- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我已经将证书导入信任库,但仍然不能 成功连接到此网址。各种方法都试过了,可以 有人看到输出并帮助解决发生了什么事吗?
java -Djavax.net.debug=all SSLPoke services.americanexpress.com 443
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: /usr/java/jdk1.8.0_60/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
......
adding as trusted cert:
Subject: CN=services.americanexpress.com, OU=Web Hosting, O=American Express Company, L=Phoenix, ST=Arizona, C=US
Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x35f39c9233cdc61333b1d58614e578b2
Valid from Wed Jun 26 00:00:00 UTC 2013 until Fri Sep 01 23:59:59 UTC 2017
....
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1464494977 bytes = { 253, 148, 218, 101, 153, 160, 57, 246, 36, 129, 111, 62, 106, 226, 141, 140, 102, 47, 123, 244, 108, 192, 12, 140, 187, 249, 208, 106 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, 28_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=services.americanexpress.com]
***
[write] MD5 and SHA1 hashes: len = 232
00B0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................
00C0: 02 01 01 00 00 00 21 00 1F 00 00 1C 73 65 72 76 ......!.....serv
00D0: 69 63 65 73 2E 61 6D 65 72 69 63 61 6E 65 78 70 ices.americanexp
00E0: 72 65 73 73 2E 63 6F 6D ress.com
main, WRITE: TLSv1.2 Handshake, length = 232
[Raw write]: length = 237
0000: 16 03 03 00 E8 01 00 00 E4 03 03 57 4A 6C 81 FD ...........WJl..
0010: 94 DA 65 99 A0 39 F6 24 81 6F 3E 6A E2 8D 8C 66 ..e..9.$.o>j...f
0020: 2F 7B F4 6C C0 0C 8C BB F9 D0 6A 00 00 3A C0 23 /..l......j..:.#
0030: C0 27 00 3C C0 25 C0 29 00 67 00 40 C0 09 C0 13 .'.<.%.).g.@....
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 2B C0 2F 00 9C ./.....3.2.+./..
00D0: 1C 73 65 72 76 69 63 65 73 2E 61 6D 65 72 69 63 .services.americ
00E0: 61 6E 65 78 70 72 65 73 73 2E 63 6F 6D anexpress.com
[Raw read]: length = 5
0000: 16 03 03 00 51 ....Q
[Raw read]: length = 81
0000: 02 00 00 4D 03 03 90 E6 BB 39 B7 B1 8E 67 DA 71 ...M.....9...g.q
0010: 65 74 25 D1 B7 CF ED D4 1A 6C 2B 0B 06 8C 0E 5E et%......l+....^
0020: 25 07 3F 8D E3 6F 20 49 AD 22 CA E7 8B 8A E5 41 %.?..o I.".....A
0030: BE 9A B5 25 E0 70 D8 F9 73 A0 E0 5D 2F F3 3C AD ...%.p..s..]/.<.
0040: DE 1E 88 98 3B 65 B1 00 3C 00 00 05 FF 01 00 01 ....;e..<.......
0050: 00 .
main, READ: TLSv1.2 Handshake, length = 81
*** ServerHello, TLSv1.2
RandomCookie: GMT: -1880769735 bytes = { 183, 177, 142, 103, 218, 113, 101, 116, 37, 209, 183, 207, 237, 212, 26, 108, 43, 11, 6, 140, 14, 94, 37, 7, 63, 141, 227, 111 }
Session ID: {73, 173, 34, 202, 231, 139, 138, 229, 65, 190, 154, 181, 37, 224, 112, 216, 249, 115, 160, 224, 93, 47, 243, 60, 173, 222, 30, 136, 152, 59, 101, 177}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA256]
** TLS_RSA_WITH_AES_128_CBC_SHA256
[read] MD5 and SHA1 hashes: len = 81
0000: 02 00 00 4D 03 03 90 E6 BB 39 B7 B1 8E 67 DA 71 ...M.....9...g.q
0010: 65 74 25 D1 B7 CF ED D4 1A 6C 2B 0B 06 8C 0E 5E et%......l+....^
0020: 25 07 3F 8D E3 6F 20 49 AD 22 CA E7 8B 8A E5 41 %.?..o I.".....A
0030: BE 9A B5 25 E0 70 D8 F9 73 A0 E0 5D 2F F3 3C AD ...%.p..s..]/.<.
0040: DE 1E 88 98 3B 65 B1 00 3C 00 00 05 FF 01 00 01 ....;e..<.......
0050: 00 .
[Raw read]: length = 5
0000: 16 03 03 10 8E .....
[Raw read]: length = 4238
0310: 03 55 1D 0F 01 01 FF 04 04 03 02 05 A0 30 34 06 .U...........04.
0320: 03 55 1D 25 04 2D 30 2B 06 08 2B 06 01 05 05 07 .U.%.-0+..+.....
0450: 33 2D 61 69 61 2E 76 65 72 69 73 69 67 6E 2E 63 3-aia.verisign.c
0460: 6F 6D 2F 53 56 52 49 6E 74 6C 47 33 2E 63 65 72 om/SVRIntlG3.cer
main, READ: TLSv1.2 Handshake, length = 4238
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=services.americanexpress.com, OU=Web Hosting, O=American Express Company, L=Phoenix, ST=Arizona, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 30229676159696194917135440681975777728948709702479449945212097279930911021756291412408692828743836980749310830284879195994844527811837445892117218165863252223136982773
public exponent: 65537
Validity: [From: Wed Jun 26 00:00:00 UTC 2013,
To: Fri Sep 01 23:59:59 UTC 2017]
Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 35f39c92 33cdc613 33b1d586 14e578b2]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
,
accessMethod: caIssuers
accessLocation: URIName: http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D7 9B 7C D8 22 A0 15 F7 DD AD 5F CE 29 9B 58 C3 ...."....._.).X.
0010: BC 46 00 B5 .F..
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
1.3.6.1.4.1.311.10.3.3
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: services.americanexpress.com
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 2D E6 45 41 B1 52 D9 55 57 04 45 DC 07 51 E5 8E -.EA.R.UW.E..Q..
0010: 5C 00 41 5F AB D5 84 A4 64 4D 55 CC 38 88 18 4E \.A_....dMU.8..N
00D0: FD E9 93 D2 6A 55 24 F3 62 BE BD 99 EE 24 53 F5 ....jU$.b....$S.
00E0: 96 E7 2E DE 3E D2 7B 1C 77 9A 45 C7 FA 68 A1 76 ....>...w.E..h.v
00F0: 67 BA EC 81 83 FF 54 E2 A4 7E 47 AD 2C 39 62 F2 g.....T...G.,9b.
]
chain [1] = [
[
Version: V3
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 19420289231323388569960227299938029487260953720447310437792509462236918786001726710037662040142546936643383523519471181931421354900828966157275086870493679916429749573
public exponent: 65537
Validity: [From: Mon Feb 08 00:00:00 UTC 2010,
To: Fri Feb 07 23:59:59 UTC 2020]
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 641be820 ce020813 f32d4d2d 95d67e67]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
0060: 67 69 66 gif
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7F D3 65 A7 C2 DD EC BB F0 30 09 F3 43 39 FA 02 ..e......0..C9..
0010: AF 33 31 33 .313
]
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.verisign.com/pca3-g5.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 1E 1A 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 0...https://www.
0010: 76 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 verisign.com/rpa
]] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
2.16.840.1.113733.1.8.1
]
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=VeriSignMPKI-2-7
]
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D7 9B 7C D8 22 A0 15 F7 DD AD 5F CE 29 9B 58 C3 ...."....._.).X.
0010: BC 46 00 B5 .F..
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 71 B5 7D 73 52 4A DD D7 4D 34 2B 2E AF 94 46 A5 q..sRJ..M4+...F.
0010: 49 50 02 4F F8 2F 17 70 F2 13 DC 1F 21 86 AA C2 IP.O./.p....!...
0020: 4F 7C 37 3C D4 46 78 AE 5D 78 6F D1 BA 5A BC 10 O.7<.Fx.]xo..Z..
0030: AB 58 36 C5 8C 62 15 45 60 17 21 E2 D5 42 A8 77 .X6..b.E`.!..B.w
0040: A1 55 D8 43 04 51 F6 6E BA 48 E6 5D 4C B7 44 D3 .U.C.Q.n.H.]L.D.
0050: 3E A4 D5 D6 33 9A 9F 0D E6 D7 4E 96 44 95 5A 6C >...3.....N.D.Zl
0060: D6 A3 16 53 0E 98 43 CE A4 B8 C3 66 7A 05 5C 62 ...S..C....fz.\b
0070: 10 E8 1B 12 DB 7D 2E 76 50 FF DF D7 6B 1B CC 8A .......vP...k...
0080: CC 71 FA B3 40 56 7C 33 7A 77 94 5B F5 0B 53 FB .q..@V.3zw.[..S.
0090: 0E 5F BC 68 FB AF 2A EE 30 37 79 16 93 25 7F 4D ._.h..*.07y..%.M
00A0: 10 FF 57 FB BF 6E 3B 33 21 DE 79 DC 86 17 59 2D ..W..n;3!.y...Y-
00B0: 43 64 B7 A6 66 87 EA BC 96 46 19 1A 86 8B 6F D7 Cd..f....F....o.
00C0: B7 49 00 5B DB A3 BF 29 9A EE F7 D3 33 AE A3 F4 .I.[...)....3...
00D0: 9E 4C CA 5E 69 D4 1B AD B7 90 77 6A D8 59 6F 79 .L.^i.....wj.Yoy
00E0: AB 01 FA 55 F0 8A 21 66 E5 65 6E FD 7C D3 DF 1E ...U..!f.en.....
00F0: EB 7E 3F 06 90 FB 19 0B D3 06 02 1B 78 43 99 A8 ..?.........xC..
]
chain [2] = [
[
Version: V3
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 22109471102059671383796642714942393631149792360856487955190294587841800871022486252652612163196360832938367608763978013876844944237576704237206902072810376180366897841695320192789360300658269712766474225042097261456189264772686300705672328691871464945536513831768596383894122798581104077921511815271705394605095257256954381366139644740877956016759414080557948459417160074173313082409422023967584984099389949088073277478112907997447136173994433125025479812790590943737038696590266840534396683337181295383175344548120097700121250428676269067140626584500149856482388498317203907790209503513966223821253856296202557465877
public exponent: 65537
Validity: [From: Wed Nov 08 00:00:00 UTC 2006,
To: Wed Jul 16 23:59:59 UTC 2036]
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 18dad19e 267de8bb 4a2158cd cc6b3b4a]
Certificate Extensions: 4
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 61 30 5F A1 5D A0 5B 30 59 30 57 30 55 16 09 .a0_.].[0Y0W0U..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 8F E5 D3 1A 86 AC 8D 8E .+..............
0030: 6B C3 CF 80 6A D4 48 18 2C 7B 19 2E 30 25 16 23 k...j.H.,...0%.#
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E sign.com/vslogo.
0060: 67 69 66 gif
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7F D3 65 A7 C2 DD EC BB F0 30 09 F3 43 39 FA 02 ..e......0..C9..
0010: AF 33 31 33 .313
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 93 24 4A 30 5F 62 CF D8 1A 98 2F 3D EA DC 99 2D .$J0_b..../=...-
00C0: EF A5 7D 45 40 72 8E B7 0E 6B 0E 06 FB 33 35 48 ...E@r...k...35H
00D0: 71 B8 9D 27 8B C4 65 5F 0D 86 76 9C 44 7A F6 95 q..'..e_..v.Dz..
00E0: 5C F6 5D 32 08 33 A4 54 B6 18 3F 68 5C F2 42 4A \.]2.3.T..?h\.BJ
00F0: 85 38 54 83 5F D1 E8 2C F2 AC 11 D6 A8 ED 63 6A .8T._..,......cj
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=services.americanexpress.com, OU=Web Hosting, O=American Express Company, L=Phoenix, ST=Arizona, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 30229676159696194917135440681975777728948709702479449945212097279930911021756291412408692828743836980749310830284879195994844527811837445892117218165863252223136982773
public exponent: 65537
Validity: [From: Wed Jun 26 00:00:00 UTC 2013,
To: Fri Sep 01 23:59:59 UTC 2017]
Issuer: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SerialNumber: [ 35f39c92 33cdc613 33b1d586 14e578b2]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.verisign.com
,
accessMethod: caIssuers
accessLocation: URIName: http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D7 9B 7C D8 22 A0 15 F7 DD AD 5F CE 29 9B 58 C3 ...."....._.).X.
0010: BC 46 00 B5 .F..
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 risign.com/cps
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
1.3.6.1.4.1.311.10.3.3
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: services.americanexpress.com
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 2D E6 45 41 B1 52 D9 55 57 04 45 DC 07 51 E5 8E -.EA.R.UW.E..Q..
0010: 5C 00 41 5F AB D5 84 A4 64 4D 55 CC 38 88 18 4E \.A_....dMU.8..N
0020: 1D CB 0D 88 D5 02 A5 E2 73 72 62 B3 51 49 6F 20 ........srb.QIo
00C0: B7 1E 87 B7 AE D8 AB 29 83 A5 69 00 D3 07 BE 45 .......)..i....E
00D0: FD E9 93 D2 6A 55 24 F3 62 BE BD 99 EE 24 53 F5 ....jU$.b....$S.
00E0: 96 E7 2E DE 3E D2 7B 1C 77 9A 45 C7 FA 68 A1 76 ....>...w.E..h.v
00F0: 67 BA EC 81 83 FF 54 E2 A4 7E 47 AD 2C 39 62 F2 g.....T...G.,9b.
]
[read] MD5 and SHA1 hashes: len = 4238
0000: 0B 00 10 8A 00 10 87 00 05 7A 30 82 05 76 30 82 .........z0..v0.
0010: 04 5E A0 03 02 01 02 02 10 35 F3 9C 92 33 CD C6 .^.......5...3..
0020: 13 33 B1 D5 86 14 E5 78 B2 30 0D 06 09 2A 86 48 .3.....x.0...*.H
0030: 86 F7 0D 01 01 05 05 00 30 81 BC 31 0B 30 09 06 ........0..1.0..
0040: 03 55 04 06 13 02 55 53 31 17 30 15 06 03 55 04 .U....US1.0...U.
0050: 0A 13 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 ...VeriSign, Inc
0060: 2E 31 1F 30 1D 06 03 55 04 0B 13 16 56 65 72 69 .1.0...U....Veri
0070: 53 69 67 6E 20 54 72 75 73 74 20 4E 65 74 77 6F Sign Trust Netwo
07A0: C4 28 C6 E3 AD 79 1F 27 10 98 B8 BB 20 97 C1 28 .(...y.'.... ..(
07B0: 44 41 0F EA A9 A8 52 CF 4D 4E 1B 8B BB B5 C4 76 DA....R.MN.....v
07C0: D9 CC 56 06 EE B3 55 20 2A DE 15 8D 71 CB 54 C8 ..V...U *...q.T.
07D0: 6F 17 CD 89 00 E4 DC FF E1 C0 1F 68 71 E9 C7 29 o..........hq..)
07E0: 2E 7E BC 3B FC E5 BB AB 26 54 8B 66 90 CD F6 92 ...;....&T.f....
07F0: B9 31 24 80 BC 9E 6C D5 FC 7E D2 E1 4B 8C DC 42 .1$...l.....K..B
1080: 54 83 5F D1 E8 2C F2 AC 11 D6 A8 ED 63 6A T._..,......cj
[Raw read]: length = 5
0000: 16 03 03 00 2E .....
[Raw read]: length = 46
0000: 0D 00 00 26 03 01 02 40 00 1E 06 01 06 02 06 03 ...&...@........
0010: 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 ................
0020: 03 03 02 01 02 02 02 03 00 00 0E 00 00 00 ..............
main, READ: TLSv1.2 Handshake, length = 46
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<Empty>
[read] MD5 and SHA1 hashes: len = 42
0000: 0D 00 00 26 03 01 02 40 00 1E 06 01 06 02 06 03 ...&...@........
0010: 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 ................
0020: 03 03 02 01 02 02 02 03 00 00 ..........
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
[write] MD5 and SHA1 hashes: len = 269
0000: 0B 00 00 03 00 00 00 10 00 01 02 01 00 BE 4B B7 ..............K.
0110: 8F 98 ..
SESSION KEYGEN:
PreMaster Secret:
0000: 03 03 8D 61 C0 F9 AC 11 FA 20 C4 6D 78 C0 2E 3F ...a..... .mx..?
0010: 0A 60 C6 BA 36 C2 E6 28 AE B3 12 38 EC F0 52 E0 .`..6..(...8..R.
0020: 72 BC 31 16 34 B5 88 3C 4E BB C8 E2 50 EA 20 00 r.1.4..<N...P. .
CONNECTION KEYGEN:
Client Nonce:
0000: 57 4A 6C 81 FD 94 DA 65 99 A0 39 F6 24 81 6F 3E WJl....e..9.$.o>
0010: 6A E2 8D 8C 66 2F 7B F4 6C C0 0C 8C BB F9 D0 6A j...f/..l......j
Server Nonce:
0000: 90 E6 BB 39 B7 B1 8E 67 DA 71 65 74 25 D1 B7 CF ...9...g.qet%...
0010: ED D4 1A 6C 2B 0B 06 8C 0E 5E 25 07 3F 8D E3 6F ...l+....^%.?..o
Master Secret:
0000: 38 C7 96 B8 C2 C3 51 55 49 E2 95 C2 D8 23 28 E9 8.....QUI....#(.
0010: 9D 08 40 21 3F C6 85 E9 3E 3B B7 67 6A 76 26 7E ..@!?...>;.gjv&.
0020: 97 E6 2C 80 FF 81 C4 33 D1 9F BF 42 35 2D AB 73 ..,....3...B5-.s
Client MAC write Secret:
0000: 67 7E 5C C7 7B 2B 5F 5E 38 42 A1 21 2C FE F1 F2 g.\..+_^8B.!,...
0010: DD E4 BB 46 7D 35 BF C6 29 40 A8 8B B5 D6 DE 11 ...F.5..)@......
Server MAC write Secret:
0000: AD 34 13 00 5F 27 F1 21 AA 3B 63 75 76 1A 1A 89 .4.._'.!.;cuv...
0010: 9A CD 4D E3 1B DB 7F 83 65 1A 6A EE 0A 6F 33 86 ..M.....e.j..o3.
Client write key:
0000: E7 8D 41 0F FB 52 FF BF A1 D4 DB E8 BB 25 91 96 ..A..R.......%..
Server write key:
0000: 3E 09 29 43 AF F4 AB 98 2A C3 4D 53 B1 9D 33 5D >.)C....*.MS..3]
... no IV derived for this protocol
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 03 00 01 01 ......
*** Finished
verify_data: { 82, 58, 56, 177, 242, 110, 34, 212, 168, 243, 94, 249 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 52 3A 38 B1 F2 6E 22 D4 A8 F3 5E F9 ....R:8..n"...^.
Padded plaintext before ENCRYPTION: len = 80
0000: 8C E5 C6 F2 8F A1 37 D2 7B 43 6A 26 FD 9F 23 48 ......7..Cj&..#H
0010: 14 00 00 0C 52 3A 38 B1 F2 6E 22 D4 A8 F3 5E F9 ....R:8..n"...^.
0020: EE EF 79 2B C0 62 2A 7B C9 63 A3 71 41 F3 CE E2 ..y+.b*..c.qA...
0030: C2 6D EA 72 78 3C B5 10 FE BF D1 10 E8 A8 C1 BA .m.rx<..........
0040: 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F ................
main, WRITE: TLSv1.2 Handshake, length = 80
[Raw write]: length = 85
0000: 16 03 03 00 50 A5 DE 9B 39 37 C5 1F 81 3E E4 00 ....P...97...>..
0010: 18 C8 89 6B F3 46 9B 89 73 4A 64 20 52 0E BD 93 ...k.F..sJd R...
0020: 4D F3 AF D8 6B 90 56 60 4F 9E DE 96 06 EE 05 F3 M...k.V`O.......
0030: 32 CC 7A A6 85 C9 22 72 59 A9 05 B3 D4 A5 A9 E2 2.z..."rY.......
0040: A9 6A B5 51 49 B8 E9 DC CC 56 DB EF DB DB 06 8E .j.QI....V......
0050: 37 BB F4 48 7F 7..H.
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA256]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
无法弄清楚这是什么,应用程序正在使用 java1.6,但 SSLPoke 无法通过这两种情况
最佳答案
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: ...
Cert Authorities:
<Empty>
...
Warning: no suitable certificate found - continuing without client authentication
显然,服务器希望您发回您尚未配置(未找到合适的证书)的客户端证书 (CertificateRequest)。可能您在 Java 1.6 的 keystore 中有所需的证书,但在 Java 1.8 的 keystore 中没有。
关于Java ssl 握手失败 (SSLPoke),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37506233/
当我测试我的网站性能时,我注意到 SSL 握手是连接设置的一部分。我了解(页面的)第一个请求需要完整的 SSL 握手。 但是,如果您从 pingdom 测试中注意到,只有某些其他资源在进行 SSL 握
在 SSL 握手期间,浏览器会根据需要使用提供的 URL 从主机 Web 服务器下载任何中间证书。我相信浏览器附带来自公共(public) CA 的预安装证书,这些证书只有根证书的公钥。 1) 当使用
在配置了客户端身份验证的 TLS 握手中,有一个步骤,服务器接收客户端的证书并选择是否信任它(例如,在 Java 中,它是通过 TrustManager 完成的)。 我想知道来自服务器的最终“信任失败
我正在尝试了解 Android 与服务器的 TLS 连接。有人可以纠正我吗? 有两种启动 TLS 连接的方式。首先,只有服务器有证书,客户端决定是否信任它。其次,客户端和服务器都获得了证书。我说得对吗
我正在创建一个社交网站,我希望用户在其中聊天并接收实时通知,例如 Facebook,我尝试搜索可能的解决方案并找到了 ejabberd 的 pubsub 模块(我正在使用 ejabberd 进行聊天)
我正在编写一个应用程序来(非正式地)替换在 adobe air 中制作的客户端,他们使用 RTMP 作为连接协议(protocol),我必须创建自己的类来实现它:< 据我所知,RTMP 属于 TCP
我正在做一个关于 TLS 握手的学术项目,我已经捕获了由多个客户端(谷歌浏览器、Firefox ......)生成的一些 TLS 流量,我想看看对于给定的浏览器,客户端 hello 消息是否总是相同的
我使用 openssl 实现了一个 DTLS 服务器。 (我有一个 udp 套接字,我正在使用内存 bio 与 openssl 通信。)但是,如果丢包,DTLS 握手可能需要 1-2 秒,这在我的情况
我编写了一个 PHP 程序来执行包含 openssl 命令的批处理文件: openssl s_client -showcerts -connect google.com:443 >test.cert
我编写了一个 PHP 程序来执行包含 openssl 命令的批处理文件: openssl s_client -showcerts -connect google.com:443 >test.cert
客户: var socket = new WebSocket('ws://localhost:8183/websession'); socket.onopen =
当有这么多证书时,浏览器如何知道在 ssl 握手中的客户端身份验证步骤中将哪个证书发送到服务器。我的意思是它如何识别哪个证书适用于哪个服务器 最佳答案 现在是 CyberMonk 的问题 如果您在
我正在尝试使用 python 连接到 XMPP 服务器。我有要连接的 XML,只是不确定如何进行连接的 TLS 部分?我可以找到很多 HTTPS TLS 示例和 XMPP 示例,只是不知道如何将两者放
我需要在我的 Python 服务器中实现 Websocket 握手。我的 python 服务器正在使用 Twisted 进行事件处理。我找到了 this webpage这解释了这个过程,但是当涉及到这
是否可以在当前 SSL 连接保持事件状态时重新协商 SSL 握手。当新的握手成功时,服务器应响应新握手的确认。 我搜索过 SSL 重新协商,但找不到任何具体内容。有谁知道这样的事情是否可能? 最佳答案
我编写了一个客户端-服务器应用程序,旨在通过局域网交换文件(以及其他内容)。在服务器模式下,应用程序监听具有特定标识 header 的 TCP 连接。在客户端模式下,它会尝试与用户提供的 IP 地址建
我有两台服务器通过 SSL 进行通信。 server1 通过 SSL 启动到 server2 的 SSL 连接。服务器 1 有一个 key 大小为 1k 的 keystore ,而服务器 2 有一个
架构是中间层 Liberty 服务器,它接收 http 请求和代理到各种后端,一些是 REST,一些只是 JSON。当我为 SSL 配置时(仅通过非常酷的 envVars)......似乎我得到了每个
我需要一些关于 TLS 的解释:每次客户端想要将自己连接到服务器时是否都执行 TLS 握手?每次都重新创建 session key ? premasterkey 和 masterkey 也是吗?Cli
我正在尝试将 TimeoutMixin 合并到基于 SSL 的协议(protocol)中。但是,当超时发生并且它调用 transport.loseConnection() 时,什么也没有发生。我认为这
我是一名优秀的程序员,十分优秀!