Enable TLS1.2 on java 1.6

Post questions here relative to DataStage Enterprise/PX Edition for such areas as Parallel job design, Parallel datasets, BuildOps, Wrappers, etc.

Moderators: chulett, rschirm, roy

Post Reply
betterthanever
Participant
Posts: 152
Joined: Tue Jan 13, 2009 8:59 am

Enable TLS1.2 on java 1.6

Post by betterthanever »

I have a java program that is being called from JAVA Integration stage to invoke a REST API. It has been working fine with the end points using a port num 8443. see the java version below

java -version
java version "1.6.0_30"
OpenJDK Runtime Environment (IcedTea6 1.13.3) (rhel-5.1.13.3.el6_5-x86_64)
OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode)

Recently the API team is blocking the port 8443 for TLS1.0/1.1 and only enable TLS1.2. So the API invocation is failing with this error below
" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure".

Is there a JVM option to force the java program to use TLS1.2? I appreciate your inputs.
betterthanever
Participant
Posts: 152
Joined: Tue Jan 13, 2009 8:59 am

Post by betterthanever »

I tried with those options. It didn't work, I switched on the debug mode and it still says "*** ClientHello, TLSv1" . Please the fill DEBUG log below

-Dcom.ibm.jsse2.overrideDefaultTLS=true
-Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12
-Djavax.net.debug=all

--------------------------------------FULL VERBOSE--------------------------
InvokeAPI,0: IBMJSSEProvider2 Build-Level: -20111101
Installed Providers =
IBMJCE
IBMJSSE
IBMJSSE2
IBMJGSSProvider
IBMCertPath
IBMPKCS11Impl
IBMCMSProvider
IBMSPNEGO
IBMSASL
IBMXMLCRYPTO
IBMXMLEnc
Policy
keyStore is: /fsiis/IBM/InformationServer/ASBNode/apps/jre/lib/security/cacerts
keyStore type is: jks
keyStore provider is:
init keystore
init keymanager of type IbmX509
trustStore is: /fsiis/IBM/InformationServer/ASBNode/apps/jre/lib/security/cacerts
trustStore type is: jks
trustStore provider is:
init truststore
adding as trusted cert:
Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Algorithm: RSA; Serial number: 0x444c0
Valid from Wed Oct 22 07:07:37 CDT 2008 until Mon Dec 31 06:07:37 CST 2029
adding as trusted cert:
Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
Valid from Mon May 25 19:00:00 CDT 2009 until Mon May 25 19:00:00 CDT 2020
adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 13:57:21 CDT 1999 until Mon Jun 24 14:06:30 CDT 2019
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 03:36:00 CDT 2006 until Sat Oct 25 03:36:00 CDT 2036
adding as trusted cert:
Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
Valid from Thu Mar 23 08:10:23 CST 2006 until Wed Dec 31 16:59:59 CST 2025
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 13:46:00 CDT 2000 until Mon May 12 18:59:00 CDT 2025
adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 05:49:13 CDT 2001 until Tue Apr 06 05:49:13 CDT 2021
adding as trusted cert:
Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Tue Dec 31 18:00:00 CST 1996 until Thu Dec 31 17:59:59 CST 2020
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 01:00:00 CDT 2002 until Tue Sep 29 09:08:00 CDT 2037
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Algorithm: RSA; Serial number: 0x4000000000121585308a2
Valid from Wed Mar 18 05:00:00 CDT 2009 until Sun Mar 18 05:00:00 CDT 2029
adding as trusted cert:
Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 19:00:00 CDT 1996 until Thu Dec 31 17:59:59 CST 2020
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 02:29:40 CDT 2001 until Tue Apr 06 02:29:40 CDT 2021
adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 08:38:43 CST 2006 until Wed Dec 31 16:59:59 CST 2025
adding as trusted cert:
Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Fri May 29 00:00:39 CDT 2009 until Tue May 29 00:00:39 CDT 2029
adding as trusted cert:
Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d
Valid from Tue Apr 01 19:00:00 CDT 2008 until Tue Dec 01 17:59:59 CST 2037
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 02:00:00 CST 2006 until Wed Dec 15 02:00:00 CST 2021
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 12:28:50 CDT 1999 until Tue Jul 09 12:36:58 CDT 2019
adding as trusted cert:
Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 05 21:12:32 CDT 2007 until Fri Jun 05 21:12:32 CDT 2037
adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Wed Dec 31 18:00:00 CST 2003 until Sun Dec 31 17:59:59 CST 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 07:14:45 CDT 1999 until Sun Jun 23 07:14:45 CDT 2019
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
Valid from Wed Mar 22 09:54:28 CST 2006 until Wed Dec 31 16:59:59 CST 2025
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 01:00:00 CDT 2002 until Thu Nov 19 14:43:00 CST 2037
adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 13:10:42 CDT 1999 until Tue Jul 09 13:19:22 CDT 2019
adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 05:40:14 CDT 2008 until Sat Oct 01 18:59:59 CDT 2033
adding as trusted cert:
Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Wed Jul 31 19:00:00 CDT 1996 until Thu Dec 31 17:59:59 CST 2020
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Sun Jun 20 23:00:00 CDT 1999 until Sat Jun 20 23:00:00 CDT 2020
adding as trusted cert:
Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Mon Sep 29 23:20:49 CDT 2003 until Fri Sep 29 23:20:49 CDT 2023
adding as trusted cert:
Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
Algorithm: RSA; Serial number: 0x26
Valid from Fri Jul 09 07:11:00 CDT 1999 until Tue Jul 09 18:59:00 CDT 2019
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863def8
Valid from Fri Dec 24 11:50:51 CST 1999 until Tue Jul 24 09:15:12 CDT 2029
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
Valid from Tue Nov 07 18:00:00 CST 2006 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 19:29:00 CDT 1998 until Mon Aug 13 18:59:00 CDT 2018
adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 05:48:38 CDT 2000 until Sat May 30 05:48:38 CDT 2020
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
Valid from Sun Nov 26 18:00:00 CST 2006 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x20000000000d678b79405
Valid from Tue Sep 01 07:00:00 CDT 1998 until Tue Jan 28 06:00:00 CST 2014
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 19:00:00 CDT 1998 until Tue Aug 01 18:59:59 CDT 2028
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 19:19:54 CDT 1999 until Tue Jun 25 19:19:54 CDT 2019
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 12:06:20 CDT 2004 until Thu Jun 29 12:06:20 CDT 2034
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
Algorithm: RSA; Serial number: 0x456b5054
Valid from Mon Nov 27 14:23:42 CST 2006 until Fri Nov 27 14:53:42 CST 2026
adding as trusted cert:
Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x509
Valid from Fri Nov 24 12:27:00 CST 2006 until Mon Nov 24 12:23:33 CST 2031
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 19:00:00 CDT 1998 until Tue Aug 01 18:59:59 CDT 2028
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 09:01:00 CDT 2000 until Sat May 17 18:59:00 CDT 2025
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x3ab6508b
Valid from Mon Mar 19 12:33:33 CST 2001 until Wed Mar 17 13:33:33 CDT 2021
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 05:38:31 CDT 2000 until Sat May 30 05:38:31 CDT 2020
adding as trusted cert:
Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
Valid from Wed Jul 07 12:05:00 CDT 1999 until Sat Jul 06 18:59:59 CDT 2019
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 12:39:16 CDT 2004 until Thu Jun 29 12:39:16 CDT 2034
adding as trusted cert:
Subject: CN=Class 3P Primary CA, O=Certplus, C=FR
Issuer: CN=Class 3P Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879
Valid from Wed Jul 07 12:10:00 CDT 1999 until Sat Jul 06 18:59:59 CDT 2019
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Algorithm: RSA; Serial number: 0x4a538c28
Valid from Tue Jul 07 12:25:54 CDT 2009 until Sat Dec 07 11:55:54 CST 2030
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f
Valid from Tue Apr 01 19:00:00 CDT 2008 until Tue Dec 01 17:59:59 CST 2037
adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 05:29:56 CDT 2008 until Sat Oct 01 18:59:59 CDT 2033
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Thu Nov 09 18:00:00 CST 2006 until Sun Nov 09 18:00:00 CST 2031
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 09:50:00 CDT 1998 until Wed Aug 14 18:59:00 CDT 2013
adding as trusted cert:
Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Wed Mar 03 23:00:00 CST 2004 until Sat Mar 03 23:00:00 CST 2029
adding as trusted cert:
Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
Valid from Thu Nov 16 18:00:00 CST 2006 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 11:41:51 CDT 1998 until Wed Aug 22 11:41:51 CDT 2018
adding as trusted cert:
Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
Valid from Wed Oct 25 03:30:35 CDT 2006 until Sat Oct 25 03:30:35 CDT 2036
adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 13:31:20 CDT 1999 until Tue Jul 09 13:40:36 CDT 2019
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Thu Nov 09 18:00:00 CST 2006 until Sun Nov 09 18:00:00 CST 2031
adding as trusted cert:
Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x5c6
Valid from Fri Nov 24 13:11:23 CST 2006 until Mon Nov 24 13:06:44 CST 2031
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 19:00:00 CDT 1998 until Tue Aug 01 18:59:59 CDT 2028
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 11:09:40 CDT 1999 until Sat May 25 11:39:40 CDT 2019
adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Thu Nov 09 18:00:00 CST 2006 until Sun Nov 09 18:00:00 CST 2031
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 17:23:48 CDT 1999 until Tue Jun 25 17:23:48 CDT 2019
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Sun Jun 20 23:00:00 CDT 1999 until Sat Jun 20 23:00:00 CDT 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Mon May 20 23:00:00 CDT 2002 until Fri May 20 23:00:00 CDT 2022
adding as trusted cert:
Subject: CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x75337d9ab0e1233bae2d7de4469162d4
Valid from Tue Jan 18 18:00:00 CST 2005 until Sun Jan 18 17:59:59 CST 2015
adding as trusted cert:
Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 18:00:00 CST 1995 until Thu Dec 31 17:59:59 CST 2020
adding as trusted cert:
Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
Valid from Wed Oct 25 03:32:46 CDT 2006 until Sat Oct 25 03:32:46 CDT 2036
adding as trusted cert:
Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb
Valid from Tue Apr 01 19:00:00 CDT 2008 until Tue Dec 01 17:59:59 CST 2037
adding as trusted cert:
Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Algorithm: RSA; Serial number: 0x10020
Valid from Tue Jun 11 05:46:39 CDT 2002 until Fri Jun 11 05:46:39 CDT 2027
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Sun Jan 28 18:00:00 CST 1996 until Tue Aug 01 18:59:59 CDT 2028
adding as trusted cert:
Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Sun Dec 31 18:00:00 CST 1995 until Thu Dec 31 17:59:59 CST 2020
adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 05:44:50 CDT 2000 until Sat May 30 05:44:50 CDT 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 18:00:00 CST 1996 until Wed Aug 02 18:59:59 CDT 2028
SSLContextImpl: Using X509ExtendedKeyManager com.ibm.jsse2.hd
SSLContextImpl: Using X509TrustManager com.ibm.jsse2.pc
JsseJCE: Using SecureRandom from provider IBMJCE version 1.2
trigger seeding of SecureRandom
done seeding SecureRandom
IBMJSSE2 will not enable CBC protection
IBMJSSE2 to send SCSV Cipher Suite on initial ClientHello
JsseJCE: Using cipher AES/CBC/NoPadding from provider TBD via init
JsseJCE: Using SecureRandom from provider IBMJCE version 1.2
IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
Is initial handshake: true
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1497814705 bytes = { 25, 239, 90, 146, 216, 107, 183, 25, 28, 252, 165, 203, 51, 132, 67, 126, 157, 73, 5, 123, 24, 248, 47, 91, 228, 239, 172, 178 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 81
0000: 01 00 00 4d 03 01 59 47 d7 b1 19 ef 5a 92 d8 6b ...M..YG....Z..k
0010: b7 19 1c fc a5 cb 33 84 43 7e 9d 49 05 7b 18 f8 ......3.C..I....
0020: 2f 5b e4 ef ac b2 00 00 26 00 04 00 05 00 2f 00 ................
0030: 33 00 32 00 0a fe ff 00 16 00 13 00 66 00 09 fe 3.2.........f...
0040: fe 00 15 00 12 00 03 00 08 00 14 00 11 00 ff 01 ................
0050: 00 .
main, WRITE: TLSv1 Handshake, length = 81
[Raw write]: length = 86
0000: 16 03 01 00 51 01 00 00 4d 03 01 59 47 d7 b1 19 ....Q...M..YG...
0010: ef 5a 92 d8 6b b7 19 1c fc a5 cb 33 84 43 7e 9d .Z..k......3.C..
0020: 49 05 7b 18 f8 2f 5b e4 ef ac b2 00 00 26 00 04 I...............
0030: 00 05 00 2f 00 33 00 32 00 0a fe ff 00 16 00 13 .....3.2........
0040: 00 66 00 09 fe fe 00 15 00 12 00 03 00 08 00 14 .f..............
0050: 00 11 00 ff 01 00 ......
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 ..
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
chulett
Charter Member
Charter Member
Posts: 43085
Joined: Tue Nov 12, 2002 4:34 pm
Location: Denver, CO

Post by chulett »

Seems to me it is time to involve support, it you haven't done so already...
-craig

"You can never have too many knives" -- Logan Nine Fingers
betterthanever
Participant
Posts: 152
Joined: Tue Jan 13, 2009 8:59 am

Post by betterthanever »

Craig,

Still looking to see if JAVA1.6 even supports TLS1.2 or not. Few google search reads say yes and some don't. The target is allowing us through a different port but i need to be able to get a resolution to use TLS1.2.

From your perspective, time to reach IBM, since the properties are not being set from the JAVA integration stage?
chulett
Charter Member
Charter Member
Posts: 43085
Joined: Tue Nov 12, 2002 4:34 pm
Location: Denver, CO

Post by chulett »

Yes... should be the quickest way to a solution. Note I didn't say "quick", but rather "quickest". :wink:
-craig

"You can never have too many knives" -- Logan Nine Fingers
betterthanever
Participant
Posts: 152
Joined: Tue Jan 13, 2009 8:59 am

Post by betterthanever »

Kondeti,
I appreciate your response. I will keep that in mind.

I found a resolution to force the Integration stage to use TLS1.2. Now the Debug logs shows "*** ClientHello, TLSv1.2" and my job goes though without any issues.

-Dhttps.protocols=TLSv1.1,TLSv1.2.
Post Reply