT 2004
      Signature Algorithm:SHAwithRSA
      >
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Validation error = 4>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Certificate chain is incomplete>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <SSLTrustValidator returns:
      4>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Trust status (4): CERT_CHAIN_INCOMPLETE>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <NEW ALERT: com.certicom.tls.record.alert.Alert@4d99c
      Severity: 2 Type: 42
      java.lang.Throwable: Stack trace
      at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
      at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
      Source)
      at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
      Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
      Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
      Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
      Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
      Source)
      at com.certicom.tls.record.WriteHandler.write(Unknown Source)
      at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
      at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:125)
      at java.io.FilterOutputStream.flush(FilterOutputStream.java:121)
      at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
      at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:284)
      at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:235)
      at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:662)
      at com.juniper.core.util.HTTPHelper.sendPostData(HTTPHelper.java:499)
      at com.juniper.core.util.HTTPHelper.sendPostData(HTTPHelper.java:413)
      at com.juniper.utility.scorex.ScorexDAO.post(ScorexDAO.java:1516)
      at com.juniper.utility.scorex.ScorexDAO.getApplicationResponse(ScorexDAO.java:1769)
      at com.juniper.utility.scorex.ScorexDAO.apply(ScorexDAO.java:320)
      at com.juniper.bus.decision.vdao.DecisionScorexDAO.apply(DecisionScorexDAO.java:108)
      at com.juniper.bus.decision.JuniperScorexDAO.apply(JuniperScorexDAO.java:40)
      at com.juniper.bus.decision.DecisionBO.decisionApplication(DecisionBO.java:161)
      at com.juniper.bus.decision.ejb.DecisionBean.decisionApplication(DecisionBean.java:71)
      at com.juniper.bus.decision.ejb.DecisionBean_afavb0_EOImpl.decisionApplication(DecisionBean_afavb0_EOImpl.java:100)
      at com.juniper.bus.apply.ApplyBO.decision(ApplyBO.java:588)
      at com.juniper.bus.apply.ApplyBO.process(ApplyBO.java:169)
      at com.juniper.bus.apply.ejb.ApplyBean.process(ApplyBean.java:89)
      at com.juniper.bus.apply.ejb.ApplyBean_11sitq_EOImpl.process(ApplyBean_11sitq_EOImpl.java:314)
      at com.juniper.app.apply.web.action.ApplicationAction.confirmAction(ApplicationAction.java:279)
      at com.juniper.app.apply.web.action.ApplicationAction.perform(ApplicationAction.java:100)
      at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1786)
      at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1585)
      at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:509)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1058)
      at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
      at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:306)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:5445)
      at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
      at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3105)
      at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2588)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
      at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
      >
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <write ALERT offset = 0 length
      = 2>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <close(): 7837106>
      <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Exception during handshake,
      stack trace follows
      javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable
      certificate was received.
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown
      Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
      Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
      Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
      Source)
      at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
      Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
      Source)
      at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
      Source)
      at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
      at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
      Source)
      at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
      Source)
      at com.certicom.tls.record.WriteHandler.write(Unknown Source)
      at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
      at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:125)
      at java.io.FilterOutputStream.flush(FilterOutputStream.java:121)
      at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
      at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:284)
      at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:235)
      at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:662)
      at com.juniper.core.util.HTTPHelper.sendPostData(HTTPHelper.java:499)
      at com.juniper.core.util.HTTPHelper.sendPostData(HTTPHelper.java:413)
      at com.juniper.utility.scorex.ScorexDAO.post(ScorexDAO.java:1516)
      at com.juniper.utility.scorex.ScorexDAO.getApplicationResponse(ScorexDAO.java:1769)
      at com.juniper.utility.scorex.ScorexDAO.apply(ScorexDAO.java:320)
      at com.juniper.bus.decision.vdao.DecisionScorexDAO.apply(DecisionScorexDAO.java:108)
      at com.juniper.bus.decision.JuniperScorexDAO.apply(JuniperScorexDAO.java:40)
      at com.juniper.bus.decision.DecisionBO.decisionApplication(DecisionBO.java:161)
      at com.juniper.bus.decision.ejb.DecisionBean.decisionApplication(DecisionBean.java:71)
      at com.juniper.bus.decision.ejb.DecisionBean_afavb0_EOImpl.decisionApplication(DecisionBean_afavb0_EOImpl.java:100)
      at com.juniper.bus.apply.ApplyBO.decision(ApplyBO.java:588)
      at com.juniper.bus.apply.ApplyBO.process(ApplyBO.java:169)
      at com.juniper.bus.apply.ejb.ApplyBean.process(ApplyBean.java:89)
      at com.juniper.bus.apply.ejb.ApplyBean_11sitq_EOImpl.process(ApplyBean_11sitq_EOImpl.java:314)
      at com.juniper.app.apply.web.action.ApplicationAction.confirmAction(ApplicationAction.java:279)
      at com.juniper.app.apply.web.action.ApplicationAction.perform(ApplicationAction.java:100)
      at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1786)
      at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1585)
      at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:509)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1058)
      at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:401)
      at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:306)
      at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:5445)
      at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
      at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3105)
      at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2588)
      at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)




      [SSLException.log]
        • 1. Re: SSL client issue
          3004
          The issuerDN and subjectDN don't appear to match in your "self signed"
          certificates. This is
          why Certicom is thinking they are not self signed.

          From your log:

          Issuer:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support,
          CN=TransactWebCertificate
          Subject:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support,
          CN=205.174.35.197

          Note the log indicates the CN is different, so Certicom is looking for a CA
          certificate with a SubjectDN that
          matches the IssueDN of that certificate. If it doesn't find a trusted CA
          that matches that IssuerDN it will
          not be able to complete the chain and trust it.

          Verify whether the IssuerDN and SubjectDN inthe certificate really match
          exactly. If not, confirm whether
          those certs really are self signed, or if they really do have CA's that you
          need to add to your trusted CA list
          on your client. If the certificates are supposed to be self signed, then
          chang the subjectDN and IssuerDN to match.

          Tony

          "George Aung" <gaung@juniper.com> wrote in message
          news:3f0c2062$1@newsgroups.bea.com...
          >
          We are in the process of migrating from WLS 5.1 to WLS 7.2 and we are
          having issues
          with using SSL client(i.e. call other secured URLs from WebLogic 7.2 -
          Self Signed
          and from commerical CAs) This is a working code in WLS 5.1.

          THis is what we used to do in WLS 5.1, JDK1.2.2 on Solairs 7 with 1.0.2
          versions
          of jnet.jar, jsse.jar and jcert.jar.

          1) Import client certs from self signed using keytool into <installed
          jdk>/jre/lib/security/jssecacerts.
          2) Ensure that jsse.jar, jnet.jar and jcert.jar are in the class path.
          3) Following code snippet works like a charm:-

          System.setProperty"java.protocol.handler.pkgs","com.sun.net.ssl.internal.www
          .protocol");
          Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

          String fullUrlStr = (m_useHTTPS ? HTTPS : HTTP) + m_url;
          m_logger.log("full url str=" + fullUrlStr, LogLevel.DEBUG, methodName);

          URL url = new URL( fullUrlStr );

          HttpURLConnection conn = (HttpURLConnection)url.openConnection();
          conn.setDoInput( true );
          conn.setDoOutput( true );
          conn.setUseCaches( false );
          if( dataType == DATA_XML ){
          conn.setRequestProperty("Content-Type", "text/xml");
          }else {
          //
          // netscape & .Net workaround
          //
          conn.setRequestProperty("Content-Type",
          "application/x-www-form-urlencoded");
          }
          //
          // post data
          //
          DataOutputStream output = null;
          output = new DataOutputStream( conn.getOutputStream() );
          output.writeBytes( data );
          output.flush();
          output.close();

          // Return codes
          // 2** SUCCESS
          // 3** REDIRECTION
          // 4** CLIENT ERROR
          // 5** SERVER ERROR
          if( conn.getResponseCode() >= 400 ) {
          throw new IOException( conn.getResponseMessage() );
          }
          BufferedReader input = new BufferedReader( new InputStreamReader(
          conn.getInputStream() ) );

          String str = null;
          while( ((str = input.readLine())) != null ) {
          respData.append( str );
          }
          input.close();

          return respData.toString();



          When we do the same with WLS7.2, JDK 1.3.1_06 on Solaris 8 with jsse.jar
          version
          1.0.3 then we get the
          following exception. ( WebLogic seems to be intercepting SSL - BEA uses
          certicom
          to do this ). BEA has suggested removing jsse.jar and remove registering
          of "com.sun.net.ssl.internal.www.protocol"
          as security provider and add "weblogic.net" into security provider and use
          weblogic.net.http.HttpURLConnection
          instead of HttpURLConnection. This only seems to work with versign or
          thawte but
          not with Self Signed sites and we have alot of vendors that we connect
          that are
          self signed. Any clues?:



          Home class name = com.juniper.bus.decision.ejb.DecisionHome
          JDK Protocol Handlers and Security Providers:
          java.protocol.handler.pkgs - com.sun.net.ssl.internal.www.protocol
          provider[0] - SUN - SUN (DSA key/parameter generation; DSA signing;
          SHA-1,
          MD5 digests; SecureRandom; X.509 certificates; JKS keystore)
          provider[1] - SunRsaSign - SUN's provider for RSA signatures
          provider[2] - SunJSSE - Sun JSSE provider(implements RSA Signatures,
          PKCS12,
          SunX509 key/trust factories, SSLv3, TLSv1)


          <Jul 8, 2003 10:10:03 AM EDT> <Debug> <TLS> <000000> <Weblogic license is
          export
          limited>
          <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <clientInfo settings
          applied>
          <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <Filtering JSSE
          SSLSocket>
          <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000>
          <SSLIOContextTable.addContext(ctx):
          8109733>
          <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <SSLSocket will be
          Muxing>
          <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000>
          <SSLIOContextTable.findContext(is):
          2189658>
          <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <write HANDSHAKE
          offset =
          0 length = 77>
          <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000>
          <SSLFilter.isActivated: false>
          <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000> <isMuxerActivated:
          false>
          <Jul 8, 2003 10:10:08 AM EDT> <Debug> <TLS> <000000>
          <SSLFilter.isActivated: false>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <7837106
          readRecord()>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <7837106 received
          HANDSHAKE>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
          ServerHello>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <HANDSHAKEMESSAGE:
          Certificate>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Performing hostname
          validation
          checks: 205.174.35.197>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <validationCallback:
          validateErr
          = 4>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> < cert[0] = Serial
          number:
          246526388047040191922181
          Issuer:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support,
          CN=TransactWebCertificate
          Subject:C=US, ST=Texas, L=McKinney, O=Experian-Scorex, OU=Support,
          CN=205.174.35.197
          Not Valid Before:Thu Jul 03 11:32:43 EDT 2003
          Not Valid After:Sat Jul 03 11:42:43 EDT 2004
          Signature Algorithm:SHAwithRSA
          >
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Validation error =
          4>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Certificate chain is
          incomplete>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <SSLTrustValidator
          returns:
          4>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Trust status (4):
          CERT_CHAIN_INCOMPLETE>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <NEW ALERT:
          com.certicom.tls.record.alert.Alert@4d99c
          Severity: 2 Type: 42
          java.lang.Throwable: Stack trace
          at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:245)
          at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
          at
          com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
          Source)
          at
          com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unkn
          own
          Source)
          at
          com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
          known
          Source)
          at
          com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
          nknown
          Source)
          at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
          Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at
          com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
          Source)
          at
          com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
          Source)
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at
          java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
          at
          java.io.BufferedOutputStream.flush(BufferedOutputStream.java:125)
          at java.io.FilterOutputStream.flush(FilterOutputStream.java:121)
          at
          weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
          at
          weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:28
          4)
          at
          java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:235)
          at
          weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:6
          62)
          at
          com.juniper.core.util.HTTPHelper.sendPostData(HTTPHelper.java:499)
          at
          com.juniper.core.util.HTTPHelper.sendPostData(HTTPHelper.java:413)
          at com.juniper.utility.scorex.ScorexDAO.post(ScorexDAO.java:1516)
          at
          com.juniper.utility.scorex.ScorexDAO.getApplicationResponse(ScorexDAO.java:1
          769)
          at com.juniper.utility.scorex.ScorexDAO.apply(ScorexDAO.java:320)
          at
          com.juniper.bus.decision.vdao.DecisionScorexDAO.apply(DecisionScorexDAO.java
          :108)
          at
          com.juniper.bus.decision.JuniperScorexDAO.apply(JuniperScorexDAO.java:40)
          at
          com.juniper.bus.decision.DecisionBO.decisionApplication(DecisionBO.java:161)
          at
          com.juniper.bus.decision.ejb.DecisionBean.decisionApplication(DecisionBean.j
          ava:71)
          at
          com.juniper.bus.decision.ejb.DecisionBean_afavb0_EOImpl.decisionApplication(
          DecisionBean_afavb0_EOImpl.java:100)
          at com.juniper.bus.apply.ApplyBO.decision(ApplyBO.java:588)
          at com.juniper.bus.apply.ApplyBO.process(ApplyBO.java:169)
          at com.juniper.bus.apply.ejb.ApplyBean.process(ApplyBean.java:89)
          at
          com.juniper.bus.apply.ejb.ApplyBean_11sitq_EOImpl.process(ApplyBean_11sitq_E
          OImpl.java:314)
          at
          com.juniper.app.apply.web.action.ApplicationAction.confirmAction(Application
          Action.java:279)
          at
          com.juniper.app.apply.web.action.ApplicationAction.perform(ApplicationAction
          .java:100)
          at
          org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.ja
          va:1786)
          at
          org.apache.struts.action.ActionServlet.process(ActionServlet.java:1585)
          at
          org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:509)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at
          weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
          tStubImpl.java:1058)
          at
          weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
          :401)
          at
          weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
          :306)
          at
          weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
          ebAppServletContext.java:5445)
          at
          weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
          r.java:780)
          at
          weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
          ntext.java:3105)
          at
          weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
          :2588)
          at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
          at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
          >
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <write ALERT offset =
          0 length
          = 2>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <close(): 7837106>
          <Jul 8, 2003 10:10:09 AM EDT> <Debug> <TLS> <000000> <Exception during
          handshake,
          stack trace follows
          javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or
          unuseable
          certificate was received.
          at
          com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown
          Source)
          at
          com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown
          Source)
          at
          com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
          Source)
          at
          com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
          Source)
          at
          com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unkn
          own
          Source)
          at
          com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Un
          known
          Source)
          at
          com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(U
          nknown
          Source)
          at com.certicom.tls.record.ReadHandler.interpretContent(Unknown
          Source)
          at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
          at
          com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown
          Source)
          at
          com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
          Source)
          at com.certicom.tls.record.WriteHandler.write(Unknown Source)
          at
          java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:67)
          at
          java.io.BufferedOutputStream.flush(BufferedOutputStream.java:125)
          at java.io.FilterOutputStream.flush(FilterOutputStream.java:121)
          at
          weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:97)
          at
          weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:28
          4)
          at
          java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:235)
          at
          weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection.java:6
          62)
          at
          com.juniper.core.util.HTTPHelper.sendPostData(HTTPHelper.java:499)
          at
          com.juniper.core.util.HTTPHelper.sendPostData(HTTPHelper.java:413)
          at com.juniper.utility.scorex.ScorexDAO.post(ScorexDAO.java:1516)
          at
          com.juniper.utility.scorex.ScorexDAO.getApplicationResponse(ScorexDAO.java:1
          769)
          at com.juniper.utility.scorex.ScorexDAO.apply(ScorexDAO.java:320)
          at
          com.juniper.bus.decision.vdao.DecisionScorexDAO.apply(DecisionScorexDAO.java
          :108)
          at
          com.juniper.bus.decision.JuniperScorexDAO.apply(JuniperScorexDAO.java:40)
          at
          com.juniper.bus.decision.DecisionBO.decisionApplication(DecisionBO.java:161)
          at
          com.juniper.bus.decision.ejb.DecisionBean.decisionApplication(DecisionBean.j
          ava:71)
          at
          com.juniper.bus.decision.ejb.DecisionBean_afavb0_EOImpl.decisionApplication(
          DecisionBean_afavb0_EOImpl.java:100)
          at com.juniper.bus.apply.ApplyBO.decision(ApplyBO.java:588)
          at com.juniper.bus.apply.ApplyBO.process(ApplyBO.java:169)
          at com.juniper.bus.apply.ejb.ApplyBean.process(ApplyBean.java:89)
          at
          com.juniper.bus.apply.ejb.ApplyBean_11sitq_EOImpl.process(ApplyBean_11sitq_E
          OImpl.java:314)
          at
          com.juniper.app.apply.web.action.ApplicationAction.confirmAction(Application
          Action.java:279)
          at
          com.juniper.app.apply.web.action.ApplicationAction.perform(ApplicationAction
          .java:100)
          at
          org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.ja
          va:1786)
          at
          org.apache.struts.action.ActionServlet.process(ActionServlet.java:1585)
          at
          org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:509)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at
          weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
          tStubImpl.java:1058)
          at
          weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
          :401)
          at
          weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
          :306)
          at
          weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
          ebAppServletContext.java:5445)
          at
          weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
          r.java:780)
          at
          weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
          ntext.java:3105)
          at
          weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
          :2588)
          at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)