ssl client authentication fails

Hello!

I'm using SSL with client authentication. The server is IBM HTTP Server. For some reason the client does not provide the certificate chain. The client runs with the following options: -Djavax.net.debug=ssl -Djavax.net.ssl.trustStorePassword=stokrotka -Djavax.net.ssl.trustStore="D://keys/clientTrust.jks" -Djavax.net.ssl.keyStorePassword=stokrotka -Djavax.net.ssl.keyStore="D://keys/clientKeys.jks"

The logs are:

setting updefault SSLSocketFactory

usedefault SunJSSE implclass: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImp

l

class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded

keyStore is : D://keys/clientKeys.jks

keyStore type is : jks

keyStore provider is :

init keystore

init keymanager of type SunX509

***

found keyfor : stokrotka

chain [0] = [

[

Version: V3

Subject: CN=wsDStokrotka, OU=WS, OU=IT Admin, DC=corp, DC=plusnet

Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: Sun RSApublic key, 1024 bits

modulus: 111273955703645412431520836310789616967148333927617316972626935410898

02138920519598028482083676183102540315227879787669767819506532384253166266545350

78012579463486866620202085322827485248374667195478017314548088588983328999388117

53898094697552737824231132106112175740541344280277769381988759606555525520841791

public exponent: 65537

Validity: [From: Tue Feb 13 17:39:54 CET 2007,

To: Mon May 14 18:39:54 CEST 2007]

Issuer: CN=wsDStokrotka, OU=WS, OU=IT Admin, DC=corp, DC=plusnet

SerialNumber: [45d1e9da]

]

Algorithm: [MD5withRSA]

Signature:

0000: 9B 6F 10 82 E2 9A 2A 5DD1 FA 33 9B 6A 9C 11 DF .o....*]..3.j...

0010: C7 05 D8 62 21 B7 A7 28C8 52 56 F6 7D A2 75 8E ...b!..(.RV...u.

0020: 7F 13 D0 2C 50 B0 F2 7900 D7 11 8F AF A0 7F C8 ...,P..y........

0030: 44 44 49 32 59 1B 79 65EF 5E 66 A5 FE 3C B8 17 DDI2Y.ye.^f..<..

0040: E0 AE E9 C3 84 89 BF AA9C 93 65 2D 95 45 AE BD ..........e-.E..

0050: 76 5E C1 93 F7 F7 C5 3AAC 04 78 86 46 E7 CD E0 v^.....:..x.F...

0060: 5A DB ED 2A 35 77 D8 8861 6C 78 75 DE 9F 83 75 Z..*5w..alxu...u

0070: 9C 33 C5 A3 C2 C6 19 842B 09 5B 0F 1D B5 4F 0B .3......+.[...O.

]

***

trustStore is: D:\keys\clientTrust.jks

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

Subject: CN=CEN530B40K36.corp.plusnet, O=polkomtel, C=PL

Issuer: CN=CEN530B40K36.corp.plusnet, O=polkomtel, C=PL

Algorithm: RSA; Serial number: 0x45d1ebba

Valid from Mon Feb 12 17:47:54 CET 2007 until Wed Feb 13 17:47:54 CET 2008

adding as trusted cert:

Subject: CN=Kolakowski, OU=CCBS, O=polkomtel, L=waw, ST=maz, C=pl

Issuer: CN=Kolakowski, OU=CCBS, O=polkomtel, L=waw, ST=maz, C=pl

Algorithm: DSA; Serial number: 0x45d1ea25

Valid from Tue Feb 13 17:41:09 CET 2007 until Mon May 14 18:41:09 CEST 2007

init context

trigger seeding of SecureRandom

done seeding SecureRandom

instantiated an instance ofclass com.sun.net.ssl.internal.ssl.SSLSocketFactoryI

mpl

trustStore is: D:\keys\clientTrust.jks

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

Subject: CN=CEN530B40K36.corp.plusnet, O=polkomtel, C=PL

Issuer: CN=CEN530B40K36.corp.plusnet, O=polkomtel, C=PL

Algorithm: RSA; Serial number: 0x45d1ebba

Valid from Mon Feb 12 17:47:54 CET 2007 until Wed Feb 13 17:47:54 CET 2008

adding as trusted cert:

Subject: CN=Kolakowski, OU=CCBS, O=polkomtel, L=waw, ST=maz, C=pl

Issuer: CN=Kolakowski, OU=CCBS, O=polkomtel, L=waw, ST=maz, C=pl

Algorithm: DSA; Serial number: 0x45d1ea25

Valid from Tue Feb 13 17:41:09 CET 2007 until Mon May 14 18:41:09 CEST 2007

trigger seeding of SecureRandom

done seeding SecureRandom

trigger seeding of SecureRandom

done seeding SecureRandom

pool-1-thread-1, setSoTimeout(86400000) called

pool-1-thread-1, setSoTimeout(0) called

pool-1-thread-1, setSoTimeout(60000) called

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1154543979 bytes ={ 38, 75, 132, 25, 11, 42, 101, 167, 165,

231, 42, 204, 71, 155, 204, 0, 154, 244, 58, 239, 219, 218, 1, 66, 130, 3, 109,

16}

Session ID:{}

Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH

_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC

_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_

DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SH

A, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_

WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WI

TH_DES40_CBC_SHA]

Compression Methods:{ 0}

***

pool-1-thread-1, WRITE: TLSv1 Handshake, length = 73

pool-1-thread-1, WRITE: SSLv2 client hello message, length = 98

pool-1-thread-1, READ: TLSv1 Handshake, length = 792

*** ServerHello, TLSv1

RandomCookie: GMT: 1154543979 bytes ={ 209, 169, 106, 43, 125, 202, 207, 108,

205, 103, 167, 201, 248, 149, 118, 25, 202, 249, 213, 76, 103, 162, 52, 67, 168,

148, 239, 83}

Session ID:{104, 17, 0, 0, 196, 44, 247, 252, 71, 177, 16, 168, 159, 218, 232,

20, 168, 7, 207, 232, 88, 88, 88, 88, 107, 241, 209, 69, 0, 0, 0, 0}

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA

Compression Method: 0

***

%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]

** TLS_RSA_WITH_AES_128_CBC_SHA

*** Certificate chain

chain [0] = [

[

Version: V3

Subject: CN=CEN530B40K36.corp.plusnet, O=polkomtel, C=PL

Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: Sun RSApublic key, 1024 bits

modulus: 133007561425493495058068278821066045627537053241054847949738836513571

58049778722157746368684675593063809064221911495859396721366781800148673658235791

64334165788768093417956948936920986301660466036865221222996083269807472230880200

99824604447712991843860035985023491689808952154680102507049082376524136017090143

public exponent: 65537

Validity: [From: Mon Feb 12 17:47:54 CET 2007,

To: Wed Feb 13 17:47:54 CET 2008]

Issuer: CN=CEN530B40K36.corp.plusnet, O=polkomtel, C=PL

SerialNumber: [45d1ebba]

]

Algorithm: [MD5withRSA]

Signature:

0000: 3B 85 AD EE CF 95 A3 BD79 52 0C C3 F6 EF F1 CD ;.......yR......

0010: 8C AF 2B 2C F4 8F 77 64AF 53 7A E4 B2 98 91 DE ..+,..wd.Sz.....

0020: 7D FA 03 48 23 DF 85 C494 8A 91 B0 47 07 5E A3 ...H#.......G.^.

0030: 0E 41 47 19 BC 5D 19 4562 4A 06 CD 82 0A 47 1F .AG..].EbJ....G.

0040: 0C A3 97 27 0D 9C 10 555B 14 92 4A E9 B6 F5 38 ...'...U[..J...8

0050: 34 2A AE 2C 05 83 E3 034E 23 1E BA 4F 65 35 54 4*.,....N#..Oe5T

0060: 1B D0 E7 71 79 DA 4B A676 E4 52 B2 18 46 3D 3A ...qy.K.v.R..F=:

0070: E2 CF 6D A0 CA 6F EA 2CEA D5 D0 E9 9E A7 38 C4 ..m..o.,......8.

]

***

*** CertificateRequest

Cert Types: RSA,

Cert Authorities:

<CN=wsDStokrotka, OU=WS, OU=IT Admin, DC=corp, DC=plusnet>

<CN=CEN530B40K36.corp.plusnet, O=polkomtel, C=PL>

*** ServerHelloDone

[b]*** Certificate chain

***

*** ClientKeyExchange, RSA PreMasterSecret, TLSv1[/b]

Random Secret:{ 3, 1, 152, 222, 82, 214, 243, 156, 137, 240, 134, 47, 138, 175

, 149, 113, 157, 164, 131, 29, 78, 46, 187, 163, 95, 14, 161, 14, 165, 120, 207,

136, 231, 153, 252, 48, 129, 121, 44, 96, 153, 148, 103, 155, 151, 39, 154, 115

}

pool-1-thread-1, WRITE: TLSv1 Handshake, length = 141

SESSION KEYGEN:

PreMaster Secret:

0000: 03 01 98 DE 52 D6 F3 9C89 F0 86 2F 8A AF 95 71 ....R....../...q

0010: 9D A4 83 1D 4E 2E BB A35F 0E A1 0E A5 78 CF 88 ....N..._....x..

0020: E7 99 FC 30 81 79 2C 6099 94 67 9B 97 27 9A 73 ...0.y,`..g..'.s

CONNECTION KEYGEN:

Client Nonce:

0000: 45 D1 F1 6B 26 4B 84 190B 2A 65 A7 A5 E7 2A CC E..k&K...*e...*.

0010: 47 9B CC 00 9A F4 3A EFDB DA 01 42 82 03 6D 10 G.....:....B..m.

Server Nonce:

0000: 45 D1 F1 6B D1 A9 6A 2B7D CA CF 6C CD 67 A7 C9 E..k..j+...l.g..

0010: F8 95 76 19 CA F9 D5 4C67 A2 34 43 A8 94 EF 53 ..v....Lg.4C...S

Master Secret:

0000: 21 DE DE C3 BC 80 9B 90BB 58 8F 6B C9 F7 7E C1 !........X.k....

0010: 75 BD 15 8A 73 5F 29 F266 56 3B F9 CE 39 CC 28 u...s_).fV;..9.(

0020: AC DF 89 6A C4 8B D3 1600 08 A8 E2 43 EA D9 97 ...j........C...

Client MAC write Secret:

0000: 60 C2 E9 4C 19 F1 8B 7CBC 32 C3 AF 2D 3E 9C 16 `..L.....2..->..

0010: C3 23 8D 92.#..

Server MAC write Secret:

0000: D9 F1 03 18 70 CF 4E 0291 9F 76 BB DC 90 5C 44 ....p.N...v...\D

0010: 65 17 33 22e.3"

Client write key:

0000: 17 6A B4 97 3E 78 96 FCCF 63 78 CF E0 25 52 7E .j..>x...cx..%R.

Server write key:

0000: A1 3C 21 E7 A8 6D 30 2906 A3 D8 69 FD D4 7D 67 .<!..m0)...i...g

Client write IV:

0000: CB 21 0C E1 DD 87 9E 02DB 01 95 DF 16 77 ED 95 .!...........w..

Server write IV:

0000: 5F 56 37 68 9C 15 6B CFEB 8C F6 AF 84 D9 CF 93 _V7h..k.........

pool-1-thread-1, WRITE: TLSv1 Change Cipher Spec, length = 1

*** Finished

verify_data:{ 174, 233, 150, 128, 236, 64, 7, 110, 172, 89, 106, 219}

***

pool-1-thread-1, WRITE: TLSv1 Handshake, length = 48

pool-1-thread-1, READ: TLSv1 Change Cipher Spec, length = 1

pool-1-thread-1, READ: TLSv1 Handshake, length = 48

*** Finished

verify_data:{ 180, 154, 62, 235, 180, 161, 41, 222, 79, 119, 4, 55}

***

%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]

>

[11019 byte] By [bartek.kolakowskia] at [2007-11-26 18:20:16]