Hey, Thx a lot for your help. I tried your openssl command before and after
trying the new iptables commands. The result seems the same, and I have the
feeling it doesn't use my new certificate. Here some extracts: ~$openssl
s_client -connect localhost:8181 -state -debug CONNECTED(00000003)
SSL_connect:before/connect initialization write to 0x686760 [0x687cb0] (118
bytes => 118 (0x76)) [...] SSL_connect:SSLv2/v3 write client hello A read
from 0x686760 [0x68d210] (7 bytes => 7 (0x7)) 0000 - 16 03 01 05 d4 02 ......
0007 - read from 0x686760 [0x68d217] (1490 bytes => 1490 (0x5D2)) 0000 - 00
46 03 01 4f 82 b8 df-e5 2a bc 70 9a 6c 5a 6f .F..O....*.p.lZo [...] 05d2 -
SSL_connect:SSLv3 read server hello A depth=0
/C=FR/ST=IDF/L=Paris/O=[XXX]/OU=Web/CN=[www.YYY.com] verify error:num=18:self
signed certificate verify return:1 depth=0
/C=FR/ST=IDF/L=Paris/O=[XXX]/OU=Web/CN=[www.YYY.com] verify return:1
SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key
exchange A SSL_connect:SSLv3 read server done A write to 0x686760 [0x6974e0]
(107 bytes => 107 (0x6B)) 0000 - 16 03 01 00 66 10 00 00-62 00 60 81 72 e9 ea
ee ....f...b.`.r... [...] SSL_connect:SSLv3 write client key exchange A write
to 0x686760 [0x6974e0] (6 bytes => 6 (0x6)) 0000 - 14 03 01 00 01 01 ......
SSL_connect:SSLv3 write change cipher spec A write to 0x686760 [0x6974e0] (45
bytes => 45 (0x2D)) 0000 - 16 03 01 00 28 19 e5 ca-b1 f7 8f e1 c5 40 a5 a7
....(........@.. [...] SSL_connect:SSLv3 write finished A SSL_connect:SSLv3
flush data read from 0x686760 [0x68d210] (5 bytes => 5 (0x5)) 0000 - 14 03 01
00 01 ..... read from 0x686760 [0x68d215] (1 bytes => 1 (0x1)) 0000 - 01 .
read from 0x686760 [0x68d210] (5 bytes => 5 (0x5)) 0000 - 16 03 01 00 28
....( read from 0x686760 [0x68d215] (40 bytes => 40 (0x28)) 0000 - fe 7d e5
8a 92 ff b3 29-18 10 c2 e5 10 ee 12 04 .}.....)........ [...]
SSL_connect:SSLv3 read finished A --- Certificate chain 0
s:/C=FR/ST=IDF/L=Paris/O=[XXX]/OU=Web/CN=[www.YYY.com]
i:/C=FR/ST=IDF/L=Paris/O=[XXX]/OU=Web/CN=[www.YYY.com] --- Server certificate
-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE-----
subject=/C=FR/ST=IDF/L=Paris/O=[XXX]/OU=Web/CN=[www.YYY.com]
issuer=/C=FR/ST=IDF/L=Paris/O=[XXX]/OU=Web/CN=[www.YYY.com] --- No client
certificate CA names sent --- SSL handshake has read 1548 bytes and written
276 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public
key is 2048 bit Compression: NONE Expansion: NONE SSL-Session: Protocol :
TLSv1 Cipher : [...] Session-ID: [...] Session-ID-ctx: Master-Key: [...]
Key-Arg : None Start Time: 1333967071 Timeout : 300 (sec) Verify return code:
18 (self signed certificate) --- read from 0x686760 [0x68d210] (5 bytes => 0
(0x0)) read:errno=0 write to 0x686760 [0x691a20] (29 bytes => 29 (0x1D)) 0000
- 15 03 01 00 18 49 b6 a6-94 e0 19 e8 44 8a a1 27 .....I......D..' 0010 - 19
bc d5 3e 09 90 c3 d8-6d c4 96 e7 34 ...>....m...4 SSL3 alert
write:warning:close notify My certificate is not self-signed (but CA signed)
and doesn't look like the one between BEGIN/END certificate anyway. I'm going
to dig this direction...
--
[Message sent by forum member 'bzbzh']
View Post: http://forums.java.net/node/884899